Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
+ *) Change the possible version information given with OPENSSL_API_COMPAT.
+ It may be a pre-3.0.0 style numerical version number as it was defined
+ in 1.1.0, and it may also simply take the major version number.
+
+ Because of the version numbering of pre-3.0.0 releases, the values 0,
+ 1 and 2 are equivalent to 0x00908000L (0.9.8), 0x10000000L (1.0.0) and
+ 0x10100000L (1.1.0), respectively.
+ [Richard Levitte]
+
*) Switch to a new version scheme using three numbers MAJOR.MINOR.PATCH.
o Major releases (indicated by incrementing the MAJOR release number)
#
# --cross-compile-prefix Add specified prefix to binutils components.
#
-# --api One of 0.9.8, 1.0.0, 1.1.0 or 3.0.0 (or 3). Do not compile
-# support for interfaces deprecated as of the specified OpenSSL
-# version.
+# --api One of 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, or 3.0.0 / 3.
+# Do not compile support for interfaces deprecated as of the
+# specified OpenSSL version.
#
# no-hw-xxx do not compile support for specific crypto hardware.
# Generic OpenSSL-style methods relating to this support
#
my $maxapi = "3.0.0"; # API for "no-deprecated" builds
my $apitable = {
- "3.0.0" => "0x30000000L",
- "1.1.0" => "0x10100000L",
- "1.0.0" => "0x10000000L",
- "0.9.8" => "0x00908000L",
+ "3.0.0" => 3,
+ "1.1.1" => 2,
+ "1.1.0" => 2,
+ "1.0.2" => 1,
+ "1.0.1" => 1,
+ "1.0.0" => 1,
+ "0.9.8" => 0,
};
our %table = ();
$config{cxxflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x }
@{$config{cxxflags}} ] if $config{CXX};
-if (defined($config{api})) {
- $config{openssl_api_defines} = [ "OPENSSL_MIN_API=".$apitable->{$config{api}} ];
- my $apiflag = sprintf("OPENSSL_API_COMPAT=%s", $apitable->{$config{api}});
- push @{$config{defines}}, $apiflag;
-}
+$config{openssl_api_defines} = [
+ "OPENSSL_MIN_API=".($apitable->{$config{api} // ""} // -1)
+];
if ($strict_warnings)
{
ASN1_ITEM_ref(IPAddressRange),
#endif
ASN1_ITEM_ref(ISSUING_DIST_POINT),
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if !OPENSSL_API_3
ASN1_ITEM_ref(LONG),
#endif
ASN1_ITEM_ref(NAME_CONSTRAINTS),
ASN1_ITEM_ref(X509_SIG),
ASN1_ITEM_ref(X509_VAL),
ASN1_ITEM_ref(X509),
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if !OPENSSL_API_3
ASN1_ITEM_ref(ZLONG),
#endif
ASN1_ITEM_ref(INT32),
return x->data;
}
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
unsigned char *ASN1_STRING_data(ASN1_STRING *x)
{
return x->data;
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
-#if !(OPENSSL_API_COMPAT < 0x30000000L)
+#if OPENSSL_API_3
NON_EMPTY_TRANSLATION_UNIT
#else
static int wsa_init_done = 0;
# endif
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
int BIO_get_host_ip(const char *str, unsigned char *ip)
{
BIO_ADDRINFO *res = NULL;
return j;
}
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
struct hostent *BIO_gethostbyname(const char *name)
{
/*
return i;
}
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
int BIO_get_accept_socket(char *host, int bind_mode)
{
int s = INVALID_SOCKET;
*/
#include <openssl/opensslconf.h>
-#if OPENSSL_API_COMPAT >= 0x00908000L
+#if OPENSSL_API_0_9_8
NON_EMPTY_TRANSLATION_UNIT
#else
#include "internal/constant_time_locl.h"
/* This stuff appears to be completely unused, so is deprecated */
-#if OPENSSL_API_COMPAT < 0x00908000L
+#if !OPENSSL_API_0_9_8
/*-
* For a 32 bit machine
* 2 - 4 == 128
static int openssl_configured = 0;
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
void OPENSSL_config(const char *appname)
{
OPENSSL_INIT_SETTINGS settings;
#include "buildinf.h"
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if !OPENSSL_API_3
unsigned long OpenSSL_version_num(void)
{
return OPENSSL_VERSION_NUMBER;
/* This file contains deprecated functions as wrappers to the new ones */
#include <openssl/opensslconf.h>
-#if OPENSSL_API_COMPAT >= 0x00908000L
+#if OPENSSL_API_0_9_8
NON_EMPTY_TRANSLATION_UNIT
#else
#define xxxHASH EVP_sha1()
#include <openssl/opensslconf.h>
-#if OPENSSL_API_COMPAT >= 0x00908000L
+#if OPENSSL_API_0_9_8
NON_EMPTY_TRANSLATION_UNIT
#else
return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
}
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if !OPENSSL_API_3
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
