From: Richard Levitte Date: Thu, 29 Nov 2018 23:05:03 +0000 (+0000) Subject: Refactor the computation of API version limits X-Git-Tag: openssl-3.0.0-alpha1~2836 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fcd2d5a6121ad3e5e65edc714ad99fc36f609f81;p=thirdparty%2Fopenssl.git Refactor the computation of API version limits Previously, the API version limit was indicated with a numeric version number. This was "natural" in the pre-3.0.0 because the version was this simple number. With 3.0.0, the version is divided into three separate numbers, and it's only the major number that counts, but we still need to be able to support pre-3.0.0 version limits. Therefore, we allow OPENSSL_API_COMPAT to be defined with a pre-3.0.0 style numeric version number or with a simple major number, i.e. can be defined like this for any application: -D OPENSSL_API_COMPAT=0x10100000L -D OPENSSL_API_COMPAT=3 Since the pre-3.0.0 numerical version numbers are high, it's easy to distinguish between a simple major number and a pre-3.0.0 numerical version number and to thereby support both forms at the same time. Internally, we define the following macros depending on the value of OPENSSL_API_COMPAT: OPENSSL_API_0_9_8 OPENSSL_API_1_0_0 OPENSSL_API_1_1_0 OPENSSL_API_3 They indicate that functions marked for deprecation in the corresponding major release shall not be built if defined. Reviewed-by: Tim Hudson Reviewed-by: Matthias St. Pierre Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7724) --- diff --git a/CHANGES b/CHANGES index e31b087b4a0..ab56f9be1b1 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,15 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Change the possible version information given with OPENSSL_API_COMPAT. + It may be a pre-3.0.0 style numerical version number as it was defined + in 1.1.0, and it may also simply take the major version number. + + Because of the version numbering of pre-3.0.0 releases, the values 0, + 1 and 2 are equivalent to 0x00908000L (0.9.8), 0x10000000L (1.0.0) and + 0x10100000L (1.1.0), respectively. + [Richard Levitte] + *) Switch to a new version scheme using three numbers MAJOR.MINOR.PATCH. o Major releases (indicated by incrementing the MAJOR release number) diff --git a/Configure b/Configure index b762cf80d4b..5c67591dc8b 100755 --- a/Configure +++ b/Configure @@ -43,9 +43,9 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # # --cross-compile-prefix Add specified prefix to binutils components. # -# --api One of 0.9.8, 1.0.0, 1.1.0 or 3.0.0 (or 3). Do not compile -# support for interfaces deprecated as of the specified OpenSSL -# version. +# --api One of 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, or 3.0.0 / 3. +# Do not compile support for interfaces deprecated as of the +# specified OpenSSL version. # # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support @@ -176,10 +176,13 @@ our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; # my $maxapi = "3.0.0"; # API for "no-deprecated" builds my $apitable = { - "3.0.0" => "0x30000000L", - "1.1.0" => "0x10100000L", - "1.0.0" => "0x10000000L", - "0.9.8" => "0x00908000L", + "3.0.0" => 3, + "1.1.1" => 2, + "1.1.0" => 2, + "1.0.2" => 1, + "1.0.1" => 1, + "1.0.0" => 1, + "0.9.8" => 0, }; our %table = (); @@ -1495,11 +1498,9 @@ $config{cflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x } $config{cxxflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x } @{$config{cxxflags}} ] if $config{CXX}; -if (defined($config{api})) { - $config{openssl_api_defines} = [ "OPENSSL_MIN_API=".$apitable->{$config{api}} ]; - my $apiflag = sprintf("OPENSSL_API_COMPAT=%s", $apitable->{$config{api}}); - push @{$config{defines}}, $apiflag; -} +$config{openssl_api_defines} = [ + "OPENSSL_MIN_API=".($apitable->{$config{api} // ""} // -1) +]; if ($strict_warnings) { diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h index 3e53c632370..1892a26dfef 100644 --- a/crypto/asn1/asn1_item_list.h +++ b/crypto/asn1/asn1_item_list.h @@ -78,7 +78,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(IPAddressRange), #endif ASN1_ITEM_ref(ISSUING_DIST_POINT), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(LONG), #endif ASN1_ITEM_ref(NAME_CONSTRAINTS), @@ -164,7 +164,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(X509_SIG), ASN1_ITEM_ref(X509_VAL), ASN1_ITEM_ref(X509), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(ZLONG), #endif ASN1_ITEM_ref(INT32), diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 88c4b539180..f2ba4bc3b58 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -383,7 +383,7 @@ const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) return x->data; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 unsigned char *ASN1_STRING_data(ASN1_STRING *x) { return x->data; diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index 537db1b3813..1c622cfbe85 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include -#if !