diff options
author | Richard Levitte <levitte@openssl.org> | 2018-11-30 00:05:03 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2018-12-06 12:24:48 +0100 |
commit | fcd2d5a6121ad3e5e65edc714ad99fc36f609f81 (patch) | |
tree | 72b6d74bedbd698bdcd857dda81347c923dd2eb7 | |
parent | util/find-doc-nits: allow #undef (diff) | |
download | openssl-fcd2d5a6121ad3e5e65edc714ad99fc36f609f81.tar.xz openssl-fcd2d5a6121ad3e5e65edc714ad99fc36f609f81.zip |
Refactor the computation of API version limits
Previously, the API version limit was indicated with a numeric version
number. This was "natural" in the pre-3.0.0 because the version was
this simple number.
With 3.0.0, the version is divided into three separate numbers, and
it's only the major number that counts, but we still need to be able
to support pre-3.0.0 version limits.
Therefore, we allow OPENSSL_API_COMPAT to be defined with a pre-3.0.0
style numeric version number or with a simple major number, i.e. can
be defined like this for any application:
-D OPENSSL_API_COMPAT=0x10100000L
-D OPENSSL_API_COMPAT=3
Since the pre-3.0.0 numerical version numbers are high, it's easy to
distinguish between a simple major number and a pre-3.0.0 numerical
version number and to thereby support both forms at the same time.
Internally, we define the following macros depending on the value of
OPENSSL_API_COMPAT:
OPENSSL_API_0_9_8
OPENSSL_API_1_0_0
OPENSSL_API_1_1_0
OPENSSL_API_3
They indicate that functions marked for deprecation in the
corresponding major release shall not be built if defined.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
64 files changed, 229 insertions, 152 deletions
@@ -9,6 +9,15 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Change the possible version information given with OPENSSL_API_COMPAT. + It may be a pre-3.0.0 style numerical version number as it was defined + in 1.1.0, and it may also simply take the major version number. + + Because of the version numbering of pre-3.0.0 releases, the values 0, + 1 and 2 are equivalent to 0x00908000L (0.9.8), 0x10000000L (1.0.0) and + 0x10100000L (1.1.0), respectively. + [Richard Levitte] + *) Switch to a new version scheme using three numbers MAJOR.MINOR.PATCH. o Major releases (indicated by incrementing the MAJOR release number) @@ -43,9 +43,9 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx # # --cross-compile-prefix Add specified prefix to binutils components. # -# --api One of 0.9.8, 1.0.0, 1.1.0 or 3.0.0 (or 3). Do not compile -# support for interfaces deprecated as of the specified OpenSSL -# version. +# --api One of 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, or 3.0.0 / 3. +# Do not compile support for interfaces deprecated as of the +# specified OpenSSL version. # # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support @@ -176,10 +176,13 @@ our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; # my $maxapi = "3.0.0"; # API for "no-deprecated" builds my $apitable = { - "3.0.0" => "0x30000000L", - "1.1.0" => "0x10100000L", - "1.0.0" => "0x10000000L", - "0.9.8" => "0x00908000L", + "3.0.0" => 3, + "1.1.1" => 2, + "1.1.0" => 2, + "1.0.2" => 1, + "1.0.1" => 1, + "1.0.0" => 1, + "0.9.8" => 0, }; our %table = (); @@ -1495,11 +1498,9 @@ $config{cflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x } $config{cxxflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x } @{$config{cxxflags}} ] if $config{CXX}; -if (defined($config{api})) { - $config{openssl_api_defines} = [ "OPENSSL_MIN_API=".$apitable->{$config{api}} ]; - my $apiflag = sprintf("OPENSSL_API_COMPAT=%s", $apitable->{$config{api}}); - push @{$config{defines}}, $apiflag; -} +$config{openssl_api_defines} = [ + "OPENSSL_MIN_API=".($apitable->{$config{api} // ""} // -1) +]; if ($strict_warnings) { diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h index 3e53c63237..1892a26dfe 100644 --- a/crypto/asn1/asn1_item_list.h +++ b/crypto/asn1/asn1_item_list.h @@ -78,7 +78,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(IPAddressRange), #endif ASN1_ITEM_ref(ISSUING_DIST_POINT), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(LONG), #endif ASN1_ITEM_ref(NAME_CONSTRAINTS), @@ -164,7 +164,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(X509_SIG), ASN1_ITEM_ref(X509_VAL), ASN1_ITEM_ref(X509), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(ZLONG), #endif ASN1_ITEM_ref(INT32), diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 88c4b53918..f2ba4bc3b5 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -383,7 +383,7 @@ const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) return x->data; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 unsigned char *ASN1_STRING_data(ASN1_STRING *x) { return x->data; diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index 537db1b381..1c622cfbe8 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include <openssl/asn1t.h> -#if !