return group->meth->group_get_curve(group, p, a, b, ctx);
}
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if !OPENSSL_API_3
int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
return 1;
}
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if !OPENSSL_API_3
int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
EC_POINT *point, const BIGNUM *x,
const BIGNUM *y, BN_CTX *ctx)
return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
}
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if !OPENSSL_API_3
int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
const EC_POINT *point, BIGNUM *x,
BIGNUM *y, BN_CTX *ctx)
y_bit, ctx);
}
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if !OPENSSL_API_3
int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
EC_POINT *point, const BIGNUM *x,
int y_bit, BN_CTX *ctx)
* The old name for ecdh_KDF_X9_63
* Retained for ABI compatibility
*/
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
const unsigned char *sinfo, size_t sinfolen,
OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
}
-#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) && OPENSSL_API_COMPAT < 0x10100000L
+#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) \
+ && !OPENSSL_API_1_1_0
void ENGINE_setup_bsd_cryptodev(void)
{
}
ERR_STATE_free(state);
}
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
void ERR_remove_thread_state(void *dummy)
{
}
#endif
-#if OPENSSL_API_COMPAT < 0x10000000L
+#if !OPENSSL_API_1_0_0
void ERR_remove_state(unsigned long pid)
{
}
*/
#include <openssl/opensslconf.h>
-#if OPENSSL_API_COMPAT >= 0x00908000L
+#if OPENSSL_API_0_9_8
NON_EMPTY_TRANSLATION_UNIT
#else
return rv;
}
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
{
if (key && md)
#include <openssl/pkcs12.h>
#include "p12_lcl.h"
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
{
return PKCS12_get_attr_gen(bag->attrib, attr_nid);
return -1;
}
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
int RAND_pseudo_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
}
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
{
RAND_poll();
*/
#include <openssl/opensslconf.h>
-#if OPENSSL_API_COMPAT >= 0x00908000L
+#if OPENSSL_API_0_9_8
NON_EMPTY_TRANSLATION_UNIT
#else
return 1;
}
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
/*
* DEPRECATED: use SRP_VBASE_get1_by_user instead.
* This method ignores the configured seed and fails for an unknown user.
return crl->crl.nextUpdate;
}
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
{
return crl->crl.lastUpdate;
#include <openssl/conf.h>
- #if OPENSSL_API_COMPAT < 0x10100000L
+Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
void OPENSSL_config(const char *appname);
void OPENSSL_no_config(void);
- #endif
=head1 DESCRIPTION
#include <openssl/rand.h>
- #if OPENSSL_API_COMPAT < 0x10100000L
+Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
void RAND_cleanup(void)
- #endif
=head1 DESCRIPTION
The value is a version number similar to the
L<OPENSSL_VERSION_NUMBER(3)> macro. Any symbol that is deprecated in
versions up to and including the version given in this macro will not
-be declared. Any version number may be given, but these numbers are
+be declared.
+
+The version number assigned to this macro can take one of two forms:
+
+=over
+
+=item C<0xMNNFF000L>
+
+This is the form supported for all versions up 1.1.x, where C<M>
+represents the major number, C<NN> represents the minor number, and
+C<FF> represents the fix number. For version 1.1.0, that's
+C<0x10100000L>.
+
+Any version number may be given, but these numbers are
the current known major deprecation points, making them the most
meaningful:
=back
+For convenience, higher numbers are accepted as well, as long as
+feasible. For example, C<0x60000000L> will work as expected.
+However, it is recommended to start using the second form instead:
+
+=item C<m>
+
+This form is a simple number that represents the major version number
+and is supported for version 3.0.0 and up. For extra convenience,
+these numbers are also available:
+
+=over
+
+=item Z<>0 (C<0x00908000L>, i.e. version 0.9.8)
+
+=item Z<>1 (C<0x10000000L>, i.e. version 1.0.0)
+
+=item Z<>2 (C<0x10100000L>, i.e. version 1.1.0)
+
+=back
+
+For all other numbers C<m>, they are equivalent to version m.0.0.
