diff options
64 files changed, 229 insertions, 152 deletions
@@ -9,6 +9,15 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Change the possible version information given with OPENSSL_API_COMPAT. + It may be a pre-3.0.0 style numerical version number as it was defined + in 1.1.0, and it may also simply take the major version number. + + Because of the version numbering of pre-3.0.0 releases, the values 0, + 1 and 2 are equivalent to 0x00908000L (0.9.8), 0x10000000L (1.0.0) and + 0x10100000L (1.1.0), respectively. + [Richard Levitte] + *) Switch to a new version scheme using three numbers MAJOR.MINOR.PATCH. o Major releases (indicated by incrementing the MAJOR release number) @@ -43,9 +43,9 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx # # --cross-compile-prefix Add specified prefix to binutils components. # -# --api One of 0.9.8, 1.0.0, 1.1.0 or 3.0.0 (or 3). Do not compile -# support for interfaces deprecated as of the specified OpenSSL -# version. +# --api One of 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, or 3.0.0 / 3. +# Do not compile support for interfaces deprecated as of the +# specified OpenSSL version. # # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support @@ -176,10 +176,13 @@ our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; # my $maxapi = "3.0.0"; # API for "no-deprecated" builds my $apitable = { - "3.0.0" => "0x30000000L", - "1.1.0" => "0x10100000L", - "1.0.0" => "0x10000000L", - "0.9.8" => "0x00908000L", + "3.0.0" => 3, + "1.1.1" => 2, + "1.1.0" => 2, + "1.0.2" => 1, + "1.0.1" => 1, + "1.0.0" => 1, + "0.9.8" => 0, }; our %table = (); @@ -1495,11 +1498,9 @@ $config{cflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x } $config{cxxflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x } @{$config{cxxflags}} ] if $config{CXX}; -if (defined($config{api})) { - $config{openssl_api_defines} = [ "OPENSSL_MIN_API=".$apitable->{$config{api}} ]; - my $apiflag = sprintf("OPENSSL_API_COMPAT=%s", $apitable->{$config{api}}); - push @{$config{defines}}, $apiflag; -} +$config{openssl_api_defines} = [ + "OPENSSL_MIN_API=".($apitable->{$config{api} // ""} // -1) +]; if ($strict_warnings) { diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h index 3e53c63237..1892a26dfe 100644 --- a/crypto/asn1/asn1_item_list.h +++ b/crypto/asn1/asn1_item_list.h @@ -78,7 +78,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(IPAddressRange), #endif ASN1_ITEM_ref(ISSUING_DIST_POINT), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(LONG), #endif ASN1_ITEM_ref(NAME_CONSTRAINTS), @@ -164,7 +164,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(X509_SIG), ASN1_ITEM_ref(X509_VAL), ASN1_ITEM_ref(X509), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(ZLONG), #endif ASN1_ITEM_ref(INT32), diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 88c4b53918..f2ba4bc3b5 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -383,7 +383,7 @@ const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) return x->data; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 unsigned char *ASN1_STRING_data(ASN1_STRING *x) { return x->data; diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index 537db1b381..1c622cfbe8 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include <openssl/asn1t.h> -#if !(OPENSSL_API_COMPAT < 0x30000000L) +#if OPENSSL_API_3 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index e7a24d02cb..df5154648d 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -24,7 +24,7 @@ static int wsa_init_done = 0; # endif -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 int BIO_get_host_ip(const char *str, unsigned char *ip) { BIO_ADDRINFO *res = NULL; @@ -103,7 +103,7 @@ int BIO_sock_error(int sock) return j; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 struct hostent *BIO_gethostbyname(const char *name) { /* @@ -196,7 +196,7 @@ int BIO_socket_ioctl(int fd, long type, void *arg) return i; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 int BIO_get_accept_socket(char *host, int bind_mode) { int s = INVALID_SOCKET; diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c index 7d89214b1c..8c30c2190e 100644 --- a/crypto/bn/bn_depr.c +++ b/crypto/bn/bn_depr.c @@ -13,7 +13,7 @@ */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 040c4cd9b3..b6893afdcc 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -15,7 +15,7 @@ #include "internal/constant_time_locl.h" /* This stuff appears to be completely unused, so is deprecated */ -#if OPENSSL_API_COMPAT < 0x00908000L +#if !OPENSSL_API_0_9_8 /*- * For a 32 bit machine * 2 - 4 == 128 diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 3d2e065e5b..2b3e23ee14 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -27,7 +27,7 @@ static int openssl_configured = 0; -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 