(OPENSSL_API_COMPAT < 0x30000000L) +#if OPENSSL_API_3 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index e7a24d02cb..df5154648d 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -24,7 +24,7 @@ static int wsa_init_done = 0; # endif -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 int BIO_get_host_ip(const char *str, unsigned char *ip) { BIO_ADDRINFO *res = NULL; @@ -103,7 +103,7 @@ int BIO_sock_error(int sock) return j; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 struct hostent *BIO_gethostbyname(const char *name) { /* @@ -196,7 +196,7 @@ int BIO_socket_ioctl(int fd, long type, void *arg) return i; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 int BIO_get_accept_socket(char *host, int bind_mode) { int s = INVALID_SOCKET; diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c index 7d89214b1c..8c30c2190e 100644 --- a/crypto/bn/bn_depr.c +++ b/crypto/bn/bn_depr.c @@ -13,7 +13,7 @@ */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 040c4cd9b3..b6893afdcc 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -15,7 +15,7 @@ #include "internal/constant_time_locl.h" /* This stuff appears to be completely unused, so is deprecated */ -#if OPENSSL_API_COMPAT < 0x00908000L +#if !OPENSSL_API_0_9_8 /*- * For a 32 bit machine * 2 - 4 == 128 diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 3d2e065e5b..2b3e23ee14 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -27,7 +27,7 @@ static int openssl_configured = 0; -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 void OPENSSL_config(const char *appname) { OPENSSL_INIT_SETTINGS settings; diff --git a/crypto/cversion.c b/crypto/cversion.c index 16cd241f25..b3fc30d078 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -11,7 +11,7 @@ #include "buildinf.h" -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 unsigned long OpenSSL_version_num(void) { return OPENSSL_VERSION_NUMBER; diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c index f8ed1b7461..f2ccde4551 100644 --- a/crypto/dh/dh_depr.c +++ b/crypto/dh/dh_depr.c @@ -10,7 +10,7 @@ /* This file contains deprecated functions as wrappers to the new ones */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index f51aea7497..f5526a6838 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -20,7 +20,7 @@ #define xxxHASH EVP_sha1() #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 2304cc9bee..034b2fce8c 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -16,7 +16,7 @@ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index e3d249a0ba..f111ffa51e 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -435,7 +435,7 @@ int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, return group->meth->group_get_curve(group, p, a, b, ctx); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { @@ -726,7 +726,7 @@ int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, return 1; } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) @@ -764,7 +764,7 @@ int EC_POINT_get_affine_coordinates(const EC_GROUP *group, return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx) diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c index f6295c92a7..12f476d231 100644 --- a/crypto/ec/ec_oct.c +++ b/crypto/ec/ec_oct.c @@ -49,7 +49,7 @@ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, y_bit, ctx); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, int y_bit, BN_CTX *ctx) diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c index c21e788078..1d260b5ee8 100644 --- a/crypto/ec/ecdh_kdf.c +++ b/crypto/ec/ecdh_kdf.c @@ -72,7 +72,7 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, * The old name for ecdh_KDF_X9_63 * Retained for ABI compatibility */ -#if OPENSSL_API_COMPAT < 0x10200000L +#if !OPENSSL_API_3 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, const unsigned char *sinfo, size_t sinfolen, diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index af306ccffc..ef82947288 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -18,7 +18,8 @@ void ENGINE_load_builtin_engines(void) OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); } -#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) && OPENSSL_API_COMPAT < 0x10100000L +#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) \ + && !OPENSSL_API_1_1_0 void ENGINE_setup_bsd_cryptodev(void) { } diff --git a/crypto/err/err.c b/crypto/err/err.c index 66a60e907c..da1b90df16 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -672,13 +672,13 @@ void err_delete_thread_state(void) ERR_STATE_free(state); } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 void ERR_remove_thread_state(void *dummy) { } #endif -#if OPENSSL_API_COMPAT < 0x10000000L +#if !OPENSSL_API_1_0_0 void ERR_remove_state(unsigned long pid) { } diff --git a/crypto/evp/e_old.c b/crypto/evp/e_old.c index 927908f871..ffce91671f 100644 --- a/crypto/evp/e_old.c +++ b/crypto/evp/e_old.c @@ -8,7 +8,7 @@ */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index e4031b44a5..eec54d5833 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -79,7 +79,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, return