Changes between 1.0.2e and 1.1.0 [xx XXX xxxx]
+ *) Revert default OPENSSL_NO_DEPRECATED setting. Instead OpenSSL
+ continues to support deprecated interfaces in default builds.
+ However, applications are strongly advised to compile their
+ source files with -DOPENSSL_API_COMPAT=0x10100000L, which hides
+ the declarations of all interfaces deprecated in 0.9.8, 1.0.0
+ or the 1.1.0 releases.
+
+ In environments in which all applications have been ported to
+ not use any deprecated interfaces OpenSSL's Configure script
+ should be used with the --api=1.1.0 option to entirely remove
+ support for the deprecated features from the library and
+ unconditionally disable them in the installed headers.
+ Essentially the same effect can be achieved with the "no-deprecated"
+ argument to Configure, except that this will always restrict
+ the build to just the latest API, rather than a fixed API
+ version.
+
+ As applications are ported to future revisions of the API,
+ they should update their compile-time OPENSSL_API_COMPAT define
+ accordingly, but in most cases should be able to continue to
+ compile with later releases.
+
+ The OPENSSL_API_COMPAT versions for 1.0.0, and 0.9.8 are
+ 0x10000000L and 0x00908000L, respectively. However those
+ versions did not support the OPENSSL_API_COMPAT feature, and
+ so applications are not typically tested for explicit support
+ of just the undeprecated features of either release.
+ [Viktor Dukhovni]
+
*) Add support for setting the minimum and maximum supported protocol.
It can bet set via the SSL_set_min_proto_version() and
SSL_set_max_proto_version(), or via the SSL_CONF's MinProtocol and
#
# --cross-compile-prefix Add specified prefix to binutils components.
#
+# --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for
+# interfaces deprecated as of the specified OpenSSL version.
+#
# no-hw-xxx do not compile support for specific crypto hardware.
# Generic OpenSSL-style methods relating to this support
# are always compiled but return NULL if the hardware
# seems to be sufficient?
my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
+#
+# API compability name to version number mapping.
+#
+my $maxapi = "1.1.0"; # API for "no-deprecated" builds
+my $apitable = {
+ "1.1.0" => "0x10100000L",
+ "1.0.0" => "0x10000000L",
+ "0.9.8" => "0x00908000L",
+};
+
# table of known configurations, read in from files
#
# The content of each entry can take one of two forms:
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
- "deprecated" => "default",
"ec_nistp_64_gcc_128" => "default",
"jpake" => "experimental",
"md2" => "default",
my $libs;
my $target;
my $options;
+my $api;
my $make_depend=0;
my %withargs=();
my $build_prefix = "release_";
{
$prefix=$1;
}
+ elsif (/^--api=(.*)$/)
+ {
+ $api=$1;
+ }
elsif (/^--libdir=(.*)$/)
{
$libdir=$1;
}
}
+ if (defined($api) && !exists $apitable->{$api}) {
+ die "***** Unsupported api compatibility level: $api\n",
+ }
+
if (keys %unsupported_options)
{
die "***** Unsupported options: ",
}
}
-#Build the library with OPENSSL_USE_DEPRECATED if deprecation is not disabled
-if(!defined($disabled{"deprecated"}))
- {
- $cflags = "-DOPENSSL_USE_DEPRECATED $cflags";
- }
+# With "deprecated" disable all deprecated features.
+if (defined($disabled{"deprecated"})) {
+ $api = $maxapi;
+}
# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
my $shared_mark = "";
while (<IN>)
{
$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
- $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
+ $version_num=$1 if /OPENSSL.VERSION.NUMBER.*(0x\S+)/;
$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
}
$shlib_minor=$2;
}
+if (defined($api)) {
+ my $apiflag = sprintf("-DOPENSSL_API_COMPAT=%s", $apitable->{$api});
+ $default_depflags .= " $apiflag";
+ $cflags .= " $apiflag";
+}
+
my $ecc = $cc;
$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
print OUT "extern \"C\" {\n";
print OUT "#endif\n";
print OUT "/* OpenSSL was configured with the following options: */\n";
+
+my $openssl_api_defines = "";
+if (defined($api)) {
+ $openssl_api_defines = sprintf "#define OPENSSL_MIN_API %s\n", $apitable->{$api};
+}
my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg;
$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg;
$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+
print OUT $openssl_sys_defines;
print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
print OUT $openssl_experimental_defines;
+print OUT $openssl_api_defines;
print OUT "\n";
print OUT $openssl_algorithm_defines;
print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n";
# create the ms/version32.rc file if needed
if ($IsMK1MF && ($target !~ /^netware/)) {
my ($v1, $v2, $v3, $v4);
- if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
+ if ($version_num =~ /^0x([0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})L$/i) {
$v1=hex $1;
$v2=hex $2;
$v3=hex $3;
o EC revision: now operations use new EC_KEY_METHOD.