void OPENSSL_config(const char *appname) { OPENSSL_INIT_SETTINGS settings; diff --git a/crypto/cversion.c b/crypto/cversion.c index 16cd241f25..b3fc30d078 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -11,7 +11,7 @@ #include "buildinf.h" -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 unsigned long OpenSSL_version_num(void) { return OPENSSL_VERSION_NUMBER; diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c index f8ed1b7461..f2ccde4551 100644 --- a/crypto/dh/dh_depr.c +++ b/crypto/dh/dh_depr.c @@ -10,7 +10,7 @@ /* This file contains deprecated functions as wrappers to the new ones */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index f51aea7497..f5526a6838 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -20,7 +20,7 @@ #define xxxHASH EVP_sha1() #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 2304cc9bee..034b2fce8c 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -16,7 +16,7 @@ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index e3d249a0ba..f111ffa51e 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -435,7 +435,7 @@ int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, return group->meth->group_get_curve(group, p, a, b, ctx); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { @@ -726,7 +726,7 @@ int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, return 1; } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) @@ -764,7 +764,7 @@ int EC_POINT_get_affine_coordinates(const EC_GROUP *group, return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx) diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c index f6295c92a7..12f476d231 100644 --- a/crypto/ec/ec_oct.c +++ b/crypto/ec/ec_oct.c @@ -49,7 +49,7 @@ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, y_bit, ctx); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, int y_bit, BN_CTX *ctx) diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c index c21e788078..1d260b5ee8 100644 --- a/crypto/ec/ecdh_kdf.c +++ b/crypto/ec/ecdh_kdf.c @@ -72,7 +72,7 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, * The old name for ecdh_KDF_X9_63 * Retained for ABI compatibility */ -#if OPENSSL_API_COMPAT < 0x10200000L +#if !OPENSSL_API_3 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, const unsigned char *sinfo, size_t sinfolen, diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index af306ccffc..ef82947288 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -18,7 +18,8 @@ void ENGINE_load_builtin_engines(void) OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); } -#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) && OPENSSL_API_COMPAT < 0x10100000L +#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) \ + && !OPENSSL_API_1_1_0 void ENGINE_setup_bsd_cryptodev(void) { } diff --git a/crypto/err/err.c b/crypto/err/err.c index 66a60e907c..da1b90df16 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -672,13 +672,13 @@ void err_delete_thread_state(void) ERR_STATE_free(state); } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 void ERR_remove_thread_state(void *dummy) { } #endif -#if OPENSSL_API_COMPAT < 0x10000000L +#if !OPENSSL_API_1_0_0 void ERR_remove_state(unsigned long pid) { } diff --git a/crypto/evp/e_old.c b/crypto/evp/e_old.c index 927908f871..ffce91671f 100644 --- a/crypto/evp/e_old.c +++ b/crypto/evp/e_old.c @@ -8,7 +8,7 @@ */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index e4031b44a5..eec54d5833 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -79,7 +79,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, return rv; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) { if (key && md) diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index a09c5b9313..ee28981fa5 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -12,7 +12,7 @@ #include <openssl/pkcs12.h> #include "p12_lcl.h" -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid) { return PKCS12_get_attr_gen(bag->attrib, attr_nid); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index d8639c4a03..d2f5be1a65 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -838,7 +838,7 @@ int RAND_bytes(unsigned char *buf, int num) return -1; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 int RAND_pseudo_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index d2039eb226..f8f371c6d5 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -156,7 +156,7 @@ int rand_pool_add_additional_data(RAND_POOL *pool) return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) { RAND_poll(); diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c index 21e0562525..4e9b709428 100644 --- a/crypto/rsa/rsa_depr.c +++ b/crypto/rsa/rsa_depr.c @@ -13,7 +13,7 @@ */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index bfe517b471..814f04263c 