generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Backwards-compatibility subject to OPENSSL_API_COMPAT

Browse Source 
Provide backwards-compatiblity for functions, macros and include
files if OPENSSL_API_COMPAT is either not defined or defined less
than the version number of the release in which the feature was
deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Viktor Dukhovni 2016-01-04 23:00:33 -05:00
parent cddd424a5b
commit 98186eb4e4
41 changed files with 253 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CHANGES
View File

@ -4,6 +4,35 @@
Changes between 1.0.2e and 1.1.0 [xx XXX xxxx]
*) Revert default OPENSSL_NO_DEPRECATED setting. Instead OpenSSL
continues to support deprecated interfaces in default builds.
However, applications are strongly advised to compile their
source files with -DOPENSSL_API_COMPAT=0x10100000L, which hides
the declarations of all interfaces deprecated in 0.9.8, 1.0.0
or the 1.1.0 releases.
In environments in which all applications have been ported to
not use any deprecated interfaces OpenSSL's Configure script
should be used with the --api=1.1.0 option to entirely remove
support for the deprecated features from the library and
unconditionally disable them in the installed headers.
Essentially the same effect can be achieved with the "no-deprecated"
argument to Configure, except that this will always restrict
the build to just the latest API, rather than a fixed API
version.
As applications are ported to future revisions of the API,
they should update their compile-time OPENSSL_API_COMPAT define
accordingly, but in most cases should be able to continue to
compile with later releases.
The OPENSSL_API_COMPAT versions for 1.0.0, and 0.9.8 are
0x10000000L and 0x00908000L, respectively. However those
versions did not support the OPENSSL_API_COMPAT feature, and
so applications are not typically tested for explicit support
of just the undeprecated features of either release.
[Viktor Dukhovni]
*) Add support for setting the minimum and maximum supported protocol.
It can bet set via the SSL_set_min_proto_version() and
SSL_set_max_proto_version(), or via the SSL_CONF's MinProtocol and

49
Configure
View File

@ -35,6 +35,9 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
#
# --cross-compile-prefix Add specified prefix to binutils components.
#
# --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for
# interfaces deprecated as of the specified OpenSSL version.
#
# no-hw-xxx do not compile support for specific crypto hardware.
# Generic OpenSSL-style methods relating to this support
# are always compiled but return NULL if the hardware
@ -137,6 +140,16 @@ my $bits2="SIXTY_FOUR_BIT ";
# seems to be sufficient?
my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
#
# API compability name to version number mapping.
#
my $maxapi = "1.1.0"; # API for "no-deprecated" builds
my $apitable = {
"1.1.0" => "0x10100000L",
"1.0.0" => "0x10000000L",
"0.9.8" => "0x00908000L",
};
# table of known configurations, read in from files
#
# The content of each entry can take one of two forms:
@ -890,7 +903,6 @@ my @disablables = (
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
"deprecated" => "default",
"ec_nistp_64_gcc_128" => "default",
"jpake" => "experimental",
"md2" => "default",
@ -932,6 +944,7 @@ my $openssl_other_defines;
my $libs;
my $target;
my $options;
my $api;
my $make_depend=0;
my %withargs=();
my $build_prefix = "release_";
@ -1086,6 +1099,10 @@ PROCESS_ARGS:
{
$prefix=$1;
}
elsif (/^--api=(.*)$/)
{
$api=$1;
}
elsif (/^--libdir=(.*)$/)
{
$libdir=$1;
@ -1157,6 +1174,10 @@ PROCESS_ARGS:
}
}
if (defined($api) && !exists $apitable->{$api}) {
die "***** Unsupported api compatibility level: $api\n",
}
if (keys %unsupported_options)
{
die "***** Unsupported options: ",
@ -1542,11 +1563,10 @@ if ($zlib)
}
}
#Build the library with OPENSSL_USE_DEPRECATED if deprecation is not disabled
if(!defined($disabled{"deprecated"}))
{
$cflags = "-DOPENSSL_USE_DEPRECATED $cflags";
}
# With "deprecated" disable all deprecated features.
if (defined($disabled{"deprecated"})) {
$api = $maxapi;
}
# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
my $shared_mark = "";
@ -1744,7 +1764,7 @@ open(IN,'<include/openssl/opensslv.h') || die "unable to read opensslv.h:$!\n";
while (<IN>)
{
$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
$version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
$version_num=$1 if /OPENSSL.VERSION.NUMBER.*(0x\S+)/;
$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
}
@ -1763,6 +1783,12 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
$shlib_minor=$2;
}
if (defined($api)) {
my $apiflag = sprintf("-DOPENSSL_API_COMPAT=%s", $apitable->{$api});
$default_depflags .= " $apiflag";
$cflags .= " $apiflag";
}
my $ecc = $cc;
$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
@ -1991,6 +2017,11 @@ print OUT "#ifdef __cplusplus\n";
print OUT "extern \"C\" {\n";
print OUT "#endif\n";
print OUT "/* OpenSSL was configured with the following options: */\n";
my $openssl_api_defines = "";
if (defined($api)) {
$openssl_api_defines = sprintf "#define OPENSSL_MIN_API %s\n", $apitable->{$api};
}
my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg;
$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg;
@ -1999,9 +2030,11 @@ $openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algori
$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
print OUT $openssl_sys_defines;
print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
print OUT $openssl_experimental_defines;
print OUT $openssl_api_defines;
print OUT "\n";
print OUT $openssl_algorithm_defines;
print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n";
@ -2162,7 +2195,7 @@ EOF
# create the ms/version32.rc file if needed
if ($IsMK1MF && ($target !~ /^netware/)) {
my ($v1, $v2, $v3, $v4);
if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
if ($version_num =~ /^0x([0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})L$/i) {
$v1=hex $1;
$v2=hex $2;
$v3=hex $3;

