Implement Configure option pattern "experimental-foo"
authorBodo Möller <bodo@openssl.org>
Tue, 2 Dec 2008 01:21:39 +0000 (01:21 +0000)
committerBodo Möller <bodo@openssl.org>
Tue, 2 Dec 2008 01:21:39 +0000 (01:21 +0000)
(specifically, "experimental-jpake").

CHANGES
Configure
apps/Makefile
crypto/aes/Makefile
crypto/camellia/Makefile
crypto/err/Makefile
crypto/evp/Makefile
crypto/jpake/jpaketest.c
test/Makefile

diff --git a/CHANGES b/CHANGES
index 034b46d..213927b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
  Changes between 0.9.8i and 0.9.8j  [xx XXX xxxx]
 
   *) Allow the CHIL engine to be loaded, whether the application is
-        multithreaded or not. (This does not release the developer from the
-        obligation to set up the dynamic locking callbacks.)
-        [Sander Temme <sander@temme.net>]
+     multithreaded or not. (This does not release the developer from the
+     obligation to set up the dynamic locking callbacks.)
+     [Sander Temme <sander@temme.net>]
 
   *) Use correct exit code if there is an error in dgst command.
      [Steve Henson; problem pointed out by Roland Dirlewanger]
 
-  *) Add JPAKE support, including demo authentication in s_client and
-     s_server.
+  *) Tweak Configure so that you need to say "experimental-jpake" to enable
+     JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
+     [Bodo Moeller]
+
+  *) Add experimental JPAKE support, including demo authentication in
+     s_client and s_server.
      [Ben Laurie]
 
   *) Set the comparison function in v3_addr_canonize().
index 9ac8d0f..87e5abb 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -10,7 +10,7 @@ use strict;
 
 # see INSTALL for instructions.
 
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
 
 # Options:
 #
@@ -645,8 +645,9 @@ my $perl;
 
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 
-my %disabled = ( # "what"         => "comment"
+my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
                 "gmp"            => "default",
+                 "jpake"          => "experimental",
                  "mdc2"           => "default",
                  "rc5"            => "default",
                 "rfc3779"        => "default",
@@ -654,13 +655,20 @@ my %disabled = ( # "what"         => "comment"
                  "zlib"           => "default",
                  "zlib-dynamic"   => "default"
                );
+my @experimental = ();
 
-# Additional "no-..." options will be collected in %disabled.
-# To remove something from %disabled, use e.g. "enable-rc5".
-# For symmetry, "disable-..." is a synonym for "no-...".
+# This is what $depflags will look like with the above defaults
+# (we need this to see if we should advise the user to run "make depend"):
+my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779";
 
-# This is what $depflags will look like with the above default:
-my $default_depflags = "-DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 ";
+
+# Explicit "no-..." options will be collected in %disabled along with the defaults.
+# To remove something from %disabled, use "enable-foo" (unless it's experimental).
+# For symmetry, "disable-foo" is a synonym for "no-foo".
+
+# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
+# We will collect such requests in @experimental.
+# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
 
 
 my $no_sse2=0;
@@ -669,6 +677,7 @@ my $no_sse2=0;
 
 my $flags;
 my $depflags;
+my $openssl_experimental_defines;
 my $openssl_algorithm_defines;
 my $openssl_thread_defines;
 my $openssl_sys_defines="";
@@ -689,6 +698,7 @@ while($argv_unprocessed)
        {
        $flags="";
        $depflags="";
+       $openssl_experimental_defines="";
        $openssl_algorithm_defines="";
        $openssl_thread_defines="";
        $openssl_sys_defines="";
@@ -714,25 +724,35 @@ PROCESS_ARGS:
 
                if (/^no-(.+)$/ || /^disable-(.+)$/)
                        {
-                       if ($1 eq "ssl")
+                       if (!($disabled{$1} eq "experimental"))
                                {
-                               $disabled{"ssl2"} = "option(ssl)";
-                               $disabled{"ssl3"} = "option(ssl)";
-                               }
-                       elsif ($1 eq "tls")
-                               {
-                               $disabled{"tls1"} = "option(tls)"
-                               }
-                       else
+                               if ($1 eq "ssl")
+                                       {
+                                       $disabled{"ssl2"} = "option(ssl)";
+                                       $disabled{"ssl3"} = "option(ssl)";
+                                       }
+                               elsif ($1 eq "tls")
+                                       {
+                                       $disabled{"tls1"} = "option(tls)"
+                                       }
+                               else
+                                       {
+                                       $disabled{$1} = "option";
+                                       }
+                               }                       
+                       }
+               elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
+                       {
+                       my $algo = $1;
+                       if ($disabled{$algo} eq "experimental")
                                {
-                               $disabled{$1} = "option";
+                               die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
+                                       unless (/^experimental-/);
+                               push @experimental, $algo;
                                }
-                       }                       
-               elsif (/^enable-(.+)$/)
-                       {
-                       delete $disabled{$1};
+                       delete $disabled{$algo};
 
-                       $threads = 1 if ($1 eq "threads");
+                       $threads = 1 if ($algo eq "threads");
                        }
                elsif (/^--test-sanity$/)
                        {
@@ -962,7 +982,7 @@ foreach (sort (keys %disabled))
                                push @skip, $algo;
                                print " (skip dir)";
 
-                               $depflags .="-DOPENSSL_NO_$ALGO ";
+                               $depflags .= " -DOPENSSL_NO_$ALGO";
                                }
                        }
                }
@@ -970,6 +990,16 @@ foreach (sort (keys %disabled))
        print "\n";
        }
 
