When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should

be) precompiled out in the API headers. This change is to ensure that if
it is defined when compiling openssl, the deprecated functions aren't
implemented either.

diff --git a/CHANGES b/CHANGES
index c0f18ff1b45e021be5bf0d587bb719ae35179a8a..666cf68d6478717574b661d82af87e28e9e5be7d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.7c and 0.9.8  [xx XXX xxxx]
 
+  *) Ensure that deprecated functions do not get compiled when
+     OPENSSL_NO_DEPRECATED is defined.
+     [Geoff Thorpe]
+
   *) Reorganise PKCS#7 code to separate the digest location functionality
      into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest().
      New function PKCS7_set_digest() to set the digest type for PKCS#7

diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c
index 35e912728815717a3eab7ddae2d48238dbfa6675..09ad52e7c63546cd0798c4210af4bfe0afec40cf 100644 (file)
--- a/crypto/bn/bn_depr.c
+++ b/crypto/bn/bn_depr.c
@@ -62,6 +62,9 @@
 #include "bn_lcl.h"
 #include <openssl/rand.h>
 
+static void *dummy=&dummy;
+
+#ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
        const BIGNUM *add, const BIGNUM *rem,
        void (*callback)(int,int,void *), void *cb_arg)
@@ -78,6 +81,7 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
                }
        else
                rnd=ret;
+       bn_verify(rnd);
        if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
                goto err;
 
@@ -85,6 +89,7 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
        found = 1;
 err:
        if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
+       if(found) bn_verify(rnd);
        return(found ? rnd : NULL);
        }
 
@@ -106,3 +111,4 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks,
        return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
                                do_trial_division, &cb);
        }
+#endif

diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c
index 3eb319e2a8523a220e27373c55edfab3aae4ae28..acc05f252c1e60e012a52d823d0091def3b726bf 100644 (file)
--- a/crypto/dh/dh_depr.c
+++ b/crypto/dh/dh_depr.c
@@ -61,6 +61,9 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
+static void *dummy=&dummy;
+
+#ifndef OPENSSL_NO_DEPRECATED
 DH *DH_generate_parameters(int prime_len, int generator,
             void (*callback)(int,int,void *), void *cb_arg)
        {
@@ -77,3 +80,4 @@ DH *DH_generate_parameters(int prime_len, int generator,
        DH_free(ret);
        return NULL;
        }
+#endif

diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c
index cb80457211e4177629a4a9e56a89be19eed2428f..f2da680eb466a4c1ff9d888b887fc920a8cfd347 100644 (file)
--- a/crypto/dsa/dsa_depr.c
+++ b/crypto/dsa/dsa_depr.c
@@ -69,6 +69,8 @@
 #define HASH    EVP_sha1()
 #endif 
 
+static void *dummy=&dummy;
+
 #ifndef OPENSSL_NO_SHA
 
 #include <stdio.h>
@@ -80,6 +82,7 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
+#ifndef OPENSSL_NO_DEPRECATED
 DSA *DSA_generate_parameters(int bits,
                unsigned char *seed_in, int seed_len,
                int *counter_ret, unsigned long *h_ret,
@@ -100,3 +103,4 @@ DSA *DSA_generate_parameters(int bits,
        return NULL;
        }
 #endif
+#endif

diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c
index 3773d037c658becab981fa35182b4cf34e39c525..2d87cd39f31965a5584690cc11de726d59b609a2 100644 (file)
--- a/crypto/rsa/rsa_depr.c
+++ b/crypto/rsa/rsa_depr.c
@@ -62,6 +62,9 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 
+static void *dummy=&dummy;
+
+#ifndef OPENSSL_NO_DEPRECATED
 RSA *RSA_generate_key(int bits, unsigned long e_value,
             void (*callback)(int,int,void *), void *cb_arg)
        {
@@ -78,4 +81,4 @@ RSA *RSA_generate_key(int bits, unsigned long e_value,
        RSA_free(rsa);
        return 0;
        }
-
+#endif