diff --git a/CHANGES b/CHANGES index e255b7cde..034b46d08 100644 --- a/CHANGES +++ b/CHANGES @@ -734,12 +734,6 @@ obligation to set up the dynamic locking callbacks.) [Sander Temme ] - *) Update Configure code and WIN32 build scripts to support experimental - code. This is surrounded by OPENSSL_EXPERIMENTAL_FOO and not compiled - in by default. Using the configuration option "enable-experimental-foo" - enables it. Use this option for JPAKE. - [Steve Henson] - *) Use correct exit code if there is an error in dgst command. [Steve Henson; problem pointed out by Roland Dirlewanger] diff --git a/Configure b/Configure index dbdd8d194..9ac8d0f2c 100755 --- a/Configure +++ b/Configure @@ -611,7 +611,6 @@ my $no_threads=0; my $threads=0; my $no_shared=0; # but "no-shared" is default my $zlib=1; # but "no-zlib" is default -my $jpake=1; # but "no-jpake" is default my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used my $no_rfc3779=1; # but "no-rfc3779" is default my $no_asm=0; @@ -648,7 +647,6 @@ my $perl; my %disabled = ( # "what" => "comment" "gmp" => "default", - #"experimental-jpake" => "default", "mdc2" => "default", "rc5" => "default", "rfc3779" => "default", @@ -929,8 +927,6 @@ foreach (sort (keys %disabled)) { $no_threads = 1; } elsif (/^shared$/) { $no_shared = 1; } - elsif (/^experimental-jpake$/) - { $jpake = 0; push @skip, "jpake"} elsif (/^zlib$/) { $zlib = 0; } elsif (/^static-engine$/) @@ -1172,11 +1168,6 @@ if ($threads) $openssl_thread_defines .= $thread_defines; } -if ($jpake) - { - $openssl_other_defines .= "#define OPENSSL_EXPERIMENTAL_JPAKE\n"; - } - if ($zlib) { $cflags = "-DZLIB $cflags"; diff --git a/apps/apps.c b/apps/apps.c index 6a65f9443..56e87ecd3 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -137,7 +137,7 @@ #include #endif #include -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE #include #endif @@ -2381,7 +2381,7 @@ void policies_print(BIO *out, X509_STORE_CTX *ctx) BIO_free(out); } -#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK) +#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) static JPAKE_CTX *jpake_init(const char *us, const char *them, const char *secret) diff --git a/apps/apps.h b/apps/apps.h index 62a865962..4b0a0e166 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -308,8 +308,10 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in); int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value); int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, const char *algname, ENGINE *e, int do_param); -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_PSK extern char *psk_key; +#endif +#ifndef OPENSSL_NO_JPAKE void jpake_client_auth(BIO *out, BIO *conn, const char *secret); void jpake_server_auth(BIO *out, BIO *conn, const char *secret); #endif diff --git a/apps/s_client.c b/apps/s_client.c index 05ebff1f6..f0783bcd5 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -312,7 +312,7 @@ static void sc_usage(void) #ifndef OPENSSL_NO_PSK BIO_printf(bio_err," -psk_identity arg - PSK identity\n"); BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n"); -# ifdef OPENSSL_EXPERIMENTAL_JPAKE +# ifndef OPENSSL_NO_JPAKE BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); # endif #endif @@ -432,7 +432,7 @@ int MAIN(int argc, char **argv) int peerlen = sizeof(peer); int enable_timeouts = 0 ; long socket_mtu = 0; -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE char *jpake_secret = NULL; #endif @@ -704,7 +704,7 @@ int MAIN(int argc, char **argv) /* meth=TLSv1_client_method(); */ } #endif -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE else if (strcmp(*argv,"-jpake") == 0) { if (--argc < 1) goto bad; @@ -727,7 +727,7 @@ bad: goto end; } -#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK) +#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) if (jpake_secret) { if (psk_key) @@ -845,7 +845,11 @@ bad: #endif #ifndef OPENSSL_NO_PSK +#ifdef OPENSSL_NO_JPAKE + if (psk_key != NULL) +#else if (psk_key != NULL || jpake_secret) +#endif { if (c_debug) BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n"); @@ -1049,7 +1053,7 @@ SSL_set_tlsext_status_ids(con, ids); #endif } #endif -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE if (jpake_secret) jpake_client_auth(bio_c_out, sbio, jpake_secret); #endif diff --git a/apps/s_server.c b/apps/s_server.c index 277b2f04f..3b7fb0776 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -450,7 +450,7 @@ static void sv_usage(void) #ifndef OPENSSL_NO_PSK BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n"); BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n"); -# ifdef OPENSSL_EXPERIMENTAL_JPAKE +# ifndef OPENSSL_NO_JPAKE BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); # endif #endif @@ -827,7 +827,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); int MAIN(int, char **); -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE static char *jpake_secret = NULL; #endif @@ -1189,7 +1189,7 @@ int MAIN(int argc, char *argv[]) } #endif -#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK) +#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) else if (strcmp(*argv,"-jpake") == 0) { if (--argc < 1) goto bad; @@ -1212,7 +1212,7 @@ bad: goto end; } -#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK) +#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) if (jpake_secret) { if (psk_key) @@ -1616,7 +1616,11 @@ bad: #endif #ifndef OPENSSL_NO_PSK +#ifdef OPENSSL_NO_JPAKE + if (psk_key != NULL) +#else if (psk_key != NULL || jpake_secret) +#endif { if (s_debug) BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n"); @@ -1843,7 +1847,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) test=BIO_new(BIO_f_nbio_test()); sbio=BIO_push(test,sbio); } -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE if(jpake_secret) jpake_server_auth(bio_s_out, sbio, jpake_secret); #endif diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 06e137e28..8cc9b806e 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -99,7 +99,7 @@ #ifndef OPENSSL_NO_CMS #include #endif -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE #include #endif @@ -151,7 +151,7 @@ void ERR_load_crypto_strings(void) #ifndef OPENSSL_NO_CMS ERR_load_CMS_strings(); #endif -#ifdef OPENSSL_EXPERIMENTAL_JPAKE +#ifndef OPENSSL_NO_JPAKE ERR_load_JPAKE_strings(); #endif #endif diff --git a/crypto/jpake/jpake.h b/crypto/jpake/jpake.h index 8beb9a5b3..693ea188c 100644 --- a/crypto/jpake/jpake.h +++ b/crypto/jpake/jpake.h @@ -10,6 +10,10 @@ #include +#ifdef OPENSSL_NO_JPAKE +#error JPAKE is disabled. +#endif + #ifdef __cplusplus extern "C" { #endif diff --git a/crypto/jpake/jpaketest.c b/crypto/jpake/jpaketest.c index 6bf7ee46d..008756fc9 100644 --- a/crypto/jpake/jpaketest.c +++ b/crypto/jpake/jpaketest.c @@ -1,4 +1,6 @@ -#ifndef OPENSSL_EXPERIMENTAL_JPAKE + +#include +#ifdef OPENSSL_NO_JPAKE #include diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 0751413c0..22ef39627 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -266,7 +266,7 @@ $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; $cflags.=" -DOPENSSL_NO_HW" if $no_hw; -$cflags.=" -DOPENSSL_EXPERIMENTAL_JPAKE" if $jpake; +$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; $cflags.= " -DZLIB" if $zlib_opt; $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; @@ -706,7 +706,7 @@ sub var_add return("") if $no_dh && $dir =~ /\/dh/; return("") if $no_ec && $dir =~ /\/ec/; return("") if $no_cms && $dir =~ /\/cms/; - return("") if !$jpake && $dir =~ /\/jpake/; + return("") if $no_jpake && $dir =~ /\/jpake/; if ($no_des && $dir =~ /\/des/) { if ($val =~ /read_pwd/) @@ -1037,6 +1037,7 @@ sub read_options "no-ssl3" => \$no_ssl3, "no-tlsext" => \$no_tlsext, "no-cms" => \$no_cms, + "no-jpake" => \$no_jpake, "no-err" => \$no_err, "no-sock" => \$no_sock, "no-krb5" => \$no_krb5, @@ -1063,8 +1064,6 @@ sub read_options "no-shared" => 0, "no-zlib" => 0, "no-zlib-dynamic" => 0, - "no-experimental-jpake" => 0, - "enable-experimental-jpake" => \$jpake, ); if (exists $valid_options{$_}) diff --git a/util/mkdef.pl b/util/mkdef.pl index 10098fb2f..1766e9956 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -79,8 +79,7 @@ my $OS2=0; my $safe_stack_def = 0; my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT", - "EXPORT_VAR_AS_FUNCTION", "ZLIB", - "OPENSSL_EXPERIMENTAL_JPAKE" ); + "EXPORT_VAR_AS_FUNCTION", "ZLIB" ); my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", @@ -104,6 +103,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CMS", # CryptoAPI Engine "CAPIENG", + # JPAKE + "JPAKE", # Deprecated functions "DEPRECATED" ); @@ -124,6 +125,7 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; +my $no_jpake; my $zlib; @@ -152,10 +154,6 @@ foreach (@ARGV, split(/ /, $options)) $zlib = 1; } - if ($_ eq "enable-experimental-jpake") { - $jpake = 1; - } - $do_ssl=1 if $_ eq "ssleay"; if ($_ eq "ssl") { $do_ssl=1; @@ -216,6 +214,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-tlsext$/) { $no_tlsext=1; } elsif (/^no-cms$/) { $no_cms=1; } elsif (/^no-capieng$/) { $no_capieng=1; } + elsif (/^no-jpake$/) { $no_jpake=1; } } @@ -556,10 +555,6 @@ sub do_defs $tag{$tag[$tag_i]}=2; print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug; } - if ($tag[$tag_i] eq "OPENSSL_EXPERIMENTAL_".$1) { - $tag{$tag[$tag_i]}=-2; - print STDERR "DEBUG: $file: chaged tag $1 = -2\n" if $debug; - } $tag_i--; } } elsif (/^\#\s*endif/) { @@ -569,8 +564,6 @@ sub do_defs print STDERR "DEBUG: \$t=\"$t\"\n" if $debug; if ($tag{$t}==2) { $tag{$t}=-1; - } elsif ($tag{$t}==-2) { - $tag{$t}=1; } else { $tag{$t}=0; } @@ -1107,11 +1100,6 @@ sub is_valid return 1; } if ($keyword eq "ZLIB" && $zlib) { return 1; } - if ($keyword eq "OPENSSL_EXPERIMENTAL_JPAKE" && $jpake) { - - - return 1; - } return 0; } else { # algorithms @@ -1158,6 +1146,7 @@ sub is_valid if ($keyword eq "PSK" && $no_psk) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; } if ($keyword eq "CAPIENG" && $no_capieng) { return 0; } + if ($keyword eq "JPAKE" && $no_jpake) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } # Nothing recognise as true