rv; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) { if (key && md) diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index a09c5b9313..ee28981fa5 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -12,7 +12,7 @@ #include <openssl/pkcs12.h> #include "p12_lcl.h" -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid) { return PKCS12_get_attr_gen(bag->attrib, attr_nid); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index d8639c4a03..d2f5be1a65 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -838,7 +838,7 @@ int RAND_bytes(unsigned char *buf, int num) return -1; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 int RAND_pseudo_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index d2039eb226..f8f371c6d5 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -156,7 +156,7 @@ int rand_pool_add_additional_data(RAND_POOL *pool) return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) { RAND_poll(); diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c index 21e0562525..4e9b709428 100644 --- a/crypto/rsa/rsa_depr.c +++ b/crypto/rsa/rsa_depr.c @@ -13,7 +13,7 @@ */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index bfe517b471..814f04263c 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -525,7 +525,7 @@ int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd) return 1; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * DEPRECATED: use SRP_VBASE_get1_by_user instead. * This method ignores the configured seed and fails for an unknown user. diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 7645ce3759..99f730faa0 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -91,7 +91,7 @@ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl) return crl->crl.nextUpdate; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl) { return crl->crl.lastUpdate; diff --git a/doc/man3/OPENSSL_config.pod b/doc/man3/OPENSSL_config.pod index 6294ee1d1b..453c32b5f7 100644 --- a/doc/man3/OPENSSL_config.pod +++ b/doc/man3/OPENSSL_config.pod @@ -8,10 +8,12 @@ OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions #include <openssl/conf.h> - #if OPENSSL_API_COMPAT < 0x10100000L +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B<OPENSSL_API_COMPAT> with a suitable version value, see +L<openssl_user_macros(7)>: + void OPENSSL_config(const char *appname); void OPENSSL_no_config(void); - #endif =head1 DESCRIPTION diff --git a/doc/man3/RAND_cleanup.pod b/doc/man3/RAND_cleanup.pod index 3859ce343a..39b166bf5e 100644 --- a/doc/man3/RAND_cleanup.pod +++ b/doc/man3/RAND_cleanup.pod @@ -8,9 +8,11 @@ RAND_cleanup - erase the PRNG state #include <openssl/rand.h> - #if OPENSSL_API_COMPAT < 0x10100000L +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B<OPENSSL_API_COMPAT> with a suitable version value, see +L<openssl_user_macros(7)>: + void RAND_cleanup(void) - #endif =head1 DESCRIPTION diff --git a/doc/man7/openssl_user_macros.pod.in b/doc/man7/openssl_user_macros.pod.in index 8af5aea7fb..dc554b70f4 100644 --- a/doc/man7/openssl_user_macros.pod.in +++ b/doc/man7/openssl_user_macros.pod.in @@ -26,7 +26,20 @@ user defined macros. The value is a version number similar to the L<OPENSSL_VERSION_NUMBER(3)> macro. Any symbol that is deprecated in versions up to and including the version given in this macro will not -be declared. Any version number may be given, but these numbers are +be declared. + +The version number assigned to this macro can take one of two forms: + +=over + +=item C<0xMNNFF000L> + +This is the form supported for all versions up 1.1.x, where C<M> +represents the major number, C<NN> represents the minor number, and +C<FF> represents the fix number. For version 1.1.0, that's +C<0x10100000L>. + +Any version number may be given, but these numbers are the current known major deprecation points, making them the most meaningful: @@ -40,6 +53,30 @@ meaningful: =back +For convenience, higher numbers are accepted as well, as long as +feasible. For example, C<0x60000000L> will work as expected. +However, it is recommended to start using the second form instead: + +=item C<m> + +This form is a simple number that represents the major version number +and is supported for version 3.0.0 and up. For extra convenience, +these numbers are also available: + +=over + +=item Z<>0 (C<0x00908000L>, i.e. version 0.9.8) + +=item Z<>1 (C<0x10000000L>, i.e. version 1.0.0) + +=item Z<>2 (C<0x10100000L>, i.e. version 1.1.0) + +=back + +For all other numbers C<m>, they are equivalent to version m.0.0. + +=back + If not set, this macro will default to C<{- join('', map { my @x = split /=/,$_; $x[1] } grep /^OPENSSL_MIN_API=/, @{$config{openssl_api_defines} // []}) diff --git a/fuzz/asn1.c b/fuzz/asn1.c index fad561eb8b..9d23d4774a 100644 --- a/fuzz/asn1.c +++ b/fuzz/asn1.c @@ -106,7 +106,7 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(IPAddressRange), #endif ASN1_ITEM_ref(ISSUING_DIST_POINT), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(LONG), #endif ASN1_ITEM_ref(NAME_CONSTRAINTS), @@ -187,7 +187,7 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(X509_REVOKED), ASN1_ITEM_ref(X509_SIG), ASN1_ITEM_ref(X509_VAL), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(ZLONG), #endif ASN1_ITEM_ref(INT32), diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 9522eec18f..9210f2ccdc 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -19,7 +19,7 @@ # include <openssl/symhacks.h> # include <openssl/ossl_typ.