diff options
author | Richard Levitte <levitte@openssl.org> | 2019-12-11 14:36:36 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2019-12-13 10:09:49 +0100 |
commit | 46994f71631922565924e3ca6303950c36337b33 (patch) | |
tree | f8c702f9f06e6263dd5bb46b82135bb264e11e74 | |
parent | 97ba39547d4c79b60131475a1512cc7d7e8952b2 (diff) |
Add better support for using deprecated symbols internally
OPENSSL_SUPPRESS_DEPRECATED only does half the job, in telling the
deprecation macros not to add the warning attribute. However, with
'no-deprecated', the symbols are still removed entirely, while we
might still want to use them internally.
The solution is to permit <openssl/opensslconf.h> macros to be
modified internally, such as undefining OPENSSL_NO_DEPRECATED in this
case.
However, with the way <openssl/opensslconf.h> includes
<openssl/macros.h>, that's easier said than done. That's solved by
generating <openssl/configuration.h> instead, and add a new
<openssl/opensslconf.h> that includes <openssl/configuration.h> as
well as <openssl/macros.h>, thus allowing to replace an inclusion of
<openssl/opensslconf.h> with this:
#include <openssl/configuration.h>
#undef OPENSSL_NO_DEPRECATED
#define OPENSSL_SUPPRESS_DEPRECATED
#include <openssl/macros.h>
Or simply add the following prior to any other openssl inclusion:
#include <openssl/configuration.h>
#undef OPENSSL_NO_DEPRECATED
#define OPENSSL_SUPPRESS_DEPRECATED
Note that undefining OPENSSL_NO_DEPRECATED must never be done by
applications, since the symbols must still be exported by the
library. Internal test programs are excempt of this rule, though.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10608)
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | CHANGES | 20 | ||||
-rw-r--r-- | INSTALL | 4 | ||||
-rw-r--r-- | build.info | 4 | ||||
-rw-r--r-- | include/openssl/configuration.h.in (renamed from include/openssl/opensslconf.h.in) | 8 | ||||
-rw-r--r-- | include/openssl/opensslconf.h | 16 |
6 files changed, 44 insertions, 10 deletions
diff --git a/.gitignore b/.gitignore index 0d02ecdf8f..659be22843 100644 --- a/.gitignore +++ b/.gitignore @@ -22,7 +22,7 @@ # Auto generated headers /crypto/buildinf.h /include/crypto/*_conf.h -/include/openssl/opensslconf.h +/include/openssl/configuration.h /include/openssl/opensslv.h # Auto generated doc files @@ -9,6 +9,26 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Removed include/openssl/opensslconf.h.in and replaced it with + include/openssl/configuration.h.in, which differs in not including + <openssl/macros.h>. A short header include/openssl/opensslconf.h + was added to include both. + + This allows internal hacks where one might need to modify the set + of configured macros, for example this if deprecated symbols are + still supposed to be available internally: + + #include <openssl/configuration.h> + + #undef OPENSSL_NO_DEPRECATED + #define OPENSSL_SUPPRESS_DEPRECATED + + #include <openssl/macros.h> + + This should not be used by applications that use the exported + symbols, as that will lead to linking errors. + [Richard Levitte] + *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, @@ -836,8 +836,8 @@ Configure creates a build file ("Makefile" on Unix, "makefile" on Windows and "descrip.mms" on OpenVMS) from a suitable template in Configurations, - and defines various macros in include/openssl/opensslconf.h (generated from - include/openssl/opensslconf.h.in). + and defines various macros in include/openssl/configuration.h (generated + from include/openssl/configuration.h.in). 1c. Configure OpenSSL for building outside of the source tree. diff --git a/build.info b/build.info index a28ddbe739..6cfa2017c4 100644 --- a/build.info +++ b/build.info @@ -9,11 +9,11 @@ DEPEND[libssl]=libcrypto # Empty DEPEND "indices" means the dependencies are expected to be built # unconditionally before anything else. -DEPEND[]=include/openssl/opensslconf.h include/openssl/opensslv.h \ +DEPEND[]=include/openssl/configuration.h include/openssl/opensslv.h \ include/crypto/bn_conf.h include/crypto/dso_conf.h \ doc/man7/openssl_user_macros.pod -GENERATE[include/openssl/opensslconf.h]=include/openssl/opensslconf.h.in +GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in GENERATE[include/crypto/bn_conf.h]=include/crypto/bn_conf.h.in GENERATE[include/crypto/dso_conf.h]=include/crypto/dso_conf.h.in diff --git a/include/openssl/opensslconf.h.in b/include/openssl/configuration.h.in index c0ef3ddcff..00a4fc0aa3 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/configuration.h.in @@ -9,8 +9,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef OPENSSL_OPENSSLCONF_H -# define OPENSSL_OPENSSLCONF_H +#ifndef OPENSSL_CONFIGURATION_H +# define OPENSSL_CONFIGURATION_H # ifdef __cplusplus extern "C" { @@ -65,6 +65,4 @@ extern "C" { } # endif -# include <openssl/macros.h> - -#endif /* OPENSSL_OPENSSLCONF_H */ +#endif /* OPENSSL_CONFIGURATION_H */ diff --git a/include/openssl/opensslconf.h b/include/openssl/opensslconf.h new file mode 100644 index 0000000000..9a49bceea3 --- /dev/null +++ b/include/openssl/opensslconf.h @@ -0,0 +1,16 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OPENSSLCONF_H +# define OPENSSL_OPENSSLCONF_H + +#include <openssl/configuration.h> +#include <openssl/macros.h> + +#endif /* OPENSSL_OPENSSLCONF_H */ |