diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2008-11-24 16:14:15 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2008-11-24 16:14:15 +0000 |
commit | 5a02ac6e5b31ab588b2d80fde4843a87cec25198 (patch) | |
tree | 546f1cb3681bf57c5e559633d3caaec2d8dd86c7 | |
parent | 14d4074ee1d328e6dd70ad010f6a0ae50887794d (diff) |
Revert OPENSSL_EXPERIMENTAL patch.
Change it so JPAKE uses the standard OPENSSL_NO_JPAKE instead.
-rw-r--r-- | CHANGES | 6 | ||||
-rwxr-xr-x | Configure | 13 | ||||
-rw-r--r-- | apps/apps.c | 4 | ||||
-rw-r--r-- | apps/apps.h | 2 | ||||
-rw-r--r-- | apps/s_client.c | 6 | ||||
-rw-r--r-- | apps/s_server.c | 6 | ||||
-rw-r--r-- | crypto/err/err_all.c | 4 | ||||
-rw-r--r-- | crypto/jpake/jpake.h | 4 | ||||
-rw-r--r-- | crypto/jpake/jpaketest.c | 2 | ||||
-rwxr-xr-x | util/libeay.num | 40 | ||||
-rwxr-xr-x | util/mk1mf.pl | 7 | ||||
-rwxr-xr-x | util/mkdef.pl | 22 |
12 files changed, 45 insertions, 71 deletions
@@ -9,12 +9,6 @@ obligation to set up the dynamic locking callbacks.) [Sander Temme <sander@temme.net>] - *) Update Configure code and WIN32 build scripts to support experimental - code. This is surrounded by OPENSSL_EXPERIMENTAL_FOO and not compiled - in by default. Using the configuration option "enable-experimental-foo" - enables it. Use this option for JPAKE. - [Steve Henson] - *) Use correct exit code if there is an error in dgst command. [Steve Henson; problem pointed out by Roland Dirlewanger] @@ -588,7 +588,6 @@ my $no_threads=0; my $threads=0; my $no_shared=0; # but "no-shared" is default my $zlib=1; # but "no-zlib" is default -my $jpake=1; # but "no-jpake" is default my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used my $no_rfc3779=1; # but "no-rfc3779" is default my $montasm=1; # but "no-montasm" is default @@ -629,7 +628,7 @@ my %disabled = ( # "what" => "comment" "camellia" => "default", "capieng" => "default", "cms" => "default", - "experimental-jpake" => "default", + "jpake" => "default", "gmp" => "default", "mdc2" => "default", "montasm" => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9) @@ -647,8 +646,7 @@ my %disabled = ( # "what" => "comment" # For symmetry, "disable-..." is a synonym for "no-...". # This is what $depflags will look like with the above default: -my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT "; - +my $default_depflags = " -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT "; my $no_sse2=0; @@ -977,8 +975,6 @@ foreach (sort (keys %disabled)) { $no_threads = 1; } elsif (/^shared$/) { $no_shared = 1; } - elsif (/^experimental-jpake$/) - { $jpake = 0; push @skip, "jpake"} elsif (/^zlib$/) { $zlib = 0; } elsif (/^montasm$/) @@ -1216,11 +1212,6 @@ if ($threads) $openssl_thread_defines .= $thread_defines; } -if ($jpake) - { - $openssl_other_defines .= "#define OPENSSL_EXPERIMENTAL_JPAKE\n"; - } - if ($zlib) { $cflags = "-DZLIB $cflags"; diff --git a/apps/apps.c b/apps/apps.c index a88674342b..5a5d1d3c45 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -130,7 +130,7 @@ #include <openssl/rsa.h> #endif #include <openssl/bn.h> -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE #include <openssl/jpake.h> #endif @@ -2338,7 +2338,7 @@ void policies_print(BIO *out, X509_STORE_CTX *ctx) BIO_free(out); } -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE static JPAKE_CTX *jpake_init(const char *us, const char *them, const char *secret) diff --git a/apps/apps.h b/apps/apps.h index 33947612a9..88579094b1 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -338,7 +338,7 @@ X509_NAME *parse_name(char *str, long chtype, int multirdn); int args_verify(char ***pargs, int *pargc, int *badarg, BIO *err, X509_VERIFY_PARAM **pm); void policies_print(BIO *out, X509_STORE_CTX *ctx); -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE void jpake_client_auth(BIO *out, BIO *conn, const char *secret); void jpake_server_auth(BIO *out, BIO *conn, const char *secret); #endif diff --git a/apps/s_client.c b/apps/s_client.c index 9686b0a190..dc1308b288 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -338,7 +338,7 @@ int MAIN(int argc, char **argv) int peerlen = sizeof(peer); int enable_timeouts = 0 ; long mtu = 0; -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE char *jpake_secret = NULL; #endif @@ -585,7 +585,7 @@ int MAIN(int argc, char **argv) /* meth=TLSv1_client_method(); */ } #endif -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE else if (strcmp(*argv,"-jpake") == 