5
NEWS
View File

@ -23,6 +23,11 @@
o EC revision: now operations use new EC_KEY_METHOD.
o Support for OCB mode added to libcrypto
o Support for asynchronous crypto operations added to libcrypto and libssl
o Deprecated interfaces can now be disabled at build time either
relative to the latest relate via the "no-deprecated" Configure
argument, or via the "--api=1.1.0|1.0.0|0.9.8" option.
o Application software can be compiled with -DOPENSSL_API_COMPAT=version
to ensure that features deprecated before that version are not exposed.
Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]

5
crypto/bn/bn_blind.c
View File

@ -109,6 +109,7 @@
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
@ -119,7 +120,7 @@ struct bn_blinding_st {
BIGNUM *Ai;
BIGNUM *e;
BIGNUM *mod; /* just a reference */
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x10000000L
unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; used
* only by crypto/rsa/rsa_eay.c, rsa_lib.c */
#endif
@ -271,7 +272,7 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
return (ret);
}
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x10000000L
unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b)
{
return b->thread_id;

3
crypto/bn/bn_depr.c
View File

@ -62,11 +62,12 @@
#include <time.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include <openssl/opensslconf.h>
#include <openssl/rand.h>
static void *dummy = &dummy;
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x00908000L
BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
const BIGNUM *add, const BIGNUM *rem,
void (*callback) (int, int, void *), void *cb_arg)

5
crypto/bn/bn_lib.c
View File

@ -65,9 +65,10 @@
#include <limits.h>
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include <openssl/opensslconf.h>
/* This stuff appears to be completely unused, so is deprecated */
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x00908000L
/*-
* For a 32 bit machine
* 2 - 4 == 128
@ -258,7 +259,7 @@ void BN_free(BIGNUM *a)
if (a->flags & BN_FLG_MALLOCED)
OPENSSL_free(a);
else {
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x00908000L
a->flags |= BN_FLG_FREE;
#endif
a->d = NULL;

3
crypto/dh/dh_depr.c
View File

@ -59,10 +59,11 @@
#include "internal/cryptlib.h"
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/opensslconf.h>
static void *dummy = &dummy;
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x00908000L
DH *DH_generate_parameters(int prime_len, int generator,
void (*callback) (int, int, void *), void *cb_arg)
{

3
crypto/dsa/dsa_depr.c
View File

@ -75,8 +75,9 @@ static void *dummy = &dummy;
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x00908000L
DSA *DSA_generate_parameters(int bits,
unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret,

