From 46994f71631922565924e3ca6303950c36337b33 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Dec 2019 14:36:36 +0100 Subject: [PATCH] Add better support for using deprecated symbols internally OPENSSL_SUPPRESS_DEPRECATED only does half the job, in telling the deprecation macros not to add the warning attribute. However, with 'no-deprecated', the symbols are still removed entirely, while we might still want to use them internally. The solution is to permit macros to be modified internally, such as undefining OPENSSL_NO_DEPRECATED in this case. However, with the way includes , that's easier said than done. That's solved by generating instead, and add a new that includes as well as , thus allowing to replace an inclusion of with this: #include #undef OPENSSL_NO_DEPRECATED #define OPENSSL_SUPPRESS_DEPRECATED #include Or simply add the following prior to any other openssl inclusion: #include #undef OPENSSL_NO_DEPRECATED #define OPENSSL_SUPPRESS_DEPRECATED Note that undefining OPENSSL_NO_DEPRECATED must never be done by applications, since the symbols must still be exported by the library. Internal test programs are excempt of this rule, though. Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/10608) --- .gitignore | 2 +- CHANGES | 20 +++++++++++++++++++ INSTALL | 4 ++-- build.info | 4 ++-- .../{opensslconf.h.in => configuration.h.in} | 8 +++----- include/openssl/opensslconf.h | 16 +++++++++++++++ 6 files changed, 44 insertions(+), 10 deletions(-) rename include/openssl/{opensslconf.h.in => configuration.h.in} (91%) create mode 100644 include/openssl/opensslconf.h diff --git a/.gitignore b/.gitignore index 0d02ecdf8f..659be22843 100644 --- a/.gitignore +++ b/.gitignore @@ -22,7 +22,7 @@ # Auto generated headers /crypto/buildinf.h /include/crypto/*_conf.h -/include/openssl/opensslconf.h +/include/openssl/configuration.h /include/openssl/opensslv.h # Auto generated doc files diff --git a/CHANGES b/CHANGES index e0b15b35f6..45f97e6740 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,26 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Removed include/openssl/opensslconf.h.in and replaced it with + include/openssl/configuration.h.in, which differs in not including + . A short header include/openssl/opensslconf.h + was added to include both. + + This allows internal hacks where one might need to modify the set + of configured macros, for example this if deprecated symbols are + still supposed to be available internally: + + #include + + #undef OPENSSL_NO_DEPRECATED + #define OPENSSL_SUPPRESS_DEPRECATED + + #include + + This should not be used by applications that use the exported + symbols, as that will lead to linking errors. + [Richard Levitte] + *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, diff --git a/INSTALL b/INSTALL index 7578733f4e..4dcc452562 100644 --- a/INSTALL +++ b/INSTALL @@ -836,8 +836,8 @@ Configure creates a build file ("Makefile" on Unix, "makefile" on Windows and "descrip.mms" on OpenVMS) from a suitable template in Configurations, - and defines various macros in include/openssl/opensslconf.h (generated from - include/openssl/opensslconf.h.in). + and defines various macros in include/openssl/configuration.h (generated + from include/openssl/configuration.h.in). 1c. Configure OpenSSL for building outside of the source tree. diff --git a/build.info b/build.info index a28ddbe739..6cfa2017c4 100644 --- a/build.info +++ b/build.info @@ -9,11 +9,11 @@ DEPEND[libssl]=libcrypto # Empty DEPEND "indices" means the dependencies are expected to be built # unconditionally before anything else. -DEPEND[]=include/openssl/opensslconf.h include/openssl/opensslv.h \ +DEPEND[]=include/openssl/configuration.h include/openssl/opensslv.h \ include/crypto/bn_conf.h include/crypto/dso_conf.h \ doc/man7/openssl_user_macros.pod -GENERATE[include/openssl/opensslconf.h]=include/openssl/opensslconf.h.in +GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in GENERATE[include/crypto/bn_conf.h]=include/crypto/bn_conf.h.in GENERATE[include/crypto/dso_conf.h]=include/crypto/dso_conf.h.in diff --git a/include/openssl/opensslconf.h.in b/include/openssl/configuration.h.in similarity index 91% rename from include/openssl/opensslconf.h.in rename to include/openssl/configuration.h.in index c0ef3ddcff..00a4fc0aa3 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/configuration.h.in @@ -9,8 +9,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef OPENSSL_OPENSSLCONF_H -# define OPENSSL_OPENSSLCONF_H +#ifndef OPENSSL_CONFIGURATION_H +# define OPENSSL_CONFIGURATION_H # ifdef __cplusplus extern "C" { @@ -65,6 +65,4 @@ extern "C" { } # endif -# include - -#endif /* OPENSSL_OPENSSLCONF_H */ +#endif /* OPENSSL_CONFIGURATION_H */ diff --git a/include/openssl/opensslconf.h b/include/openssl/opensslconf.h new file mode 100644 index 0000000000..9a49bceea3 --- /dev/null +++ b/include/openssl/opensslconf.h @@ -0,0 +1,16 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OPENSSLCONF_H +# define OPENSSL_OPENSSLCONF_H + +#include +#include + +#endif /* OPENSSL_OPENSSLCONF_H */ -- 2.25.1