+
+=back
+
If not set, this macro will default to
C<{- join('', map { my @x = split /=/,$_; $x[1] }
grep /^OPENSSL_MIN_API=/, @{$config{openssl_api_defines} // []})
ASN1_ITEM_ref(IPAddressRange),
#endif
ASN1_ITEM_ref(ISSUING_DIST_POINT),
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if !OPENSSL_API_3
ASN1_ITEM_ref(LONG),
#endif
ASN1_ITEM_ref(NAME_CONSTRAINTS),
ASN1_ITEM_ref(X509_REVOKED),
ASN1_ITEM_ref(X509_SIG),
ASN1_ITEM_ref(X509_VAL),
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if !OPENSSL_API_3
ASN1_ITEM_ref(ZLONG),
#endif
ASN1_ITEM_ref(INT32),
# include <openssl/symhacks.h>
# include <openssl/ossl_typ.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/bn.h>
# endif
DECLARE_ASN1_ITEM(UINT64)
DECLARE_ASN1_ITEM(ZUINT64)
-# if OPENSSL_API_COMPAT < 0x30000000L
+# if !OPENSSL_API_3
/*
* LONG and ZLONG are strongly discouraged for use as stored data, as the
* underlying C type (long) differs in size depending on the architecture.
int BIO_socket_ioctl(int fd, long type, void *arg);
int BIO_socket_nbio(int fd, int mode);
int BIO_sock_init(void);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define BIO_sock_cleanup() while(0) continue
# endif
int BIO_set_tcp_ndelay(int sock, int turn_on);
# define BN_FLG_CONSTTIME 0x04
# define BN_FLG_SECURE 0x08
-# if OPENSSL_API_COMPAT < 0x00908000L
+# if !OPENSSL_API_0_9_8
/* deprecated name for the flag */
# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
# define BN_FLG_FREE 0x8000 /* used for debugging */
void BN_zero_ex(BIGNUM *a);
-# if OPENSSL_API_COMPAT >= 0x00908000L
+# if OPENSSL_API_0_9_8
# define BN_zero(a) BN_zero_ex(a)
# else
# define BN_zero(a) (BN_set_word((a),0))
BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn);
BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768
# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024
# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536
COMP_METHOD *COMP_zlib(void);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
#define COMP_zlib_cleanup() while(0) continue
#endif
DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name))
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# define OPENSSL_no_config() \
OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)
#endif
unsigned long flags);
void CONF_modules_unload(int all);
void CONF_modules_finish(void);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# define CONF_modules_free() while(0) continue
#endif
int CONF_module_add(const char *name, conf_init_func *ifunc,
*/
# include <openssl/symhacks.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/opensslv.h>
# endif
extern "C" {
#endif
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define SSLeay OpenSSL_version_num
# define SSLeay_version OpenSSL_version
# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
int dummy;
} CRYPTO_dynlock;
-# endif /* OPENSSL_API_COMPAT */
+# endif /* OPENSSL_API_1_1_0 */
typedef void CRYPTO_RWLOCK;
int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
/*
* This function cleans up all "ex_data" state. It mustn't be called under
* potential race-conditions.
# define CRYPTO_THREADID_cpy(dest, src)
# define CRYPTO_THREADID_hash(id) (0UL)
-# if OPENSSL_API_COMPAT < 0x10000000L
+# if !OPENSSL_API_1_0_0
# define CRYPTO_set_id_callback(func)
# define CRYPTO_get_id_callback() (NULL)
# define CRYPTO_thread_id() (0UL)
-# endif /* OPENSSL_API_COMPAT < 0x10000000L */
+# endif /* OPENSSL_API_1_0_0 */
# define CRYPTO_set_dynlock_create_callback(dyn_create_function)
# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function)
# define CRYPTO_get_dynlock_create_callback() (NULL)
# define CRYPTO_get_dynlock_lock_callback() (NULL)
# define CRYPTO_get_dynlock_destroy_callback() (NULL)
-# endif /* OPENSSL_API_COMPAT < 0x10100000L */
+# endif /* OPENSSL_API_1_1_0 */
int CRYPTO_set_mem_functions(
void *(*m) (size_t, const char *, int),
/* die if we have to */
ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l))
# endif
# define OPENSSL_assert(e) \
# include <openssl/bio.h>
# include <openssl/asn1.h>
# include <openssl/ossl_typ.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/bn.h>
# endif
# include <openssl/dherr.h>
# define DH_FLAG_CACHE_MONT_P 0x01
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
/*
* Does nothing. Previously this switched off constant time behaviour.