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/bn.h> # endif diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h index c152320785..38b9b76228 100644 --- a/include/openssl/asn1t.h +++ b/include/openssl/asn1t.h @@ -915,7 +915,7 @@ DECLARE_ASN1_ITEM(ZINT64) DECLARE_ASN1_ITEM(UINT64) DECLARE_ASN1_ITEM(ZUINT64) -# if OPENSSL_API_COMPAT < 0x30000000L +# if !OPENSSL_API_3 /* * LONG and ZLONG are strongly discouraged for use as stored data, as the * underlying C type (long) differs in size depending on the architecture. diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 2888b42da8..5587df60c6 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -681,7 +681,7 @@ int BIO_sock_error(int sock); int BIO_socket_ioctl(int fd, long type, void *arg); int BIO_socket_nbio(int fd, int mode); int BIO_sock_init(void); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define BIO_sock_cleanup() while(0) continue # endif int BIO_set_tcp_ndelay(int sock, int turn_on); diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 8af05d00e5..769cc7f087 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -61,7 +61,7 @@ extern "C" { # define BN_FLG_CONSTTIME 0x04 # define BN_FLG_SECURE 0x08 -# if OPENSSL_API_COMPAT < 0x00908000L +# if !OPENSSL_API_0_9_8 /* deprecated name for the flag */ # define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME # define BN_FLG_FREE 0x8000 /* used for debugging */ @@ -190,7 +190,7 @@ int BN_is_odd(const BIGNUM *a); void BN_zero_ex(BIGNUM *a); -# if OPENSSL_API_COMPAT >= 0x00908000L +# if OPENSSL_API_0_9_8 # define BN_zero(a) BN_zero_ex(a) # else # define BN_zero(a) (BN_set_word((a),0)) @@ -519,7 +519,7 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 # define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 # define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 diff --git a/include/openssl/comp.h b/include/openssl/comp.h index d814d3cf25..467ce6ad35 100644 --- a/include/openssl/comp.h +++ b/include/openssl/comp.h @@ -35,7 +35,7 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, COMP_METHOD *COMP_zlib(void); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 #define COMP_zlib_cleanup() while(0) continue #endif diff --git a/include/openssl/conf.h b/include/openssl/conf.h index 7336cd2f1d..f7b5b23c13 100644 --- a/include/openssl/conf.h +++ b/include/openssl/conf.h @@ -90,7 +90,7 @@ int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name)) -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define OPENSSL_no_config() \ OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) #endif @@ -137,7 +137,7 @@ int CONF_modules_load_file(const char *filename, const char *appname, unsigned long flags); void CONF_modules_unload(int all); void CONF_modules_finish(void); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define CONF_modules_free() while(0) continue #endif int CONF_module_add(const char *name, conf_init_func *ifunc, diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index c7b6e47047..b69b04c500 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -36,7 +36,7 @@ */ # include <openssl/symhacks.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/opensslv.h> # endif @@ -44,7 +44,7 @@ extern "C" { #endif -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSLeay OpenSSL_version_num # define SSLeay_version OpenSSL_version # define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER @@ -62,7 +62,7 @@ typedef struct { int dummy; } CRYPTO_dynlock; -# endif /* OPENSSL_API_COMPAT */ +# endif /* OPENSSL_API_1_1_0 */ typedef void CRYPTO_RWLOCK; @@ -199,7 +199,7 @@ void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * This function cleans up all "ex_data" state. It mustn't be called under * potential race-conditions. @@ -246,11 +246,11 @@ typedef struct crypto_threadid_st { # define CRYPTO_THREADID_cpy(dest, src) # define CRYPTO_THREADID_hash(id) (0UL) -# if OPENSSL_API_COMPAT < 0x10000000L +# if !OPENSSL_API_1_0_0 # define CRYPTO_set_id_callback(func) # define CRYPTO_get_id_callback() (NULL) # define CRYPTO_thread_id() (0UL) -# endif /* OPENSSL_API_COMPAT < 0x10000000L */ +# endif /* OPENSSL_API_1_0_0 */ # define CRYPTO_set_dynlock_create_callback(dyn_create_function) # define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) @@ -258,7 +258,7 @@ typedef struct crypto_threadid_st { # define CRYPTO_get_dynlock_create_callback() (NULL) # define CRYPTO_get_dynlock_lock_callback() (NULL) # define CRYPTO_get_dynlock_destroy_callback() (NULL) -# endif /* OPENSSL_API_COMPAT < 0x10100000L */ +# endif /* OPENSSL_API_1_1_0 */ int CRYPTO_set_mem_functions( void *(*m) (size_t, const char *, int), @@ -327,7 +327,7 @@ int CRYPTO_mem_leaks(BIO *bio); /* die if we have to */ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) # endif # define OPENSSL_assert(e) \ diff --git a/include/openssl/dh.h b/include/openssl/dh.h index 3527540cdd..d997e0deab 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -17,7 +17,7 @@ # include <openssl/bio.h> # include <openssl/asn1.h> # include <openssl/ossl_typ.