o Support for OCB mode added to libcrypto
o Support for asynchronous crypto operations added to libcrypto and libssl
+ o Deprecated interfaces can now be disabled at build time either
+ relative to the latest relate via the "no-deprecated" Configure
+ argument, or via the "--api=1.1.0|1.0.0|0.9.8" option.
+ o Application software can be compiled with -DOPENSSL_API_COMPAT=version
+ to ensure that features deprecated before that version are not exposed.
Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
* [including the GNU Public Licence.]
*/
+#include <openssl/opensslconf.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
BIGNUM *Ai;
BIGNUM *e;
BIGNUM *mod; /* just a reference */
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x10000000L
unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; used
* only by crypto/rsa/rsa_eay.c, rsa_lib.c */
#endif
return (ret);
}
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x10000000L
unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b)
{
return b->thread_id;
#include <time.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
+#include <openssl/opensslconf.h>
#include <openssl/rand.h>
static void *dummy = &dummy;
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x00908000L
BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
const BIGNUM *add, const BIGNUM *rem,
void (*callback) (int, int, void *), void *cb_arg)
#include <limits.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
+#include <openssl/opensslconf.h>
/* This stuff appears to be completely unused, so is deprecated */
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x00908000L
/*-
* For a 32 bit machine
* 2 - 4 == 128
if (a->flags & BN_FLG_MALLOCED)
OPENSSL_free(a);
else {
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x00908000L
a->flags |= BN_FLG_FREE;
#endif
a->d = NULL;
#include "internal/cryptlib.h"
#include <openssl/bn.h>
#include <openssl/dh.h>
+#include <openssl/opensslconf.h>
static void *dummy = &dummy;
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x00908000L
DH *DH_generate_parameters(int prime_len, int generator,
void (*callback) (int, int, void *), void *cb_arg)
{
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
+#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x00908000L
DSA *DSA_generate_parameters(int bits,
unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret,
#include <openssl/buffer.h>
#include <openssl/bio.h>
#include <openssl/err.h>
+#include <openssl/opensslconf.h>
DECLARE_LHASH_OF(ERR_STRING_DATA);
DECLARE_LHASH_OF(ERR_STATE);
int_thread_del_item(&tmp);
}
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x10000000L
void ERR_remove_state(unsigned long pid)
{
ERR_remove_thread_state(NULL);
*
*/
-#ifdef OPENSSL_NO_DEPRECATED
+#include <openssl/opensslconf.h>
+
+#if OPENSSL_API_COMPAT >= 0x00908000L
static void *dummy = &dummy;
#else
#include <string.h>
#include "internal/cryptlib.h"
#include <openssl/hmac.h>
+#include <openssl/opensslconf.h>
#include "hmac_lcl.h"
int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
return 0;
}
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x10100000L
int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
{
if (key && md)
/* crypto/opensslconf.h.in */
/*
- * Applications should use -DOPENSSL_USE_DEPRECATED to enable access to
- * deprecated functions. But if the library has been built to disable
- * deprecated functions then this will not work
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
*/
-#if defined(OPENSSL_NO_DEPRECATED) && defined(OPENSSL_USE_DEPRECATED)
-#error "OPENSSL_USE_DEPRECATED has been defined, but OpenSSL has been built without support for deprecated functions"
+#if defined(OPENSSL_NO_DEPRECATED)
+# define DECLARE_DEPRECATED(f)
+#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
+#else
+# define DECLARE_DEPRECATED(f) f;
+#endif
+
+#ifndef OPENSSL_MIN_API
+#define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+#undef OPENSSL_API_COMPAT