*/
# include <openssl/crypto.h>
# include <openssl/ossl_typ.h>
# include <openssl/bn.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/dh.h>
# endif
# include <openssl/dsaerr.h>
# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
# define DSA_FLAG_CACHE_MONT_P 0x01
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
/*
* Does nothing. Previously this switched off constant time behaviour.
*/
# ifndef OPENSSL_NO_EC
# include <openssl/asn1.h>
# include <openssl/symhacks.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/bn.h>
# endif
# include <openssl/ecerr.h>
# include <openssl/opensslconf.h>
# ifndef OPENSSL_NO_ENGINE
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/bn.h>
# include <openssl/rsa.h>
# include <openssl/dsa.h>
/* Retrieve an engine from the list by its unique "id" value. */
ENGINE *ENGINE_by_id(const char *id);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# define ENGINE_load_openssl() \
OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL)
# define ENGINE_load_dynamic() \
int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
void *ENGINE_get_ex_data(const ENGINE *e, int idx);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
/*
* This function previously cleaned up anything that needs it. Auto-deinit will
* now take care of it so it is no longer required to call this function.
int ERR_unload_strings(int lib, ERR_STRING_DATA *str);
int ERR_load_ERR_strings(void);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# define ERR_load_crypto_strings() \
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
# define ERR_free_strings() while(0) continue
void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c))
# endif
# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c))
char *out, int *outl);
int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c)
# define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c)
# endif
const EVP_CIPHER *EVP_sm4_ctr(void);
# endif
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define OPENSSL_add_all_algorithms_conf() \
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
| OPENSSL_INIT_ADD_ALL_DIGESTS \
# include <openssl/evp.h>
-# if OPENSSL_API_COMPAT < 0x30000000L
+# if !OPENSSL_API_3
# define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */
# endif
int *num);
void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define idea_options IDEA_options
# define idea_ecb_encrypt IDEA_ecb_encrypt
# define idea_set_encrypt_key IDEA_set_encrypt_key
void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define _LHASH OPENSSL_LHASH
# define LHASH_NODE OPENSSL_LH_NODE
# define lh_error OPENSSL_LH_error
int OBJ_new_nid(int num);
int OBJ_add_object(const ASN1_OBJECT *obj);
int OBJ_create(const char *oid, const char *sn, const char *ln);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# define OBJ_cleanup() while(0) continue
#endif
int OBJ_create_objects(BIO *in);
/*
* Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
- * declarations of functions deprecated in or before <version>. Otherwise, they
- * still won't see them if the library has been built to disable deprecated
- * functions.
+ * declarations of functions deprecated in or before <version>. If this is
+ * undefined, the value of the macro OPENSSL_API_MIN above is the default.
+ *
+ * For any version number up until version 1.1.x, <version> is expected to be
+ * the calculated version number 0xMNNFFPPSL. For version numbers 3.0.0 and
+ * on, <version> is expected to be only the major version number (i.e. 3 for
+ * version 3.0.0).