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/bn.h> # endif # include <openssl/dherr.h> @@ -34,7 +34,7 @@ extern "C" { # define DH_FLAG_CACHE_MONT_P 0x01 -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * Does nothing. Previously this switched off constant time behaviour. */ diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 30454f1a48..ba7fcfeb64 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -21,7 +21,7 @@ extern "C" { # include <openssl/crypto.h> # include <openssl/ossl_typ.h> # include <openssl/bn.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/dh.h> # endif # include <openssl/dsaerr.h> @@ -33,7 +33,7 @@ extern "C" { # define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 # define DSA_FLAG_CACHE_MONT_P 0x01 -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * Does nothing. Previously this switched off constant time behaviour. */ diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 90a40299a1..beb197cc82 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -16,7 +16,7 @@ # ifndef OPENSSL_NO_EC # include <openssl/asn1.h> # include <openssl/symhacks.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/bn.h> # endif # include <openssl/ecerr.h> diff --git a/include/openssl/engine.h b/include/openssl/engine.h index 0780f0fb5f..4c0afbb44f 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -14,7 +14,7 @@ # include <openssl/opensslconf.h> # ifndef OPENSSL_NO_ENGINE -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/bn.h> # include <openssl/rsa.h> # include <openssl/dsa.h> @@ -320,7 +320,7 @@ int ENGINE_remove(ENGINE *e); /* Retrieve an engine from the list by its unique "id" value. */ ENGINE *ENGINE_by_id(const char *id); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define ENGINE_load_openssl() \ OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) # define ENGINE_load_dynamic() \ @@ -494,7 +494,7 @@ int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); void *ENGINE_get_ex_data(const ENGINE *e, int idx); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 /* * This function previously cleaned up anything that needs it. Auto-deinit will * now take care of it so it is no longer required to call this function. diff --git a/include/openssl/err.h b/include/openssl/err.h index 6cae1a3651..6cde714334 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -250,7 +250,7 @@ int ERR_load_strings_const(const ERR_STRING_DATA *str); int ERR_unload_strings(int lib, ERR_STRING_DATA *str); int ERR_load_ERR_strings(void); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define ERR_load_crypto_strings() \ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) # define ERR_free_strings() while(0) continue diff --git a/include/openssl/evp.h b/include/openssl/evp.h index d22956d343..36249b4201 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -486,7 +486,7 @@ void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); # define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c)) # endif # define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c)) @@ -670,7 +670,7 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) # define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) # endif @@ -938,7 +938,7 @@ const EVP_CIPHER *EVP_sm4_ofb(void); const EVP_CIPHER *EVP_sm4_ctr(void); # endif -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define OPENSSL_add_all_algorithms_conf() \ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ | OPENSSL_INIT_ADD_ALL_DIGESTS \ diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h index e24dde2a57..ab12a89162 100644 --- a/include/openssl/hmac.h +++ b/include/openssl/hmac.h @@ -14,7 +14,7 @@ # include <openssl/evp.h> -# if OPENSSL_API_COMPAT < 0x30000000L +# if !OPENSSL_API_3 # define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */ # endif diff --git a/include/openssl/idea.h b/include/openssl/idea.h index 4334f3ea71..56a8e609d1 100644 --- a/include/openssl/idea.h +++ b/include/openssl/idea.h @@ -45,7 +45,7 @@ void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out, int *num); void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define idea_options IDEA_options # define idea_ecb_encrypt IDEA_ecb_encrypt # define idea_set_encrypt_key IDEA_set_encrypt_key diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h index 88d7d977b9..b7f6129ce2 100644 --- a/include/openssl/lhash.h +++ b/include/openssl/lhash.h @@ -91,7 +91,7 @@ void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define _LHASH OPENSSL_LHASH # define LHASH_NODE