3
crypto/err/err.c
View File

@ -118,6 +118,7 @@
#include <openssl/buffer.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/opensslconf.h>
DECLARE_LHASH_OF(ERR_STRING_DATA);
DECLARE_LHASH_OF(ERR_STATE);
@ -861,7 +862,7 @@ void ERR_remove_thread_state(const CRYPTO_THREADID *id)
int_thread_del_item(&tmp);
}
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x10000000L
void ERR_remove_state(unsigned long pid)
{
ERR_remove_thread_state(NULL);

4
crypto/evp/e_old.c
View File

@ -57,7 +57,9 @@
*
*/
#ifdef OPENSSL_NO_DEPRECATED
#include <openssl/opensslconf.h>
#if OPENSSL_API_COMPAT >= 0x00908000L
static void *dummy = &dummy;
#else

3
crypto/hmac/hmac.c
View File

@ -61,6 +61,7 @@
#include <string.h>
#include "internal/cryptlib.h"
#include <openssl/hmac.h>
#include <openssl/opensslconf.h>
#include "hmac_lcl.h"
int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
@ -127,7 +128,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
return 0;
}
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x10100000L
int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
{
if (key && md)

44
crypto/opensslconf.h.in
View File

@ -1,20 +1,44 @@
/* crypto/opensslconf.h.in */
/*
* Applications should use -DOPENSSL_USE_DEPRECATED to enable access to
* deprecated functions. But if the library has been built to disable
* deprecated functions then this will not work
* Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
* declarations of functions deprecated in or before <version>. Otherwise, they
* still won't see them if the library has been built to disable deprecated
* functions.
*/
#if defined(OPENSSL_NO_DEPRECATED) && defined(OPENSSL_USE_DEPRECATED)
#error "OPENSSL_USE_DEPRECATED has been defined, but OpenSSL has been built without support for deprecated functions"
#if defined(OPENSSL_NO_DEPRECATED)
# define DECLARE_DEPRECATED(f)
#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
#else
# define DECLARE_DEPRECATED(f) f;
#endif
/* Test for support for deprecated attribute */
#if __GNUC__ > 3 || \
(__GNUC__ == 3 && __GNUC_MINOR__ > 0)
#define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated))
#ifndef OPENSSL_MIN_API
#define OPENSSL_MIN_API 0
#endif
#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
#undef OPENSSL_API_COMPAT
#define OPENSSL_API_COMPAT OPENSSL_MIN_API
#endif
#if OPENSSL_API_COMPAT < 0x10100000L
# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
#else
#define DECLARE_DEPRECATED(f) f
# define DEPRECATEDIN_1_1_0(f)
#endif
#if OPENSSL_API_COMPAT < 0x10000000L
# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
#else
# define DEPRECATEDIN_1_0_0(f)
#endif
#if OPENSSL_API_COMPAT < 0x00908000L
# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
#else
# define DEPRECATEDIN_0_9_8(f)
#endif
/* Generate 80386 code? */

7
crypto/rand/md_rand.c
View File

@ -128,6 +128,7 @@
# include <time.h>
#endif
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/async.h>
@ -172,7 +173,7 @@ static int rand_seed(const void *buf, int num);
static int rand_add(const void *buf, int num, double add_entropy);
static int rand_bytes(unsigned char *buf, int num, int pseudo);
static int rand_nopseudo_bytes(unsigned char *buf, int num);
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x10100000L
static int rand_pseudo_bytes(unsigned char *buf, int num);
#endif
static int rand_status(void);
@ -182,7 +183,7 @@ static RAND_METHOD rand_meth = {
rand_nopseudo_bytes,
rand_cleanup,
rand_add,
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x10100000L
rand_pseudo_bytes,
#else
NULL,
@ -627,7 +628,7 @@ static int rand_nopseudo_bytes(unsigned char *buf, int num)
return rand_bytes(buf, num, 0);
}
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x10100000L
/*
* pseudo-random bytes that are guaranteed to be unique but not unpredictable
*/