+#define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
#endif
-/* Test for support for deprecated attribute */
-#if __GNUC__ > 3 || \
- (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
-#define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated))
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
#else
-#define DECLARE_DEPRECATED(f) f
+# define DEPRECATEDIN_0_9_8(f)
#endif
/* Generate 80386 code? */
# include <time.h>
#endif
+#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/async.h>
static int rand_add(const void *buf, int num, double add_entropy);
static int rand_bytes(unsigned char *buf, int num, int pseudo);
static int rand_nopseudo_bytes(unsigned char *buf, int num);
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x10100000L
static int rand_pseudo_bytes(unsigned char *buf, int num);
#endif
static int rand_status(void);
rand_nopseudo_bytes,
rand_cleanup,
rand_add,
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x10100000L
rand_pseudo_bytes,
#else
NULL,
return rand_bytes(buf, num, 0);
}
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x10100000L
/*
* pseudo-random bytes that are guaranteed to be unique but not unpredictable
*/
#include <stdio.h>
#include <time.h>
#include "internal/cryptlib.h"
+#include <openssl/opensslconf.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_ENGINE
return (-1);
}
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x10100000L
int RAND_pseudo_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
#include <stdio.h>
#include <time.h>
#include "internal/cryptlib.h"
+#include <openssl/opensslconf.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
-#ifdef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT >= 0x00908000L
static void *dummy = &dummy;
*/
#include "internal/cryptlib.h"
+#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x10000000L
static unsigned long (*id_callback) (void) = 0;
#endif
static void (*threadid_callback) (CRYPTO_THREADID *) = 0;
threadid_callback(id);
return;
}
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x10000000L
/* If the deprecated callback was set, fall back to that */
if (id_callback) {
CRYPTO_THREADID_set_numeric(id, id_callback());
return id->val;
}
-#ifndef OPENSSL_NO_DEPRECATED
+#if OPENSSL_API_COMPAT < 0x10000000L
unsigned long (*CRYPTO_get_id_callback(void)) (void) {
return (id_callback);
}
BN_CTX *ctx);
int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
BN_CTX *ctx);
- #ifndef OPENSSL_NO_DEPRECATED
- unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
- void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
- #endif
CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
BN_MONT_CTX *m_ctx);
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x10000000L
+ unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
+ void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+ #endif
+
=head1 DESCRIPTION
BN_BLINDING_new() allocates a new B<BN_BLINDING> structure and copies
Deprecated:
+ #if OPENSSL_API_COMPAT < 0x00908000L
BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
int BN_is_prime_fasttest(const BIGNUM *a, int checks,
void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg,
int do_trial_division);
+ #endif
=head1 DESCRIPTION
#include <openssl/bn.h>
- int BN_zero(BIGNUM *a);
+ void BN_zero(BIGNUM *a);
int BN_one(BIGNUM *a);
const BIGNUM *BN_value_one(void);
int BN_set_word(BIGNUM *a, unsigned long w);
unsigned long BN_get_word(BIGNUM *a);
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x00908000L
+ int BN_zero(BIGNUM *a);
+ #endif
+
=head1 DESCRIPTION
BN_zero(), BN_one() and BN_set_word() set B<a> to the values 0, 1 and
BN_get_word() returns the value B<a>, and 0xffffffffL if B<a> cannot
be represented as an unsigned long.
-BN_zero(), BN_one() and BN_set_word() return 1 on success, 0 otherwise.
+BN_one(), BN_set_word() and the deprecated version of BN_zero()
+return 1 on success, 0 otherwise.
BN_value_one() returns the constant.
+The preferred version of BN_zer() never fails and returns no value.