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -525,7 +525,7 @@ int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd) return 1; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * DEPRECATED: use SRP_VBASE_get1_by_user instead. * This method ignores the configured seed and fails for an unknown user. diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 7645ce3759..99f730faa0 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -91,7 +91,7 @@ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl) return crl->crl.nextUpdate; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl) { return crl->crl.lastUpdate; diff --git a/doc/man3/OPENSSL_config.pod b/doc/man3/OPENSSL_config.pod index 6294ee1d1b..453c32b5f7 100644 --- a/doc/man3/OPENSSL_config.pod +++ b/doc/man3/OPENSSL_config.pod @@ -8,10 +8,12 @@ OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions #include <openssl/conf.h> - #if OPENSSL_API_COMPAT < 0x10100000L +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B<OPENSSL_API_COMPAT> with a suitable version value, see +L<openssl_user_macros(7)>: + void OPENSSL_config(const char *appname); void OPENSSL_no_config(void); - #endif =head1 DESCRIPTION diff --git a/doc/man3/RAND_cleanup.pod b/doc/man3/RAND_cleanup.pod index 3859ce343a..39b166bf5e 100644 --- a/doc/man3/RAND_cleanup.pod +++ b/doc/man3/RAND_cleanup.pod @@ -8,9 +8,11 @@ RAND_cleanup - erase the PRNG state #include <openssl/rand.h> - #if OPENSSL_API_COMPAT < 0x10100000L +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B<OPENSSL_API_COMPAT> with a suitable version value, see +L<openssl_user_macros(7)>: + void RAND_cleanup(void) - #endif =head1 DESCRIPTION diff --git a/doc/man7/openssl_user_macros.pod.in b/doc/man7/openssl_user_macros.pod.in index 8af5aea7fb..dc554b70f4 100644 --- a/doc/man7/openssl_user_macros.pod.in +++ b/doc/man7/openssl_user_macros.pod.in @@ -26,7 +26,20 @@ user defined macros. The value is a version number similar to the L<OPENSSL_VERSION_NUMBER(3)> macro. Any symbol that is deprecated in versions up to and including the version given in this macro will not -be declared. Any version number may be given, but these numbers are +be declared. + +The version number assigned to this macro can take one of two forms: + +=over + +=item C<0xMNNFF000L> + +This is the form supported for all versions up 1.1.x, where C<M> +represents the major number, C<NN> represents the minor number, and +C<FF> represents the fix number. For version 1.1.0, that's +C<0x10100000L>. + +Any version number may be given, but these numbers are the current known major deprecation points, making them the most meaningful: @@ -40,6 +53,30 @@ meaningful: =back +For convenience, higher numbers are accepted as well, as long as +feasible. For example, C<0x60000000L> will work as expected. +However, it is recommended to start using the second form instead: + +=item C<m> + +This form is a simple number that represents the major version number +and is supported for version 3.0.0 and up. For extra convenience, +these numbers are also available: + +=over + +=item Z<>0 (C<0x00908000L>, i.e. version 0.9.8) + +=item Z<>1 (C<0x10000000L>, i.e. version 1.0.0) + +=item Z<>2 (C<0x10100000L>, i.e. version 1.1.0) + +=back + +For all other numbers C<m>, they are equivalent to version m.0.0. + +=back + If not set, this macro will default to C<{- join('', map { my @x = split /=/,$_; $x[1] } grep /^OPENSSL_MIN_API=/, @{$config{openssl_api_defines} // []}) diff --git a/fuzz/asn1.c b/fuzz/asn1.c index fad561eb8b..9d23d4774a 100644 --- a/fuzz/asn1.c +++ b/fuzz/asn1.c @@ -106,7 +106,7 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(IPAddressRange), #endif ASN1_ITEM_ref(ISSUING_DIST_POINT), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(LONG), #endif ASN1_ITEM_ref(NAME_CONSTRAINTS), @@ -187,7 +187,7 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(X509_REVOKED), ASN1_ITEM_ref(X509_SIG), ASN1_ITEM_ref(X509_VAL), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(ZLONG), #endif ASN1_ITEM_ref(INT32), diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 9522eec18f..9210f2ccdc 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -19,7 +19,7 @@ # include <openssl/symhacks.h> # include <openssl/ossl_typ.