mirror of https://github.com/openssl/openssl
Remove "experimental" in code and comments, too.
Thanks to Viktor for additional review. Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
parent
4418e0302f
commit
e4ef2e25f1
|
@ -65,7 +65,7 @@
|
|||
},
|
||||
"debug-linux-ia32-aes" => {
|
||||
cc => "gcc",
|
||||
cflags => "-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
|
||||
cflags => "-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
|
||||
thread_cflag => "-D_REENTRANT",
|
||||
ex_libs => "-ldl",
|
||||
bn_ops => "BN_LLONG",
|
||||
|
|
104
Configure
104
Configure
|
@ -15,7 +15,7 @@ use File::Path qw/mkpath/;
|
|||
|
||||
# see INSTALL for instructions.
|
||||
|
||||
my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||
my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||
|
||||
# Options:
|
||||
#
|
||||
|
@ -327,7 +327,7 @@ foreach my $proto ((@tls, @dtls))
|
|||
|
||||
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
|
||||
|
||||
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
|
||||
my %disabled = ( # "what" => "comment"
|
||||
"ec_nistp_64_gcc_128" => "default",
|
||||
"egd" => "default",
|
||||
"md2" => "default",
|
||||
|
@ -340,7 +340,6 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental
|
|||
"crypto-mdebug" => "default",
|
||||
"heartbeats" => "default",
|
||||
);
|
||||
my @experimental = ();
|
||||
|
||||
# Note: => pair form used for aesthetics, not to truly make a hash table
|
||||
my @disable_cascades = (
|
||||
|
@ -410,13 +409,9 @@ my @default_depdefines =
|
|||
sort keys %disabled;
|
||||
|
||||
# Explicit "no-..." options will be collected in %disabled along with the defaults.
|
||||
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
|
||||
# To remove something from %disabled, use "enable-foo".
|
||||
# For symmetry, "disable-foo" is a synonym for "no-foo".
|
||||
|
||||
# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
|
||||
# We will collect such requests in @experimental.
|
||||
# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
|
||||
|
||||
my @generated_headers = (
|
||||
"include/openssl/opensslconf.h",
|
||||
"crypto/include/internal/bn_conf.h"
|
||||
|
@ -435,7 +430,6 @@ my $user_cflags="";
|
|||
my @user_defines=();
|
||||
my $unified = 0;
|
||||
$config{depdefines}=[];
|
||||
$config{openssl_experimental_defines}=[];
|
||||
$config{openssl_api_defines}=[];
|
||||
$config{openssl_algorithm_defines}=[];
|
||||
$config{openssl_thread_defines}=[];
|
||||
|
@ -518,7 +512,7 @@ foreach (@argvcopy)
|
|||
s /^zlib$/enable-zlib/;
|
||||
s /^zlib-dynamic$/enable-zlib-dynamic/;
|
||||
|
||||
if (/^(no|disable|enable|experimental)-(.+)$/)
|
||||
if (/^(no|disable|enable)-(.+)$/)
|
||||
{
|
||||
my $word = $2;
|
||||
if (!grep { $word =~ /^${_}$/ } @disablables)
|
||||
|
@ -529,52 +523,43 @@ foreach (@argvcopy)
|
|||
}
|
||||
if (/^no-(.+)$/ || /^disable-(.+)$/)
|
||||
{
|
||||
if (!($disabled{$1} eq "experimental"))
|
||||
{
|
||||
foreach my $proto ((@tls, @dtls))
|
||||
{
|
||||
if ($1 eq "$proto-method")
|
||||
{
|
||||
$disabled{"$proto"} = "option($proto-method)";
|
||||
last;
|
||||
}
|
||||
}
|
||||
if ($1 eq "dtls")
|
||||
{
|
||||
foreach my $proto (@dtls)
|
||||
{
|
||||
$disabled{$proto} = "option(dtls)";
|
||||
}
|
||||
}
|
||||
elsif ($1 eq "ssl")
|
||||
{
|
||||
# Last one of its kind
|
||||
$disabled{"ssl3"} = "option(ssl)";
|
||||
}
|
||||
elsif ($1 eq "tls")
|
||||
{
|
||||
# XXX: Tests will fail if all SSL/TLS
|
||||
# protocols are disabled.
|
||||
foreach my $proto (@tls)
|
||||
{
|
||||
$disabled{$proto} = "option(tls)";
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$disabled{$1} = "option";
|
||||
}
|
||||
}
|
||||
foreach my $proto ((@tls, @dtls))
|
||||
{
|
||||
if ($1 eq "$proto-method")
|
||||
{
|
||||
$disabled{"$proto"} = "option($proto-method)";
|
||||
last;
|
||||
}
|
||||
}
|
||||
if ($1 eq "dtls")
|
||||
{
|
||||
foreach my $proto (@dtls)
|
||||
{
|
||||
$disabled{$proto} = "option(dtls)";
|
||||
}
|
||||
}
|
||||
elsif ($1 eq "ssl")
|
||||
{
|
||||
# Last one of its kind
|
||||
$disabled{"ssl3"} = "option(ssl)";
|
||||
}
|
||||
elsif ($1 eq "tls")