=head1 BUGS
Deprecated:
+ #if OPENSSL_API_COMPAT < 0x00908000L
DH *DH_generate_parameters(int prime_len, int generator,
void (*callback)(int, int, void *), void *cb_arg);
+ #endif
=head1 DESCRIPTION
Deprecated:
+ #if OPENSSL_API_COMPAT < 0x00908000L
DSA *DSA_generate_parameters(int bits, unsigned char *seed,
int seed_len, int *counter_ret, unsigned long *h_ret,
void (*callback)(int, int, void *), void *cb_arg);
+ #endif
=head1 DESCRIPTION
Deprecated:
+ #if OPENSSL_API_COMPAT < 0x10000000L
void ERR_remove_state(unsigned long pid);
+ #endif
=head1 DESCRIPTION
Deprecated:
+ #if OPENSSL_API_COMPAT < 0x10100000L
int RAND_pseudo_bytes(unsigned char *buf, int num);
+ #endif
=head1 DESCRIPTION
Deprecated:
+ #if OPENSSL_API_COMPAT < 0x00908000L
RSA *RSA_generate_key(int num, unsigned long e,
void (*callback)(int,int,void *), void *cb_arg);
+ #endif
=head1 DESCRIPTION
int ERR_GET_REASON(unsigned long e);
void ERR_clear_error(void);
+ void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
char *ERR_error_string(unsigned long e, char *buf);
const char *ERR_lib_error_string(unsigned long e);
void ERR_load_crypto_strings(void);
void ERR_free_strings(void);
- void ERR_remove_state(unsigned long pid);
-
void ERR_put_error(int lib, int func, int reason, const char *file,
int line);
void ERR_add_error_data(int num, ...);
unsigned long ERR_PACK(int lib, int func, int reason);
int ERR_get_next_error_library(void);
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x10000000L
+ void ERR_remove_state(unsigned long pid);
+ #endif
+
=head1 DESCRIPTION
When a call to the OpenSSL library fails, this is usually signaled
L<ERR_clear_error(3)> can be used to clear the
error queue.
-Note that L<ERR_remove_state(3)> should be used to
+Note that L<ERR_remove_thread_state(3)> should be used to
avoid memory leaks when threads are terminated.
=head1 ADDING NEW ERROR CODES TO OPENSSL
L<ERR_error_string(3)>,
L<ERR_print_errors(3)>,
L<ERR_load_crypto_strings(3)>,
-L<ERR_remove_state(3)>,
+L<ERR_remove_thread_state(3)>,
L<ERR_put_error(3)>,
L<ERR_load_strings(3)>,
L<SSL_get_error(3)>
HMAC_CTX *HMAC_CTX_new(void);
int HMAC_CTX_reset(HMAC_CTX *ctx);
- int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
- const EVP_MD *md);
int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
const EVP_MD *md, ENGINE *impl);
int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
void HMAC_CTX_free(HMAC_CTX *ctx);
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
+ const EVP_MD *md);
+ #endif
+
=head1 DESCRIPTION
HMAC is a MAC (message authentication code), i.e. a keyed hash
# include <time.h>
# include <openssl/e_os2.h>
+# include <openssl/opensslconf.h>
# include <openssl/bio.h>
# include <openssl/stack.h>
# include <openssl/safestack.h>
# include <openssl/symhacks.h>
# include <openssl/ossl_typ.h>
-# ifdef OPENSSL_USE_DEPRECATED
+# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/bn.h>
# endif
# ifndef OPENSSL_NO_STDIO
# include <stdio.h> /* FILE */
# endif
+# include <openssl/opensslconf.h>
# include <openssl/ossl_typ.h>
# include <openssl/crypto.h>
# define BN_FLG_CONSTTIME 0x04
# define BN_FLG_SECURE 0x08
-# ifdef OPENSSL_USE_DEPRECATED
+# if OPENSSL_API_COMPAT < 0x00908000L
/* deprecated name for the flag */
# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
-# endif
-
-# ifdef OPENSSL_USE_DEPRECATED
-# define BN_FLG_FREE 0x8000
- /* used for debuging */
+# define BN_FLG_FREE 0x8000 /* used for debuging */
# endif
void BN_set_flags(BIGNUM *b, int n);
void BN_zero_ex(BIGNUM *a);
-# ifndef OPENSSL_USE_DEPRECATED
+# if OPENSSL_API_COMPAT >= 0x00908000L
# define BN_zero(a) BN_zero_ex(a)
# else
# define BN_zero(a) (BN_set_word((a),0))
void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
/* Deprecated versions */
-# ifdef OPENSSL_USE_DEPRECATED
-DECLARE_DEPRECATED(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
const BIGNUM *add,
const BIGNUM *rem,
void (*callback) (int, int,
void *),
- void *cb_arg));
-DECLARE_DEPRECATED(int
+ void *cb_arg))
+DEPRECATEDIN_0_9_8(int
BN_is_prime(const BIGNUM *p, int nchecks,
void (*callback) (int, int, void *),
- BN_CTX *ctx, void *cb_arg));
-DECLARE_DEPRECATED(int
+ BN_CTX *ctx, void *cb_arg))
+DEPRECATEDIN_0_9_8(int
BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
void (*callback) (int, int, void *),