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/bn.h> # endif diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h index c152320785..38b9b76228 100644 --- a/include/openssl/asn1t.h +++ b/include/openssl/asn1t.h @@ -915,7 +915,7 @@ DECLARE_ASN1_ITEM(ZINT64) DECLARE_ASN1_ITEM(UINT64) DECLARE_ASN1_ITEM(ZUINT64) -# if OPENSSL_API_COMPAT < 0x30000000L +# if !OPENSSL_API_3 /* * LONG and ZLONG are strongly discouraged for use as stored data, as the * underlying C type (long) differs in size depending on the architecture. diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 2888b42da8..5587df60c6 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -681,7 +681,7 @@ int BIO_sock_error(int sock); int BIO_socket_ioctl(int fd, long type, void *arg); int BIO_socket_nbio(int fd, int mode); int BIO_sock_init(void); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define BIO_sock_cleanup() while(0) continue # endif int BIO_set_tcp_ndelay(int sock, int turn_on); diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 8af05d00e5..769cc7f087 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -61,7 +61,7 @@ extern "C" { # define BN_FLG_CONSTTIME 0x04 # define BN_FLG_SECURE 0x08 -# if OPENSSL_API_COMPAT < 0x00908000L +# if !OPENSSL_API_0_9_8 /* deprecated name for the flag */ # define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME # define BN_FLG_FREE 0x8000 /* used for debugging */ @@ -190,7 +190,7 @@ int BN_is_odd(const BIGNUM *a); void BN_zero_ex(BIGNUM *a); -# if OPENSSL_API_COMPAT >= 0x00908000L +# if OPENSSL_API_0_9_8 # define BN_zero(a) BN_zero_ex(a) # else # define BN_zero(a) (BN_set_word((a),0)) @@ -519,7 +519,7 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 # define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 # define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 diff --git a/include/openssl/comp.h b/include/openssl/comp.h index d814d3cf25..467ce6ad35 100644 --- a/include/openssl/comp.h +++ b/include/openssl/comp.h @@ -35,7 +35,7 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, COMP_METHOD *COMP_zlib(void); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 #define COMP_zlib_cleanup() while(0) continue #endif diff --git a/include/openssl/conf.h b/include/openssl/conf.h index 7336cd2f1d..f7b5b23c13 100644 --- a/include/openssl/conf.h +++ b/include/openssl/conf.h @@ -90,7 +90,7 @@ int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name)) -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define OPENSSL_no_config() \ OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) #endif @@ -137,7 +137,7 @@ int CONF_modules_load_file(const char *filename, const char *appname, unsigned long flags); void CONF_modules_unload(int all); void CONF_modules_finish(void); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define CONF_modules_free() while(0) continue #endif int CONF_module_add(const char *name, conf_init_func *ifunc, diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index c7b6e47047..b69b04c500 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -36,7 +36,7 @@ */ # include <openssl/symhacks.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/opensslv.h> # endif @@ -44,7 +44,7 @@ extern "C" { #endif -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSLeay OpenSSL_version_num # define SSLeay_version OpenSSL_version # define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER @@ -62,7 +62,7 @@ typedef struct { int dummy; } CRYPTO_dynlock; -# endif /* OPENSSL_API_COMPAT */ +# endif /* OPENSSL_API_1_1_0 */ typedef void CRYPTO_RWLOCK; @@ -199,7 +199,7 @@ void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * This function cleans up all "ex_data" state. It mustn't be called under * potential race-conditions. @@ -246,11 +246,11 @@ typedef struct crypto_threadid_st { # define CRYPTO_THREADID_cpy(dest, src) # define CRYPTO_THREADID_hash(id) (0UL) -# if OPENSSL_API_COMPAT < 0x10000000L +# if !OPENSSL_API_1_0_0 # define CRYPTO_set_id_callback(func) # define CRYPTO_get_id_callback() (NULL) # define CRYPTO_thread_id() (0UL) -# endif /* OPENSSL_API_COMPAT < 0x10000000L */ +# endif /* OPENSSL_API_1_0_0 */ # define CRYPTO_set_dynlock_create_callback(dyn_create_function) # define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) @@ -258,7 +258,7 @@ typedef struct crypto_threadid_st { # define CRYPTO_get_dynlock_create_callback() (NULL) # define CRYPTO_get_dynlock_lock_callback() (NULL) # define CRYPTO_get_dynlock_destroy_callback() (NULL) -# endif /* OPENSSL_API_COMPAT < 0x10100000L */ +# endif /* OPENSSL_API_1_1_0 */ int CRYPTO_set_mem_functions( void *(*m) (size_t, const char *, int), @@ -327,7 +327,7 @@ int CRYPTO_mem_leaks(BIO *bio); /* die if we have to */ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) # endif # define OPENSSL_assert(e) \ diff --git a/include/openssl/dh.h b/include/openssl/dh.h index 3527540cdd..d997e0deab 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -17,7 +17,7 @@ # include <openssl/bio.h> # include <openssl/asn1.h> # include <openssl/ossl_typ.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/bn.h> # endif # include <openssl/dherr.h> @@ -34,7 +34,7 @@ extern "C" { # define DH_FLAG_CACHE_MONT_P 0x01 -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * Does nothing. Previously this switched off constant time behaviour. */ diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 30454f1a48..ba7fcfeb64 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -21,7 +21,7 @@ extern "C" { # include <openssl/crypto.h> # include <openssl/ossl_typ.h> # include <openssl/bn.