openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove "experimental" in code and comments, too. 

Thanks to Viktor for additional review.

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Rich Salz 2016-02-10 11:10:39 -05:00 committed by Rich Salz
parent 4418e0302f
commit e4ef2e25f1
8 changed files with 41 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Configurations/90-team.conf
View File

@ -65,7 +65,7 @@
},
"debug-linux-ia32-aes" => {
cc => "gcc",
cflags => "-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
cflags => "-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
thread_cflag => "-D_REENTRANT",
ex_libs => "-ldl",
bn_ops => "BN_LLONG",

104
Configure
View File

@ -15,7 +15,7 @@ use File::Path qw/mkpath/;
# see INSTALL for instructions.
my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
# Options:
#
@ -327,7 +327,7 @@ foreach my $proto ((@tls, @dtls))
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
my %disabled = ( # "what" => "comment"
"ec_nistp_64_gcc_128" => "default",
"egd" => "default",
"md2" => "default",
@ -340,7 +340,6 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental
"crypto-mdebug" => "default",
"heartbeats" => "default",
);
my @experimental = ();
# Note: => pair form used for aesthetics, not to truly make a hash table
my @disable_cascades = (
@ -410,13 +409,9 @@ my @default_depdefines =
sort keys %disabled;
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
# To remove something from %disabled, use "enable-foo".
# For symmetry, "disable-foo" is a synonym for "no-foo".
# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
# We will collect such requests in @experimental.
# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
my @generated_headers = (
"include/openssl/opensslconf.h",
"crypto/include/internal/bn_conf.h"
@ -435,7 +430,6 @@ my $user_cflags="";
my @user_defines=();
my $unified = 0;
$config{depdefines}=[];
$config{openssl_experimental_defines}=[];
$config{openssl_api_defines}=[];
$config{openssl_algorithm_defines}=[];
$config{openssl_thread_defines}=[];
@ -518,7 +512,7 @@ foreach (@argvcopy)
s /^zlib$/enable-zlib/;
s /^zlib-dynamic$/enable-zlib-dynamic/;
if (/^(no|disable|enable|experimental)-(.+)$/)
if (/^(no|disable|enable)-(.+)$/)
{
my $word = $2;
if (!grep { $word =~ /^${_}$/ } @disablables)
@ -529,52 +523,43 @@ foreach (@argvcopy)
}
if (/^no-(.+)$/ || /^disable-(.+)$/)
{
if (!($disabled{$1} eq "experimental"))
{
foreach my $proto ((@tls, @dtls))
{
if ($1 eq "$proto-method")
{
$disabled{"$proto"} = "option($proto-method)";
last;
}
}
if ($1 eq "dtls")
{
foreach my $proto (@dtls)
{
$disabled{$proto} = "option(dtls)";
}
}
elsif ($1 eq "ssl")
{
# Last one of its kind
$disabled{"ssl3"} = "option(ssl)";
}
elsif ($1 eq "tls")
{
# XXX: Tests will fail if all SSL/TLS
# protocols are disabled.
foreach my $proto (@tls)
{
$disabled{$proto} = "option(tls)";
}
}
else
{
$disabled{$1} = "option";
}
}
foreach my $proto ((@tls, @dtls))
{
if ($1 eq "$proto-method")
{
$disabled{"$proto"} = "option($proto-method)";
last;
}
}
if ($1 eq "dtls")
{
foreach my $proto (@dtls)
{
$disabled{$proto} = "option(dtls)";
}
}
elsif ($1 eq "ssl")
{
# Last one of its kind
$disabled{"ssl3"} = "option(ssl)";
}
elsif ($1 eq "tls")
{
# XXX: Tests will fail if all SSL/TLS
# protocols are disabled.
foreach my $proto (@tls)
{
$disabled{$proto} = "option(tls)";
}
}
else
{
$disabled{$1} = "option";
}
}
elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
elsif (/^enable-(.+)$/)
{
my $algo = $1;
if ($disabled{$algo} eq "experimental")
{
die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
unless (/^experimental-/);
push @experimental, $algo;
}
delete $disabled{$algo};
$threads = 1 if ($algo eq "threads");
@ -815,15 +800,6 @@ foreach (sort (keys %disabled))
print "\n";
}
foreach (sort @experimental)
{
my $ALGO;
($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
# opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
push @{$config{openssl_experimental_defines}}, "OPENSSL_NO_$ALGO";
}
print "Configuring for $target\n";
# Support for legacy targets having a name starting with 'debug-'
@ -896,10 +872,6 @@ if ($target{build_file} eq "Makefile"
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
push @{$config{defines}},
map { (my $x = $_) =~ s/^OPENSSL_NO_/OPENSSL_EXPERIMENTAL_/; $x }
@{$config{openssl_experimental_defines}};
if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
{
$config{cflags} .= " -mno-cygwin";