BN_CTX *ctx, void *cb_arg,
- int do_trial_division));
-# endif /* defined(OPENSSL_USE_DEPRECATED) */
+ int do_trial_division))
/* Newer versions */
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
BN_CTX *);
-# ifdef OPENSSL_USE_DEPRECATED
-DECLARE_DEPRECATED(unsigned long
- BN_BLINDING_get_thread_id(const BN_BLINDING *));
-DECLARE_DEPRECATED(void
- BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long));
-# endif
+DEPRECATEDIN_1_0_0(unsigned long
+ BN_BLINDING_get_thread_id(const BN_BLINDING *))
+DEPRECATEDIN_1_0_0(void
+ BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long))
CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
BN_MONT_CTX *m_ctx),
BN_MONT_CTX *m_ctx);
-# ifdef OPENSSL_USE_DEPRECATED
-DECLARE_DEPRECATED(void BN_set_params(int mul, int high, int low, int mont));
-DECLARE_DEPRECATED(int BN_get_params(int which)); /* 0, mul, 1 high, 2 low, 3
- * mont */
-# endif
+DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont))
+DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3
+ * mont */
BN_RECP_CTX *BN_RECP_CTX_new(void);
void BN_RECP_CTX_free(BN_RECP_CTX *recp);
# include <openssl/safestack.h>
# include <openssl/opensslv.h>
# include <openssl/ossl_typ.h>
+# include <openssl/opensslconf.h>
# ifdef CHARSET_EBCDIC
# include <openssl/ebcdic.h>
*/
# include <openssl/symhacks.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+# include <openssl/opensslv.h>
+# endif
+
#ifdef __cplusplus
extern "C" {
#endif
+# if OPENSSL_API_COMPAT < 0x10100000L
+# define SSLeay OpenSSL_version_num
+# define SSLeay_version OpenSSL_version
+# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
+# define SSLEAY_VERSION OPENSSL_VERSION
+# define SSLEAY_CFLAGS OPENSSL_CFLAGS
+# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON
+# define SSLEAY_PLATFORM OPENSSL_PLATFORM
+# define SSLEAY_DIR OPENSSL_DIR
+# endif /* OPENSSL_API_COMPAT */
+
/*
* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
* names in cryptlib.c
int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b);
void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src);
unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
-# ifdef OPENSSL_USE_DEPRECATED
-DECLARE_DEPRECATED(void CRYPTO_set_id_callback(unsigned long (*func) (void)));
+DEPRECATEDIN_1_0_0(void CRYPTO_set_id_callback(unsigned long (*func) (void)))
/*
- * mkdef.pl cannot handle this next one so not inside DECLARE_DEPRECATED,
- * but still inside OPENSSL_USE_DEPRECATED
+ * mkdef.pl cannot handle this next one so not inside DEPRECATEDIN_1_0_0,
+ * but still conditional on a lower or unknown source API version.
*/
+# if OPENSSL_API_COMPAT < 0x10000000L
unsigned long (*CRYPTO_get_id_callback(void)) (void);
-DECLARE_DEPRECATED(unsigned long CRYPTO_thread_id(void));
# endif
+DEPRECATEDIN_1_0_0(unsigned long CRYPTO_thread_id(void))
const char *CRYPTO_get_lock_name(int type);
int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
# define HEADER_DH_H
# include <openssl/e_os2.h>
+# include <openssl/opensslconf.h>
# ifdef OPENSSL_NO_DH
# error DH is disabled.
# include <openssl/bio.h>
# include <openssl/ossl_typ.h>
-# ifdef OPENSSL_USE_DEPRECATED
+# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/bn.h>
# endif
void *DH_get_ex_data(DH *d, int idx);
/* Deprecated version */
-# ifdef OPENSSL_USE_DEPRECATED
-DECLARE_DEPRECATED(DH *DH_generate_parameters(int prime_len, int generator,
+DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
void (*callback) (int, int,
void *),
- void *cb_arg));
-# endif /* defined(OPENSSL_USE_DEPRECATED) */
+ void *cb_arg))
/* New version */
int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
# include <openssl/bio.h>
# include <openssl/crypto.h>
# include <openssl/ossl_typ.h>
+# include <openssl/opensslconf.h>
-# ifdef OPENSSL_USE_DEPRECATED
+# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/bn.h>
# ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
/* Deprecated version */
-# ifdef OPENSSL_USE_DEPRECATED
-DECLARE_DEPRECATED(DSA *DSA_generate_parameters(int bits,
+DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits,
unsigned char *seed,
int seed_len,
int *counter_ret,
unsigned long *h_ret, void
(*callback) (int, int,
void *),
- void *cb_arg));
-# endif /* defined(OPENSSL_USE_DEPRECATED) */
+ void *cb_arg))