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/dh.h> # endif # include <openssl/dsaerr.h> @@ -33,7 +33,7 @@ extern "C" { # define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 # define DSA_FLAG_CACHE_MONT_P 0x01 -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * Does nothing. Previously this switched off constant time behaviour. */ diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 90a40299a1..beb197cc82 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -16,7 +16,7 @@ # ifndef OPENSSL_NO_EC # include <openssl/asn1.h> # include <openssl/symhacks.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/bn.h> # endif # include <openssl/ecerr.h> diff --git a/include/openssl/engine.h b/include/openssl/engine.h index 0780f0fb5f..4c0afbb44f 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -14,7 +14,7 @@ # include <openssl/opensslconf.h> # ifndef OPENSSL_NO_ENGINE -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/bn.h> # include <openssl/rsa.h> # include <openssl/dsa.h> @@ -320,7 +320,7 @@ int ENGINE_remove(ENGINE *e); /* Retrieve an engine from the list by its unique "id" value. */ ENGINE *ENGINE_by_id(const char *id); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define ENGINE_load_openssl() \ OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) # define ENGINE_load_dynamic() \ @@ -494,7 +494,7 @@ int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); void *ENGINE_get_ex_data(const ENGINE *e, int idx); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 /* * This function previously cleaned up anything that needs it. Auto-deinit will * now take care of it so it is no longer required to call this function. diff --git a/include/openssl/err.h b/include/openssl/err.h index 6cae1a3651..6cde714334 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -250,7 +250,7 @@ int ERR_load_strings_const(const ERR_STRING_DATA *str); int ERR_unload_strings(int lib, ERR_STRING_DATA *str); int ERR_load_ERR_strings(void); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define ERR_load_crypto_strings() \ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) # define ERR_free_strings() while(0) continue diff --git a/include/openssl/evp.h b/include/openssl/evp.h index d22956d343..36249b4201 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -486,7 +486,7 @@ void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); # define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c)) # endif # define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c)) @@ -670,7 +670,7 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) # define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) # endif @@ -938,7 +938,7 @@ const EVP_CIPHER *EVP_sm4_ofb(void); const EVP_CIPHER *EVP_sm4_ctr(void); # endif -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define OPENSSL_add_all_algorithms_conf() \ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ | OPENSSL_INIT_ADD_ALL_DIGESTS \ diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h index e24dde2a57..ab12a89162 100644 --- a/include/openssl/hmac.h +++ b/include/openssl/hmac.h @@ -14,7 +14,7 @@ # include <openssl/evp.h> -# if OPENSSL_API_COMPAT < 0x30000000L +# if !OPENSSL_API_3 # define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */ # endif diff --git a/include/openssl/idea.h b/include/openssl/idea.h index 4334f3ea71..56a8e609d1 100644 --- a/include/openssl/idea.h +++ b/include/openssl/idea.h @@ -45,7 +45,7 @@ void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out, int *num); void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define idea_options IDEA_options # define idea_ecb_encrypt IDEA_ecb_encrypt # define idea_set_encrypt_key IDEA_set_encrypt_key diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h index 88d7d977b9..b7f6129ce2 100644 --- a/include/openssl/lhash.h +++ b/include/openssl/lhash.h @@ -91,7 +91,7 @@ void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define _LHASH OPENSSL_LHASH # define LHASH_NODE OPENSSL_LH_NODE # define lh_error OPENSSL_LH_error diff --git a/include/openssl/objects.h b/include/openssl/objects.h index 8e1eb0f6c3..f14da86c3f 100644 --- a/include/openssl/objects.h +++ b/include/openssl/objects.h @@ -156,7 +156,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, int OBJ_new_nid(int num); int OBJ_add_object(const ASN1_OBJECT *obj); int OBJ_create(const char *oid, const char *sn, const char *ln); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define OBJ_cleanup() while(0) continue #endif int OBJ_create_objects(BIO *in); diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in