Update from stable-branch.

79bd20fd · Dr. Stephen Henson · d0c36288 · 79bd20fd · 79bd20fd · 79bd20fd
11 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -734,12 +734,6 @@
 	 obligation to set up the dynamic locking callbacks.)
 	 [Sander Temme <sander@temme.net>]

-  *) Update Configure code and WIN32 build scripts to support experimental
-     code. This is surrounded by OPENSSL_EXPERIMENTAL_FOO and not compiled
-     in by default. Using the configuration option "enable-experimental-foo"
-     enables it. Use this option for JPAKE.
-     [Steve Henson]
-
  *) Use correct exit code if there is an error in dgst command.
     [Steve Henson; problem pointed out by Roland Dirlewanger]


--- a/Configure
+++ b/Configure
@@ -611,7 +611,6 @@ my $no_threads=0;
 my $threads=0;
 my $no_shared=0; # but "no-shared" is default
 my $zlib=1;      # but "no-zlib" is default
-my $jpake=1;      # but "no-jpake" is default
 my $no_krb5=0;   # but "no-krb5" is implied unless "--with-krb5-..." is used
 my $no_rfc3779=1; # but "no-rfc3779" is default
 my $no_asm=0;
@@ -648,7 +647,6 @@ my $perl;

 my %disabled = ( # "what"         => "comment"
 		 "gmp"		  => "default",
-                 #"experimental-jpake"          => "default",
                 "mdc2"           => "default",
                 "rc5"            => "default",
 		 "rfc3779"	  => "default",
@@ -929,8 +927,6 @@ foreach (sort (keys %disabled))
 		{ $no_threads = 1; }
 	elsif (/^shared$/)
 		{ $no_shared = 1; }
-	elsif (/^experimental-jpake$/)
-		{ $jpake = 0; push @skip, "jpake"}
 	elsif (/^zlib$/)
 		{ $zlib = 0; }
 	elsif (/^static-engine$/)
@@ -1172,11 +1168,6 @@ if ($threads)
 	$openssl_thread_defines .= $thread_defines;
 	}

-if ($jpake)
-	{
-	$openssl_other_defines .= "#define OPENSSL_EXPERIMENTAL_JPAKE\n";
-	}
-
 if ($zlib)
 	{
 	$cflags = "-DZLIB $cflags";

--- a/apps/apps.c
+++ b/apps/apps.c
@@ -137,7 +137,7 @@
 #include <openssl/rsa.h>
 #endif
 #include <openssl/bn.h>
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
 #include <openssl/jpake.h>
 #endif

@@ -2381,7 +2381,7 @@ void policies_print(BIO *out, X509_STORE_CTX *ctx)
 		BIO_free(out);
 	}

-#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK)
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)

 static JPAKE_CTX *jpake_init(const char *us, const char *them,
 							 const char *secret)

--- a/apps/apps.h
+++ b/apps/apps.h
@@ -308,8 +308,10 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
 int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
 int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
 			const char *algname, ENGINE *e, int do_param);
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_PSK
 extern char *psk_key;
+#endif
+#ifndef OPENSSL_NO_JPAKE
 void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
 void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
 #endif

--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -312,7 +312,7 @@ static void sc_usage(void)
 #ifndef OPENSSL_NO_PSK
 	BIO_printf(bio_err," -psk_identity arg - PSK identity\n");
 	BIO_printf(bio_err," -psk arg      - PSK in hex (without 0x)\n");
-# ifdef OPENSSL_EXPERIMENTAL_JPAKE
+# ifndef OPENSSL_NO_JPAKE
 	BIO_printf(bio_err," -jpake arg    - JPAKE secret to use\n");
 # endif
 #endif
@@ -432,7 +432,7 @@ int MAIN(int argc, char **argv)
 	int peerlen = sizeof(peer);
 	int enable_timeouts = 0 ;
 	long socket_mtu = 0;
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
 	char *jpake_secret = NULL;
 #endif

