From e4ef2e25f11de9c3d729be15bef693a815c3dfe4 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Wed, 10 Feb 2016 11:10:39 -0500 Subject: [PATCH] Remove "experimental" in code and comments, too. Thanks to Viktor for additional review. Reviewed-by: Richard Levitte --- Configurations/90-team.conf | 2 +- Configure | 104 +++++++++++++----------------------- crypto/des/str2key.c | 18 ------- doc/apps/cms.pod | 2 +- doc/apps/smime.pod | 2 +- doc/apps/x509.pod | 2 - ssl/ssl_locl.h | 1 - util/mk1mf.pl | 12 ----- 8 files changed, 41 insertions(+), 102 deletions(-) diff --git a/Configurations/90-team.conf b/Configurations/90-team.conf index 7dc5fdae48..253094541d 100644 --- a/Configurations/90-team.conf +++ b/Configurations/90-team.conf @@ -65,7 +65,7 @@ }, "debug-linux-ia32-aes" => { cc => "gcc", - cflags => "-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall", + cflags => "-DL_ENDIAN -O3 -fomit-frame-pointer -Wall", thread_cflag => "-D_REENTRANT", ex_libs => "-ldl", bn_ops => "BN_LLONG", diff --git a/Configure b/Configure index 688735b319..7e0882a2bc 100755 --- a/Configure +++ b/Configure @@ -15,7 +15,7 @@ use File::Path qw/mkpath/; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; # Options: # @@ -327,7 +327,7 @@ foreach my $proto ((@tls, @dtls)) # All of the following is disabled by default (RC5 was enabled before 0.9.8): -my %disabled = ( # "what" => "comment" [or special keyword "experimental"] +my %disabled = ( # "what" => "comment" "ec_nistp_64_gcc_128" => "default", "egd" => "default", "md2" => "default", @@ -340,7 +340,6 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental "crypto-mdebug" => "default", "heartbeats" => "default", ); -my @experimental = (); # Note: => pair form used for aesthetics, not to truly make a hash table my @disable_cascades = ( @@ -410,13 +409,9 @@ my @default_depdefines = sort keys %disabled; # Explicit "no-..." options will be collected in %disabled along with the defaults. -# To remove something from %disabled, use "enable-foo" (unless it's experimental). +# To remove something from %disabled, use "enable-foo". # For symmetry, "disable-foo" is a synonym for "no-foo". -# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable. -# We will collect such requests in @experimental. -# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO. - my @generated_headers = ( "include/openssl/opensslconf.h", "crypto/include/internal/bn_conf.h" @@ -435,7 +430,6 @@ my $user_cflags=""; my @user_defines=(); my $unified = 0; $config{depdefines}=[]; -$config{openssl_experimental_defines}=[]; $config{openssl_api_defines}=[]; $config{openssl_algorithm_defines}=[]; $config{openssl_thread_defines}=[]; @@ -518,7 +512,7 @@ foreach (@argvcopy) s /^zlib$/enable-zlib/; s /^zlib-dynamic$/enable-zlib-dynamic/; - if (/^(no|disable|enable|experimental)-(.+)$/) + if (/^(no|disable|enable)-(.+)$/) { my $word = $2; if (!grep { $word =~ /^${_}$/ } @disablables) @@ -529,52 +523,43 @@ foreach (@argvcopy) } if (/^no-(.+)$/ || /^disable-(.+)$/) { - if (!($disabled{$1} eq "experimental")) - { - foreach my $proto ((@tls, @dtls)) - { - if ($1 eq "$proto-method") - { - $disabled{"$proto"} = "option($proto-method)"; - last; - } - } - if ($1 eq "dtls") - { - foreach my $proto (@dtls) - { - $disabled{$proto} = "option(dtls)"; - } - } - elsif ($1 eq "ssl") - { - # Last one of its kind - $disabled{"ssl3"} = "option(ssl)"; - } - elsif ($1 eq "tls") - { - # XXX: Tests will fail if all SSL/TLS - # protocols are disabled. - foreach my $proto (@tls) - { - $disabled{$proto} = "option(tls)"; - } - } - else - { - $disabled{$1} = "option"; - } - } + foreach my $proto ((@tls, @dtls)) + { + if ($1 eq "$proto-method") + { + $disabled{"$proto"} = "option($proto-method)"; + last; + } + } + if ($1 eq "dtls") + { + foreach my $proto (@dtls) + { + $disabled{$proto} = "option(dtls)"; + } + } + elsif ($1 eq "ssl") + { + # Last one of its kind + $disabled{"ssl3"} = "option(ssl)"; + } + elsif ($1 eq "tls") + { + # XXX: Tests will fail if all SSL/TLS + # protocols are disabled. + foreach my $proto (@tls) + { + $disabled{$proto} = "option(tls)"; + } + } + else + { + $disabled{$1} = "option"; + } } - elsif (/^enable-(.+)$/ || /^experimental-(.+)$/) + elsif (/^enable-(.+)$/) { my $algo = $1; - if ($disabled{$algo} eq "experimental") - { - die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n" - unless (/^experimental-/); - push @experimental, $algo; - } delete $disabled{$algo}; $threads = 1 if ($algo eq "threads"); @@ -815,15 +800,6 @@ foreach (sort (keys %disabled)) print "\n"; } -foreach (sort @experimental) - { - my $ALGO; - ($ALGO = $_) =~ tr/[a-z]/[A-Z]/; - - # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined - push @{$config{openssl_experimental_defines}}, "OPENSSL_NO_$ALGO"; - } - print "Configuring for $target\n"; # Support for legacy targets having a name starting with 'debug-' @@ -896,10 +872,6 @@ if ($target{build_file} eq "Makefile" my ($builder, $builder_platform, @builder_opts) = @{$target{build_scheme}}; -push @{$config{defines}}, - map { (my $x = $_) =~ s/^OPENSSL_NO_/OPENSSL_EXPERIMENTAL_/; $x } - @{$config{openssl_experimental_defines}}; - if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m) { $config{cflags} .