3
crypto/rand/rand_lib.c
View File

@ -59,6 +59,7 @@
#include <stdio.h>
#include <time.h>
#include "internal/cryptlib.h"
#include <openssl/opensslconf.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_ENGINE
@ -159,7 +160,7 @@ int RAND_bytes(unsigned char *buf, int num)
return (-1);
}
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x10100000L
int RAND_pseudo_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();

3
crypto/rsa/rsa_depr.c
View File

@ -61,10 +61,11 @@
#include <stdio.h>
#include <time.h>
#include "internal/cryptlib.h"
#include <openssl/opensslconf.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#ifdef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT >= 0x00908000L
static void *dummy = &dummy;

7
crypto/thr_id.c
View File

@ -115,8 +115,9 @@
*/
#include "internal/cryptlib.h"
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x10000000L
static unsigned long (*id_callback) (void) = 0;
#endif
static void (*threadid_callback) (CRYPTO_THREADID *) = 0;
@ -189,7 +190,7 @@ void CRYPTO_THREADID_current(CRYPTO_THREADID *id)
threadid_callback(id);
return;
}
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x10000000L
/* If the deprecated callback was set, fall back to that */
if (id_callback) {
CRYPTO_THREADID_set_numeric(id, id_callback());
@ -220,7 +221,7 @@ unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id)
return id->val;
}
#ifndef OPENSSL_NO_DEPRECATED
#if OPENSSL_API_COMPAT < 0x10000000L
unsigned long (*CRYPTO_get_id_callback(void)) (void) {
return (id_callback);
}

11
doc/crypto/BN_BLINDING_new.pod
View File

@ -22,10 +22,6 @@ functions.
BN_CTX *ctx);
int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
BN_CTX *ctx);
#ifndef OPENSSL_NO_DEPRECATED
unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
#endif
CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
@ -35,6 +31,13 @@ functions.
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
BN_MONT_CTX *m_ctx);
Deprecated:
#if OPENSSL_API_COMPAT < 0x10000000L
unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
#endif
=head1 DESCRIPTION
BN_BLINDING_new() allocates a new B<BN_BLINDING> structure and copies

2
doc/crypto/BN_generate_prime.pod
View File

@ -35,6 +35,7 @@ for primality
Deprecated:
#if OPENSSL_API_COMPAT < 0x00908000L
BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
@ -44,6 +45,7 @@ Deprecated:
int BN_is_prime_fasttest(const BIGNUM *a, int checks,
void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg,
int do_trial_division);
#endif
=head1 DESCRIPTION

12
doc/crypto/BN_zero.pod
View File

@ -9,7 +9,7 @@ operations
#include <openssl/bn.h>
int BN_zero(BIGNUM *a);
void BN_zero(BIGNUM *a);
int BN_one(BIGNUM *a);
const BIGNUM *BN_value_one(void);
@ -17,6 +17,12 @@ operations
int BN_set_word(BIGNUM *a, unsigned long w);
unsigned long BN_get_word(BIGNUM *a);
Deprecated:
#if OPENSSL_API_COMPAT < 0x00908000L
int BN_zero(BIGNUM *a);
#endif
=head1 DESCRIPTION
BN_zero(), BN_one() and BN_set_word() set B<a> to the values 0, 1 and
@ -33,8 +39,10 @@ long.
BN_get_word() returns the value B<a>, and 0xffffffffL if B<a> cannot
be represented as an unsigned long.
BN_zero(), BN_one() and BN_set_word() return 1 on success, 0 otherwise.
BN_one(), BN_set_word() and the deprecated version of BN_zero()
return 1 on success, 0 otherwise.
BN_value_one() returns the constant.
The preferred version of BN_zer() never fails and returns no value.
=head1 BUGS

2
doc/crypto/DH_generate_parameters.pod
View File

@ -16,8 +16,10 @@ DH_check - generate and check Diffie-Hellman parameters
Deprecated:
#if OPENSSL_API_COMPAT < 0x00908000L
DH *DH_generate_parameters(int prime_len, int generator,
void (*callback)(int, int, void *), void *cb_arg);
#endif
=head1 DESCRIPTION