index 12b16631e8..f306e489ea 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/opensslconf.h.in @@ -52,9 +52,13 @@ extern "C" { /* * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the - * declarations of functions deprecated in or before <version>. Otherwise, they - * still won't see them if the library has been built to disable deprecated - * functions. + * declarations of functions deprecated in or before <version>. If this is + * undefined, the value of the macro OPENSSL_API_MIN above is the default. + * + * For any version number up until version 1.1.x, <version> is expected to be + * the calculated version number 0xMNNFFPPSL. For version numbers 3.0.0 and + * on, <version> is expected to be only the major version number (i.e. 3 for + * version 3.0.0). */ #ifndef DECLARE_DEPRECATED # define DECLARE_DEPRECATED(f) f; @@ -66,23 +70,36 @@ extern "C" { # endif #endif -#ifndef OPENSSL_FILE -# ifdef OPENSSL_NO_FILENAMES -# define OPENSSL_FILE "" -# define OPENSSL_LINE 0 -# else -# define OPENSSL_FILE __FILE__ -# define OPENSSL_LINE __LINE__ -# endif -#endif +/* + * We convert the OPENSSL_API_COMPAT value to an API level. The API level + * is the major version number for 3.0.0 and on. For earlier versions, it + * uses this scheme, which is close enough for our purposes: + * + * 0.x.y 0 (0.9.8 was the last release in this series) + * 1.0.x 1 (1.0.2 was the last release in this series) + * 1.1.x 2 (1.1.1 was the last release in this series) + */ -#ifndef OPENSSL_MIN_API -# define OPENSSL_MIN_API 0 +/* In case someone defined both */ +#if defined(OPENSSL_API_COMPAT) && defined(OPENSSL_API_LEVEL) +# error "Disallowed to defined both OPENSSL_API_COMPAT and OPENSSL_API_LEVEL" #endif -#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API -# undef OPENSSL_API_COMPAT -# define OPENSSL_API_COMPAT OPENSSL_MIN_API +#ifndef OPENSSL_API_COMPAT +# define OPENSSL_API_LEVEL OPENSSL_MIN_API +#else +# if (OPENSSL_API_COMPAT < 0x1000L) /* Major version numbers up to 16777215 */ +# define OPENSSL_API_LEVEL OPENSSL_API_COMPAT +# elif (OPENSSL_API_COMPAT & 0xF0000000L) == 0x00000000L +# define OPENSSL_API_LEVEL 0 +# elif (OPENSSL_API_COMPAT & 0xFFF00000L) == 0x10000000L +# define OPENSSL_API_LEVEL 1 +# elif (OPENSSL_API_COMPAT & 0xFFF00000L) == 0x10100000L +# define OPENSSL_API_LEVEL 2 +# else +/ * Major number 3 to 15 */ +# define OPENSSL_API_LEVEL ((OPENSSL_API_COMPAT >> 28) & 0xF) +# endif #endif /* @@ -91,34 +108,55 @@ extern "C" { */ #if OPENSSL_VERSION_MAJOR < 4 # define DEPRECATEDIN_4(f) f; -#elif OPENSSL_API_COMPAT < 0x40000000L +# define OPENSSL_API_4 0 +#elif OPENSSL_API_LEVEL < 4 # define DEPRECATEDIN_4(f) DECLARE_DEPRECATED(f) +# define OPENSSL_API_4 0 #else # define DEPRECATEDIN_4(f) +# define OPENSSL_API_4 1 #endif -#if OPENSSL_API_COMPAT < 0x30000000L +#if OPENSSL_API_LEVEL < 3 # define DEPRECATEDIN_3(f) DECLARE_DEPRECATED(f) +# define OPENSSL_API_3 0 #else # define DEPRECATEDIN_3(f) +# define OPENSSL_API_3 1 #endif -#if OPENSSL_API_COMPAT < 0x10100000L +#if OPENSSL_API_LEVEL < 2 # define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +# define OPENSSL_API_1_1_0 0 #else # define DEPRECATEDIN_1_1_0(f) +# define OPENSSL_API_1_1_0 1 #endif -#if OPENSSL_API_COMPAT < 0x10000000L +#if OPENSSL_API_LEVEL < 1 # define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +# define OPENSSL_API_1_0_0 0 #else # define DEPRECATEDIN_1_0_0(f) +# define OPENSSL_API_1_0_0 1 #endif -#if OPENSSL_API_COMPAT < 0x00908000L +#if OPENSSL_API_LEVEL < 0 # define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +# define OPENSSL_API_0_9_8 0 #else # define DEPRECATEDIN_0_9_8(f) +# define OPENSSL_API_0_9_8 1 +#endif + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif #endif /* Generate 80386 code? */ diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h index 3f43dad6d9..2538abfeaf 100644 --- a/include/openssl/pkcs12.h +++ b/include/openssl/pkcs12.h @@ -55,7 +55,7 @@ typedef struct pkcs12_bag_st PKCS12_BAGS; /* Compatibility macros */ -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define M_PKCS12_bag_type PKCS12_bag_type # define M_PKCS12_cert_bag_type PKCS12_cert_bag_type diff --git a/include/openssl/rand.h b/include/openssl/rand.h index 38a2a2718f..0d64711f3e 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -36,7 +36,7 @@ int RAND_set_rand_engine(ENGINE *engine); RAND_METHOD *RAND_OpenSSL(void); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define RAND_cleanup() while(0) continue # endif int RAND_bytes(unsigned char *buf, int num); diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h index 237fe45206..a5e91e30fd 100644 --- a/include/openssl/rand_drbg.h +++ b/include/openssl/rand_drbg.h @@ -36,7 +36,7 @@ /* Used by RAND_DRBG_set_defaults() to set the private DRBG type and flags. */ # define RAND_DRBG_FLAG_PRIVATE 0x10 -# if OPENSSL_API_COMPAT < 0x30000000L +# if !OPENSSL_API_3 /* This #define was replaced by an internal constant and should not be used. */ # define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF) # endif diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index cdce1264eb..12633b06ab 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -17,7 +17,7 @@ # include <openssl/bio.h> # include <openssl/crypto.h> # include <openssl/ossl_typ.