(OPENSSL_API_COMPAT < 0x30000000L) +#if OPENSSL_API_3 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index e7a24d02cbe..df5154648d5 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -24,7 +24,7 @@ static int wsa_init_done = 0; # endif -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 int BIO_get_host_ip(const char *str, unsigned char *ip) { BIO_ADDRINFO *res = NULL; @@ -103,7 +103,7 @@ int BIO_sock_error(int sock) return j; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 struct hostent *BIO_gethostbyname(const char *name) { /* @@ -196,7 +196,7 @@ int BIO_socket_ioctl(int fd, long type, void *arg) return i; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 int BIO_get_accept_socket(char *host, int bind_mode) { int s = INVALID_SOCKET; diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c index 7d89214b1c1..8c30c2190e7 100644 --- a/crypto/bn/bn_depr.c +++ b/crypto/bn/bn_depr.c @@ -13,7 +13,7 @@ */ #include -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 040c4cd9b31..b6893afdcc5 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -15,7 +15,7 @@ #include "internal/constant_time_locl.h" /* This stuff appears to be completely unused, so is deprecated */ -#if OPENSSL_API_COMPAT < 0x00908000L +#if !OPENSSL_API_0_9_8 /*- * For a 32 bit machine * 2 - 4 == 128 diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 3d2e065e5b0..2b3e23ee147 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -27,7 +27,7 @@ static int openssl_configured = 0; -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 void OPENSSL_config(const char *appname) { OPENSSL_INIT_SETTINGS settings; diff --git a/crypto/cversion.c b/crypto/cversion.c index 16cd241f25e..b3fc30d0780 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -11,7 +11,7 @@ #include "buildinf.h" -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 unsigned long OpenSSL_version_num(void) { return OPENSSL_VERSION_NUMBER; diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c index f8ed1b7461e..f2ccde45512 100644 --- a/crypto/dh/dh_depr.c +++ b/crypto/dh/dh_depr.c @@ -10,7 +10,7 @@ /* This file contains deprecated functions as wrappers to the new ones */ #include -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index f51aea74978..f5526a6838e 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -20,7 +20,7 @@ #define xxxHASH EVP_sha1() #include -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 2304cc9bee7..034b2fce8cc 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -16,7 +16,7 @@ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index e3d249a0bad..f111ffa51ec 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -435,7 +435,7 @@ int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, return group->meth->group_get_curve(group, p, a, b, ctx); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { @@ -726,7 +726,7 @@ int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, return 1; } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) @@ -764,7 +764,7 @@ int EC_POINT_get_affine_coordinates(const EC_GROUP *group, return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx) diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c index f6295c92a7d..12f476d2310 100644 --- a/crypto/ec/ec_oct.c +++ b/crypto/ec/ec_oct.c @@ -49,7 +49,7 @@ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, y_bit, ctx); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, int y_bit, BN_CTX *ctx) diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c index c21e7880789..1d260b5ee8a 100644 --- a/crypto/ec/ecdh_kdf.c +++ b/crypto/ec/ecdh_kdf.c @@ -72,7 +72,7 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, * The old name for ecdh_KDF_X9_63 * Retained for ABI compatibility */ -#if OPENSSL_API_COMPAT < 0x10200000L +#if !OPENSSL_API_3 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, const unsigned char *sinfo, size_t sinfolen, diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index af306ccffc1..ef82947288b 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -18,7 +18,8 @@ void ENGINE_load_builtin_engines(void) OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); } -#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) && OPENSSL_API_COMPAT < 0x10100000L +#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) \ + && !OPENSSL_API_1_1_0 void ENGINE_setup_bsd_cryptodev(void) { } diff --git a/crypto/err/err.c b/crypto/err/err.c index 66a60e907cd..da1b90df168 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -672,13 +672,13 @@ void err_delete_thread_state(void) ERR_STATE_free(state); } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 void ERR_remove_thread_state(void *dummy) { } #endif -#if OPENSSL_API_COMPAT < 0x10000000L +#if !OPENSSL_API_1_0_0 void ERR_remove_state(unsigned long pid) { } diff --git a/crypto/evp/e_old.c b/crypto/evp/e_old.c index 927908f8717..ffce91671fb 100644 --- a/crypto/evp/e_old.c +++ b/crypto/evp/e_old.c @@ -8,7 +8,7 @@ */ #include -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index e4031b44a57..eec54d58335 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -79,7 +79,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, return rv; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) { if (key && md) diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index a09c5b93132..ee28981fa5f 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -12,7 +12,7 @@ #include #include "p12_lcl.h" -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid) { return PKCS12_get_attr_gen(bag->attrib, attr_nid); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index d8639c4a03f..d2f5be1a65d 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -838,7 +838,7 @@ int RAND_bytes(unsigned char *buf, int num) return -1; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 int RAND_pseudo_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index d2039eb226e..f8f371c6d54 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -156,7 +156,7 @@ int rand_pool_add_additional_data(RAND_POOL *pool) return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) { RAND_poll(); diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c index 21e0562525d..4e9b7094281 100644 --- a/crypto/rsa/rsa_depr.c +++ b/crypto/rsa/rsa_depr.c @@ -13,7 +13,7 @@ */ #include -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index bfe517b4719..814f04263cb 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -525,7 +525,7 @@ int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd) return 1; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * DEPRECATED: use SRP_VBASE_get1_by_user instead. * This method ignores the configured seed and fails for an unknown user. diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 7645ce37597..99f730faa03 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -91,7 +91,7 @@ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl) return crl->crl.nextUpdate; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl) { return crl->crl.lastUpdate; diff --git a/doc/man3/OPENSSL_config.pod b/doc/man3/OPENSSL_config.pod index 6294ee1d1be..453c32b5f72 100644 --- a/doc/man3/OPENSSL_config.pod +++ b/doc/man3/OPENSSL_config.pod @@ -8,10 +8,12 @@ OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions #include - #if OPENSSL_API_COMPAT < 0x10100000L +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B with a suitable version value, see +L: + void OPENSSL_config(const char *appname); void OPENSSL_no_config(void); - #endif =head1 DESCRIPTION diff --git a/doc/man3/RAND_cleanup.pod b/doc/man3/RAND_cleanup.pod index 3859ce343aa..39b166bf5e6 100644 --- a/doc/man3/RAND_cleanup.pod +++ b/doc/man3/RAND_cleanup.pod @@ -8,9 +8,11 @@ RAND_cleanup - erase the PRNG state #include - #if OPENSSL_API_COMPAT < 0x10100000L +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B with a suitable version value, see +L: + void RAND_cleanup(void) - #endif =head1 DESCRIPTION diff --git a/doc/man7/openssl_user_macros.pod.in b/doc/man7/openssl_user_macros.pod.in index 8af5aea7fbc..dc554b70f4d 100644 --- a/doc/man7/openssl_user_macros.pod.in +++ b/doc/man7/openssl_user_macros.pod.in @@ -26,7 +26,20 @@ user defined macros. The value is a version number similar to the L macro. Any symbol that is deprecated in versions up to and including the version given in this macro will not -be declared. Any version number may be given, but these numbers are +be declared. + +The version number assigned to this macro can take one of two forms: + +=over + +=item C<0xMNNFF000L> + +This is the form supported for all versions up 1.1.x, where C +represents the major number, C represents the minor number, and +C represents the fix number. For version 1.1.0, that's +C<0x10100000L>. + +Any version number may be given, but these numbers are the current known major deprecation points, making them the most meaningful: @@ -40,6 +53,30 @@ meaningful: =back +For convenience, higher numbers are accepted as well, as long as +feasible. For example, C<0x60000000L> will work as expected. +However, it is recommended to start using the second form instead: + +=item C + +This form is a simple number that represents the major version number +and is supported for version 3.0.0 and up. For extra convenience, +these numbers are also available: + +=over + +=item Z<>0 (C<0x00908000L>, i.e. version 0.9.8) + +=item Z<>1 (C<0x10000000L>, i.e. version 1.0.0) + +=item Z<>2 (C<0x10100000L>, i.e. version 1.1.0) + +=back + +For all other numbers C, they are equivalent to version m.0.0. + +=back + If not set, this macro will default to C<{- join('', map { my @x = split /=/,$_; $x[1] } grep /^OPENSSL_MIN_API=/, @{$config{openssl_api_defines} // []}) diff --git a/fuzz/asn1.c b/fuzz/asn1.c index fad561eb8b1..9d23d4774a2 100644 --- a/fuzz/asn1.c +++ b/fuzz/asn1.c @@ -106,7 +106,7 