Remove "experimental" in code and comments, too.

Thanks to Viktor for additional review.

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/Configurations/90-team.conf b/Configurations/90-team.conf
index 7dc5fdae48bef961856d1f82b98d79ffe3f075ec..253094541d4b8690877cb0f91d1411b01e375778 100644 (file)
--- a/Configurations/90-team.conf
+++ b/Configurations/90-team.conf
@@ -65,7 +65,7 @@
     },
     "debug-linux-ia32-aes" => {
         cc               => "gcc",
     },
     "debug-linux-ia32-aes" => {
         cc               => "gcc",

-        cflags           => "-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
+        cflags           => "-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",

         thread_cflag     => "-D_REENTRANT",
         ex_libs          => "-ldl",
         bn_ops           => "BN_LLONG",
         thread_cflag     => "-D_REENTRANT",
         ex_libs          => "-ldl",
         bn_ops           => "BN_LLONG",

diff --git a/Configure b/Configure
index 688735b3198428dde1c299ed38773593876c3559..7e0882a2bcf0371d85d1db095758e95dae9c3ea2 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -15,7 +15,7 @@ use File::Path qw/mkpath/;
 
 # see INSTALL for instructions.
 
 
 # see INSTALL for instructions.
 

-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";

 
 # Options:
 #
 
 # Options:
 #


@@ -327,7 +327,7 @@ foreach my $proto ((@tls, @dtls))
 
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 
 
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 

-my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
+my %disabled = ( # "what"         => "comment"

                 "ec_nistp_64_gcc_128" => "default",
                 "egd"            => "default",
                 "md2"            => "default",
                 "ec_nistp_64_gcc_128" => "default",
                 "egd"            => "default",
                 "md2"            => "default",


@@ -340,7 +340,6 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
                 "crypto-mdebug"  => "default",
                 "heartbeats"     => "default",
               );
                 "crypto-mdebug"  => "default",
                 "heartbeats"     => "default",
               );

-my @experimental = ();

 
 # Note: => pair form used for aesthetics, not to truly make a hash table
 my @disable_cascades = (
 
 # Note: => pair form used for aesthetics, not to truly make a hash table
 my @disable_cascades = (


@@ -410,13 +409,9 @@ my @default_depdefines =
     sort keys %disabled;
 
 # Explicit "no-..." options will be collected in %disabled along with the defaults.
     sort keys %disabled;
 
 # Explicit "no-..." options will be collected in %disabled along with the defaults.

-# To remove something from %disabled, use "enable-foo" (unless it's experimental).
+# To remove something from %disabled, use "enable-foo".

 # For symmetry, "disable-foo" is a synonym for "no-foo".
 
 # For symmetry, "disable-foo" is a synonym for "no-foo".
 

-# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
-# We will collect such requests in @experimental.
-# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
-

 my @generated_headers = (
     "include/openssl/opensslconf.h",
     "crypto/include/internal/bn_conf.h"
 my @generated_headers = (
     "include/openssl/opensslconf.h",
     "crypto/include/internal/bn_conf.h"


@@ -435,7 +430,6 @@ my $user_cflags="";
 my @user_defines=();
 my $unified = 0;
 $config{depdefines}=[];
 my @user_defines=();
 my $unified = 0;
 $config{depdefines}=[];

-$config{openssl_experimental_defines}=[];

 $config{openssl_api_defines}=[];
 $config{openssl_algorithm_defines}=[];
 $config{openssl_thread_defines}=[];
 $config{openssl_api_defines}=[];
 $config{openssl_algorithm_defines}=[];
 $config{openssl_thread_defines}=[];


@@ -518,7 +512,7 @@ foreach (@argvcopy)
        s /^zlib$/enable-zlib/;
        s /^zlib-dynamic$/enable-zlib-dynamic/;
 
        s /^zlib$/enable-zlib/;
        s /^zlib-dynamic$/enable-zlib-dynamic/;
 

-        if (/^(no|disable|enable|experimental)-(.+)$/)
+        if (/^(no|disable|enable)-(.+)$/)

                {
                my $word = $2;
                if (!grep { $word =~ /^${_}$/ } @disablables)
                {
                my $word = $2;
                if (!grep { $word =~ /^${_}$/ } @disablables)


@@ -529,52 +523,43 @@ foreach (@argvcopy)
                }
        if (/^no-(.+)$/ || /^disable-(.+)$/)
                {
                }
        if (/^no-(.+)$/ || /^disable-(.+)$/)
                {

