Update from stable-branch.
authorDr. Stephen Henson <steve@openssl.org>
Mon, 24 Nov 2008 17:27:08 +0000 (17:27 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 24 Nov 2008 17:27:08 +0000 (17:27 +0000)
CHANGES
Configure
apps/apps.c
apps/apps.h
apps/s_client.c
apps/s_server.c
crypto/err/err_all.c
crypto/jpake/jpake.h
crypto/jpake/jpaketest.c
util/mk1mf.pl
util/mkdef.pl

diff --git a/CHANGES b/CHANGES
index e255b7c..034b46d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
         obligation to set up the dynamic locking callbacks.)
         [Sander Temme <sander@temme.net>]
 
-  *) Update Configure code and WIN32 build scripts to support experimental
-     code. This is surrounded by OPENSSL_EXPERIMENTAL_FOO and not compiled
-     in by default. Using the configuration option "enable-experimental-foo"
-     enables it. Use this option for JPAKE.
-     [Steve Henson]
-
   *) Use correct exit code if there is an error in dgst command.
      [Steve Henson; problem pointed out by Roland Dirlewanger]
 
index dbdd8d1..9ac8d0f 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -611,7 +611,6 @@ my $no_threads=0;
 my $threads=0;
 my $no_shared=0; # but "no-shared" is default
 my $zlib=1;      # but "no-zlib" is default
-my $jpake=1;      # but "no-jpake" is default
 my $no_krb5=0;   # but "no-krb5" is implied unless "--with-krb5-..." is used
 my $no_rfc3779=1; # but "no-rfc3779" is default
 my $no_asm=0;
@@ -648,7 +647,6 @@ my $perl;
 
 my %disabled = ( # "what"         => "comment"
                 "gmp"            => "default",
-                 #"experimental-jpake"          => "default",
                  "mdc2"           => "default",
                  "rc5"            => "default",
                 "rfc3779"        => "default",
@@ -929,8 +927,6 @@ foreach (sort (keys %disabled))
                { $no_threads = 1; }
        elsif (/^shared$/)
                { $no_shared = 1; }
-       elsif (/^experimental-jpake$/)
-               { $jpake = 0; push @skip, "jpake"}
        elsif (/^zlib$/)
                { $zlib = 0; }
        elsif (/^static-engine$/)
@@ -1172,11 +1168,6 @@ if ($threads)
        $openssl_thread_defines .= $thread_defines;
        }
 
-if ($jpake)
-       {
-       $openssl_other_defines .= "#define OPENSSL_EXPERIMENTAL_JPAKE\n";
-       }
-
 if ($zlib)
        {
        $cflags = "-DZLIB $cflags";
index 6a65f94..56e87ec 100644 (file)
 #include <openssl/rsa.h>
 #endif
 #include <openssl/bn.h>
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
 #include <openssl/jpake.h>
 #endif
 
@@ -2381,7 +2381,7 @@ void policies_print(BIO *out, X509_STORE_CTX *ctx)
                BIO_free(out);
        }
 
-#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK)
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
 
 static JPAKE_CTX *jpake_init(const char *us, const char *them,
                                                         const char *secret)
index 62a8659..4b0a0e1 100644 (file)
@@ -308,8 +308,10 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
 int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
 int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
                        const char *algname, ENGINE *e, int do_param);
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_PSK
 extern char *psk_key;
+#endif
+#ifndef OPENSSL_NO_JPAKE
 void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
 void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
 #endif
index 05ebff1..f0783bc 100644 (file)
@@ -312,7 +312,7 @@ static void sc_usage(void)
 #ifndef OPENSSL_NO_PSK
        BIO_printf(bio_err," -psk_identity arg - PSK identity\n");
        BIO_printf(bio_err," -psk arg      - PSK in hex (without 0x)\n");
-# ifdef OPENSSL_EXPERIMENTAL_JPAKE
+# ifndef OPENSSL_NO_JPAKE
        BIO_printf(bio_err," -jpake arg    - JPAKE secret to use\n");
 # endif
 #endif
@@ -432,7 +432,7 @@ int MAIN(int argc, char **argv)
        int peerlen = sizeof(peer);
        int enable_timeouts = 0 ;
        long socket_mtu = 0;
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
        char *jpake_secret = NULL;
 #endif
 