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(IPAddressRange), #endif ASN1_ITEM_ref(ISSUING_DIST_POINT), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(LONG), #endif ASN1_ITEM_ref(NAME_CONSTRAINTS), @@ -187,7 +187,7 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(X509_REVOKED), ASN1_ITEM_ref(X509_SIG), ASN1_ITEM_ref(X509_VAL), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(ZLONG), #endif ASN1_ITEM_ref(INT32), diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 9522eec18f7..9210f2ccdc9 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -19,7 +19,7 @@ # include # include -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include # endif diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h index c1523207851..38b9b76228a 100644 --- a/include/openssl/asn1t.h +++ b/include/openssl/asn1t.h @@ -915,7 +915,7 @@ DECLARE_ASN1_ITEM(ZINT64) DECLARE_ASN1_ITEM(UINT64) DECLARE_ASN1_ITEM(ZUINT64) -# if OPENSSL_API_COMPAT < 0x30000000L +# if !OPENSSL_API_3 /* * LONG and ZLONG are strongly discouraged for use as stored data, as the * underlying C type (long) differs in size depending on the architecture. diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 2888b42da84..5587df60c6e 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -681,7 +681,7 @@ int BIO_sock_error(int sock); int BIO_socket_ioctl(int fd, long type, void *arg); int BIO_socket_nbio(int fd, int mode); int BIO_sock_init(void); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define BIO_sock_cleanup() while(0) continue # endif int BIO_set_tcp_ndelay(int sock, int turn_on); diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 8af05d00e59..769cc7f0872 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -61,7 +61,7 @@ extern "C" { # define BN_FLG_CONSTTIME 0x04 # define BN_FLG_SECURE 0x08 -# if OPENSSL_API_COMPAT < 0x00908000L +# if !OPENSSL_API_0_9_8 /* deprecated name for the flag */ # define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME # define BN_FLG_FREE 0x8000 /* used for debugging */ @@ -190,7 +190,7 @@ int BN_is_odd(const BIGNUM *a); void BN_zero_ex(BIGNUM *a); -# if OPENSSL_API_COMPAT >= 0x00908000L +# if OPENSSL_API_0_9_8 # define BN_zero(a) BN_zero_ex(a) # else # define BN_zero(a) (BN_set_word((a),0)) @@ -519,7 +519,7 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 # define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 # define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 diff --git a/include/openssl/comp.h b/include/openssl/comp.h index d814d3cf251..467ce6ad35d 100644 --- a/include/openssl/comp.h +++ b/include/openssl/comp.h @@ -35,7 +35,7 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, COMP_METHOD *COMP_zlib(void); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 #define COMP_zlib_cleanup() while(0) continue #endif diff --git a/include/openssl/conf.h b/include/openssl/conf.h index 7336cd2f1d1..f7b5b23c13a 100644 --- a/include/openssl/conf.h +++ b/include/openssl/conf.h @@ -90,7 +90,7 @@ int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name)) -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define OPENSSL_no_config() \ OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) #endif @@ -137,7 +137,7 @@ int CONF_modules_load_file(const char *filename, const char *appname, unsigned long flags); void CONF_modules_unload(int all); void CONF_modules_finish(void); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define CONF_modules_free() while(0) continue #endif int CONF_module_add(const char *name, conf_init_func *ifunc, diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index c7b6e470470..b69b04c5005 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -36,7 +36,7 @@ */ # include -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include # endif @@ -44,7 +44,7 @@ extern "C" { #endif -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSLeay OpenSSL_version_num # define SSLeay_version OpenSSL_version # define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER @@ -62,7 +62,7 @@ typedef struct { int dummy; } CRYPTO_dynlock; -# endif /* OPENSSL_API_COMPAT */ +# endif /* OPENSSL_API_1_1_0 */ typedef void CRYPTO_RWLOCK; @@ -199,7 +199,7 @@ void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * This function cleans up all "ex_data" state. It mustn't be called under * potential race-conditions. @@ -246,11 +246,11 @@ typedef struct crypto_threadid_st { # define CRYPTO_THREADID_cpy(dest, src) # define CRYPTO_THREADID_hash(id) (0UL) -# if OPENSSL_API_COMPAT < 0x10000000L +# if !OPENSSL_API_1_0_0 # define CRYPTO_set_id_callback(func) # define CRYPTO_get_id_callback() (NULL) # define CRYPTO_thread_id() (0UL) -# endif /* OPENSSL_API_COMPAT < 0x10000000L */ +# endif /* OPENSSL_API_1_0_0 */ # define CRYPTO_set_dynlock_create_callback(dyn_create_function) # define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) @@ -258,7 +258,7 @@ typedef struct crypto_threadid_st { # define