2
doc/crypto/DSA_generate_parameters.pod
View File

@ -14,9 +14,11 @@ DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters
Deprecated:
#if OPENSSL_API_COMPAT < 0x00908000L
DSA *DSA_generate_parameters(int bits, unsigned char *seed,
int seed_len, int *counter_ret, unsigned long *h_ret,
void (*callback)(int, int, void *), void *cb_arg);
#endif
=head1 DESCRIPTION

2
doc/crypto/ERR_remove_state.pod
View File

@ -12,7 +12,9 @@ ERR_remove_thread_state, ERR_remove_state - free a thread's error queue
Deprecated:
#if OPENSSL_API_COMPAT < 0x10000000L
void ERR_remove_state(unsigned long pid);
#endif
=head1 DESCRIPTION

2
doc/crypto/RAND_bytes.pod
View File

@ -12,7 +12,9 @@ RAND_bytes, RAND_pseudo_bytes - generate random data
Deprecated:
#if OPENSSL_API_COMPAT < 0x10100000L
int RAND_pseudo_bytes(unsigned char *buf, int num);
#endif
=head1 DESCRIPTION

2
doc/crypto/RSA_generate_key.pod
View File

@ -12,8 +12,10 @@ RSA_generate_key_ex, RSA_generate_key - generate RSA key pair
Deprecated:
#if OPENSSL_API_COMPAT < 0x00908000L
RSA *RSA_generate_key(int num, unsigned long e,
void (*callback)(int,int,void *), void *cb_arg);
#endif
=head1 DESCRIPTION

13
doc/crypto/err.pod
View File

@ -22,6 +22,7 @@ err - error codes
int ERR_GET_REASON(unsigned long e);
void ERR_clear_error(void);
void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
char *ERR_error_string(unsigned long e, char *buf);
const char *ERR_lib_error_string(unsigned long e);
@ -34,8 +35,6 @@ err - error codes
void ERR_load_crypto_strings(void);
void ERR_free_strings(void);
void ERR_remove_state(unsigned long pid);
void ERR_put_error(int lib, int func, int reason, const char *file,
int line);
void ERR_add_error_data(int num, ...);
@ -44,6 +43,12 @@ err - error codes
unsigned long ERR_PACK(int lib, int func, int reason);
int ERR_get_next_error_library(void);
Deprecated:
#if OPENSSL_API_COMPAT < 0x10000000L
void ERR_remove_state(unsigned long pid);
#endif
=head1 DESCRIPTION
When a call to the OpenSSL library fails, this is usually signaled
@ -62,7 +67,7 @@ messages is described in L<ERR_error_string(3)>.
L<ERR_clear_error(3)> can be used to clear the
error queue.
Note that L<ERR_remove_state(3)> should be used to
Note that L<ERR_remove_thread_state(3)> should be used to
avoid memory leaks when threads are terminated.
=head1 ADDING NEW ERROR CODES TO OPENSSL
@ -178,7 +183,7 @@ L<ERR_clear_error(3)>,
L<ERR_error_string(3)>,
L<ERR_print_errors(3)>,
L<ERR_load_crypto_strings(3)>,
L<ERR_remove_state(3)>,
L<ERR_remove_thread_state(3)>,
L<ERR_put_error(3)>,
L<ERR_load_strings(3)>,
L<SSL_get_error(3)>

9
doc/crypto/hmac.pod
View File

@ -15,8 +15,6 @@ HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC
HMAC_CTX *HMAC_CTX_new(void);
int HMAC_CTX_reset(HMAC_CTX *ctx);
int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
const EVP_MD *md);
int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
const EVP_MD *md, ENGINE *impl);
int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
@ -24,6 +22,13 @@ HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC
void HMAC_CTX_free(HMAC_CTX *ctx);
Deprecated:
#if OPENSSL_API_COMPAT < 0x10100000L
int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
const EVP_MD *md);
#endif
=head1 DESCRIPTION
HMAC is a MAC (message authentication code), i.e. a keyed hash

3
include/openssl/asn1.h
View File

@ -61,6 +61,7 @@
# include <time.h>
# include <openssl/e_os2.h>
# include <openssl/opensslconf.h>
# include <openssl/bio.h>
# include <openssl/stack.h>
# include <openssl/safestack.h>
@ -68,7 +69,7 @@
# include <openssl/symhacks.h>
# include <openssl/ossl_typ.h>
# ifdef OPENSSL_USE_DEPRECATED
# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/bn.h>
# endif