18
crypto/des/str2key.c
View File

@ -84,13 +84,7 @@ void DES_string_to_key(const char *str, DES_cblock *key)
}
#endif
DES_set_odd_parity(key);
#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
if (DES_is_weak_key(key))
(*key)[7] ^= 0xF0;
DES_set_key(key, &ks);
#else
DES_set_key_unchecked(key, &ks);
#endif
DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
OPENSSL_cleanse(&ks, sizeof(ks));
DES_set_odd_parity(key);
@ -141,21 +135,9 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
#endif
DES_set_odd_parity(key1);
DES_set_odd_parity(key2);
#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
if (DES_is_weak_key(key1))
(*key1)[7] ^= 0xF0;
DES_set_key(key1, &ks);
#else
DES_set_key_unchecked(key1, &ks);
#endif
DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
if (DES_is_weak_key(key2))
(*key2)[7] ^= 0xF0;
DES_set_key(key2, &ks);
#else
DES_set_key_unchecked(key2, &ks);
#endif
DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
OPENSSL_cleanse(&ks, sizeof(ks));
DES_set_odd_parity(key1);

2
doc/apps/cms.pod
View File

@ -512,7 +512,7 @@ The B<-resign> option uses an existing message digest when adding a new
signer. This means that attributes must be present in at least one existing
signer using the same message digest or this operation will fail.
The B<-stream> and B<-indef> options enable experimental streaming I/O support.
The B<-stream> and B<-indef> options enable streaming I/O support.
As a result the encoding is BER using indefinite length constructed encoding
and no longer DER. Streaming is supported for the B<-encrypt> operation and the
B<-sign> operation if the content is not detached.

2
doc/apps/smime.pod
View File

@ -344,7 +344,7 @@ The B<-resign> option uses an existing message digest when adding a new
signer. This means that attributes must be present in at least one existing
signer using the same message digest or this operation will fail.
The B<-stream> and B<-indef> options enable experimental streaming I/O support.
The B<-stream> and B<-indef> options enable streaming I/O support.
As a result the encoding is BER using indefinite length constructed encoding
and no longer DER. Streaming is supported for the B<-encrypt> operation and the
B<-sign> operation if the content is not detached.

2
doc/apps/x509.pod
View File

@ -243,8 +243,6 @@ this outputs the certificate in the form of a C source file.
=head2 TRUST SETTINGS
Please note these options are currently experimental and may well change.
A B<trusted certificate> is an ordinary certificate which has several
additional pieces of information attached to it such as the permitted
and prohibited uses of the certificate and an "alias".

1
ssl/ssl_locl.h
View File

@ -863,7 +863,6 @@ struct ssl_ctx_st {
# ifndef OPENSSL_NO_NEXTPROTONEG
/* Next protocol negotiation information */
/* (for experimental NPN extension). */
/*
* For a server, this contains a callback function by which the set of

12
util/mk1mf.pl
View File

@ -1480,18 +1480,6 @@ sub read_options
if (exists $valid_options{$t})
{return 1;}
return 0;
}
# experimental-xxx is mostly like enable-xxx, but opensslconf.v
# will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx.
# (No need to fail if we don't know the algorithm -- this is for adventurous users only.)
elsif (/^experimental-/)
{
my $algo, $ALGO;
($algo = $_) =~ s/^experimental-//;
($ALGO = $algo) =~ tr/[a-z]/[A-Z]/;
$xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags";
}
elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
elsif (/^-[lL].*$/) { $l_flags.="$_ "; }