CRYPTO_get_dynlock_create_callback() (NULL) # define CRYPTO_get_dynlock_lock_callback() (NULL) # define CRYPTO_get_dynlock_destroy_callback() (NULL) -# endif /* OPENSSL_API_COMPAT < 0x10100000L */ +# endif /* OPENSSL_API_1_1_0 */ int CRYPTO_set_mem_functions( void *(*m) (size_t, const char *, int), @@ -327,7 +327,7 @@ int CRYPTO_mem_leaks(BIO *bio); /* die if we have to */ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) # endif # define OPENSSL_assert(e) \ diff --git a/include/openssl/dh.h b/include/openssl/dh.h index 3527540cddd..d997e0deabd 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -17,7 +17,7 @@ # include # include # include -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include # endif # include @@ -34,7 +34,7 @@ extern "C" { # define DH_FLAG_CACHE_MONT_P 0x01 -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * Does nothing. Previously this switched off constant time behaviour. */ diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 30454f1a48e..ba7fcfeb646 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -21,7 +21,7 @@ extern "C" { # include # include # include -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include # endif # include @@ -33,7 +33,7 @@ extern "C" { # define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 # define DSA_FLAG_CACHE_MONT_P 0x01 -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * Does nothing. Previously this switched off constant time behaviour. */ diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 90a40299a13..beb197cc827 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -16,7 +16,7 @@ # ifndef OPENSSL_NO_EC # include # include -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include # endif # include diff --git a/include/openssl/engine.h b/include/openssl/engine.h index 0780f0fb5f3..4c0afbb44f1 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -14,7 +14,7 @@ # include # ifndef OPENSSL_NO_ENGINE -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include # include # include @@ -320,7 +320,7 @@ int ENGINE_remove(ENGINE *e); /* Retrieve an engine from the list by its unique "id" value. */ ENGINE *ENGINE_by_id(const char *id); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define ENGINE_load_openssl() \ OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) # define ENGINE_load_dynamic() \ @@ -494,7 +494,7 @@ int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); void *ENGINE_get_ex_data(const ENGINE *e, int idx); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 /* * This function previously cleaned up anything that needs it. Auto-deinit will * now take care of it so it is no longer required to call this function. diff --git a/include/openssl/err.h b/include/openssl/err.h index 6cae1a36510..6cde7143344 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -250,7 +250,7 @@ int ERR_load_strings_const(const ERR_STRING_DATA *str); int ERR_unload_strings(int lib, ERR_STRING_DATA *str); int ERR_load_ERR_strings(void); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define ERR_load_crypto_strings() \ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) # define ERR_free_strings() while(0) continue diff --git a/include/openssl/evp.h b/include/openssl/evp.h index d22956d3430..36249b4201b 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -486,7 +486,7 @@ void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); # define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c)) # endif # define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c)) @@ -670,7 +670,7 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) # define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) # endif @@ -938,7 +938,7 @@ const EVP_CIPHER *EVP_sm4_ofb(void); const EVP_CIPHER *EVP_sm4_ctr(void); # endif -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define OPENSSL_add_all_algorithms_conf() \ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ | OPENSSL_INIT_ADD_ALL_DIGESTS \ diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h index e24dde2a576..ab12a89162f 100644 --- a/include/openssl/hmac.h +++ b/include/openssl/hmac.h @@ -14,7 +14,7 @@ # include -# if OPENSSL_API_COMPAT < 0x30000000L +# if !OPENSSL_API_3 # define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */ # endif diff --git a/include/openssl/idea.h b/include/openssl/idea.h index 4334f3ea71a..56a8e609d14 100644 --- a/include/openssl/idea.h +++ b/include/openssl/idea.h @@ -45,7 +45,7 @@ void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out, int *num); void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define idea_options IDEA_options # define idea_ecb_encrypt IDEA_ecb_encrypt # define idea_set_encrypt_key IDEA_set_encrypt_key diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h index 88d7d977b9e..b7f6129ce28 100644 --- a/include/openssl/lhash.h +++ b/include/openssl/lhash.h @@ -91,7 +91,7 @@ void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define _LHASH OPENSSL_LHASH # define LHASH_NODE OPENSSL_LH_NODE # define lh_error OPENSSL_LH_error diff --git a/include/openssl/objects.h b/include/openssl/objects.h index 8e1eb0f6c3a..f14da86c3fe 100644 --- a/include/openssl/objects.h +++ b/include/openssl/objects.h @@ -156,7 +156,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, int OBJ_new_nid(int num); int OBJ_add_object(const ASN1_OBJECT *obj); int OBJ_create(const char *oid, const char *sn, const char *ln); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define OBJ_cleanup() while(0) continue #endif int OBJ_create_objects(BIO *in); diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in index 12b16631e84..f306e489ea6 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/opensslconf.h.in @@ -52,9 +52,13 @@ extern "C" { /* * Applications should use -DOPENSSL_API_COMPAT= to suppress the - * declarations of functions deprecated in or before . Otherwise, they - * still won't see them if the library has been built to disable deprecated - * functions. + * declarations of functions deprecated in or before . If this is + * undefined, the value of the macro OPENSSL_API_MIN above is the default. + * + * For any version number up until version 1.1.x, is expected to be + * the calculated version number 0xMNNFFPPSL. For version numbers 3.0.0 and + * on, is expected to be only the major version number (i.e. 3 for + * version 3.0.0). */ #ifndef DECLARE_DEPRECATED # define DECLARE_DEPRECATED(f) f; @@ -66,23 +70,36 @@ extern "C" { # endif #endif -#ifndef OPENSSL_FILE -# ifdef OPENSSL_NO_FILENAMES -# define OPENSSL_FILE "" -# define OPENSSL_LINE 0 -# else -# define OPENSSL_FILE __FILE__ -# define OPENSSL_LINE __LINE__ -# endif -#endif +/* + * We convert the OPENSSL_API_COMPAT value to an API level. The API level + * is the major version number for 3.0.0 and on. For earlier versions, it + * uses this scheme, which is close enough for our purposes: + * + * 0.x.y 0 (0.9.8 was the last release in this series) + * 1.0.x 1 (1.0.2 was the last release in this series) + * 1.1.x 2 (1.1.1 was the last release in this series) + */ -#ifndef OPENSSL_MIN_API -# define OPENSSL_MIN_API 0 +/* In case someone defined both */ +#if defined(OPENSSL_API_COMPAT) && defined(OPENSSL_API_LEVEL) +# error "Disallowed to defined both OPENSSL_API_COMPAT and OPENSSL_API_LEVEL" #endif -#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API -# undef OPENSSL_API_COMPAT -# define OPENSSL_API_COMPAT OPENSSL_MIN_API +#ifndef OPENSSL_API_COMPAT +# define OPENSSL_API_LEVEL OPENSSL_MIN_API +#else +# if (OPENSSL_API_COMPAT < 0x1000L) /* Major version numbers up to 16777215 */ +# define OPENSSL_API_LEVEL OPENSSL_API_COMPAT +# elif (OPENSSL_API_COMPAT & 0xF0000000L) == 0x00000000L +# define OPENSSL_API_LEVEL 0 +# elif (OPENSSL_API_COMPAT & 0xFFF00000L) == 0x10000000L +# define OPENSSL_API_LEVEL 1 +# elif (OPENSSL_API_COMPAT & 0xFFF00000L) == 0x10100000L +# define OPENSSL_API_LEVEL 2 +# else +/ * Major number 3 to 15 */ +# define OPENSSL_API_LEVEL ((OPENSSL_API_COMPAT >> 28) & 0xF) +# endif #endif /* @@ -91,34 +108,55 @@ extern "C" { */ #if OPENSSL_VERSION_MAJOR < 4 # define DEPRECATEDIN_4(f) f; -#elif OPENSSL_API_COMPAT < 0x40000000L +# define OPENSSL_API_4 0 +#elif OPENSSL_API_LEVEL < 4 # define DEPRECATEDIN_4(f) DECLARE_DEPRECATED(f) +# define OPENSSL_API_4 0 #else # define DEPRECATEDIN_4(f) +# define OPENSSL_API_4 1 #endif -#if OPENSSL_API_COMPAT < 0x30000000L +#if OPENSSL_API_LEVEL < 3 # define DEPRECATEDIN_3(f) DECLARE_DEPRECATED(f) +# define OPENSSL_API_3 0 #else # define DEPRECATEDIN_3(f) +# define OPENSSL_API_3 1 #endif -#if OPENSSL_API_COMPAT < 0x10100000L +#if OPENSSL_API_LEVEL < 2 # define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +# define OPENSSL_API_1_1_0 0 #else # define DEPRECATEDIN_1_1_0(f) +# define OPENSSL_API_1_1_0 1 #endif -#if OPENSSL_API_COMPAT < 0x10000000L +#if OPENSSL_API_LEVEL < 1 # define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +# define OPENSSL_API_1_0_0 0 #else # define DEPRECATEDIN_1_0_0(f) +# define OPENSSL_API_1_0_0 1 #endif -#if OPENSSL_API_COMPAT < 0x00908000L +#if OPENSSL_API_LEVEL < 0 # define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +# define OPENSSL_API_0_9_8 0 #else # define DEPRECATEDIN_0_9_8(f) +# define OPENSSL_API_0_9_8 1 +#endif + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif #endif /* Generate 80386 code? */ diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h index 3f43dad6d96..2538abfeafc 100644 --- a/include/openssl/pkcs12.h +++ b/include/openssl/pkcs12.h @@ -55,7 +55,7 @@ typedef struct pkcs12_bag_st PKCS12_BAGS; /* Compatibility macros */ -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define M_PKCS12_bag_type PKCS12_bag_type # define M_PKCS12_cert_bag_type PKCS12_cert_bag_type diff --git a/include/openssl/rand.h b/include/openssl/rand.h index 38a2a2718f8..0d64711f3e3 