|
||||
{
|
||||
# XXX: Tests will fail if all SSL/TLS
|
||||
# protocols are disabled.
|
||||
foreach my $proto (@tls)
|
||||
{
|
||||
$disabled{$proto} = "option(tls)";
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$disabled{$1} = "option";
|
||||
}
|
||||
}
|
||||
elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
|
||||
elsif (/^enable-(.+)$/)
|
||||
{
|
||||
my $algo = $1;
|
||||
if ($disabled{$algo} eq "experimental")
|
||||
{
|
||||
die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
|
||||
unless (/^experimental-/);
|
||||
push @experimental, $algo;
|
||||
}
|
||||
delete $disabled{$algo};
|
||||
|
||||
$threads = 1 if ($algo eq "threads");
|
||||
|
@ -815,15 +800,6 @@ foreach (sort (keys %disabled))
|
|||
print "\n";
|
||||
}
|
||||
|
||||
foreach (sort @experimental)
|
||||
{
|
||||
my $ALGO;
|
||||
($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
|
||||
|
||||
# opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
|
||||
push @{$config{openssl_experimental_defines}}, "OPENSSL_NO_$ALGO";
|
||||
}
|
||||
|
||||
print "Configuring for $target\n";
|
||||
|
||||
# Support for legacy targets having a name starting with 'debug-'
|
||||
|
@ -896,10 +872,6 @@ if ($target{build_file} eq "Makefile"
|
|||
my ($builder, $builder_platform, @builder_opts) =
|
||||
@{$target{build_scheme}};
|
||||
|
||||
push @{$config{defines}},
|
||||
map { (my $x = $_) =~ s/^OPENSSL_NO_/OPENSSL_EXPERIMENTAL_/; $x }
|
||||
@{$config{openssl_experimental_defines}};
|
||||
|
||||
if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
|
||||
{
|
||||
$config{cflags} .= " -mno-cygwin";
|
||||
|
|
|
@ -84,13 +84,7 @@ void DES_string_to_key(const char *str, DES_cblock *key)
|
|||
}
|
||||
#endif
|
||||
DES_set_odd_parity(key);
|
||||
#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
|
||||
if (DES_is_weak_key(key))
|
||||
(*key)[7] ^= 0xF0;
|
||||
DES_set_key(key, &ks);
|
||||
#else
|
||||
DES_set_key_unchecked(key, &ks);
|
||||
#endif
|
||||
DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
|
||||
OPENSSL_cleanse(&ks, sizeof(ks));
|
||||
DES_set_odd_parity(key);
|
||||
|
@ -141,21 +135,9 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
|
|||
#endif
|
||||
DES_set_odd_parity(key1);
|
||||
DES_set_odd_parity(key2);
|
||||
#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
|
||||
if (DES_is_weak_key(key1))
|
||||
(*key1)[7] ^= 0xF0;
|
||||
DES_set_key(key1, &ks);
|
||||
#else
|
||||
DES_set_key_unchecked(key1, &ks);
|
||||
#endif
|
||||
DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
|
||||
#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
|
||||
if (DES_is_weak_key(key2))
|
||||
(*key2)[7] ^= 0xF0;
|
||||
DES_set_key(key2, &ks);
|
||||
#else
|
||||
DES_set_key_unchecked(key2, &ks);
|
||||
#endif
|
||||
DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
|
||||
OPENSSL_cleanse(&ks, sizeof(ks));
|
||||
DES_set_odd_parity(key1);
|
||||
|
|
|
@ -512,7 +512,7 @@ The B<-resign> option uses an existing message digest when adding a new
|
|||
signer. This means that attributes must be present in at least one existing
|
||||
signer using the same message digest or this operation will fail.
|
||||
|
||||
The B<-stream> and B<-indef> options enable experimental streaming I/O support.
|
||||
The B<-stream> and B<-indef> options enable streaming I/O support.
|
||||
As a result the encoding is BER using indefinite length constructed encoding
|
||||
and no longer DER. Streaming is supported for the B<-encrypt> operation and the
|
||||
B<-sign> operation if the content is not detached.
|
||||
|
|
|
@ -344,7 +344,7 @@ The B<-resign> option uses an existing message digest when adding a new
|
|||
signer. This means that attributes must be present in at least one existing
|
||||
signer using the same message digest or this operation will fail.
|
||||
|
||||
The B<-stream> and B<-indef> options enable experimental streaming I/O support.
|
||||
The B<-stream> and B<-indef> options enable streaming I/O support.
|
||||
As a result the encoding is BER using indefinite length constructed encoding
|
||||
and no longer DER. Streaming is supported for the B<-encrypt> operation and the
|
||||
B<-sign> operation if the content is not detached.
|
||||
|
|
|
@ -243,8 +243,6 @@ this outputs the certificate in the form of a C source file.
|
|||
|
||||
=head2 TRUST SETTINGS
|
||||
|
||||
Please note these options are currently experimental and may well change.
|
||||
|
||||
A B<trusted certificate> is an ordinary certificate which has several
|
||||
additional pieces of information attached to it such as the permitted
|
||||
and prohibited uses of the certificate and an "alias".
|
||||
|
|
|
@ -863,7 +863,6 @@ struct ssl_ctx_st {
|
|||
|
||||
# ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
/* Next protocol negotiation information */
|
||||
/* (for experimental NPN extension). */
|
||||
|
||||
/*
|
||||
* For a server, this contains a callback function by which the set of
|
||||
|
|
|
@ -1480,18 +1480,6 @@ sub read_options
|
|||
if (exists $valid_options{$t})
|
||||
{return 1;}
|
||||
return 0;
|
||||
}
|
||||
# experimental-xxx is mostly like enable-xxx, but opensslconf.v
|
||||
# will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx.
|
||||
# (No need to fail if we don't know the algorithm -- this is for adventurous users only.)
|
||||
elsif (/^experimental-/)
|
||||
{
|
||||
my $algo, $ALGO;
|
||||
($algo = $_) =~ s/^experimental-//;
|
||||
($ALGO = $algo) =~ tr/[a-z]/[A-Z]/;
|
||||
|
||||
$xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags";
|
||||
|
||||
}
|
||||
elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
|
||||
elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
|
||||
|
|
Loading…
Reference in New Issue