diff options
| author | Richard Levitte <levitte@openssl.org> | 2018-11-29 23:05:03 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2018-12-06 12:24:48 +0100 |
| commit | fcd2d5a6121ad3e5e65edc714ad99fc36f609f81 (patch) | |
| tree | 72b6d74bedbd698bdcd857dda81347c923dd2eb7 | |
| parent | 0695b193428b25b9fbb905ab5b913e69384e2554 (diff) | |
Refactor the computation of API version limits
Previously, the API version limit was indicated with a numeric version
number. This was "natural" in the pre-3.0.0 because the version was
this simple number.
With 3.0.0, the version is divided into three separate numbers, and
it's only the major number that counts, but we still need to be able
to support pre-3.0.0 version limits.
Therefore, we allow OPENSSL_API_COMPAT to be defined with a pre-3.0.0
style numeric version number or with a simple major number, i.e. can
be defined like this for any application:
-D OPENSSL_API_COMPAT=0x10100000L
-D OPENSSL_API_COMPAT=3
Since the pre-3.0.0 numerical version numbers are high, it's easy to
distinguish between a simple major number and a pre-3.0.0 numerical
version number and to thereby support both forms at the same time.
Internally, we define the following macros depending on the value of
OPENSSL_API_COMPAT:
OPENSSL_API_0_9_8
OPENSSL_API_1_0_0
OPENSSL_API_1_1_0
OPENSSL_API_3
They indicate that functions marked for deprecation in the
corresponding major release shall not be built if defined.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
64 files changed, 229 insertions, 152 deletions
@@ -9,6 +9,15 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Change the possible version information given with OPENSSL_API_COMPAT. + It may be a pre-3.0.0 style numerical version number as it was defined + in 1.1.0, and it may also simply take the major version number. + + Because of the version numbering of pre-3.0.0 releases, the values 0, + 1 and 2 are equivalent to 0x00908000L (0.9.8), 0x10000000L (1.0.0) and + 0x10100000L (1.1.0), respectively. + [Richard Levitte] + *) Switch to a new version scheme using three numbers MAJOR.MINOR.PATCH. o Major releases (indicated by incrementing the MAJOR release number) @@ -43,9 +43,9 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx # # --cross-compile-prefix Add specified prefix to binutils components. # -# --api One of 0.9.8, 1.0.0, 1.1.0 or 3.0.0 (or 3). Do not compile -# support for interfaces deprecated as of the specified OpenSSL -# version. +# --api One of 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, or 3.0.0 / 3. +# Do not compile support for interfaces deprecated as of the +# specified OpenSSL version. # # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support @@ -176,10 +176,13 @@ our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; # my $maxapi = "3.0.0"; # API for "no-deprecated" builds my $apitable = { - "3.0.0" => "0x30000000L", - "1.1.0" => "0x10100000L", - "1.0.0" => "0x10000000L", - "0.9.8" => "0x00908000L", + "3.0.0" => 3, + "1.1.1" => 2, + "1.1.0" => 2, + "1.0.2" => 1, + "1.0.1" => 1, + "1.0.0" => 1, + "0.9.8" => 0, }; our %table = (); @@ -1495,11 +1498,9 @@ $config{cflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x } $config{cxxflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x } @{$config{cxxflags}} ] if $config{CXX}; -if (defined($config{api})) { - $config{openssl_api_defines} = [ "OPENSSL_MIN_API=".$apitable->{$config{api}} ]; - my $apiflag = sprintf("OPENSSL_API_COMPAT=%s", $apitable->{$config{api}}); - push @{$config{defines}}, $apiflag; -} +$config{openssl_api_defines} = [ + "OPENSSL_MIN_API=".($apitable->{$config{api} // ""} // -1) +]; if ($strict_warnings) { diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h index 3e53c63237..1892a26dfe 100644 --- a/crypto/asn1/asn1_item_list.h +++ b/crypto/asn1/asn1_item_list.h @@ -78,7 +78,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(IPAddressRange), #endif ASN1_ITEM_ref(ISSUING_DIST_POINT), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(LONG), #endif ASN1_ITEM_ref(NAME_CONSTRAINTS), @@ -164,7 +164,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(X509_SIG), ASN1_ITEM_ref(X509_VAL), ASN1_ITEM_ref(X509), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(ZLONG), #endif ASN1_ITEM_ref(INT32), diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 88c4b53918..f2ba4bc3b5 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -383,7 +383,7 @@ const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) return x->data; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 unsigned char *ASN1_STRING_data(ASN1_STRING *x) { return x->data; diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index 537db1b381..1c622cfbe8 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include <openssl/asn1t.h> -#if !(OPENSSL_API_COMPAT < 0x30000000L) +#if OPENSSL_API_3 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index e7a24d02cb..df5154648d 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -24,7 +24,7 @@ static int wsa_init_done = 0; # endif -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 int BIO_get_host_ip(const char *str, unsigned char *ip) { BIO_ADDRINFO *res = NULL; @@ -103,7 +103,7 @@ int BIO_sock_error(int sock) return j; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 struct hostent *BIO_gethostbyname(const char *name) { /* @@ -196,7 +196,7 @@ int BIO_socket_ioctl(int fd, long type, void *arg) return i; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 int BIO_get_accept_socket(char *host, int bind_mode) { int s = INVALID_SOCKET; diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c index 7d89214b1c..8c30c2190e 100644 --- a/crypto/bn/bn_depr.c +++ b/crypto/bn/bn_depr.c @@ -13,7 +13,7 @@ */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 040c4cd9b3..b6893afdcc 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -15,7 +15,7 @@ #include "internal/constant_time_locl.h" /* This stuff appears to be