= " -mno-cygwin"; diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c index cd426c6b47..e671d14b0f 100644 --- a/crypto/des/str2key.c +++ b/crypto/des/str2key.c @@ -84,13 +84,7 @@ void DES_string_to_key(const char *str, DES_cblock *key) } #endif DES_set_odd_parity(key); -#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY - if (DES_is_weak_key(key)) - (*key)[7] ^= 0xF0; - DES_set_key(key, &ks); -#else DES_set_key_unchecked(key, &ks); -#endif DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key); OPENSSL_cleanse(&ks, sizeof(ks)); DES_set_odd_parity(key); @@ -141,21 +135,9 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) #endif DES_set_odd_parity(key1); DES_set_odd_parity(key2); -#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY - if (DES_is_weak_key(key1)) - (*key1)[7] ^= 0xF0; - DES_set_key(key1, &ks); -#else DES_set_key_unchecked(key1, &ks); -#endif DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1); -#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY - if (DES_is_weak_key(key2)) - (*key2)[7] ^= 0xF0; - DES_set_key(key2, &ks); -#else DES_set_key_unchecked(key2, &ks); -#endif DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2); OPENSSL_cleanse(&ks, sizeof(ks)); DES_set_odd_parity(key1); diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index 7470fae795..7a3505cb21 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -512,7 +512,7 @@ The B<-resign> option uses an existing message digest when adding a new signer. This means that attributes must be present in at least one existing signer using the same message digest or this operation will fail. -The B<-stream> and B<-indef> options enable experimental streaming I/O support. +The B<-stream> and B<-indef> options enable streaming I/O support. As a result the encoding is BER using indefinite length constructed encoding and no longer DER. Streaming is supported for the B<-encrypt> operation and the B<-sign> operation if the content is not detached. diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index 62f1417d52..82f3ecc698 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -344,7 +344,7 @@ The B<-resign> option uses an existing message digest when adding a new signer. This means that attributes must be present in at least one existing signer using the same message digest or this operation will fail. -The B<-stream> and B<-indef> options enable experimental streaming I/O support. +The B<-stream> and B<-indef> options enable streaming I/O support. As a result the encoding is BER using indefinite length constructed encoding and no longer DER. Streaming is supported for the B<-encrypt> operation and the B<-sign> operation if the content is not detached. diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index a742fecc4f..7efa4c13ec 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -243,8 +243,6 @@ this outputs the certificate in the form of a C source file. =head2 TRUST SETTINGS -Please note these options are currently experimental and may well change. - A B is an ordinary certificate which has several additional pieces of information attached to it such as the permitted and prohibited uses of the certificate and an "alias". diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 00136b3d4e..4946cfa64a 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -863,7 +863,6 @@ struct ssl_ctx_st { # ifndef OPENSSL_NO_NEXTPROTONEG /* Next protocol negotiation information */ - /* (for experimental NPN extension). */ /* * For a server, this contains a callback function by which the set of diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 085db5f4c5..41aa0ecab6 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -1480,18 +1480,6 @@ sub read_options if (exists $valid_options{$t}) {return 1;} return 0; - } - # experimental-xxx is mostly like enable-xxx, but opensslconf.v - # will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx. - # (No need to fail if we don't know the algorithm -- this is for adventurous users only.) - elsif (/^experimental-/) - { - my $algo, $ALGO; - ($algo = $_) =~ s/^experimental-//; - ($ALGO = $algo) =~ tr/[a-z]/[A-Z]/; - - $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags"; - } elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; } elsif (/^-[lL].*$/) { $l_flags.="$_ "; }