+my $exp_cflags = "";
+foreach (sort @experimental)
+       {
+       my $ALGO;
+       ($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
+
+       # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
+       $openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n";
+       $exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
+       }
 
 my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
 
@@ -1022,6 +1052,8 @@ my $shared_extension = $fields[$idx_shared_extension];
 my $ranlib = $fields[$idx_ranlib];
 my $arflags = $fields[$idx_arflags];
 
+$cflags = "$cflags$exp_cflags";
+
 # '%' in $lflags is used to split flags to "pre-" and post-flags
 my ($prelflags,$postlflags)=split('%',$lflags);
 if (defined($postlflags))      { $lflags=$postlflags;  }
@@ -1406,7 +1438,7 @@ while (<IN>)
                }
        s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
        s/^CFLAG=.*$/CFLAG= $cflags/;
-       s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
+       s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
        s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/;
        s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
        s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
@@ -1538,6 +1570,7 @@ print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configur
 
 print OUT "/* OpenSSL was configured with the following options: */\n";
 my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
+$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n#  define OPENSSL_NO_$1\n# endif\n#endif/mg;
 $openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n#  define $1\n# endif/mg;
 $openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
 $openssl_algorithm_defines = "   /* no ciphers excluded */\n" if $openssl_algorithm_defines eq "";
@@ -1546,8 +1579,10 @@ $openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/
 $openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
 print OUT $openssl_sys_defines;
 print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
+print OUT $openssl_experimental_defines;
+print OUT "\n";
 print OUT $openssl_algorithm_defines;
-print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n";
+print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n";
 print OUT $openssl_thread_defines;
 print OUT $openssl_other_defines,"\n";
 
index 20975c2..1718538 100644 (file)
@@ -188,18 +188,17 @@ apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 apps.o: ../include/openssl/engine.h ../include/openssl/err.h
-apps.o: ../include/openssl/evp.h ../include/openssl/jpake.h
-apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-apps.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
-apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-apps.o: ../include/openssl/x509v3.h apps.c apps.h
+apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
+apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+apps.o: ../include/openssl/ui.h ../include/openssl/x509.h
+apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
 asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
index 4c22daf..0ebd4a2 100644 (file)
@@ -107,8 +107,11 @@ aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 aes_cfb.o: aes_cfb.c aes_locl.h
 aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
-aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
-aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
+aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/crypto.h
+aes_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+aes_ctr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+aes_ctr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+aes_ctr.o: ../../include/openssl/symhacks.h aes_ctr.c aes_locl.h
 aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
 aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h
index 223a807..6154f81 100644 (file)
@@ -81,19 +81,22 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-camellia.o: camellia.c camellia.h cmll_locl.h
-cmll_cbc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+camellia.o: ../../include/openssl/opensslconf.h camellia.c camellia.h
+camellia.o: cmll_locl.h
+cmll_cbc.o: ../../include/openssl/camellia.h
 cmll_cbc.o: ../../include/openssl/opensslconf.h cmll_cbc.c cmll_locl.h
 cmll_cfb.o: ../../e_os.h ../../include/openssl/camellia.h
 cmll_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 cmll_cfb.o: cmll_cfb.c cmll_locl.h
-cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
-cmll_ctr.o: ../../include/openssl/opensslconf.h cmll_ctr.c cmll_locl.h
-cmll_ecb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h
+cmll_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cmll_ctr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cmll_ctr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cmll_ctr.o: ../../include/openssl/symhacks.h cmll_ctr.c cmll_locl.h
+cmll_ecb.o: ../../include/openssl/camellia.h
 cmll_ecb.o: ../../include/openssl/opensslconf.h cmll_ecb.c cmll_locl.h
-cmll_misc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_misc.o: ../../include/openssl/camellia.h
 cmll_misc.o: ../../include/openssl/opensslconf.h
 cmll_misc.o: ../../include/openssl/opensslv.h cmll_locl.h cmll_misc.c
-cmll_ofb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_ofb.o: ../../include/openssl/camellia.h
 cmll_ofb.o: ../../include/openssl/opensslconf.h cmll_locl.h cmll_ofb.c
index 3581d10..862b23b 100644 (file)
@@ -90,18 +90,17 @@ err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 err_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 err_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-err_all.o: ../../include/openssl/jpake.h ../../include/openssl/lhash.h
-err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-err_all.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
-err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
-err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
-err_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h
-err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-err_all.o: err_all.c
+err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h
+err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err_all.o: ../../include/openssl/ts.h ../../include/openssl/ui.h
+err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+err_all.o: ../../include/openssl/x509v3.h err_all.c
 err_prn.o: ../../e_os.h ../../include/openssl/bio.h
 err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
index a112edf..7e0a928 100644 (file)
@@ -307,6 +307,7 @@ e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
 e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
+e_xcbc_d.o: evp_locl.h
 encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
index 74d65b9..eaba75e 100644 (file)
@@ -1,5 +1,5 @@
-
 #include <openssl/opensslconf.h>
+
 #ifdef OPENSSL_NO_JPAKE
 
 #include <stdio.h>
index 33e6f0c..5f8dc74 100644 (file)
@@ -572,14 +572,7 @@ ideatest.o: ../include/openssl/opensslconf.h ideatest.c
 igetest.o: ../include/openssl/aes.h ../include/openssl/e_os2.h
 igetest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
 igetest.o: ../include/openssl/rand.h igetest.c
-jpaketest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-jpaketest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-jpaketest.o: ../include/openssl/err.h ../include/openssl/jpake.h
-jpaketest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-jpaketest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-jpaketest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-jpaketest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-jpaketest.o: jpaketest.c
+jpaketest.o: ../include/openssl/opensslconf.h jpaketest.c
 md2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 md2test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 md2test.o: ../include/openssl/evp.h ../include/openssl/md2.h