@@ -704,7 +704,7 @@ int MAIN(int argc, char **argv)
 			/* meth=TLSv1_client_method(); */
 			}
 #endif
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
 		else if (strcmp(*argv,"-jpake") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -727,7 +727,7 @@ bad:
 		goto end;
 		}

-#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK)
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
 	if (jpake_secret)
 		{
 		if (psk_key)
@@ -845,7 +845,11 @@ bad:
 #endif

 #ifndef OPENSSL_NO_PSK
+#ifdef OPENSSL_NO_JPAKE
+	if (psk_key != NULL)
+#else
 	if (psk_key != NULL || jpake_secret)
+#endif
 		{
 		if (c_debug)
 			BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
@@ -1049,7 +1053,7 @@ SSL_set_tlsext_status_ids(con, ids);
 #endif
 		}
 #endif
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
 	if (jpake_secret)
 		jpake_client_auth(bio_c_out, sbio, jpake_secret);
 #endif

--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -450,7 +450,7 @@ static void sv_usage(void)
 #ifndef OPENSSL_NO_PSK
 	BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n");
 	BIO_printf(bio_err," -psk arg      - PSK in hex (without 0x)\n");
-# ifdef OPENSSL_EXPERIMENTAL_JPAKE
+# ifndef OPENSSL_NO_JPAKE
 	BIO_printf(bio_err," -jpake arg    - JPAKE secret to use\n");
 # endif
 #endif
@@ -827,7 +827,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));

 int MAIN(int, char **);

-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
 static char *jpake_secret = NULL;
 #endif

@@ -1189,7 +1189,7 @@ int MAIN(int argc, char *argv[])
 			}
 			
 #endif
-#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK)
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
 		else if (strcmp(*argv,"-jpake") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -1212,7 +1212,7 @@ bad:
 		goto end;
 		}

-#if defined(OPENSSL_EXPERIMENTAL_JPAKE) && !defined(OPENSSL_NO_PSK)
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
 	if (jpake_secret)
 		{
 		if (psk_key)
@@ -1616,7 +1616,11 @@ bad:
 #endif

 #ifndef OPENSSL_NO_PSK
+#ifdef OPENSSL_NO_JPAKE
+	if (psk_key != NULL)
+#else
 	if (psk_key != NULL || jpake_secret)
+#endif
 		{
 		if (s_debug)
 			BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n");
@@ -1843,7 +1847,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 		test=BIO_new(BIO_f_nbio_test());
 		sbio=BIO_push(test,sbio);
 		}
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
 	if(jpake_secret)
 		jpake_server_auth(bio_s_out, sbio, jpake_secret);
 #endif

--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -99,7 +99,7 @@
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
 #endif
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
 #include <openssl/jpake.h>
 #endif

@@ -151,7 +151,7 @@ void ERR_load_crypto_strings(void)
 #ifndef OPENSSL_NO_CMS
 	ERR_load_CMS_strings();
 #endif
-#ifdef OPENSSL_EXPERIMENTAL_JPAKE
+#ifndef OPENSSL_NO_JPAKE
 	ERR_load_JPAKE_strings();
 #endif
 #endif

--- a/crypto/jpake/jpake.h
+++ b/crypto/jpake/jpake.h
@@ -10,6 +10,10 @@

 #include <openssl/opensslconf.h>

+#ifdef OPENSSL_NO_JPAKE
+#error JPAKE is disabled.
+#endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif

--- a/crypto/jpake/jpaketest.c
+++ b/crypto/jpake/jpaketest.c
-#ifndef OPENSSL_EXPERIMENTAL_JPAKE
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_JPAKE

 #include <stdio.h>


--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -266,7 +266,7 @@ $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
 $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
 $cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
 $cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
-$cflags.=" -DOPENSSL_EXPERIMENTAL_JPAKE"    if $jpake;
+$cflags.=" -DOPENSSL_NO_JPAKE"    if $no_jpake;
 $cflags.= " -DZLIB" if $zlib_opt;
 $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;