-               if (!($disabled{$1} eq "experimental"))
-                       {
-                       foreach my $proto ((@tls, @dtls))
-                               {
-                               if ($1 eq "$proto-method")
-                                       {
-                                       $disabled{"$proto"} = "option($proto-method)";
-                                       last;
-                                       }
-                               }
-                       if ($1 eq "dtls")
-                               {
-                                foreach my $proto (@dtls)
-                                       {
-                                       $disabled{$proto} = "option(dtls)";
-                                       }
-                               }
-                       elsif ($1 eq "ssl")
-                               {
-                               # Last one of its kind
-                               $disabled{"ssl3"} = "option(ssl)";
-                               }
-                       elsif ($1 eq "tls")
-                               {
-                                # XXX: Tests will fail if all SSL/TLS
-                                # protocols are disabled.
-                                foreach my $proto (@tls)
-                                       {
-                                       $disabled{$proto} = "option(tls)";
-                                       }
-                               }
-                       else
-                               {
-                               $disabled{$1} = "option";
-                               }
-                       }
+                foreach my $proto ((@tls, @dtls))
+                        {
+                        if ($1 eq "$proto-method")
+                                {
+                                $disabled{"$proto"} = "option($proto-method)";
+                                last;
+                                }
+                        }
+                if ($1 eq "dtls")
+                        {
+                        foreach my $proto (@dtls)
+                                {
+                                $disabled{$proto} = "option(dtls)";
+                                }
+                        }
+                elsif ($1 eq "ssl")
+                        {
+                        # Last one of its kind
+                        $disabled{"ssl3"} = "option(ssl)";
+                        }
+                elsif ($1 eq "tls")
+                        {
+                        # XXX: Tests will fail if all SSL/TLS
+                        # protocols are disabled.
+                        foreach my $proto (@tls)
+                                {
+                                $disabled{$proto} = "option(tls)";
+                                }
+                        }
+                else
+                        {
+                        $disabled{$1} = "option";
+                        }

                }
                }

-       elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
+       elsif (/^enable-(.+)$/)

                {
                my $algo = $1;
                {
                my $algo = $1;

-               if ($disabled{$algo} eq "experimental")
-                       {
-                       die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
-                               unless (/^experimental-/);
-                       push @experimental, $algo;
-                       }

                delete $disabled{$algo};
 
                $threads = 1 if ($algo eq "threads");
                delete $disabled{$algo};
 
                $threads = 1 if ($algo eq "threads");


@@ -815,15 +800,6 @@ foreach (sort (keys %disabled))
        print "\n";
        }
 
        print "\n";
        }
 

-foreach (sort @experimental)
-       {
-       my $ALGO;
-       ($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
-
-       # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
-       push @{$config{openssl_experimental_defines}}, "OPENSSL_NO_$ALGO";
-       }
-

 print "Configuring for $target\n";
 
 # Support for legacy targets having a name starting with 'debug-'
 print "Configuring for $target\n";
 
 # Support for legacy targets having a name starting with 'debug-'


@@ -896,10 +872,6 @@ if ($target{build_file} eq "Makefile"
 my ($builder, $builder_platform, @builder_opts) =
     @{$target{build_scheme}};
 
 my ($builder, $builder_platform, @builder_opts) =
     @{$target{build_scheme}};
 

-push @{$config{defines}},
-    map { (my $x = $_) =~ s/^OPENSSL_NO_/OPENSSL_EXPERIMENTAL_/; $x }
-        @{$config{openssl_experimental_defines}};
-

 if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
        {
        $config{cflags} .= " -mno-cygwin";
 if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
        {
        $config{cflags} .= " -mno-cygwin";

diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
index cd426c6b470db19c46a41ee062b0b1602f70d04d..e671d14b0f8dbec699b87002dd7689efcb565b06 100644 (file)
--- a/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
@@ -84,13 +84,7 @@ void DES_string_to_key(const char *str, DES_cblock *key)
     }
 #endif
     DES_set_odd_parity(key);
     }
 #endif
     DES_set_odd_parity(key);

-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-    if (DES_is_weak_key(key))
-        (*key)[7] ^= 0xF0;
-    DES_set_key(key, &ks);
-#else

     DES_set_key_unchecked(key, &ks);
     DES_set_key_unchecked(key, &ks);

-#endif

     DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
     OPENSSL_cleanse(&ks, sizeof(ks));
     DES_set_odd_parity(key);
     DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
     OPENSSL_cleanse(&ks, sizeof(ks));
     DES_set_odd_parity(key);


@@ -141,21 +135,9 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
 #endif
     DES_set_odd_parity(key1);
     DES_set_odd_parity(key2);
 #endif
     DES_set_odd_parity(key1);
     DES_set_odd_parity(key2);

-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-    if (DES_is_weak_key(key1))
-        (*key1)[7] ^= 0xF0;
-    DES_set_key(key1, &ks);
-#else

     DES_set_key_unchecked(key1, &ks);
     DES_set_key_unchecked(key1, &ks);

-#endif

     DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
     DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);

