[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Thu Feb 18 02:13:12 UTC 2016


The branch master has been updated
       via  e4ef2e25f11de9c3d729be15bef693a815c3dfe4 (commit)
      from  4418e0302f471750e643079a753ab43a2eb164b8 (commit)


- Log -----------------------------------------------------------------
commit e4ef2e25f11de9c3d729be15bef693a815c3dfe4
Author: Rich Salz <rsalz at akamai.com>
Date:   Wed Feb 10 11:10:39 2016 -0500

    Remove "experimental" in code and comments, too.
    
    Thanks to Viktor for additional review.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 Configurations/90-team.conf |   2 +-
 Configure                   | 104 ++++++++++++++++----------------------------
 crypto/des/str2key.c        |  18 --------
 doc/apps/cms.pod            |   2 +-
 doc/apps/smime.pod          |   2 +-
 doc/apps/x509.pod           |   2 -
 ssl/ssl_locl.h              |   1 -
 util/mk1mf.pl               |  12 -----
 8 files changed, 41 insertions(+), 102 deletions(-)

diff --git a/Configurations/90-team.conf b/Configurations/90-team.conf
index 7dc5fda..2530945 100644
--- a/Configurations/90-team.conf
+++ b/Configurations/90-team.conf
@@ -65,7 +65,7 @@
     },
     "debug-linux-ia32-aes" => {
         cc               => "gcc",
-        cflags           => "-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
+        cflags           => "-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
         thread_cflag     => "-D_REENTRANT",
         ex_libs          => "-ldl",
         bn_ops           => "BN_LLONG",
diff --git a/Configure b/Configure
index 688735b..7e0882a 100755
--- a/Configure
+++ b/Configure
@@ -15,7 +15,7 @@ use File::Path qw/mkpath/;
 
 # see INSTALL for instructions.
 
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
 
 # Options:
 #
@@ -327,7 +327,7 @@ foreach my $proto ((@tls, @dtls))
 
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 
-my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
+my %disabled = ( # "what"         => "comment"
 		 "ec_nistp_64_gcc_128" => "default",
 		 "egd"            => "default",
 		 "md2"            => "default",
@@ -340,7 +340,6 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
 		 "crypto-mdebug"  => "default",
 		 "heartbeats"     => "default",
 	       );
-my @experimental = ();
 
 # Note: => pair form used for aesthetics, not to truly make a hash table
 my @disable_cascades = (
@@ -410,13 +409,9 @@ my @default_depdefines =
     sort keys %disabled;
 
 # Explicit "no-..." options will be collected in %disabled along with the defaults.
-# To remove something from %disabled, use "enable-foo" (unless it's experimental).
+# To remove something from %disabled, use "enable-foo".
 # For symmetry, "disable-foo" is a synonym for "no-foo".
 
-# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
-# We will collect such requests in @experimental.
-# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
-
 my @generated_headers = (
     "include/openssl/opensslconf.h",
     "crypto/include/internal/bn_conf.h"
@@ -435,7 +430,6 @@ my $user_cflags="";
 my @user_defines=();
 my $unified = 0;
 $config{depdefines}=[];
-$config{openssl_experimental_defines}=[];
 $config{openssl_api_defines}=[];
 $config{openssl_algorithm_defines}=[];
 $config{openssl_thread_defines}=[];
@@ -518,7 +512,7 @@ foreach (@argvcopy)
 	s /^zlib$/enable-zlib/;
 	s /^zlib-dynamic$/enable-zlib-dynamic/;
 
-        if (/^(no|disable|enable|experimental)-(.+)$/)
+        if (/^(no|disable|enable)-(.+)$/)
 		{
 		my $word = $2;
 		if (!grep { $word =~ /^${_}$/ } @disablables)
@@ -529,52 +523,43 @@ foreach (@argvcopy)
 		}
 	if (/^no-(.+)$/ || /^disable-(.+)$/)
 		{
-		if (!($disabled{$1} eq "experimental"))
-			{
-			foreach my $proto ((@tls, @dtls))
-				{
-				if ($1 eq "$proto-method")
-					{
-					$disabled{"$proto"} = "option($proto-method)";
-					last;
-					}
-				}
-			if ($1 eq "dtls")
-				{
-                                foreach my $proto (@dtls)
-					{
-					$disabled{$proto} = "option(dtls)";
-					}
-				}
-			elsif ($1 eq "ssl")
-				{
-				# Last one of its kind
-				$disabled{"ssl3"} = "option(ssl)";
-				}
-			elsif ($1 eq "tls")
-				{
-                                # XXX: Tests will fail if all SSL/TLS
-                                # protocols are disabled.
-                                foreach my $proto (@tls)
-					{
-					$disabled{$proto} = "option(tls)";
-					}
-				}
-			else
-				{
-				$disabled{$1} = "option";
-				}
-			}
+                foreach my $proto ((@tls, @dtls))
+                        {
+                        if ($1 eq "$proto-method")
+                                {
+                                $disabled{"$proto"} = "option($proto-method)";
+                                last;
+                                }
+                        }
+                if ($1 eq "dtls")
+                        {
+                        foreach my $proto (@dtls)
+                                {
+                                $disabled{$proto} = "option(dtls)";
+                                }
+                        }
+                elsif ($1 eq "ssl")
+                        {
+                        # Last one of its kind
+                        $disabled{"ssl3"} = "option(ssl)";
+                        }
+                elsif ($1 eq "tls")
+                        {
+                        # XXX: Tests will fail if all SSL/TLS
+                        # protocols are disabled.
+                        foreach my $proto (@tls)
+                                {
+                                $disabled{$proto} = "option(tls)";
+                                }
+                        }
+                else
+                        {
+                        $disabled{$1} = "option";
+                        }
 		}
-	elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
+	elsif (/^enable-(.+)$/)
 		{
 		my $algo = $1;
-		if ($disabled{$algo} eq "experimental")
-			{
-			die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
-				unless (/^experimental-/);
-			push @experimental, $algo;
-			}
 		delete $disabled{$algo};
 