0) { if (--argc < 1) goto bad; @@ -897,7 +897,7 @@ SSL_set_tlsext_status_ids(con, ids); #endif } #endif -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE if (jpake_secret) jpake_client_auth(bio_c_out, sbio, jpake_secret); #endif diff --git a/apps/s_server.c b/apps/s_server.c index 870f464f1b..fcf9e402e5 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -742,7 +742,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); #endif int MAIN(int, char **); -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE static char *jpake_secret = NULL; #endif @@ -1076,7 +1076,7 @@ int MAIN(int argc, char *argv[]) } #endif -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE else if (strcmp(*argv,"-jpake") == 0) { if (--argc < 1) goto bad; @@ -1684,7 +1684,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) test=BIO_new(BIO_f_nbio_test()); sbio=BIO_push(test,sbio); } -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE if(jpake_secret) jpake_server_auth(bio_s_out, sbio, jpake_secret); #endif diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 1e71719f1d..f21a5276ed 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -101,7 +101,7 @@ #ifndef OPENSSL_NO_CMS #include <openssl/cms.h> #endif -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE #include <openssl/jpake.h> #endif @@ -154,7 +154,7 @@ void ERR_load_crypto_strings(void) #ifndef OPENSSL_NO_CMS ERR_load_CMS_strings(); #endif -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE ERR_load_JPAKE_strings(); #endif #endif diff --git a/crypto/jpake/jpake.h b/crypto/jpake/jpake.h index 0457a5c9a6..693ea188cb 100644 --- a/crypto/jpake/jpake.h +++ b/crypto/jpake/jpake.h @@ -10,8 +10,8 @@ #include <openssl/opensslconf.h> -#ifndef OPENSSL_EXPERIMENTAL_JPAKE -#error JPAKE is disabled +#ifdef OPENSSL_NO_JPAKE +#error JPAKE is disabled. #endif #ifdef __cplusplus diff --git a/crypto/jpake/jpaketest.c b/crypto/jpake/jpaketest.c index 5f26b12289..8d2367a7bf 100644 --- a/crypto/jpake/jpaketest.c +++ b/crypto/jpake/jpaketest.c @@ -1,6 +1,6 @@ #include <openssl/err.h> -#ifndef OPENSSL_EXPERIMENTAL_JPAKE +#ifdef OPENSSL_NO_JPAKE int main(int argc, char *argv[]) { printf("No J-PAKE support\n"); diff --git a/util/libeay.num b/util/libeay.num index d6cf383972..7ca5da160d 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3702,23 +3702,23 @@ CRYPTO_dbg_remove_all_info 4090 EXIST::FUNCTION: OPENSSL_init 4091 EXIST::FUNCTION: private_Camellia_set_key 4092 EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA CRYPTO_strdup 4093 EXIST::FUNCTION: -JPAKE_STEP3A_process 4094 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_STEP1_release 4095 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_get_shared_key 4096 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_STEP3B_init 4097 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_STEP1_generate 4098 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_STEP1_init 4099 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_STEP3B_process 4100 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_STEP2_generate 4101 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_CTX_new 4102 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_CTX_free 4103 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_STEP3B_release 4104 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_STEP3A_release 4105 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_STEP2_process 4106 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_STEP3B_generate 4107 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_STEP1_process 4108 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_STEP3A_generate 4109 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_STEP2_release 4110 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_STEP3A_init 4111 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -ERR_load_JPAKE_strings 4112 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: -JPAKE_STEP2_init 4113 EXIST:OPENSSL_EXPERIMENTAL_JPAKE:FUNCTION: +JPAKE_STEP3A_process 4094 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_release 4095 EXIST::FUNCTION:JPAKE +JPAKE_get_shared_key 4096 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_init 4097 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_generate 4098 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_init 4099 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_process 4100 