OPENSSL_LH_NODE # define lh_error OPENSSL_LH_error diff --git a/include/openssl/objects.h b/include/openssl/objects.h index 8e1eb0f6c3..f14da86c3f 100644 --- a/include/openssl/objects.h +++ b/include/openssl/objects.h @@ -156,7 +156,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, int OBJ_new_nid(int num); int OBJ_add_object(const ASN1_OBJECT *obj); int OBJ_create(const char *oid, const char *sn, const char *ln); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define OBJ_cleanup() while(0) continue #endif int OBJ_create_objects(BIO *in); diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in index 12b16631e8..f306e489ea 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/opensslconf.h.in @@ -52,9 +52,13 @@ extern "C" { /* * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the - * declarations of functions deprecated in or before <version>. Otherwise, they - * still won't see them if the library has been built to disable deprecated - * functions. + * declarations of functions deprecated in or before <version>. If this is + * undefined, the value of the macro OPENSSL_API_MIN above is the default. + * + * For any version number up until version 1.1.x, <version> is expected to be + * the calculated version number 0xMNNFFPPSL. For version numbers 3.0.0 and + * on, <version> is expected to be only the major version number (i.e. 3 for + * version 3.0.0). */ #ifndef DECLARE_DEPRECATED # define DECLARE_DEPRECATED(f) f; @@ -66,23 +70,36 @@ extern "C" { # endif #endif -#ifndef OPENSSL_FILE -# ifdef OPENSSL_NO_FILENAMES -# define OPENSSL_FILE "" -# define OPENSSL_LINE 0 -# else -# define OPENSSL_FILE __FILE__ -# define OPENSSL_LINE __LINE__ -# endif -#endif +/* + * We convert the OPENSSL_API_COMPAT value to an API level. The API level + * is the major version number for 3.0.0 and on. For earlier versions, it + * uses this scheme, which is close enough for our purposes: + * + * 0.x.y 0 (0.9.8 was the last release in this series) + * 1.0.x 1 (1.0.2 was the last release in this series) + * 1.1.x 2 (1.1.1 was the last release in this series) + */ -#ifndef OPENSSL_MIN_API -# define OPENSSL_MIN_API 0 +/* In case someone defined both */ +#if defined(OPENSSL_API_COMPAT) && defined(OPENSSL_API_LEVEL) +# error "Disallowed to defined both OPENSSL_API_COMPAT and OPENSSL_API_LEVEL" #endif -#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API -# undef OPENSSL_API_COMPAT -# define OPENSSL_API_COMPAT OPENSSL_MIN_API +#ifndef OPENSSL_API_COMPAT +# define OPENSSL_API_LEVEL OPENSSL_MIN_API +#else +# if (OPENSSL_API_COMPAT < 0x1000L) /* Major version numbers up to 16777215 */ +# define OPENSSL_API_LEVEL OPENSSL_API_COMPAT +# elif (OPENSSL_API_COMPAT & 0xF0000000L) == 0x00000000L +# define OPENSSL_API_LEVEL 0 +# elif (OPENSSL_API_COMPAT & 0xFFF00000L) == 0x10000000L +# define OPENSSL_API_LEVEL 1 +# elif (OPENSSL_API_COMPAT & 0xFFF00000L) == 0x10100000L +# define OPENSSL_API_LEVEL 2 +# else +/ * Major number 3 to 15 */ +# define OPENSSL_API_LEVEL ((OPENSSL_API_COMPAT >> 28) & 0xF) +# endif #endif /* @@ -91,34 +108,55 @@ extern "C" { */ #if OPENSSL_VERSION_MAJOR < 4 # define DEPRECATEDIN_4(f) f; -#elif OPENSSL_API_COMPAT < 0x40000000L +# define OPENSSL_API_4 0 +#elif OPENSSL_API_LEVEL < 4 # define DEPRECATEDIN_4(f) DECLARE_DEPRECATED(f) +# define OPENSSL_API_4 0 #else # define DEPRECATEDIN_4(f) +# define OPENSSL_API_4 1 #endif -#if OPENSSL_API_COMPAT < 0x30000000L +#if OPENSSL_API_LEVEL < 3 # define DEPRECATEDIN_3(f) DECLARE_DEPRECATED(f) +# define OPENSSL_API_3 0 #else # define DEPRECATEDIN_3(f) +# define OPENSSL_API_3 1 #endif -#if OPENSSL_API_COMPAT < 0x10100000L +#if OPENSSL_API_LEVEL < 2 # define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +# define OPENSSL_API_1_1_0 0 #else # define DEPRECATEDIN_1_1_0(f) +# define OPENSSL_API_1_1_0 1 #endif -#if OPENSSL_API_COMPAT < 0x10000000L +#if OPENSSL_API_LEVEL < 1 # define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +# define OPENSSL_API_1_0_0 0 #else # define DEPRECATEDIN_1_0_0(f) +# define OPENSSL_API_1_0_0 1 #endif -#if OPENSSL_API_COMPAT < 0x00908000L +#if OPENSSL_API_LEVEL < 0 # define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +# define OPENSSL_API_0_9_8 0 #else # define DEPRECATEDIN_0_9_8(f) +# define OPENSSL_API_0_9_8 1 +#endif + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif #endif /* Generate 80386 code? */ diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h index 3f43dad6d9..2538abfeaf 100644 --- a/include/openssl/pkcs12.h +++ b/include/openssl/pkcs12.h @@ -55,7 +55,7 @@ typedef struct pkcs12_bag_st PKCS12_BAGS; /* Compatibility macros */ -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define M_PKCS12_bag_type PKCS12_bag_type # define M_PKCS12_cert_bag_type PKCS12_cert_bag_type diff --git a/include/openssl/rand.h b/include/openssl/rand.h index 38a2a2718f..0d64711f3e 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -36,7 +36,7 @@ int RAND_set_rand_engine(ENGINE *engine); RAND_METHOD *RAND_OpenSSL(void); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define RAND_cleanup() while(0) continue # endif int RAND_bytes(unsigned char *buf, int num); diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h index 237fe45206..a5e91e30fd 100644 --- a/include/openssl/rand_drbg.h +++ b/include/openssl/rand_drbg.h @@ -36,7 +36,7 @@ /* Used by RAND_DRBG_set_defaults() to set the private DRBG type and flags. */ # define RAND_DRBG_FLAG_PRIVATE 0x10 -# if OPENSSL_API_COMPAT < 0x30000000L +# if !OPENSSL_API_3 /* This #define was replaced by an internal constant and should not be used. */ # define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF) # endif diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index cdce1264eb..12633b06ab 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -17,7 +17,7 @@ # include <openssl/bio.h> # include <openssl/crypto.h> # include <openssl/ossl_typ.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/bn.h> # endif # include <openssl/rsaerr.h> @@ -73,13 +73,13 @@ extern "C" { * but other engines might not need it */ # define RSA_FLAG_NO_BLINDING 0x0080 -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * Does nothing. Previously this switched off constant time behaviour. */ # define RSA_FLAG_NO_CONSTTIME 0x0000 # endif -# if OPENSSL_API_COMPAT < 0x00908000L +# if !OPENSSL_API_0_9_8 /* deprecated name for the flag*/ /* * new with 0.9.7h; the built-in RSA diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 1e9e8d5721..fe2e479028 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -16,7 +16,7 @@ # include <openssl/opensslconf.h> # include <openssl/comp.h> # include <openssl/bio.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/x509.h> # include <openssl/crypto.h> # include <openssl/buffer.h> @@ -1089,7 +1089,7 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_VERIFY_CLIENT_ONCE 0x04 # define SSL_VERIFY_POST_HANDSHAKE 0x08 -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define OpenSSL_add_ssl_algorithms() SSL_library_init() # define SSLeay_add_ssl_algorithms() SSL_library_init() # endif @@ -1313,7 +1313,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) # define SSL_set_tmp_dh(ssl,dh) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) -# if OPENSSL_API_COMPAT < 0x10200000L +# if !OPENSSL_API_3 # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) # define SSL_set_tmp_ecdh(ssl,ecdh) \ @@ -1466,7 +1466,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get_shared_curve SSL_get_shared_group -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* Provide some compatibility macros for removed functionality. */ # define SSL_CTX_need_tmp_RSA(ctx) 0 # define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 @@ -1594,7 +1594,7 @@ __owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_load_error_strings() \ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) @@ -1943,7 +1943,7 @@ void SSL_set_accept_state(SSL *s); __owur long SSL_get_default_timeout(const SSL *s); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_library_init() OPENSSL_init_ssl(0, NULL) # endif @@ -2072,7 +2072,7 @@ __owur int SSL_COMP_get_id(const SSL_COMP *comp); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); __owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_COMP_free_compression_methods() while(0) continue # endif __owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); @@ -2124,7 +2124,7 @@ size_t SSL_get_num_tickets(SSL *s); int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_cache_hit(s) SSL_session_reused(s) # endif diff --git a/include/openssl/stack.h b/include/openssl/stack.h index cfc075057a..c1b5adc4ae 100644 --- a/include/openssl/stack.h +++ b/include/openssl/stack.h @@ -50,7 +50,7 @@ OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st); void OPENSSL_sk_sort(OPENSSL_STACK *st); int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define _STACK OPENSSL_STACK # define sk_num OPENSSL_sk_num # define sk_value OPENSSL_sk_value diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index e13b5dd4bc..434dff1500 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -335,7 +335,7 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) # define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \ SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT # define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \ diff --git a/include/openssl/ui.h b/include/openssl/ui.h index 701dd85928..1d246dc97d 100644 --- a/include/openssl/ui.h +++ b/include/openssl/ui.h @@ -12,7 +12,7 @@ # include <openssl/opensslconf.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/crypto.h> # endif # include <openssl/safestack.h> @@ -21,7 +21,7 @@ # include <openssl/uierr.h> /* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */ -# if OPENSSL_API_COMPAT < 0x30000000L +# if !OPENSSL_API_3 # ifdef OPENSSL_NO_UI_CONSOLE # define OPENSSL_NO_UI # endif diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 39ca0ba575..874ea2bce2 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -21,7 +21,7 @@ # include <openssl/safestack.h> # include <openssl/ec.