mirror of https://github.com/openssl/openssl
Remove "experimental" in code and comments, too.
Thanks to Viktor for additional review. Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
parent
4418e0302f
commit
e4ef2e25f1
|
@ -65,7 +65,7 @@
|
||||||
},
|
},
|
||||||
"debug-linux-ia32-aes" => {
|
"debug-linux-ia32-aes" => {
|
||||||
cc => "gcc",
|
cc => "gcc",
|
||||||
cflags => "-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
|
cflags => "-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
|
||||||
thread_cflag => "-D_REENTRANT",
|
thread_cflag => "-D_REENTRANT",
|
||||||
ex_libs => "-ldl",
|
ex_libs => "-ldl",
|
||||||
bn_ops => "BN_LLONG",
|
bn_ops => "BN_LLONG",
|
||||||
|
|
104
Configure
104
Configure
|
@ -15,7 +15,7 @@ use File::Path qw/mkpath/;
|
||||||
|
|
||||||
# see INSTALL for instructions.
|
# see INSTALL for instructions.
|
||||||
|
|
||||||
my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||||
|
|
||||||
# Options:
|
# Options:
|
||||||
#
|
#
|
||||||
|
@ -327,7 +327,7 @@ foreach my $proto ((@tls, @dtls))
|
||||||
|
|
||||||
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
|
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
|
||||||
|
|
||||||
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
|
my %disabled = ( # "what" => "comment"
|
||||||
"ec_nistp_64_gcc_128" => "default",
|
"ec_nistp_64_gcc_128" => "default",
|
||||||
"egd" => "default",
|
"egd" => "default",
|
||||||
"md2" => "default",
|
"md2" => "default",
|
||||||
|
@ -340,7 +340,6 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental
|
||||||
"crypto-mdebug" => "default",
|
"crypto-mdebug" => "default",
|
||||||
"heartbeats" => "default",
|
"heartbeats" => "default",
|
||||||
);
|
);
|
||||||
my @experimental = ();
|
|
||||||
|
|
||||||
# Note: => pair form used for aesthetics, not to truly make a hash table
|
# Note: => pair form used for aesthetics, not to truly make a hash table
|
||||||
my @disable_cascades = (
|
my @disable_cascades = (
|
||||||
|
@ -410,13 +409,9 @@ my @default_depdefines =
|
||||||
sort keys %disabled;
|
sort keys %disabled;