43
include/openssl/bn.h
View File

@ -129,6 +129,7 @@
# ifndef OPENSSL_NO_STDIO
# include <stdio.h> /* FILE */
# endif
# include <openssl/opensslconf.h>
# include <openssl/ossl_typ.h>
# include <openssl/crypto.h>
@ -270,14 +271,10 @@ extern "C" {
# define BN_FLG_CONSTTIME 0x04
# define BN_FLG_SECURE 0x08
# ifdef OPENSSL_USE_DEPRECATED
# if OPENSSL_API_COMPAT < 0x00908000L
/* deprecated name for the flag */
# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
# endif
# ifdef OPENSSL_USE_DEPRECATED
# define BN_FLG_FREE 0x8000
/* used for debuging */
# define BN_FLG_FREE 0x8000 /* used for debuging */
# endif
void BN_set_flags(BIGNUM *b, int n);
@ -343,7 +340,7 @@ int BN_is_odd(const BIGNUM *a);
void BN_zero_ex(BIGNUM *a);
# ifndef OPENSSL_USE_DEPRECATED
# if OPENSSL_API_COMPAT >= 0x00908000L
# define BN_zero(a) BN_zero_ex(a)
# else
# define BN_zero(a) (BN_set_word((a),0))
@ -475,23 +472,21 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret,
void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
/* Deprecated versions */
# ifdef OPENSSL_USE_DEPRECATED
DECLARE_DEPRECATED(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
const BIGNUM *add,
const BIGNUM *rem,
void (*callback) (int, int,
void *),
void *cb_arg));
DECLARE_DEPRECATED(int
void *cb_arg))
DEPRECATEDIN_0_9_8(int
BN_is_prime(const BIGNUM *p, int nchecks,
void (*callback) (int, int, void *),
BN_CTX *ctx, void *cb_arg));
DECLARE_DEPRECATED(int
BN_CTX *ctx, void *cb_arg))
DEPRECATEDIN_0_9_8(int
BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
void (*callback) (int, int, void *),
BN_CTX *ctx, void *cb_arg,
int do_trial_division));
# endif /* defined(OPENSSL_USE_DEPRECATED) */
int do_trial_division))
/* Newer versions */
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
@ -535,12 +530,10 @@ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
BN_CTX *);
# ifdef OPENSSL_USE_DEPRECATED
DECLARE_DEPRECATED(unsigned long
BN_BLINDING_get_thread_id(const BN_BLINDING *));
DECLARE_DEPRECATED(void
BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long));
# endif
DEPRECATEDIN_1_0_0(unsigned long
BN_BLINDING_get_thread_id(const BN_BLINDING *))
DEPRECATEDIN_1_0_0(void
BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long))
CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
@ -554,11 +547,9 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
BN_MONT_CTX *m_ctx),
BN_MONT_CTX *m_ctx);
# ifdef OPENSSL_USE_DEPRECATED
DECLARE_DEPRECATED(void BN_set_params(int mul, int high, int low, int mont));
DECLARE_DEPRECATED(int BN_get_params(int which)); /* 0, mul, 1 high, 2 low, 3
* mont */
# endif
DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont))
DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3
* mont */
BN_RECP_CTX *BN_RECP_CTX_new(void);
void BN_RECP_CTX_free(BN_RECP_CTX *recp);

