Turn on OPENSSL_NO_DEPRECATED by default.
authorMatt Caswell <matt@openssl.org>
Wed, 17 Dec 2014 13:17:26 +0000 (13:17 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 18 Dec 2014 19:56:31 +0000 (19:56 +0000)
Also introduce OPENSSL_USE_DEPRECATED. If OPENSSL_NO_DEPRECATED is
defined at config stage then OPENSSL_USE_DEPRECATED has no effect -
deprecated functions are not available.
If OPENSSL_NO_DEPRECATED is not defined at config stage then
applications must define OPENSSL_USE_DEPRECATED in order to access
deprecated functions.
Also introduce compiler warnings for gcc for applications using
deprecated functions

Reviewed-by: Rich Salz <rsalz@openssl.org>
Configure
crypto/opensslconf.h.in
util/mkdef.pl

index 43f1b30c1702d6501c9cc01cc7f32ffa82edb0a7..139dbf0a0ccc7dabce846b486cfe9c1ee5d1cab3 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -740,6 +740,7 @@ my $fips=0;
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 
 my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
+                "deprecated" => "default",
                 "ec_nistp_64_gcc_128" => "default",
                 "gmp"            => "default",
                 "jpake"          => "experimental",
@@ -758,7 +759,7 @@ my @experimental = ();
 
 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
 
 # Explicit "no-..." options will be collected in %disabled along with the defaults.
 # To remove something from %disabled, use "enable-foo" (unless it's experimental).
@@ -1418,6 +1419,9 @@ if ($zlib)
                }
        }
 
+#Always build the library with OPENSSL_USE_DEPRECATED. This is overridden by OPENSSL_NO_DEPRECATED
+$cflags = "-DOPENSSL_USE_DEPRECATED $cflags";
+
 # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
 my $shared_mark = "";
 if ($shared_target eq "")
index 97e37455634df6559483b37601fff2f4bd9aa3bf..31a01c1c8bd0a2b5c902130d0e7d8ffd717f820f 100644 (file)
@@ -1,5 +1,22 @@
 /* crypto/opensslconf.h.in */
 
+/*
+ * Applications should use -DOPENSSL_USE_DEPRECATED to enable access to
+ * deprecated functions. But if the library has been built to disable
+ * deprecated functions then this will not work
+ */
+#if defined(OPENSSL_NO_DEPRECATED) && defined(OPENSSL_USE_DEPRECATED)
+#undef OPENSSL_USE_DEPRECATED
+#endif
+
+/* Test for support for deprecated attribute */
+#if __GNUC__ > 3 || \
+  (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated))
+#else
+#define DECLARE_DEPRECATED(f)    f
+#endif
+
 /* Generate 80386 code? */
 #undef I386_ONLY
 
index 03a9b40a0ac35075278189d35a8eb71e1bcb3283..fa3f3dbe76ceadf1f554d9d994d06291ed3ae1bb 100755 (executable)
@@ -433,6 +433,7 @@ sub do_defs
                                # is the same name as the original.
        my $cpp;
        my %unknown_algorithms = ();
+       my $parens = 0;
 
        foreach $file (split(/\s+/,$symhacksfile." ".$files))
                {
@@ -443,6 +444,7 @@ sub do_defs
                        (map { $_ => 0 } @known_platforms),
                        (map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms),
                        (map { "OPENSSL_NO_".$_ => 0 } @known_algorithms),
+                       (map { "OPENSSL_USE_".$_ => 0 } @known_algorithms),
                        NOPROTO         => 0,
                        PERL5           => 0,
                        _WINDLL         => 0,
@@ -505,6 +507,11 @@ sub do_defs
 
                print STDERR "DEBUG: parsing ----------\n" if $debug;
                while(<IN>) {
+                       if($parens > 0) {
+                               #Inside a DECLARE_DEPRECATED
+                               $parens += count_parens($_);
+                               next;
+                       }
                        if (/\/\* Error codes for the \w+ functions\. \*\//)
                                {
                                undef @tag;
@@ -608,6 +615,8 @@ sub do_defs
                                        pop(@tag);
                                        if ($t =~ /^OPENSSL_NO_([A-Z0-9_]+)$/) {
                                                $t=$1;
+                                       } elsif($t =~ /^OPENSSL_USE_([A-Z0-9_]+)$/) {
+                                               $t=$1;
                                        } else {
                                                $t="";
                                        }
@@ -657,10 +666,15 @@ sub do_defs
                                           map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ :
                                                     $tag{"OPENSSL_SYS_".$_} == -1 ? "!".$_  : "" }
                                           @known_ossl_platforms);
+                               @current_algorithms = ();
                                @current_algorithms =
                                    grep(!/^$/,
                                         map { $tag{"OPENSSL_NO_".$_} == -1 ? $_ : "" }
                                         @known_algorithms);
+                               push @current_algorithms
+                                   , grep(!/^$/,
+                                        map { $tag{"OPENSSL_USE_".$_} == 1 ? $_ : "" }
+                                        @known_algorithms);
                                $def .=
                                    "#INFO:"
                                        .join(',',@current_platforms).":"
@@ -891,6 +905,10 @@ sub do_defs
                                        &$make_variant("_shadow_$2","_shadow_$2",
                                                      "EXPORT_VAR_AS_FUNCTION",
                                                      "FUNCTION");
+                               } elsif (/^\s*DECLARE_DEPRECATED\s*\(\s*(\w*(\s|\*|\w)*)/) {
+                                       $def .= "$1(void);";
+                                       $parens = count_parens($_);
+                                       next;
                                } elsif ($tag{'CONST_STRICT'} != 1) {
                                        if (/\{|\/\*|\([^\)]*$/) {
                                                $line = $_;
@@ -1549,3 +1567,13 @@ sub check_existing
        }
 }
 
+sub count_parens
+{
+       my $line = shift(@_);
+
+       my $open = $line =~ tr/\(//;
+       my $close = $line =~ tr/\)//;
+
+       return $open - $close;
+}
+