|
||||||
|
|
||||||
# Explicit "no-..." options will be collected in %disabled along with the defaults.
|
# Explicit "no-..." options will be collected in %disabled along with the defaults.
|
||||||
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
|
# To remove something from %disabled, use "enable-foo".
|
||||||
# For symmetry, "disable-foo" is a synonym for "no-foo".
|
# For symmetry, "disable-foo" is a synonym for "no-foo".
|
||||||
|
|
||||||
# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
|
|
||||||
# We will collect such requests in @experimental.
|
|
||||||
# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
|
|
||||||
|
|
||||||
my @generated_headers = (
|
my @generated_headers = (
|
||||||
"include/openssl/opensslconf.h",
|
"include/openssl/opensslconf.h",
|
||||||
"crypto/include/internal/bn_conf.h"
|
"crypto/include/internal/bn_conf.h"
|
||||||
|
@ -435,7 +430,6 @@ my $user_cflags="";
|
||||||
my @user_defines=();
|
my @user_defines=();
|
||||||
my $unified = 0;
|
my $unified = 0;
|
||||||
$config{depdefines}=[];
|
$config{depdefines}=[];
|
||||||
$config{openssl_experimental_defines}=[];
|
|
||||||
$config{openssl_api_defines}=[];
|
$config{openssl_api_defines}=[];
|
||||||
$config{openssl_algorithm_defines}=[];
|
$config{openssl_algorithm_defines}=[];
|
||||||
$config{openssl_thread_defines}=[];
|
$config{openssl_thread_defines}=[];
|
||||||
|
@ -518,7 +512,7 @@ foreach (@argvcopy)
|
||||||
s /^zlib$/enable-zlib/;
|
s /^zlib$/enable-zlib/;
|
||||||
s /^zlib-dynamic$/enable-zlib-dynamic/;
|
s /^zlib-dynamic$/enable-zlib-dynamic/;
|
||||||
|
|
||||||
if (/^(no|disable|enable|experimental)-(.+)$/)
|
if (/^(no|disable|enable)-(.+)$/)
|
||||||
{
|
{
|
||||||
my $word = $2;
|
my $word = $2;
|
||||||
if (!grep { $word =~ /^${_}$/ } @disablables)
|
if (!grep { $word =~ /^${_}$/ } @disablables)
|
||||||
|
@ -529,52 +523,43 @@ foreach (@argvcopy)
|
||||||
}
|
}
|
||||||
if (/^no-(.+)$/ || /^disable-(.+)$/)
|
if (/^no-(.+)$/ || /^disable-(.+)$/)
|
||||||
{
|
{
|
||||||
if (!($disabled{$1} eq "experimental"))
|
foreach my $proto ((@tls, @dtls))
|
||||||
{
|
{
|
||||||
foreach my $proto ((@tls, @dtls))
|
if ($1 eq "$proto-method")
|
||||||
{
|
{
|
||||||
if ($1 eq "$proto-method")
|
$disabled{"$proto"} = "option($proto-method)";
|
||||||
{
|
last;
|
||||||
$disabled{"$proto"} = "option($proto-method)";
|
}
|
||||||
last;
|
}
|
||||||
}
|
if ($1 eq "dtls")
|
||||||
}
|
{
|
||||||
if ($1 eq "dtls")
|
foreach my $proto (@dtls)
|
||||||
{
|
{
|
||||||
foreach my $proto (@dtls)
|
$disabled{$proto} = "option(dtls)";
|
||||||
{
|
}
|
||||||
$disabled{$proto} = "option(dtls)";
|
}
|
||||||
}
|
elsif ($1 eq "ssl")
|
||||||
}
|
{
|
||||||
elsif ($1 eq "ssl")
|
# Last one of its kind
|
||||||
{
|
$disabled{"ssl3"} = "option(ssl)";
|
||||||
# Last one of its kind
|
}
|
||||||
$disabled{"ssl3"} = "option(ssl)";
|
elsif ($1 eq "tls")
|
||||||
}
|
{
|
||||||
elsif ($1 eq "tls")
|
# XXX: Tests will fail if all SSL/TLS
|
||||||
{
|
# protocols are disabled.
|
||||||
# XXX: Tests will fail if all SSL/TLS
|
foreach my $proto (@tls)
