Remove "experimental" in code and comments, too.
authorRich Salz <rsalz@akamai.com>
Wed, 10 Feb 2016 16:10:39 +0000 (11:10 -0500)
committerRich Salz <rsalz@openssl.org>
Thu, 18 Feb 2016 02:12:30 +0000 (21:12 -0500)
Thanks to Viktor for additional review.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Configurations/90-team.conf
Configure
crypto/des/str2key.c
doc/apps/cms.pod
doc/apps/smime.pod
doc/apps/x509.pod
ssl/ssl_locl.h
util/mk1mf.pl

index 7dc5fda..2530945 100644 (file)
@@ -65,7 +65,7 @@
     },
     "debug-linux-ia32-aes" => {
         cc               => "gcc",
-        cflags           => "-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
+        cflags           => "-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
         thread_cflag     => "-D_REENTRANT",
         ex_libs          => "-ldl",
         bn_ops           => "BN_LLONG",
index 688735b..7e0882a 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -15,7 +15,7 @@ use File::Path qw/mkpath/;
 
 # see INSTALL for instructions.
 
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
 
 # Options:
 #
@@ -327,7 +327,7 @@ foreach my $proto ((@tls, @dtls))
 
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 
-my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
+my %disabled = ( # "what"         => "comment"
                 "ec_nistp_64_gcc_128" => "default",
                 "egd"            => "default",
                 "md2"            => "default",
@@ -340,7 +340,6 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
                 "crypto-mdebug"  => "default",
                 "heartbeats"     => "default",
               );
-my @experimental = ();
 
 # Note: => pair form used for aesthetics, not to truly make a hash table
 my @disable_cascades = (
@@ -410,13 +409,9 @@ my @default_depdefines =
     sort keys %disabled;
 
 # Explicit "no-..." options will be collected in %disabled along with the defaults.
-# To remove something from %disabled, use "enable-foo" (unless it's experimental).
+# To remove something from %disabled, use "enable-foo".
 # For symmetry, "disable-foo" is a synonym for "no-foo".
 
-# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
-# We will collect such requests in @experimental.
-# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
-
 my @generated_headers = (
     "include/openssl/opensslconf.h",
     "crypto/include/internal/bn_conf.h"
@@ -435,7 +430,6 @@ my $user_cflags="";
 my @user_defines=();
 my $unified = 0;
 $config{depdefines}=[];
-$config{openssl_experimental_defines}=[];
 $config{openssl_api_defines}=[];
 $config{openssl_algorithm_defines}=[];
 $config{openssl_thread_defines}=[];
@@ -518,7 +512,7 @@ foreach (@argvcopy)
        s /^zlib$/enable-zlib/;
        s /^zlib-dynamic$/enable-zlib-dynamic/;
 
-        if (/^(no|disable|enable|experimental)-(.+)$/)
+        if (/^(no|disable|enable)-(.+)$/)
                {
                my $word = $2;
                if (!grep { $word =~ /^${_}$/ } @disablables)
@@ -529,52 +523,43 @@ foreach (@argvcopy)
                }
        if (/^no-(.+)$/ || /^disable-(.+)$/)
                {
-               if (!($disabled{$1} eq "experimental"))
-                       {
-                       foreach my $proto ((@tls, @dtls))
-                               {
-                               if ($1 eq "$proto-method")
-                                       {
-                                       $disabled{"$proto"} = "option($proto-method)";
-                                       last;
-                                       }
-                               }
-                       if ($1 eq "dtls")
-                               {
-                                foreach my $proto (@dtls)
-                                       {
-                                       $disabled{$proto} = "option(dtls)";
-                                       }
-                               }
-                       elsif ($1 eq "ssl")
-                               {
-                               # Last one of its kind
-                               $disabled{"ssl3"} = "option(ssl)";
-                               }
-                       elsif ($1 eq "tls")
-                               {
-                                # XXX: Tests will fail if all SSL/TLS
-                                # protocols are disabled.
-                                foreach my $proto (@tls)
-                                       {
-                                       $disabled{$proto} = "option(tls)";
-                                       }
-                               }
-                       else
-                               {
-                               $disabled{$1} = "option";
-                               }
-                       }
+                foreach my $proto ((@tls, @dtls))
+                        {
+                        if ($1 eq "$proto-method")
+                                {
+                                $disabled{"$proto"} = "option($proto-method)";
+                                last;
+                                }
+                        }
+                if ($1 eq "dtls")
+                        {
+                        foreach my $proto (@dtls)
+                                {
+                                $disabled{$proto} = "option(dtls)";
+                                }
+                        }
+                elsif ($1 eq "ssl")
+                        {
+                        # Last one of its kind
+                        $disabled{"ssl3"} = "option(ssl)";
+                        }
+                elsif ($1 eq "tls")
+                        {
+                        # XXX: Tests will fail if all SSL/TLS
+                        # protocols are disabled.
+                        foreach my $proto (@tls)
+                                {
+                                $disabled{$proto} = "option(tls)";
+                                }
+                        }
+                else
+                        {
+                        $disabled{$1} = "option";
+                        }
                }
-       elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
+       elsif (/^enable-(.+)$/)
                {
                my $algo = $1;
-               if ($disabled{$algo} eq "experimental")
-                       {
-                       die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
-                               unless (/^experimental-/);
-                       push @experimental, $algo;
-                       }
                delete $disabled{$algo};
 