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/rsa.h> # include <openssl/dsa.h> # include <openssl/dh.h> @@ -650,7 +650,7 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); int X509_up_ref(X509 *x); int X509_get_signature_type(const X509 *x); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define X509_get_notBefore X509_getm_notBefore # define X509_get_notAfter X509_getm_notAfter # define X509_set_notBefore X509_set1_notBefore @@ -716,7 +716,7 @@ int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_sort(X509_CRL *crl); int X509_CRL_up_ref(X509_CRL *crl); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate # define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate #endif diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 2adb155970..d2ce309648 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -49,7 +49,7 @@ typedef enum { X509_LU_X509, X509_LU_CRL } X509_LOOKUP_TYPE; -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 #define X509_LU_RETRY -1 #define X509_LU_FAIL 0 #endif @@ -187,7 +187,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); /* Certificate verify flags */ -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ # endif /* Use check time instead of current time */ @@ -357,7 +357,7 @@ X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *c X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain # define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted # define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index fe1791c681..a4fecd5c07 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -629,7 +629,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 /* The new declarations are in crypto.h, but the old ones were here. */ # define hex_to_string OPENSSL_buf2hexstr # define string_to_hex OPENSSL_hexstr2buf diff --git a/ssl/methods.c b/ssl/methods.c index 348efe467d..1906dee264 100644 --- a/ssl/methods.c +++ b/ssl/methods.c @@ -172,7 +172,7 @@ IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, DTLS_client_method, ssl_undefined_function, ossl_statem_connect, DTLSv1_2_enc_data) -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # ifndef OPENSSL_NO_TLS1_2_METHOD const SSL_METHOD *TLSv1_2_method(void) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 087f768b0b..dfa9e59094 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4466,7 +4466,7 @@ int SSL_is_server(const SSL *s) return s->server; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 void SSL_set_debug(SSL *s, int debug) { /* Old function was do-nothing anyway... */ diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c index b48b9b57bc..3f7e99ec94 100644 --- a/test/asn1_decode_test.c +++ b/test/asn1_decode_test.c @@ -28,7 +28,7 @@ static unsigned char t_invalid_zero[] = { 0x02, 0x00 /* INTEGER tag + length */ }; -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 /* LONG case ************************************************************* */ typedef struct { @@ -162,7 +162,7 @@ static int test_uint64(void) int setup_tests(void) { -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ADD_TEST(test_long); #endif ADD_TEST(test_int32); diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c index 4c4820e592..5168f0431a 100644 --- a/test/asn1_encode_test.c +++ b/test/asn1_encode_test.c @@ -179,7 +179,7 @@ typedef struct { ENCDEC_DATA(-1, -1), \ ENCDEC_DATA(0, ASN1_LONG_UNDEF) -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 /***** LONG ******************************************************************/ typedef struct { @@ -824,7 +824,7 @@ static int test_intern(const TEST_PACKAGE *package) return fail == 0; } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 static int test_long_32bit(void) { return test_intern(&long_test_package_32bit); @@ -858,7 +858,7 @@ static int test_uint64(void) int setup_tests(void) { -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ADD_TEST(test_long_32bit); ADD_TEST(test_long_64bit); #endif diff --git a/util/perl/OpenSSL/ParseC.pm b/util/perl/OpenSSL/ParseC.pm index 81472ef5eb..2a009b332f 100644 --- a/util/perl/OpenSSL/ParseC.pm +++ b/util/perl/OpenSSL/ParseC.pm @@ -65,24 +65,11 @@ my @opensslcpphandlers = ( # These are used to convert certain pre-precessor expressions into # others that @cpphandlers have a better chance to understand. - { regexp => qr/#if OPENSSL_API_COMPAT(\S+)(0x[0-9a-fA-F]{8})L$/, + { regexp => qr/#if (!?)OPENSSL_API_([0-9_]+)$/, massager => sub { - my $op = $1; - my $v = hex($2); - if ($op ne '<' && $op ne '>=') { - die "Error: unacceptable operator $op: $_[0]\n"; - } - my ($major, $minor, $edit) = - ( ($v >> 28) & 0xf, - ($v >> 20) & 0xff, - ($v >> 12) & 0xff ); - my $t = "DEPRECATEDIN_" . - ($major <= 1 - ? "${major}_${minor}_${edit}" - : "${major}"); - my $cond = $op eq '<' ? 'ifndef' : 'ifdef'; + my $cnd = $1 eq '!' ? 'ndef' : 'def'; return (<<"EOF"); -#$cond $t +#if$cnd DEPRECATEDIN_$2 EOF } } |