26
include/openssl/crypto.h
View File

@ -130,6 +130,7 @@
# include <openssl/safestack.h>
# include <openssl/opensslv.h>
# include <openssl/ossl_typ.h>
# include <openssl/opensslconf.h>
# ifdef CHARSET_EBCDIC
# include <openssl/ebcdic.h>
@ -141,10 +142,25 @@
*/
# include <openssl/symhacks.h>
# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/opensslv.h>
# endif
#ifdef __cplusplus
extern "C" {
#endif
# if OPENSSL_API_COMPAT < 0x10100000L
# define SSLeay OpenSSL_version_num
# define SSLeay_version OpenSSL_version
# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
# define SSLEAY_VERSION OPENSSL_VERSION
# define SSLEAY_CFLAGS OPENSSL_CFLAGS
# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON
# define SSLEAY_PLATFORM OPENSSL_PLATFORM
# define SSLEAY_DIR OPENSSL_DIR
# endif /* OPENSSL_API_COMPAT */
/*
* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
* names in cryptlib.c
@ -414,15 +430,15 @@ void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b);
void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src);
unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
# ifdef OPENSSL_USE_DEPRECATED
DECLARE_DEPRECATED(void CRYPTO_set_id_callback(unsigned long (*func) (void)));
DEPRECATEDIN_1_0_0(void CRYPTO_set_id_callback(unsigned long (*func) (void)))
/*
* mkdef.pl cannot handle this next one so not inside DECLARE_DEPRECATED,
* but still inside OPENSSL_USE_DEPRECATED
* mkdef.pl cannot handle this next one so not inside DEPRECATEDIN_1_0_0,
* but still conditional on a lower or unknown source API version.
*/
# if OPENSSL_API_COMPAT < 0x10000000L
unsigned long (*CRYPTO_get_id_callback(void)) (void);
DECLARE_DEPRECATED(unsigned long CRYPTO_thread_id(void));
# endif
DEPRECATEDIN_1_0_0(unsigned long CRYPTO_thread_id(void))
const char *CRYPTO_get_lock_name(int type);
int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,

9
include/openssl/dh.h
View File

@ -60,6 +60,7 @@
# define HEADER_DH_H
# include <openssl/e_os2.h>
# include <openssl/opensslconf.h>
# ifdef OPENSSL_NO_DH
# error DH is disabled.
@ -67,7 +68,7 @@
# include <openssl/bio.h>
# include <openssl/ossl_typ.h>
# ifdef OPENSSL_USE_DEPRECATED
# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/bn.h>
# endif
@ -209,12 +210,10 @@ int DH_set_ex_data(DH *d, int idx, void *arg);
void *DH_get_ex_data(DH *d, int idx);
/* Deprecated version */
# ifdef OPENSSL_USE_DEPRECATED
DECLARE_DEPRECATED(DH *DH_generate_parameters(int prime_len, int generator,
DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
void (*callback) (int, int,
void *),
void *cb_arg));
# endif /* defined(OPENSSL_USE_DEPRECATED) */
void *cb_arg))
/* New version */
int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,

9
include/openssl/dsa.h
View File

@ -73,8 +73,9 @@
# include <openssl/bio.h>
# include <openssl/crypto.h>
# include <openssl/ossl_typ.h>
# include <openssl/opensslconf.h>
# ifdef OPENSSL_USE_DEPRECATED
# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/bn.h>
# ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
@ -222,16 +223,14 @@ DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
/* Deprecated version */
# ifdef OPENSSL_USE_DEPRECATED
DECLARE_DEPRECATED(DSA *DSA_generate_parameters(int bits,
DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits,
unsigned char *seed,
int seed_len,
int *counter_ret,
unsigned long *h_ret, void
(*callback) (int, int,
void *),
void *cb_arg));
# endif /* defined(OPENSSL_USE_DEPRECATED) */
void *cb_arg))
/* New version */
int DSA_generate_parameters_ex(DSA *dsa, int bits,

2
include/openssl/ec.h
View File

@ -85,7 +85,7 @@
# include <openssl/asn1.h>
# include <openssl/symhacks.h>
# ifdef OPENSSL_USE_DEPRECATED
# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/bn.h>
# endif

2
include/openssl/engine.h
View File

@ -71,7 +71,7 @@
# error ENGINE is disabled.
# endif
# ifdef OPENSSL_USE_DEPRECATED
# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/bn.h>
# ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>

6
include/openssl/err.h
View File

@ -351,10 +351,8 @@ void ERR_load_crypto_strings(void);
void ERR_free_strings(void);
void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
# ifdef OPENSSL_USE_DEPRECATED
DECLARE_DEPRECATED(void ERR_remove_state(unsigned long pid)); /* if zero we
* look it up */
# endif
DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid)) /* if zero we
* look it up */
ERR_STATE *ERR_get_state(void);
LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void);