|
||||||
# protocols are disabled.
|
{
|
||||||
foreach my $proto (@tls)
|
$disabled{$proto} = "option(tls)";
|
||||||
{
|
}
|
||||||
$disabled{$proto} = "option(tls)";
|
}
|
||||||
}
|
else
|
||||||
}
|
{
|
||||||
else
|
$disabled{$1} = "option";
|
||||||
{
|
}
|
||||||
$disabled{$1} = "option";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
|
elsif (/^enable-(.+)$/)
|
||||||
{
|
{
|
||||||
my $algo = $1;
|
my $algo = $1;
|
||||||
if ($disabled{$algo} eq "experimental")
|
|
||||||
{
|
|
||||||
die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
|
|
||||||
unless (/^experimental-/);
|
|
||||||
push @experimental, $algo;
|
|
||||||
}
|
|
||||||
delete $disabled{$algo};
|
delete $disabled{$algo};
|
||||||
|
|
||||||
$threads = 1 if ($algo eq "threads");
|
$threads = 1 if ($algo eq "threads");
|
||||||
|
@ -815,15 +800,6 @@ foreach (sort (keys %disabled))
|
||||||
print "\n";
|
print "\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach (sort @experimental)
|
|
||||||
{
|
|
||||||
my $ALGO;
|
|
||||||
($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
|
|
||||||
|
|
||||||
# opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
|
|
||||||
push @{$config{openssl_experimental_defines}}, "OPENSSL_NO_$ALGO";
|
|
||||||
}
|
|
||||||
|
|
||||||
print "Configuring for $target\n";
|
print "Configuring for $target\n";
|
||||||
|
|
||||||
# Support for legacy targets having a name starting with 'debug-'
|
# Support for legacy targets having a name starting with 'debug-'
|
||||||
|
@ -896,10 +872,6 @@ if ($target{build_file} eq "Makefile"
|
||||||
my ($builder, $builder_platform, @builder_opts) =
|
my ($builder, $builder_platform, @builder_opts) =
|
||||||
@{$target{build_scheme}};
|
@{$target{build_scheme}};
|
||||||
|
|
||||||
push @{$config{defines}},
|
|
||||||
map { (my $x = $_) =~ s/^OPENSSL_NO_/OPENSSL_EXPERIMENTAL_/; $x }
|
|
||||||
@{$config{openssl_experimental_defines}};
|
|
||||||
|
|
||||||
if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
|
if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
|
||||||
{
|
{
|
||||||
$config{cflags} .= " -mno-cygwin";
|
$config{cflags} .= " -mno-cygwin";
|
||||||
|
|
|
@ -84,13 +84,7 @@ void DES_string_to_key(const char *str, DES_cblock *key)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
DES_set_odd_parity(key);
|
DES_set_odd_parity(key);
|
||||||
#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
|
|
||||||
if (DES_is_weak_key(key))
|
|
||||||
(*key)[7] ^= 0xF0;
|
|
||||||
DES_set_key(key, &ks);
|
|
||||||
#else
|
|
||||||
DES_set_key_unchecked(key, &ks);
|
DES_set_key_unchecked(key, &ks);
|
||||||
#endif
|
|
||||||
DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
|
DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
|
||||||
OPENSSL_cleanse(&ks, sizeof(ks));
|
OPENSSL_cleanse(&ks, sizeof(ks));
|
||||||
DES_set_odd_parity(key);
|
DES_set_odd_parity(key);
|
||||||
|
@ -141,21 +135,9 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
|
||||||
#endif
|
#endif
|
||||||
DES_set_odd_parity(key1);
|
DES_set_odd_parity(key1);
|
||||||
DES_set_odd_parity(key2);
|
DES_set_odd_parity(key2);
|
||||||
#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
|
|
||||||
if (DES_is_weak_key(key1))
|
|
||||||
(*key1)[7] ^= 0xF0;
|
|
||||||
DES_set_key(key1, &ks);
|
|
||||||
#else
|
|
||||||
DES_set_key_unchecked(key1, &ks);
|
DES_set_key_unchecked(key1, &ks);
|
||||||
#endif
|
|
||||||
DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
|
DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
|
||||||
#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
|
|
||||||
if (DES_is_weak_key(key2))
|
|
||||||
(*key2)[7] ^= 0xF0;
|
|
||||||
DES_set_key(key2, &ks);
|
|
||||||
#else
|
|
||||||
DES_set_key_unchecked(key2, &ks);
|
DES_set_key_unchecked(key2, &ks);
|
||||||
#endif
|
|
||||||
DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
|
DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
|
||||||
OPENSSL_cleanse(&ks, sizeof(ks));
|
OPENSSL_cleanse(&ks, sizeof(ks));
|
||||||
DES_set_odd_parity(key1);
|
DES_set_odd_parity(key1);
|
||||||
|
|
|
@ -512,7 +512,7 @@ The B<-resign> option uses an existing message digest when adding a new
|
||||||
signer. This means that attributes must be present in at least one existing
|
signer. This means that attributes must be present in at least one existing
|
||||||
signer using the same message digest or this operation will fail.