                $threads = 1 if ($algo eq "threads");
@@ -815,15 +800,6 @@ foreach (sort (keys %disabled))
        print "\n";
        }
 
-foreach (sort @experimental)
-       {
-       my $ALGO;
-       ($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
-
-       # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
-       push @{$config{openssl_experimental_defines}}, "OPENSSL_NO_$ALGO";
-       }
-
 print "Configuring for $target\n";
 
 # Support for legacy targets having a name starting with 'debug-'
@@ -896,10 +872,6 @@ if ($target{build_file} eq "Makefile"
 my ($builder, $builder_platform, @builder_opts) =
     @{$target{build_scheme}};
 
-push @{$config{defines}},
-    map { (my $x = $_) =~ s/^OPENSSL_NO_/OPENSSL_EXPERIMENTAL_/; $x }
-        @{$config{openssl_experimental_defines}};
-
 if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
        {
        $config{cflags} .= " -mno-cygwin";
index cd426c6..e671d14 100644 (file)
@@ -84,13 +84,7 @@ void DES_string_to_key(const char *str, DES_cblock *key)
     }
 #endif
     DES_set_odd_parity(key);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-    if (DES_is_weak_key(key))
-        (*key)[7] ^= 0xF0;
-    DES_set_key(key, &ks);
-#else
     DES_set_key_unchecked(key, &ks);
-#endif
     DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
     OPENSSL_cleanse(&ks, sizeof(ks));
     DES_set_odd_parity(key);
@@ -141,21 +135,9 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
 #endif
     DES_set_odd_parity(key1);
     DES_set_odd_parity(key2);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-    if (DES_is_weak_key(key1))
-        (*key1)[7] ^= 0xF0;
-    DES_set_key(key1, &ks);
-#else
     DES_set_key_unchecked(key1, &ks);
-#endif
     DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-    if (DES_is_weak_key(key2))
-        (*key2)[7] ^= 0xF0;
-    DES_set_key(key2, &ks);
-#else
     DES_set_key_unchecked(key2, &ks);
-#endif
     DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
     OPENSSL_cleanse(&ks, sizeof(ks));
     DES_set_odd_parity(key1);
index 7470fae..7a3505c 100644 (file)
@@ -512,7 +512,7 @@ The B<-resign> option uses an existing message digest when adding a new
 signer. This means that attributes must be present in at least one existing
 signer using the same message digest or this operation will fail.
 
-The B<-stream> and B<-indef> options enable experimental streaming I/O support.
+The B<-stream> and B<-indef> options enable streaming I/O support.
 As a result the encoding is BER using indefinite length constructed encoding
 and no longer DER. Streaming is supported for the B<-encrypt> operation and the
 B<-sign> operation if the content is not detached.
index 62f1417..82f3ecc 100644 (file)
@@ -344,7 +344,7 @@ The B<-resign> option uses an existing message digest when adding a new
 signer. This means that attributes must be present in at least one existing
 signer using the same message digest or this operation will fail.
 
-The B<-stream> and B<-indef> options enable experimental streaming I/O support.
+The B<-stream> and B<-indef> options enable streaming I/O support.
 As a result the encoding is BER using indefinite length constructed encoding
 and no longer DER. Streaming is supported for the B<-encrypt> operation and the
 B<-sign> operation if the content is not detached.
index a742fec..7efa4c1 100644 (file)
@@ -243,8 +243,6 @@ this outputs the certificate in the form of a C source file.
 
 =head2 TRUST SETTINGS
 
-Please note these options are currently experimental and may well change.
-
 A B<trusted certificate> is an ordinary certificate which has several
 additional pieces of information attached to it such as the permitted
 and prohibited uses of the certificate and an "alias".
index 00136b3..4946cfa 100644 (file)
@@ -863,7 +863,6 @@ struct ssl_ctx_st {
 
 #  ifndef OPENSSL_NO_NEXTPROTONEG
     /* Next protocol negotiation information */
-    /* (for experimental NPN extension). */
 
     /*
      * For a server, this contains a callback function by which the set of
index 085db5f..41aa0ec 100755 (executable)
@@ -1481,18 +1481,6 @@ sub read_options
                        {return 1;}
                return 0;
                }
-       # experimental-xxx is mostly like enable-xxx, but opensslconf.v
-       # will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx.
-       # (No need to fail if we don't know the algorithm -- this is for adventurous users only.)
-       elsif (/^experimental-/)
-               {
-               my $algo, $ALGO;
-               ($algo = $_) =~ s/^experimental-//;
-               ($ALGO = $algo) =~ tr/[a-z]/[A-Z]/;
-
-               $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags";
-               
-               }
        elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
        elsif (/^-[lL].*$/)     { $l_flags.="$_ "; }
        elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)