8
include/openssl/hmac.h
View File

@ -73,13 +73,9 @@ HMAC_CTX *HMAC_CTX_new(void);
int HMAC_CTX_reset(HMAC_CTX *ctx);
void HMAC_CTX_free(HMAC_CTX *ctx);
#ifdef OPENSSL_USE_DEPRECATED
DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
const EVP_MD *md))
/* deprecated */
DECLARE_DEPRECATED(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
const EVP_MD *md));
#endif
/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
const EVP_MD *md, ENGINE *impl);
/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,

4
include/openssl/rand.h
View File

@ -95,9 +95,7 @@ int RAND_set_rand_engine(ENGINE *engine);
RAND_METHOD *RAND_OpenSSL(void);
void RAND_cleanup(void);
int RAND_bytes(unsigned char *buf, int num);
#ifdef OPENSSL_USE_DEPRECATED
DECLARE_DEPRECATED(int RAND_pseudo_bytes(unsigned char *buf, int num));
#endif
DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num))
void RAND_seed(const void *buf, int num);
#if defined(__ANDROID__) && defined(__NDK_FPABI__)
__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */

13
include/openssl/rsa.h
View File

@ -59,12 +59,13 @@
#ifndef HEADER_RSA_H
# define HEADER_RSA_H
# include <openssl/opensslconf.h>
# include <openssl/asn1.h>
# include <openssl/bio.h>
# include <openssl/crypto.h>
# include <openssl/ossl_typ.h>
# ifdef OPENSSL_USE_DEPRECATED
# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/bn.h>
# endif
@ -212,7 +213,7 @@ struct rsa_st {
* private key operations.
*/
# define RSA_FLAG_NO_CONSTTIME 0x0100
# ifdef OPENSSL_USE_DEPRECATED
# if OPENSSL_API_COMPAT < 0x00908000L
/* deprecated name for the flag*/
/*
* new with 0.9.7h; the built-in RSA
@ -316,11 +317,9 @@ int RSA_size(const RSA *rsa);
int RSA_security_bits(const RSA *rsa);
/* Deprecated version */
# ifdef OPENSSL_USE_DEPRECATED
DECLARE_DEPRECATED(RSA *RSA_generate_key(int bits, unsigned long e, void
(*callback) (int, int, void *),
void *cb_arg));
# endif /* defined(OPENSSL_USE_DEPRECATED) */
DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
(*callback) (int, int, void *),
void *cb_arg))
/* New version */
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);

3
include/openssl/ssl.h
View File

@ -144,10 +144,11 @@
# define HEADER_SSL_H
# include <openssl/e_os2.h>
# include <openssl/opensslconf.h>
# include <openssl/comp.h>
# include <openssl/bio.h>
# ifdef OPENSSL_USE_DEPRECATED
# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/x509.h>
# include <openssl/crypto.h>
# include <openssl/lhash.h>

2
include/openssl/store.h
View File

@ -67,7 +67,7 @@
# endif
# include <openssl/ossl_typ.h>
# ifdef OPENSSL_USE_DEPRECATED
# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/evp.h>
# include <openssl/bn.h>
# include <openssl/x509.h>

3
include/openssl/ui.h
View File

@ -60,11 +60,12 @@
#ifndef HEADER_UI_H
# define HEADER_UI_H
# ifdef OPENSSL_USE_DEPRECATED
# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/crypto.h>
# endif
# include <openssl/safestack.h>
# include <openssl/ossl_typ.h>
# include <openssl/opensslconf.h>
#ifdef __cplusplus
extern "C" {

3
include/openssl/x509.h
View File

@ -65,6 +65,7 @@
# define HEADER_X509_H
# include <openssl/e_os2.h>
# include <openssl/opensslconf.h>
# include <openssl/symhacks.h>
# include <openssl/buffer.h>
# include <openssl/evp.h>
@ -77,7 +78,7 @@
# include <openssl/ec.h>
# endif
# ifdef OPENSSL_USE_DEPRECATED
# if OPENSSL_API_COMPAT < 0x10100000L
# ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
# endif