@@ -704,7 +704,7 @@ int MAIN(int argc, char **argv)
                        /* meth=TLSv1_client_method(); */
                        }
 #endif
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
                else if (strcmp(*argv,"-jpake") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -727,7 +727,7 @@ bad:
                goto end;
                }
 
-#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK)
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
        if (jpake_secret)
                {
                if (psk_key)
@@ -845,7 +845,11 @@ bad:
 #endif
 
 #ifndef OPENSSL_NO_PSK
+#ifdef OPENSSL_NO_JPAKE
+       if (psk_key != NULL)
+#else
        if (psk_key != NULL || jpake_secret)
+#endif
                {
                if (c_debug)
                        BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
@@ -1049,7 +1053,7 @@ SSL_set_tlsext_status_ids(con, ids);
 #endif
                }
 #endif
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
        if (jpake_secret)
                jpake_client_auth(bio_c_out, sbio, jpake_secret);
 #endif
index 277b2f0..3b7fb07 100644 (file)
@@ -450,7 +450,7 @@ static void sv_usage(void)
 #ifndef OPENSSL_NO_PSK
        BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n");
        BIO_printf(bio_err," -psk arg      - PSK in hex (without 0x)\n");
-# ifdef OPENSSL_EXPERIMENTAL_JPAKE
+# ifndef OPENSSL_NO_JPAKE
        BIO_printf(bio_err," -jpake arg    - JPAKE secret to use\n");
 # endif
 #endif
@@ -827,7 +827,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
 
 int MAIN(int, char **);
 
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
 static char *jpake_secret = NULL;
 #endif
 
@@ -1189,7 +1189,7 @@ int MAIN(int argc, char *argv[])
                        }
                        
 #endif
-#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK)
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
                else if (strcmp(*argv,"-jpake") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -1212,7 +1212,7 @@ bad:
                goto end;
                }
 
-#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK)
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
        if (jpake_secret)
                {
                if (psk_key)
@@ -1616,7 +1616,11 @@ bad:
 #endif
 
 #ifndef OPENSSL_NO_PSK
+#ifdef OPENSSL_NO_JPAKE
+       if (psk_key != NULL)
+#else
        if (psk_key != NULL || jpake_secret)
+#endif
                {
                if (s_debug)
                        BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n");
@@ -1843,7 +1847,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                test=BIO_new(BIO_f_nbio_test());
                sbio=BIO_push(test,sbio);
                }
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
        if(jpake_secret)
                jpake_server_auth(bio_s_out, sbio, jpake_secret);
 #endif
index 06e137e..8cc9b80 100644 (file)
@@ -99,7 +99,7 @@
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
 #endif
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
 #include <openssl/jpake.h>
 #endif
 
@@ -151,7 +151,7 @@ void ERR_load_crypto_strings(void)
 #ifndef OPENSSL_NO_CMS
        ERR_load_CMS_strings();
 #endif
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
        ERR_load_JPAKE_strings();
 #endif
 #endif
index 8beb9a5..693ea18 100644 (file)
 
 #include <openssl/opensslconf.h>
 
+#ifdef OPENSSL_NO_JPAKE
+#error JPAKE is disabled.
+#endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
index 6bf7ee4..008756f 100644 (file)
@@ -1,4 +1,6 @@
-#ifndef OPENSSL_EXPERIMENTAL_JPAKE
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_JPAKE
 
 #include <stdio.h>
 
index 0751413..22ef396 100755 (executable)
@@ -266,7 +266,7 @@ $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
 $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
 $cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
 $cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
-$cflags.=" -DOPENSSL_EXPERIMENTAL_JPAKE"    if $jpake;
+$cflags.=" -DOPENSSL_NO_JPAKE"    if $no_jpake;
 $cflags.= " -DZLIB" if $zlib_opt;
 $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
 
