diff options
64 files changed, 229 insertions, 152 deletions
@@ -9,6 +9,15 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Change the possible version information given with OPENSSL_API_COMPAT. + It may be a pre-3.0.0 style numerical version number as it was defined + in 1.1.0, and it may also simply take the major version number. + + Because of the version numbering of pre-3.0.0 releases, the values 0, + 1 and 2 are equivalent to 0x00908000L (0.9.8), 0x10000000L (1.0.0) and + 0x10100000L (1.1.0), respectively. + [Richard Levitte] + *) Switch to a new version scheme using three numbers MAJOR.MINOR.PATCH. o Major releases (indicated by incrementing the MAJOR release number) @@ -43,9 +43,9 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx # # --cross-compile-prefix Add specified prefix to binutils components. # -# --api One of 0.9.8, 1.0.0, 1.1.0 or 3.0.0 (or 3). Do not compile -# support for interfaces deprecated as of the specified OpenSSL -# version. +# --api One of 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, or 3.0.0 / 3. +# Do not compile support for interfaces deprecated as of the +# specified OpenSSL version. # # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support @@ -176,10 +176,13 @@ our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; # my $maxapi = "3.0.0"; # API for "no-deprecated" builds my $apitable = { - "3.0.0" => "0x30000000L", - "1.1.0" => "0x10100000L", - "1.0.0" => "0x10000000L", - "0.9.8" => "0x00908000L", + "3.0.0" => 3, + "1.1.1" => 2, + "1.1.0" => 2, + "1.0.2" => 1, + "1.0.1" => 1, + "1.0.0" => 1, + "0.9.8" => 0, }; our %table = (); @@ -1495,11 +1498,9 @@ $config{cflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x } $config{cxxflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x } @{$config{cxxflags}} ] if $config{CXX}; -if (defined($config{api})) { - $config{openssl_api_defines} = [ "OPENSSL_MIN_API=".$apitable->{$config{api}} ]; - my $apiflag = sprintf("OPENSSL_API_COMPAT=%s", $apitable->{$config{api}}); - push @{$config{defines}}, $apiflag; -} +$config{openssl_api_defines} = [ + "OPENSSL_MIN_API=".($apitable->{$config{api} // ""} // -1) +]; if ($strict_warnings) { diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h index 3e53c63237..1892a26dfe 100644 --- a/crypto/asn1/asn1_item_list.h +++ b/crypto/asn1/asn1_item_list.h @@ -78,7 +78,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(IPAddressRange), #endif ASN1_ITEM_ref(ISSUING_DIST_POINT), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(LONG), #endif ASN1_ITEM_ref(NAME_CONSTRAINTS), @@ -164,7 +164,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(X509_SIG), ASN1_ITEM_ref(X509_VAL), ASN1_ITEM_ref(X509), -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 ASN1_ITEM_ref(ZLONG), #endif ASN1_ITEM_ref(INT32), diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 88c4b53918..f2ba4bc3b5 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -383,7 +383,7 @@ const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) return x->data; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 unsigned char *ASN1_STRING_data(ASN1_STRING *x) { return x->data; diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index 537db1b381..1c622cfbe8 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include <openssl/asn1t.h> -#if !(OPENSSL_API_COMPAT < 0x30000000L) +#if OPENSSL_API_3 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index e7a24d02cb..df5154648d 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -24,7 +24,7 @@ static int wsa_init_done = 0; # endif -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 int BIO_get_host_ip(const char *str, unsigned char *ip) { BIO_ADDRINFO *res = NULL; @@ -103,7 +103,7 @@ int BIO_sock_error(int sock) return j; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 struct hostent *BIO_gethostbyname(const char *name) { /* @@ -196,7 +196,7 @@ int BIO_socket_ioctl(int fd, long type, void *arg) return i; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 int BIO_get_accept_socket(char *host, int bind_mode) { int s = INVALID_SOCKET; diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c index 7d89214b1c..8c30c2190e 100644 --- a/crypto/bn/bn_depr.c +++ b/crypto/bn/bn_depr.c @@ -13,7 +13,7 @@ */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 040c4cd9b3..b6893afdcc 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -15,7 +15,7 @@ #include "internal/constant_time_locl.h" /* This stuff appears to be completely unused, so is deprecated */ -#if OPENSSL_API_COMPAT < 0x00908000L +#if !OPENSSL_API_0_9_8 /*- * For a 32 bit machine * 2 - 4 == 128 diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 3d2e065e5b..2b3e23ee14 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -27,7 +27,7 @@ static int openssl_configured = 0; -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 void OPENSSL_config(const char *appname) { OPENSSL_INIT_SETTINGS settings; diff --git a/crypto/cversion.c b/crypto/cversion.c index 16cd241f25..b3fc30d078 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -11,7 +11,7 @@ #include "buildinf.h" -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 unsigned long OpenSSL_version_num(void) { return OPENSSL_VERSION_NUMBER; diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c index f8ed1b7461..f2ccde4551 100644 --- a/crypto/dh/dh_depr.c +++ b/crypto/dh/dh_depr.c @@ -10,7 +10,7 @@ /* This file contains deprecated functions as wrappers to the new ones */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index f51aea7497..f5526a6838 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -20,7 +20,7 @@ #define xxxHASH EVP_sha1() #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 2304cc9bee..034b2fce8c 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -16,7 +16,7 @@ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index e3d249a0ba..f111ffa51e 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -435,7 +435,7 @@ int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, return group->meth->group_get_curve(group, p, a, b, ctx); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { @@ -726,7 +726,7 @@ int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, return 1; } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) @@ -764,7 +764,7 @@ int EC_POINT_get_affine_coordinates(const EC_GROUP *group, return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx) diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c index f6295c92a7..12f476d231 100644 --- a/crypto/ec/ec_oct.c +++ b/crypto/ec/ec_oct.c @@ -49,7 +49,7 @@ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, y_bit, ctx); } -#if OPENSSL_API_COMPAT < 0x30000000L +#if !OPENSSL_API_3 int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, int y_bit, BN_CTX *ctx) diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c index c21e788078..1d260b5ee8 100644 --- a/crypto/ec/ecdh_kdf.c +++ b/crypto/ec/ecdh_kdf.c @@ -72,7 +72,7 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, * The old name for ecdh_KDF_X9_63 * Retained for ABI compatibility */ -#if OPENSSL_API_COMPAT < 0x10200000L +#if !OPENSSL_API_3 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, const unsigned char *sinfo, size_t sinfolen, diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index af306ccffc..ef82947288 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -18,7 +18,8 @@ void ENGINE_load_builtin_engines(void) OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); } -#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) && OPENSSL_API_COMPAT < 0x10100000L +#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) \ + && !OPENSSL_API_1_1_0 void ENGINE_setup_bsd_cryptodev(void) { } diff --git a/crypto/err/err.c b/crypto/err/err.c index 66a60e907c..da1b90df16 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -672,13 +672,13 @@ void err_delete_thread_state(void) ERR_STATE_free(state); } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 void ERR_remove_thread_state(void *dummy) { } #endif -#if OPENSSL_API_COMPAT < 0x10000000L +#if !OPENSSL_API_1_0_0 void ERR_remove_state(unsigned long pid) { } diff --git a/crypto/evp/e_old.c b/crypto/evp/e_old.c index 927908f871..ffce91671f 100644 --- a/crypto/evp/e_old.c +++ b/crypto/evp/e_old.c @@ -8,7 +8,7 @@ */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index e4031b44a5..eec54d5833 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -79,7 +79,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, return rv; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) { if (key && md) diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index a09c5b9313..ee28981fa5 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -12,7 +12,7 @@ #include <openssl/pkcs12.h> #include "p12_lcl.h" -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid) { return PKCS12_get_attr_gen(bag->attrib, attr_nid); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index d8639c4a03..d2f5be1a65 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -838,7 +838,7 @@ int RAND_bytes(unsigned char *buf, int num) return -1; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 int RAND_pseudo_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index d2039eb226..f8f371c6d5 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -156,7 +156,7 @@ int rand_pool_add_additional_data(RAND_POOL *pool) return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) { RAND_poll(); diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c index 21e0562525..4e9b709428 100644 --- a/crypto/rsa/rsa_depr.c +++ b/crypto/rsa/rsa_depr.c @@ -13,7 +13,7 @@ */ #include <openssl/opensslconf.h> -#if OPENSSL_API_COMPAT >= 0x00908000L +#if OPENSSL_API_0_9_8 NON_EMPTY_TRANSLATION_UNIT #else diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index bfe517b471..814f04263c 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -525,7 +525,7 @@ int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd) return 1; } -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* * DEPRECATED: use SRP_VBASE_get1_by_user instead. * This method ignores the configured seed and fails for an unknown user. diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 7645ce3759..99f730faa0 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -91,7 +91,7 @@ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl) return crl->crl.nextUpdate; } -#if OPENSSL_API_COMPAT < 0x10100000L +#if !OPENSSL_API_1_1_0 ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl) { return crl->crl.lastUpdate; diff --git a/doc/man3/OPENSSL_config.pod b/doc/man3/OPENSSL_config.pod index 6294ee1d1b..453c32b5f7 100644 --- a/doc/man3/OPENSSL_config.pod +++ b/doc/man3/OPENSSL_config.pod @@ -8,10 +8,12 @@ OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions #include <openssl/conf.h> - #if OPENSSL_API_COMPAT < 0x10100000L +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B<OPENSSL_API_COMPAT> with a suitable version value, see +L<openssl_user_macros(7)>: + void OPENSSL_config(const char *appname); void OPENSSL_no_config(void); - #endif =head1 DESCRIPTION diff --git a/doc/man3/RAND_cleanup.pod b/doc/man3/RAND_cleanup.pod index 3859ce343a..39b166bf5e 100644 --- a/doc/man3/RAND_cleanup.pod +++ b/doc/man3/RAND_cleanup.pod @@ -8,9 +8,11 @@ RAND_cleanup - erase the PRNG state #include <openssl/rand.h> - #if OPENSSL_API_COMPAT < 0x10100000L +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B<OPENSSL_API_COMPAT> with a suitable version value, see +L<openssl_user_macros(7)>: + void RAND_cleanup(void) - #endif =head1 DESCRIPTION diff --git a/doc/man7/openssl_user_macros.pod.in b/doc/man7/openssl_user_macros.pod.in index 8af5aea7fb..dc554b70f4 100644 --- a/doc/man7/openssl_user_macros.pod.in +++ b/doc/man7/openssl_user_macros.pod.in @@ -26,7 +26,20 @@ user defined macros. The value is a version number similar to the L<OPENSSL_VERSION_NUM |