|
signer using the same message digest or this operation will fail.
|
||||||
|
|
||||||
The B<-stream> and B<-indef> options enable experimental streaming I/O support.
|
The B<-stream> and B<-indef> options enable streaming I/O support.
|
||||||
As a result the encoding is BER using indefinite length constructed encoding
|
As a result the encoding is BER using indefinite length constructed encoding
|
||||||
and no longer DER. Streaming is supported for the B<-encrypt> operation and the
|
and no longer DER. Streaming is supported for the B<-encrypt> operation and the
|
||||||
B<-sign> operation if the content is not detached.
|
B<-sign> operation if the content is not detached.
|
||||||
|
|
|
@ -344,7 +344,7 @@ The B<-resign> option uses an existing message digest when adding a new
|
||||||
signer. This means that attributes must be present in at least one existing
|
signer. This means that attributes must be present in at least one existing
|
||||||
signer using the same message digest or this operation will fail.
|
signer using the same message digest or this operation will fail.
|
||||||
|
|
||||||
The B<-stream> and B<-indef> options enable experimental streaming I/O support.
|
The B<-stream> and B<-indef> options enable streaming I/O support.
|
||||||
As a result the encoding is BER using indefinite length constructed encoding
|
As a result the encoding is BER using indefinite length constructed encoding
|
||||||
and no longer DER. Streaming is supported for the B<-encrypt> operation and the
|
and no longer DER. Streaming is supported for the B<-encrypt> operation and the
|
||||||
B<-sign> operation if the content is not detached.
|
B<-sign> operation if the content is not detached.
|
||||||
|
|
|
@ -243,8 +243,6 @@ this outputs the certificate in the form of a C source file.
|
||||||
|
|
||||||
=head2 TRUST SETTINGS
|
=head2 TRUST SETTINGS
|
||||||
|
|
||||||
Please note these options are currently experimental and may well change.
|
|
||||||
|
|
||||||
A B<trusted certificate> is an ordinary certificate which has several
|
A B<trusted certificate> is an ordinary certificate which has several
|
||||||
additional pieces of information attached to it such as the permitted
|
additional pieces of information attached to it such as the permitted
|
||||||
and prohibited uses of the certificate and an "alias".
|
and prohibited uses of the certificate and an "alias".
|
||||||
|
|
|
@ -863,7 +863,6 @@ struct ssl_ctx_st {
|
||||||
|
|
||||||
# ifndef OPENSSL_NO_NEXTPROTONEG
|
# ifndef OPENSSL_NO_NEXTPROTONEG
|
||||||
/* Next protocol negotiation information */
|
/* Next protocol negotiation information */
|
||||||
/* (for experimental NPN extension). */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* For a server, this contains a callback function by which the set of
|
* For a server, this contains a callback function by which the set of
|
||||||
|
|
|
@ -1480,18 +1480,6 @@ sub read_options
|
||||||
if (exists $valid_options{$t})
|
if (exists $valid_options{$t})
|
||||||
{return 1;}
|
{return 1;}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
|
||||||
# experimental-xxx is mostly like enable-xxx, but opensslconf.v
|
|
||||||
# will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx.
|
|
||||||
# (No need to fail if we don't know the algorithm -- this is for adventurous users only.)
|
|
||||||
elsif (/^experimental-/)
|
|
||||||
{
|
|
||||||
my $algo, $ALGO;
|
|
||||||
($algo = $_) =~ s/^experimental-//;
|
|
||||||
($ALGO = $algo) =~ tr/[a-z]/[A-Z]/;
|
|
||||||
|
|
||||||
$xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags";
|
|
||||||
|
|
||||||
}
|
}
|
||||||
elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
|
elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
|
||||||
elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
|
elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
|
||||||
|
|
Loading…
Reference in New Issue