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_generate 4101 EXIST::FUNCTION:JPAKE +JPAKE_CTX_new 4102 EXIST::FUNCTION:JPAKE +JPAKE_CTX_free 4103 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_release 4104 EXIST::FUNCTION:JPAKE +JPAKE_STEP3A_release 4105 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_process 4106 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_generate 4107 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_process 4108 EXIST::FUNCTION:JPAKE +JPAKE_STEP3A_generate 4109 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_release 4110 EXIST::FUNCTION:JPAKE +JPAKE_STEP3A_init 4111 EXIST::FUNCTION:JPAKE +ERR_load_JPAKE_strings 4112 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_init 4113 EXIST::FUNCTION:JPAKE diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 632e617097..10b4c9bcb8 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -233,6 +233,7 @@ $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; +$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; $cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; @@ -242,7 +243,6 @@ $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; $cflags.=" -DOPENSSL_NO_HW" if $no_hw; $cflags.=" -DOPENSSL_FIPS" if $fips; -$cflags.=" -DOPENSSL_EXPERIMENTAL_JPAKE" if $jpake; $cflags.= " -DZLIB" if $zlib_opt; $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; @@ -1021,8 +1021,8 @@ sub var_add return("") if $no_dh && $dir =~ /\/dh/; return("") if $no_ec && $dir =~ /\/ec/; return("") if $no_cms && $dir =~ /\/cms/; + return("") if $no_jpake && $dir =~ /\/jpake/; return("") if !$fips && $dir =~ /^fips/; - return("") if !$jpake && $dir =~ /\/jpake/; if ($no_des && $dir =~ /\/des/) { if ($val =~ /read_pwd/) @@ -1290,6 +1290,7 @@ sub read_options "no-ssl3" => \$no_ssl3, "no-tlsext" => \$no_tlsext, "no-cms" => \$no_cms, + "no-jpake" => \$no_jpake, "no-capieng" => \$no_capieng, "no-err" => \$no_err, "no-sock" => \$no_sock, @@ -1320,8 +1321,6 @@ sub read_options "fips" => \$fips, "fipscanisterbuild" => [\$fips, \$fipscanisterbuild], "fipsdso" => [\$fips, \$fipscanisterbuild, \$fipsdso], - "no-experimental-jpake" => 0, - "enable-experimental-jpake" => \$jpake, ); if (exists $valid_options{$_}) diff --git a/util/mkdef.pl b/util/mkdef.pl index fca62e4b3e..5ae9ebb619 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -79,8 +79,7 @@ my $OS2=0; my $safe_stack_def = 0; my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT", - "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS", - "OPENSSL_EXPERIMENTAL_JPAKE" ); + "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS"); my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", @@ -103,6 +102,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CMS", # CryptoAPI Engine "CAPIENG", + # JPAKE + "JPAKE", # Deprecated functions "DEPRECATED" ); @@ -123,7 +124,7 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia; my $no_seed; my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated; -my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; +my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; my $fips; @@ -153,10 +154,6 @@ foreach (@ARGV, split(/ /, $options)) $zlib = 1; } - if ($_ eq "enable-experimental-jpake") { - $jpake = 1; - } - $do_ssl=1 if $_ eq "ssleay"; if ($_ eq "ssl") { $do_ssl=1; @@ -216,6 +213,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-tlsext$/) { $no_tlsext=1; } elsif (/^no-cms$/) { $no_cms=1; } elsif (/^no-capieng$/) { $no_capieng=1; } + elsif (/^no-jpake$/) { $no_jpake=1; } } @@ -556,10 +554,6 @@ sub do_defs $tag{$tag[$tag_i]}=2; print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug; } - if ($tag[$tag_i] eq "OPENSSL_EXPERIMENTAL_".$1) { - $tag{$tag[$tag_i]}=-2; - print STDERR "DEBUG: $file: chaged tag $1 = -2\n" if $debug; - } $tag_i--; } } elsif (/^\#\s*endif/) { @@ -569,8 +563,6 @@ sub do_defs print STDERR "DEBUG: \$t=\"$t\"\n" if $debug; if ($tag{$t}==2) { $tag{$t}=-1; - } elsif ($tag{$t}==-2) { - $tag{$t}=1; } else { $tag{$t}=0; } @@ -1109,9 +1101,6 @@ sub is_valid return 1; } if ($keyword eq "ZLIB" && $zlib) { return 1; } - if ($keyword eq "OPENSSL_EXPERIMENTAL_JPAKE" && $jpake) { - return 1; - } return 0; } else { # algorithms @@ -1156,6 +1145,7 @@ sub is_valid if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; } if ($keyword eq "CAPIENG" && $no_capieng) { return 0; } + if ($keyword eq "JPAKE" && $no_jpake) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } # Nothing recognise as true |