@@ -706,7 +706,7 @@ sub var_add
 	return("") if $no_dh   && $dir =~ /\/dh/;
 	return("") if $no_ec   && $dir =~ /\/ec/;
 	return("") if $no_cms  && $dir =~ /\/cms/;
-	return("") if !$jpake  && $dir =~ /\/jpake/;
+	return("") if $no_jpake  && $dir =~ /\/jpake/;
 	if ($no_des && $dir =~ /\/des/)
 		{
 		if ($val =~ /read_pwd/)
@@ -1037,6 +1037,7 @@ sub read_options
 		"no-ssl3" => \$no_ssl3,
 		"no-tlsext" => \$no_tlsext,
 		"no-cms" => \$no_cms,
+		"no-jpake" => \$no_jpake,
 		"no-err" => \$no_err,
 		"no-sock" => \$no_sock,
 		"no-krb5" => \$no_krb5,
@@ -1063,8 +1064,6 @@ sub read_options
 		"no-shared" => 0,
 		"no-zlib" => 0,
 		"no-zlib-dynamic" => 0,
-		"no-experimental-jpake" => 0,
-		"enable-experimental-jpake" => \$jpake,
 		);

 	if (exists $valid_options{$_})

--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -79,8 +79,7 @@ my $OS2=0;
 my $safe_stack_def = 0;

 my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
-			"EXPORT_VAR_AS_FUNCTION", "ZLIB",
-			"OPENSSL_EXPERIMENTAL_JPAKE" );
+			"EXPORT_VAR_AS_FUNCTION", "ZLIB" );
 my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
 my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
 			 "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
@@ -104,6 +103,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
 			 "CMS",
 			 # CryptoAPI Engine
 			 "CAPIENG",
+			 # JPAKE
+			 "JPAKE",
 			 # Deprecated functions
 			 "DEPRECATED" );

@@ -124,6 +125,7 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
 my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
+my $no_jpake;

 my $zlib;

@@ -152,10 +154,6 @@ foreach (@ARGV, split(/ /, $options))
 		$zlib = 1;
 	}

-	if ($_ eq "enable-experimental-jpake") {
- 		$jpake = 1;
-	}
-
 	$do_ssl=1 if $_ eq "ssleay";
 	if ($_ eq "ssl") {
 		$do_ssl=1; 
@@ -216,6 +214,7 @@ foreach (@ARGV, split(/ /, $options))
 	elsif (/^no-tlsext$/)	{ $no_tlsext=1; }
 	elsif (/^no-cms$/)	{ $no_cms=1; }
 	elsif (/^no-capieng$/)	{ $no_capieng=1; }
+	elsif (/^no-jpake$/)	{ $no_jpake=1; }
 	}


@@ -556,10 +555,6 @@ sub do_defs
 						$tag{$tag[$tag_i]}=2;
 						print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug;
 					}
-					if ($tag[$tag_i] eq "OPENSSL_EXPERIMENTAL_".$1) {
-						$tag{$tag[$tag_i]}=-2;
-						print STDERR "DEBUG: $file: chaged tag $1 = -2\n" if $debug;
-					}
 					$tag_i--;
 				}
 			} elsif (/^\#\s*endif/) {
@@ -569,8 +564,6 @@ sub do_defs
 					print STDERR "DEBUG: \$t=\"$t\"\n" if $debug;
 					if ($tag{$t}==2) {
 						$tag{$t}=-1;
-					} elsif ($tag{$t}==-2) {
-						$tag{$t}=1;
 					} else {
 						$tag{$t}=0;
 					}
@@ -1107,11 +1100,6 @@ sub is_valid
 				return 1;
 			}
 			if ($keyword eq "ZLIB" && $zlib) { return 1; }
-			if ($keyword eq "OPENSSL_EXPERIMENTAL_JPAKE" && $jpake) {
-
-
-				return 1;
-			}
 			return 0;
 		} else {
 			# algorithms
@@ -1158,6 +1146,7 @@ sub is_valid
 			if ($keyword eq "PSK" && $no_psk) { return 0; }
 			if ($keyword eq "CMS" && $no_cms) { return 0; }
 			if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
+			if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
 			if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }

 			# Nothing recognise as true