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/bn.h> # endif # include <openssl/rsaerr.h> @@ -73,13 +73,13 @@ extern "C" { * but other engines might not need it */ # define RSA_FLAG_NO_BLINDING 0x0080 -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * Does nothing. Previously this switched off constant time behaviour. */ # define RSA_FLAG_NO_CONSTTIME 0x0000 # endif -# if OPENSSL_API_COMPAT < 0x00908000L +# if !OPENSSL_API_0_9_8 /* deprecated name for the flag*/ /* * new with 0.9.7h; the built-in RSA diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 1e9e8d5721..fe2e479028 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -16,7 +16,7 @@ # include <openssl/opensslconf.h> # include <openssl/comp.h> # include <openssl/bio.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/x509.h> # include <openssl/crypto.h> # include <openssl/buffer.h> @@ -1089,7 +1089,7 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_VERIFY_CLIENT_ONCE 0x04 # define SSL_VERIFY_POST_HANDSHAKE 0x08 -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define OpenSSL_add_ssl_algorithms() SSL_library_init() # define SSLeay_add_ssl_algorithms() SSL_library_init() # endif @@ -1313,7 +1313,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) # define SSL_set_tmp_dh(ssl,dh) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) -# if OPENSSL_API_COMPAT < 0x10200000L +# if !OPENSSL_API_3 # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) # define SSL_set_tmp_ecdh(ssl,ecdh) \ @@ -1466,7 +1466,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get_shared_curve SSL_get_shared_group -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* Provide some compatibility macros for removed functionality. */ # define SSL_CTX_need_tmp_RSA(ctx) 0 # define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 @@ -1594,7 +1594,7 @@ __owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_load_error_strings() \ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) @@ -1943,7 +1943,7 @@ void SSL_set_accept_state(SSL *s); __owur long SSL_get_default_timeout(const SSL *s); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_library_init() OPENSSL_init_ssl(0, NULL) # endif @@ -2072,7 +2072,7 @@ __owur int SSL_COMP_get_id(const SSL_COMP *comp); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); __owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_COMP_free_compression_methods() while(0) continue # endif __owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); @@ -2124,7 +2124,7 @@ size_t SSL_get_num_tickets(SSL *s); int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_cache_hit(s) SSL_session_reused(s) # endif diff --git a/include/openssl/stack.h b/include/openssl/stack.h index cfc075057a..c1b5adc4ae 100644 --- a/include/openssl/stack.h +++ b/include/openssl/stack.h @@ -50,7 +50,7 @@ OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st); void OPENSSL_sk_sort(OPENSSL_STACK *st); int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define _STACK OPENSSL_STACK # define sk_num OPENSSL_sk_num # define sk_value OPENSSL_sk_value diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index e13b5dd4bc..434dff1500 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -335,7 +335,7 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) # define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \ SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT # define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \ diff --git a/include/openssl/ui.h b/include/openssl/ui.h index 701dd85928..1d246dc97d 100644 --- a/include/openssl/ui.h +++ b/include/openssl/ui.h @@ -12,7 +12,7 @@ # include <openssl/opensslconf.