 		$threads = 1 if ($algo eq "threads");
@@ -815,15 +800,6 @@ foreach (sort (keys %disabled))
 	print "\n";
 	}
 
-foreach (sort @experimental)
-	{
-	my $ALGO;
-	($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
-
-	# opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
-	push @{$config{openssl_experimental_defines}}, "OPENSSL_NO_$ALGO";
-	}
-
 print "Configuring for $target\n";
 
 # Support for legacy targets having a name starting with 'debug-'
@@ -896,10 +872,6 @@ if ($target{build_file} eq "Makefile"
 my ($builder, $builder_platform, @builder_opts) =
     @{$target{build_scheme}};
 
-push @{$config{defines}},
-    map { (my $x = $_) =~ s/^OPENSSL_NO_/OPENSSL_EXPERIMENTAL_/; $x }
-        @{$config{openssl_experimental_defines}};
-
 if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
 	{
 	$config{cflags} .= " -mno-cygwin";
diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
index cd426c6..e671d14 100644
--- a/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
@@ -84,13 +84,7 @@ void DES_string_to_key(const char *str, DES_cblock *key)
     }
 #endif
     DES_set_odd_parity(key);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-    if (DES_is_weak_key(key))
-        (*key)[7] ^= 0xF0;
-    DES_set_key(key, &ks);
-#else
     DES_set_key_unchecked(key, &ks);
-#endif
     DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
     OPENSSL_cleanse(&ks, sizeof(ks));
     DES_set_odd_parity(key);
@@ -141,21 +135,9 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
 #endif
     DES_set_odd_parity(key1);
     DES_set_odd_parity(key2);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-    if (DES_is_weak_key(key1))
-        (*key1)[7] ^= 0xF0;
-    DES_set_key(key1, &ks);
-#else
     DES_set_key_unchecked(key1, &ks);
-#endif
     DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-    if (DES_is_weak_key(key2))
-        (*key2)[7] ^= 0xF0;
-    DES_set_key(key2, &ks);
-#else
     DES_set_key_unchecked(key2, &ks);
-#endif
     DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
     OPENSSL_cleanse(&ks, sizeof(ks));
     DES_set_odd_parity(key1);
diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index 7470fae..7a3505c 100644
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -512,7 +512,7 @@ The B<-resign> option uses an existing message digest when adding a new
 signer. This means that attributes must be present in at least one existing
 signer using the same message digest or this operation will fail.
 
-The B<-stream> and B<-indef> options enable experimental streaming I/O support.
+The B<-stream> and B<-indef> options enable streaming I/O support.
 As a result the encoding is BER using indefinite length constructed encoding
 and no longer DER. Streaming is supported for the B<-encrypt> operation and the
 B<-sign> operation if the content is not detached.
diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index 62f1417..82f3ecc 100644
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -344,7 +344,7 @@ The B<-resign> option uses an existing message digest when adding a new
 signer. This means that attributes must be present in at least one existing
 signer using the same message digest or this operation will fail.
 
-The B<-stream> and B<-indef> options enable experimental streaming I/O support.
+The B<-stream> and B<-indef> options enable streaming I/O support.
 As a result the encoding is BER using indefinite length constructed encoding
 and no longer DER. Streaming is supported for the B<-encrypt> operation and the
 B<-sign> operation if the content is not detached.
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index a742fec..7efa4c1 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -243,8 +243,6 @@ this outputs the certificate in the form of a C source file.
 
 =head2 TRUST SETTINGS
 
-Please note these options are currently experimental and may well change.
-
 A B<trusted certificate> is an ordinary certificate which has several
 additional pieces of information attached to it such as the permitted
 and prohibited uses of the certificate and an "alias".
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 00136b3..4946cfa 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -863,7 +863,6 @@ struct ssl_ctx_st {
 
 #  ifndef OPENSSL_NO_NEXTPROTONEG
     /* Next protocol negotiation information */
-    /* (for experimental NPN extension). */
 
     /*
      * For a server, this contains a callback function by which the set of
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 085db5f..41aa0ec 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -1481,18 +1481,6 @@ sub read_options
 			{return 1;}
 		return 0;
 		}
-	# experimental-xxx is mostly like enable-xxx, but opensslconf.v
-	# will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx.
-	# (No need to fail if we don't know the algorithm -- this is for adventurous users only.)
-	elsif (/^experimental-/)
-		{
-		my $algo, $ALGO;
-		($algo = $_) =~ s/^experimental-//;
-		($ALGO = $algo) =~ tr/[a-z]/[A-Z]/;
-
-		$xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags";
-		
-		}
 	elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
 	elsif (/^-[lL].*$/)	{ $l_flags.="$_ "; }
 	elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)


More information about the openssl-commits mailing list