/* New version */
int DSA_generate_parameters_ex(DSA *dsa, int bits,
# include <openssl/asn1.h>
# include <openssl/symhacks.h>
-# ifdef OPENSSL_USE_DEPRECATED
+# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/bn.h>
# endif
# error ENGINE is disabled.
# endif
-# ifdef OPENSSL_USE_DEPRECATED
+# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/bn.h>
# ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
void ERR_free_strings(void);
void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
-# ifdef OPENSSL_USE_DEPRECATED
-DECLARE_DEPRECATED(void ERR_remove_state(unsigned long pid)); /* if zero we
- * look it up */
-# endif
+DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid)) /* if zero we
+ * look it up */
ERR_STATE *ERR_get_state(void);
LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void);
int HMAC_CTX_reset(HMAC_CTX *ctx);
void HMAC_CTX_free(HMAC_CTX *ctx);
-#ifdef OPENSSL_USE_DEPRECATED
+DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+ const EVP_MD *md))
-/* deprecated */
-DECLARE_DEPRECATED(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
- const EVP_MD *md));
-
-#endif
/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
const EVP_MD *md, ENGINE *impl);
/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
RAND_METHOD *RAND_OpenSSL(void);
void RAND_cleanup(void);
int RAND_bytes(unsigned char *buf, int num);
-#ifdef OPENSSL_USE_DEPRECATED
-DECLARE_DEPRECATED(int RAND_pseudo_bytes(unsigned char *buf, int num));
-#endif
+DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num))
void RAND_seed(const void *buf, int num);
#if defined(__ANDROID__) && defined(__NDK_FPABI__)
__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */
#ifndef HEADER_RSA_H
# define HEADER_RSA_H
+# include <openssl/opensslconf.h>
# include <openssl/asn1.h>
# include <openssl/bio.h>
# include <openssl/crypto.h>
# include <openssl/ossl_typ.h>
-# ifdef OPENSSL_USE_DEPRECATED
+# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/bn.h>
# endif
* private key operations.
*/
# define RSA_FLAG_NO_CONSTTIME 0x0100
-# ifdef OPENSSL_USE_DEPRECATED
+# if OPENSSL_API_COMPAT < 0x00908000L
/* deprecated name for the flag*/
/*
* new with 0.9.7h; the built-in RSA
int RSA_security_bits(const RSA *rsa);
/* Deprecated version */
-# ifdef OPENSSL_USE_DEPRECATED
-DECLARE_DEPRECATED(RSA *RSA_generate_key(int bits, unsigned long e, void
- (*callback) (int, int, void *),
- void *cb_arg));
-# endif /* defined(OPENSSL_USE_DEPRECATED) */
+DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
+ (*callback) (int, int, void *),
+ void *cb_arg))
/* New version */
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
# define HEADER_SSL_H
# include <openssl/e_os2.h>
+# include <openssl/opensslconf.h>
# include <openssl/comp.h>
# include <openssl/bio.h>
-# ifdef OPENSSL_USE_DEPRECATED
+# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/x509.h>
# include <openssl/crypto.h>
# include <openssl/lhash.h>
# endif
# include <openssl/ossl_typ.h>
-# ifdef OPENSSL_USE_DEPRECATED
+# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/evp.h>
# include <openssl/bn.h>
# include <openssl/x509.h>
#ifndef HEADER_UI_H
# define HEADER_UI_H
-# ifdef OPENSSL_USE_DEPRECATED
+# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/crypto.h>
# endif
# include <openssl/safestack.h>
# include <openssl/ossl_typ.h>
+# include <openssl/opensslconf.h>
#ifdef __cplusplus
extern "C" {
# define HEADER_X509_H
# include <openssl/e_os2.h>
+# include <openssl/opensslconf.h>
# include <openssl/symhacks.h>
# include <openssl/buffer.h>
# include <openssl/evp.h>
# include <openssl/ec.h>
# endif
-# ifdef OPENSSL_USE_DEPRECATED
+# if OPENSSL_API_COMPAT < 0x10100000L
# ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
# endif