completely unused, so is deprecated */ -#if OPENSSL_API_COMPAT < 0x00908000L +#if !OPENSSL_API_0_9_8 /*- * For a 32 bit machine * 2 - 4 == 128 diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 3d2e065e5b..2b3e23ee14 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -27,7 +27,7 @@ static int openssl_configured = 0; -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 void OPENSSL_config(const char *appname) { OPENSSL_INIT_SETTINGS settings; diff --git a/crypto/cversion.c b/crypto/cversion.c index 16cd241f25..b3fc30d078 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -11,7 +11,7 @@ #include "buildinf.h" -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 unsigned long OpenSSL_version_num(void) { return OPENSSL_VERSION_NUMBER; diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c index f8ed1b7461..f2ccde4551 100644 --- a/crypto/dh/dh_depr.c +++ b/crypto/dh/dh_depr.c @@ -10,7 +10,7 @@ /* This file contains deprecated functions as wrappers to the new ones */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index f51aea7497..f5526a6838 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -20,7 +20,7 @@ #define xxxHASH EVP_sha1() #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 2304cc9bee..034b2fce8c 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -16,7 +16,7 @@ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index e3d249a0ba..f111ffa51e 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -435,7 +435,7 @@ int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, return group->meth->group_get_curve(group, p, a, b, ctx); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { @@ -726,7 +726,7 @@ int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, return 1; } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) @@ -764,7 +764,7 @@ int EC_POINT_get_affine_coordinates(const EC_GROUP *group, return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx) diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c index f6295c92a7..12f476d231 100644 --- a/crypto/ec/ec_oct.c +++ b/crypto/ec/ec_oct.c @@ -49,7 +49,7 @@ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, y_bit, ctx); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, int y_bit, BN_CTX *ctx) diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c index c21e788078..1d260b5ee8 100644 --- a/crypto/ec/ecdh_kdf.c +++ b/crypto/ec/ecdh_kdf.c @@ -72,7 +72,7 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, * The old name for ecdh_KDF_X9_63 * Retained for ABI compatibility */ -#if OPENSSL_API_COMPAT < 0x10200000L +#if !OPENSSL_API_3 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, const unsigned char *sinfo, size_t sinfolen, diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index af306ccffc..ef82947288 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -18,7 +18,8 @@ void ENGINE_load_builtin_engines(void) OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); } -#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) && OPENSSL_API_COMPAT < 0x10100000L +#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) \ + && !OPENSSL_API_1_1_0 void ENGINE_setup_bsd_cryptodev(void) { } diff --git a/crypto/err/err.c b/crypto/err/err.c index 66a60e907c..da1b90df16 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -672,13 +672,13 @@ void err_delete_thread_state(void) ERR_STATE_free(state); } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 void ERR_remove_thread_state(void *dummy) { } #endif -#if OPENSSL_API_COMPAT < 0x10000000L +#if !OPENSSL_API_1_0_0 void ERR_remove_state(unsigned long pid) { } diff --git a/crypto/evp/e_old.c b/crypto/evp/e_old.c index 927908f871..ffce91671f 100644 --- a/crypto/evp/e_old.c +++ b/crypto/evp/e_old.c @@ -8,7 +8,7 @@ */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index e4031b44a5..eec54d5833 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -79,7 +79,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, return rv; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) { if (key && md) diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index a09c5b9313..ee28981fa5 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -12,7 +12,7 @@ #include <openssl/pkcs12.h> #include "p12_lcl.h" -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid) { return PKCS12_get_attr_gen(bag->attrib, attr_nid); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index d8639c4a03..d2f5be1a65 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -838,7 +838,7 @@ int RAND_bytes(unsigned char *buf, int num) return -1; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 int RAND_pseudo_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index d2039eb226..f8f371c6d5 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -156,7 +156,7 @@ int rand_pool_add_additional_data(RAND_POOL *pool) return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) { RAND_poll(); diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c index 21e0562525..4e9b709428 100644 --- a/crypto/rsa/rsa_depr.c +++ b/crypto/rsa/rsa_depr.c @@ -13,7 +13,7 @@ */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index bfe517b471..814f04263c 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -525,7 +525,7 @@ int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd) return 1; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * DEPRECATED: use SRP_VBASE_get1_by_user instead. * This method ignores the configured seed and fails for an unknown user. diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 7645ce3759..99f730faa0 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -91,7 +91,7 @@ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl) return crl->crl.nextUpdate; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl) { return crl->crl.lastUpdate; diff --git a/doc/man3/OPENSSL_config.pod b/doc/man3/OPENSSL_config.pod index 6294ee1d1b..453c32b5f7 100644 --- a/doc/man3/OPENSSL_config.pod +++ b/doc/man3/OPENSSL_config.pod |