-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-    if (DES_is_weak_key(key2))
-        (*key2)[7] ^= 0xF0;
-    DES_set_key(key2, &ks);
-#else

     DES_set_key_unchecked(key2, &ks);
     DES_set_key_unchecked(key2, &ks);

-#endif

     DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
     OPENSSL_cleanse(&ks, sizeof(ks));
     DES_set_odd_parity(key1);
     DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
     OPENSSL_cleanse(&ks, sizeof(ks));
     DES_set_odd_parity(key1);

diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index 7470fae795c2fd6bb97fddc9d20b3d05e6bca521..7a3505cb216fadb46054a7eb30c811351ab8c6d9 100644 (file)
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -512,7 +512,7 @@ The B<-resign> option uses an existing message digest when adding a new
 signer. This means that attributes must be present in at least one existing
 signer using the same message digest or this operation will fail.
 
 signer. This means that attributes must be present in at least one existing
 signer using the same message digest or this operation will fail.
 

-The B<-stream> and B<-indef> options enable experimental streaming I/O support.
+The B<-stream> and B<-indef> options enable streaming I/O support.

 As a result the encoding is BER using indefinite length constructed encoding
 and no longer DER. Streaming is supported for the B<-encrypt> operation and the
 B<-sign> operation if the content is not detached.
 As a result the encoding is BER using indefinite length constructed encoding
 and no longer DER. Streaming is supported for the B<-encrypt> operation and the
 B<-sign> operation if the content is not detached.

diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index 62f1417d524e704051c9ae5ff1da110034f8cc32..82f3ecc698ad74e9885fc7c02bc4c7eb5a1862d4 100644 (file)
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -344,7 +344,7 @@ The B<-resign> option uses an existing message digest when adding a new
 signer. This means that attributes must be present in at least one existing
 signer using the same message digest or this operation will fail.
 
 signer. This means that attributes must be present in at least one existing
 signer using the same message digest or this operation will fail.
 

-The B<-stream> and B<-indef> options enable experimental streaming I/O support.
+The B<-stream> and B<-indef> options enable streaming I/O support.

 As a result the encoding is BER using indefinite length constructed encoding
 and no longer DER. Streaming is supported for the B<-encrypt> operation and the
 B<-sign> operation if the content is not detached.
 As a result the encoding is BER using indefinite length constructed encoding
 and no longer DER. Streaming is supported for the B<-encrypt> operation and the
 B<-sign> operation if the content is not detached.

diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index a742fecc4f38dfe1763c53317f605d6cd7418f63..7efa4c13ecb65ea28a079e985ec442d52ce4870c 100644 (file)
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -243,8 +243,6 @@ this outputs the certificate in the form of a C source file.
 
 =head2 TRUST SETTINGS
 
 
 =head2 TRUST SETTINGS
 

-Please note these options are currently experimental and may well change.
-

 A B<trusted certificate> is an ordinary certificate which has several
 additional pieces of information attached to it such as the permitted
 and prohibited uses of the certificate and an "alias".
 A B<trusted certificate> is an ordinary certificate which has several
 additional pieces of information attached to it such as the permitted
 and prohibited uses of the certificate and an "alias".

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 00136b3d4ec95655b3a620d81d2597de780f9ba1..4946cfa64ab380185c2e3bcc57aa61a22f8a5de0 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -863,7 +863,6 @@ struct ssl_ctx_st {
 
 #  ifndef OPENSSL_NO_NEXTPROTONEG
     /* Next protocol negotiation information */
 
 #  ifndef OPENSSL_NO_NEXTPROTONEG
     /* Next protocol negotiation information */

-    /* (for experimental NPN extension). */

 
     /*
      * For a server, this contains a callback function by which the set of
 
     /*
      * For a server, this contains a callback function by which the set of

diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 085db5f4c5ad4bf964d0ac54705f6789373b1b34..41aa0ecab6e64c3cf02b45e9ed6e580bd11aebd0 100755 (executable)
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -1480,18 +1480,6 @@ sub read_options
                if (exists $valid_options{$t})
                        {return 1;}
                return 0;
                if (exists $valid_options{$t})
                        {return 1;}
                return 0;

-               }
-       # experimental-xxx is mostly like enable-xxx, but opensslconf.v
-       # will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx.
-       # (No need to fail if we don't know the algorithm -- this is for adventurous users only.)
-       elsif (/^experimental-/)
-               {
-               my $algo, $ALGO;
-               ($algo = $_) =~ s/^experimental-//;
-               ($ALGO = $algo) =~ tr/[a-z]/[A-Z]/;
-
-               $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags";
-               

                }
        elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
        elsif (/^-[lL].*$/)     { $l_flags.="$_ "; }
                }
        elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
        elsif (/^-[lL].*$/)     { $l_flags.="$_ "; }