@@ -706,7 +706,7 @@ sub var_add
        return("") if $no_dh   && $dir =~ /\/dh/;
        return("") if $no_ec   && $dir =~ /\/ec/;
        return("") if $no_cms  && $dir =~ /\/cms/;
-       return("") if !$jpake  && $dir =~ /\/jpake/;
+       return("") if $no_jpake  && $dir =~ /\/jpake/;
        if ($no_des && $dir =~ /\/des/)
                {
                if ($val =~ /read_pwd/)
@@ -1037,6 +1037,7 @@ sub read_options
                "no-ssl3" => \$no_ssl3,
                "no-tlsext" => \$no_tlsext,
                "no-cms" => \$no_cms,
+               "no-jpake" => \$no_jpake,
                "no-err" => \$no_err,
                "no-sock" => \$no_sock,
                "no-krb5" => \$no_krb5,
@@ -1063,8 +1064,6 @@ sub read_options
                "no-shared" => 0,
                "no-zlib" => 0,
                "no-zlib-dynamic" => 0,
-               "no-experimental-jpake" => 0,
-               "enable-experimental-jpake" => \$jpake,
                );
 
        if (exists $valid_options{$_})
index 10098fb..1766e99 100755 (executable)
@@ -79,8 +79,7 @@ my $OS2=0;
 my $safe_stack_def = 0;
 
 my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
-                       "EXPORT_VAR_AS_FUNCTION", "ZLIB",
-                       "OPENSSL_EXPERIMENTAL_JPAKE" );
+                       "EXPORT_VAR_AS_FUNCTION", "ZLIB" );
 my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
 my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
@@ -104,6 +103,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         "CMS",
                         # CryptoAPI Engine
                         "CAPIENG",
+                        # JPAKE
+                        "JPAKE",
                         # Deprecated functions
                         "DEPRECATED" );
 
@@ -124,6 +125,7 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
 my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
+my $no_jpake;
 
 my $zlib;
 
@@ -152,10 +154,6 @@ foreach (@ARGV, split(/ /, $options))
                $zlib = 1;
        }
 
-       if ($_ eq "enable-experimental-jpake") {
-               $jpake = 1;
-       }
-
        $do_ssl=1 if $_ eq "ssleay";
        if ($_ eq "ssl") {
                $do_ssl=1; 
@@ -216,6 +214,7 @@ foreach (@ARGV, split(/ /, $options))
        elsif (/^no-tlsext$/)   { $no_tlsext=1; }
        elsif (/^no-cms$/)      { $no_cms=1; }
        elsif (/^no-capieng$/)  { $no_capieng=1; }
+       elsif (/^no-jpake$/)    { $no_jpake=1; }
        }
 
 
@@ -556,10 +555,6 @@ sub do_defs
                                                $tag{$tag[$tag_i]}=2;
                                                print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug;
                                        }
-                                       if ($tag[$tag_i] eq "OPENSSL_EXPERIMENTAL_".$1) {
-                                               $tag{$tag[$tag_i]}=-2;
-                                               print STDERR "DEBUG: $file: chaged tag $1 = -2\n" if $debug;
-                                       }
                                        $tag_i--;
                                }
                        } elsif (/^\#\s*endif/) {
@@ -569,8 +564,6 @@ sub do_defs
                                        print STDERR "DEBUG: \$t=\"$t\"\n" if $debug;
                                        if ($tag{$t}==2) {
                                                $tag{$t}=-1;
-                                       } elsif ($tag{$t}==-2) {
-                                               $tag{$t}=1;
                                        } else {
                                                $tag{$t}=0;
                                        }
@@ -1107,11 +1100,6 @@ sub is_valid
                                return 1;
                        }
                        if ($keyword eq "ZLIB" && $zlib) { return 1; }
-                       if ($keyword eq "OPENSSL_EXPERIMENTAL_JPAKE" && $jpake) {
-
-
-                               return 1;
-                       }
                        return 0;
                } else {
                        # algorithms
@@ -1158,6 +1146,7 @@ sub is_valid
                        if ($keyword eq "PSK" && $no_psk) { return 0; }
                        if ($keyword eq "CMS" && $no_cms) { return 0; }
                        if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
+                       if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
                        if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
 
                        # Nothing recognise as true