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/crypto.h> # endif # include <openssl/safestack.h> @@ -21,7 +21,7 @@ # include <openssl/uierr.h> /* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */ -# if OPENSSL_API_COMPAT < 0x30000000L +# if !OPENSSL_API_3 # ifdef OPENSSL_NO_UI_CONSOLE # define OPENSSL_NO_UI # endif diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 39ca0ba575..874ea2bce2 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -21,7 +21,7 @@ # include <openssl/safestack.h> # include <openssl/ec.h> -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include <openssl/rsa.h> # include <openssl/dsa.h> # include <openssl/dh.h> @@ -650,7 +650,7 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); int X509_up_ref(X509 *x); int X509_get_signature_type(const X509 *x); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define X509_get_notBefore X509_getm_notBefore # define X509_get_notAfter X509_getm_notAfter # define X509_set_notBefore X509_set1_notBefore @@ -716,7 +716,7 @@ int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_sort(X509_CRL *crl); int X509_CRL_up_ref(X509_CRL *crl); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate # define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate #endif diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 2adb155970..d2ce309648 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -49,7 +49,7 @@ typedef enum { X509_LU_X509, X509_LU_CRL } X509_LOOKUP_TYPE; -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 #define X509_LU_RETRY -1 #define X509_LU_FAIL 0 #endif @@ -187,7 +187,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); /* Certificate verify flags */ -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ # endif /* Use check time instead of current time */ @@ -357,7 +357,7 @@ X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *c X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain # define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted # define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index fe1791c681..a4fecd5c07 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -629,7 +629,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 /* The new declarations are in crypto.h, but the old ones were here. */ # define hex_to_string OPENSSL_buf2hexstr # define string_to_hex OPENSSL_hexstr2buf diff --git a/ssl/methods.c b/ssl/methods.c index 348efe467d..1906dee264 100644 --- a/ssl/methods.c +++ b/ssl/methods.c @@ -172,7 +172,7 @@ IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, DTLS_client_method, ssl_undefined_function, ossl_statem_connect, DTLSv1_2_enc_data) -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # ifndef OPENSSL_NO_TLS1_2_METHOD const SSL_METHOD *TLSv1_2_method(void) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 087f768b0b..dfa9e59094 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4466,7 +4466,7 @@ int SSL_is_server(const SSL *s) return s->server; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 void SSL_set_debug(SSL *s, int debug) { /* Old function was do-nothing anyway... */ diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c index b48b9b57bc..3f7e99ec94 100644 --- a/test/asn1_decode_test.c +++ b/test/asn1_decode_test.c @@ -28,7 +28,7 @@ static unsigned char t_invalid_zero[] = { 0x02, 0x00 /* INTEGER tag + length */ }; -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 /* LONG case ************************************************************* */ typedef struct { @@ -162,7 +162,7 @@ static int test_uint64(void) int setup_tests(void) { -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ADD_TEST(test_long); #endif ADD_TEST(test_int32); diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c index 4c4820e592..5168f0431a 100644 --- a/test/asn1_encode_test.c +++ b/test/asn1_encode_test.c @@ -179,7 +179,7 @@ typedef struct { ENCDEC_DATA(-1, -1), \ ENCDEC_DATA(0, ASN1_LONG_UNDEF) -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 /***** LONG ******************************************************************/ typedef struct { @@ -824,7 +824,7 @@ static int test_intern(const TEST_PACKAGE *package) return fail == 0; } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 static int test_long_32bit(void) { return test_intern(&long_test_package_32bit); @@ -858,7 +858,7 @@ static int test_uint64(void) int setup_tests(void) { -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ADD_TEST(test_long_32bit); ADD_TEST(test_long_64bit); #endif diff --git a/util/perl/OpenSSL/ParseC.pm b/util/perl/OpenSSL/ParseC.pm index 81472ef5eb..2a009b332f 100644 --- a/util/perl/OpenSSL/ParseC.pm +++ b/util/perl/OpenSSL/ParseC.pm @@ -65,24 +65,11 @@ my @opensslcpphandlers = ( # These are used to convert certain pre-precessor expressions into # others that @cpphandlers have a better chance to understand. - { regexp => qr/#if OPENSSL_API_COMPAT(\S+)(0x[0-9a-fA-F]{8})L$/, + { regexp => qr/#if (!?)OPENSSL_API_([0-9_]+)$/, massager => sub { - my $op = $1; - my $v = hex($2); - if ($op ne '<' && $op ne '>=') { - die "Error: unacceptable operator $op: $_[0]\n"; - } - my ($major, $minor, $edit) = - ( ($v >> 28) & 0xf, - ($v >> 20) & 0xff, - ($v >> 12) & 0xff ); - my $t = "DEPRECATEDIN_" . - ($major <= 1 - ? "${major}_${minor}_${edit}" - : "${major}"); - my $cond = $op eq '<' ? 'ifndef' : 'ifdef'; + my $cnd = $1 eq '!' ? 'ndef' : 'def'; return (<<"EOF"); -#$cond $t +#if$cnd DEPRECATEDIN_$2 EOF } } |