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -36,7 +36,7 @@ int RAND_set_rand_engine(ENGINE *engine); RAND_METHOD *RAND_OpenSSL(void); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define RAND_cleanup() while(0) continue # endif int RAND_bytes(unsigned char *buf, int num); diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h index 237fe452065..a5e91e30fd2 100644 --- a/include/openssl/rand_drbg.h +++ b/include/openssl/rand_drbg.h @@ -36,7 +36,7 @@ /* Used by RAND_DRBG_set_defaults() to set the private DRBG type and flags. */ # define RAND_DRBG_FLAG_PRIVATE 0x10 -# if OPENSSL_API_COMPAT < 0x30000000L +# if !OPENSSL_API_3 /* This #define was replaced by an internal constant and should not be used. */ # define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF) # endif diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index cdce1264eb5..12633b06abb 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -17,7 +17,7 @@ # include # include # include -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include # endif # include @@ -73,13 +73,13 @@ extern "C" { * but other engines might not need it */ # define RSA_FLAG_NO_BLINDING 0x0080 -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * Does nothing. Previously this switched off constant time behaviour. */ # define RSA_FLAG_NO_CONSTTIME 0x0000 # endif -# if OPENSSL_API_COMPAT < 0x00908000L +# if !OPENSSL_API_0_9_8 /* deprecated name for the flag*/ /* * new with 0.9.7h; the built-in RSA diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 1e9e8d57218..fe2e4790281 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -16,7 +16,7 @@ # include # include # include -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include # include # include @@ -1089,7 +1089,7 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_VERIFY_CLIENT_ONCE 0x04 # define SSL_VERIFY_POST_HANDSHAKE 0x08 -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define OpenSSL_add_ssl_algorithms() SSL_library_init() # define SSLeay_add_ssl_algorithms() SSL_library_init() # endif @@ -1313,7 +1313,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) # define SSL_set_tmp_dh(ssl,dh) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) -# if OPENSSL_API_COMPAT < 0x10200000L +# if !OPENSSL_API_3 # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) # define SSL_set_tmp_ecdh(ssl,ecdh) \ @@ -1466,7 +1466,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get_shared_curve SSL_get_shared_group -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* Provide some compatibility macros for removed functionality. */ # define SSL_CTX_need_tmp_RSA(ctx) 0 # define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 @@ -1594,7 +1594,7 @@ __owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_load_error_strings() \ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) @@ -1943,7 +1943,7 @@ void SSL_set_accept_state(SSL *s); __owur long SSL_get_default_timeout(const SSL *s); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_library_init() OPENSSL_init_ssl(0, NULL) # endif @@ -2072,7 +2072,7 @@ __owur int SSL_COMP_get_id(const SSL_COMP *comp); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); __owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_COMP_free_compression_methods() while(0) continue # endif __owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); @@ -2124,7 +2124,7 @@ size_t SSL_get_num_tickets(SSL *s); int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_cache_hit(s) SSL_session_reused(s) # endif diff --git a/include/openssl/stack.h b/include/openssl/stack.h index cfc075057ae..c1b5adc4ae1 100644 --- a/include/openssl/stack.h +++ b/include/openssl/stack.h @@ -50,7 +50,7 @@ OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st); void OPENSSL_sk_sort(OPENSSL_STACK *st); int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define _STACK OPENSSL_STACK # define sk_num OPENSSL_sk_num # define sk_value OPENSSL_sk_value diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index e13b5dd4bc6..434dff1500e 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -335,7 +335,7 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) # define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \ SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT # define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \ diff --git a/include/openssl/ui.h b/include/openssl/ui.h index 701dd859280..1d246dc97d4 100644 --- a/include/openssl/ui.h +++ b/include/openssl/ui.h @@ -12,7 +12,7 @@ # include -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include # endif # include @@ -21,7 +21,7 @@ # include /* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */ -# if OPENSSL_API_COMPAT < 0x30000000L +# if !OPENSSL_API_3 # ifdef OPENSSL_NO_UI_CONSOLE # define OPENSSL_NO_UI # endif diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 39ca0ba5756..874ea2bce2a 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -21,7 +21,7 @@ # include # include -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include # include # include @@ -650,7 +650,7 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); int X509_up_ref(X509 *x); int X509_get_signature_type(const X509 *x); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define X509_get_notBefore X509_getm_notBefore # define X509_get_notAfter X509_getm_notAfter # define X509_set_notBefore X509_set1_notBefore @@ -716,7 +716,7 @@ int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_sort(X509_CRL *crl); int X509_CRL_up_ref(X509_CRL *crl); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate # define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate #endif diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 2adb1559700..d2ce3096481 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -49,7 +49,7 @@ typedef enum { X509_LU_X509, X509_LU_CRL } X509_LOOKUP_TYPE; -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 #define X509_LU_RETRY -1 #define X509_LU_FAIL 0 #endif @@ -187,7 +187,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); /* Certificate verify flags */ -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ # endif /* Use check time instead of current time */ @@ -357,7 +357,7 @@ X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *c X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain # define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted # define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index fe1791c6819..a4fecd5c07f 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -629,7 +629,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 /* The new declarations are in crypto.h, but the old ones were here. */ # define hex_to_string OPENSSL_buf2hexstr # define string_to_hex OPENSSL_hexstr2buf diff --git a/ssl/methods.c b/ssl/methods.c index 348efe467db..1906dee2643 100644 --- a/ssl/methods.c +++ b/ssl/methods.c @@ -172,7 +172,7 @@ IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, DTLS_client_method, ssl_undefined_function, ossl_statem_connect, DTLSv1_2_enc_data) -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 # ifndef OPENSSL_NO_TLS1_2_METHOD const SSL_METHOD *TLSv1_2_method(void) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 087f768b0b2..dfa9e590946 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4466,7 +4466,7 @@ int SSL_is_server(const SSL *s) return s->server; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 void SSL_set_debug(SSL *s, int debug) { /* Old function was do-nothing anyway... */ diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c index b48b9b57bce..3f7e99ec94e 100644 --- a/test/asn1_decode_test.c +++ b/test/asn1_decode_test.c @@ -28,7 +28,7 @@ static unsigned char t_invalid_zero[] = { 0x02, 0x00 /* INTEGER tag + length */ }; -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 /* LONG case ************************************************************* */ typedef struct { @@ -162,7 +162,7 @@ static int test_uint64(void) int setup_tests(void) { -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ADD_TEST(test_long); #endif ADD_TEST(test_int32); diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c index 4c4820e5928..5168f0431a3 100644 --- a/test/asn1_encode_test.c +++ b/test/asn1_encode_test.c @@ -179,7 +179,7 @@ typedef struct { ENCDEC_DATA(-1, -1), \ ENCDEC_DATA(0, ASN1_LONG_UNDEF) -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 /***** LONG ******************************************************************/ typedef struct { @@ -824,7 +824,7 @@ static int test_intern(const TEST_PACKAGE *package) return fail == 0; } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 static int test_long_32bit(void) { return test_intern(&long_test_package_32bit); @@ -858,7 +858,7 @@ static int test_uint64(void) int setup_tests(void) { -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ADD_TEST(test_long_32bit); ADD_TEST(test_long_64bit); #endif diff --git a/util/perl/OpenSSL/ParseC.pm b/util/perl/OpenSSL/ParseC.pm index 81472ef5ebc..2a009b332f7 100644 --- a/util/perl/OpenSSL/ParseC.pm +++ b/util/perl/OpenSSL/ParseC.pm @@ -65,24 +65,11 @@ my @opensslcpphandlers = ( # These are used to convert certain pre-precessor expressions into # others that @cpphandlers have a better chance to understand. - { regexp => qr/#if OPENSSL_API_COMPAT(\S+)(0x[0-9a-fA-F]{8})L$/, + { regexp => qr/#if (!?)OPENSSL_API_([0-9_]+)$/, massager => sub { - my $op = $1; - my $v = hex($2); - if ($op ne '<' && $op ne '>=') { - die "Error: unacceptable operator $op: $_[0]\n"; - } - my ($major, $minor, $edit) = - ( ($v >> 28) & 0xf, - ($v >> 20) & 0xff, - ($v >> 12) & 0xff ); - my $t = "DEPRECATEDIN_" . - ($major <= 1 - ? "${major}_${minor}_${edit}" - : "${major}"); - my $cond = $op eq '<' ? 'ifndef' : 'ifdef'; + my $cnd = $1 eq '!' ? 'ndef' : 'def'; return (<<"EOF"); -#$cond $t +#if$cnd DEPRECATEDIN_$2 EOF } }