*/
#ifndef DECLARE_DEPRECATED
# define DECLARE_DEPRECATED(f) f;
# endif
#endif
-#ifndef OPENSSL_FILE
-# ifdef OPENSSL_NO_FILENAMES
-# define OPENSSL_FILE ""
-# define OPENSSL_LINE 0
-# else
-# define OPENSSL_FILE __FILE__
-# define OPENSSL_LINE __LINE__
-# endif
-#endif
+/*
+ * We convert the OPENSSL_API_COMPAT value to an API level. The API level
+ * is the major version number for 3.0.0 and on. For earlier versions, it
+ * uses this scheme, which is close enough for our purposes:
+ *
+ * 0.x.y 0 (0.9.8 was the last release in this series)
+ * 1.0.x 1 (1.0.2 was the last release in this series)
+ * 1.1.x 2 (1.1.1 was the last release in this series)
+ */
-#ifndef OPENSSL_MIN_API
-# define OPENSSL_MIN_API 0
+/* In case someone defined both */
+#if defined(OPENSSL_API_COMPAT) && defined(OPENSSL_API_LEVEL)
+# error "Disallowed to defined both OPENSSL_API_COMPAT and OPENSSL_API_LEVEL"
#endif
-#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
-# undef OPENSSL_API_COMPAT
-# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#ifndef OPENSSL_API_COMPAT
+# define OPENSSL_API_LEVEL OPENSSL_MIN_API
+#else
+# if (OPENSSL_API_COMPAT < 0x1000L) /* Major version numbers up to 16777215 */
+# define OPENSSL_API_LEVEL OPENSSL_API_COMPAT
+# elif (OPENSSL_API_COMPAT & 0xF0000000L) == 0x00000000L
+# define OPENSSL_API_LEVEL 0
+# elif (OPENSSL_API_COMPAT & 0xFFF00000L) == 0x10000000L
+# define OPENSSL_API_LEVEL 1
+# elif (OPENSSL_API_COMPAT & 0xFFF00000L) == 0x10100000L
+# define OPENSSL_API_LEVEL 2
+# else
+/ * Major number 3 to 15 */
+# define OPENSSL_API_LEVEL ((OPENSSL_API_COMPAT >> 28) & 0xF)
+# endif
#endif
/*
*/
#if OPENSSL_VERSION_MAJOR < 4
# define DEPRECATEDIN_4(f) f;
-#elif OPENSSL_API_COMPAT < 0x40000000L
+# define OPENSSL_API_4 0
+#elif OPENSSL_API_LEVEL < 4
# define DEPRECATEDIN_4(f) DECLARE_DEPRECATED(f)
+# define OPENSSL_API_4 0
#else
# define DEPRECATEDIN_4(f)
+# define OPENSSL_API_4 1
#endif
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if OPENSSL_API_LEVEL < 3
# define DEPRECATEDIN_3(f) DECLARE_DEPRECATED(f)
+# define OPENSSL_API_3 0
#else
# define DEPRECATEDIN_3(f)
+# define OPENSSL_API_3 1
#endif
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if OPENSSL_API_LEVEL < 2
# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
+# define OPENSSL_API_1_1_0 0
#else
# define DEPRECATEDIN_1_1_0(f)
+# define OPENSSL_API_1_1_0 1
#endif
-#if OPENSSL_API_COMPAT < 0x10000000L
+#if OPENSSL_API_LEVEL < 1
# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
+# define OPENSSL_API_1_0_0 0
#else
# define DEPRECATEDIN_1_0_0(f)
+# define OPENSSL_API_1_0_0 1
#endif
-#if OPENSSL_API_COMPAT < 0x00908000L
+#if OPENSSL_API_LEVEL < 0
# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
+# define OPENSSL_API_0_9_8 0
#else
# define DEPRECATEDIN_0_9_8(f)
+# define OPENSSL_API_0_9_8 1
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+# define OPENSSL_FILE ""
+# define OPENSSL_LINE 0
+# else
+# define OPENSSL_FILE __FILE__
+# define OPENSSL_LINE __LINE__
+# endif
#endif
/* Generate 80386 code? */
/* Compatibility macros */
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# define M_PKCS12_bag_type PKCS12_bag_type
# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type
RAND_METHOD *RAND_OpenSSL(void);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define RAND_cleanup() while(0) continue
# endif
int RAND_bytes(unsigned char *buf, int num);
/* Used by RAND_DRBG_set_defaults() to set the private DRBG type and flags. */
# define RAND_DRBG_FLAG_PRIVATE 0x10
-# if OPENSSL_API_COMPAT < 0x30000000L
+# if !OPENSSL_API_3
/* This #define was replaced by an internal constant and should not be used. */
# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF)
# endif
# include <openssl/bio.h>
# include <openssl/crypto.h>
# include <openssl/ossl_typ.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/bn.h>
# endif
# include <openssl/rsaerr.h>
* but other engines might not need it
*/
# define RSA_FLAG_NO_BLINDING 0x0080
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
/*
* Does nothing. Previously this switched off constant time behaviour.
*/
# define RSA_FLAG_NO_CONSTTIME 0x0000
# endif
-# if OPENSSL_API_COMPAT < 0x00908000L
+# if !OPENSSL_API_0_9_8
/* deprecated name for the flag*/
/*
* new with 0.9.7h; the built-in RSA
# include <openssl/opensslconf.h>
# include <openssl/comp.h>
# include <openssl/bio.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/x509.h>
# include <openssl/crypto.h>
# include <openssl/buffer.h>
# define SSL_VERIFY_CLIENT_ONCE 0x04
# define SSL_VERIFY_POST_HANDSHAKE 0x08
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define OpenSSL_add_ssl_algorithms() SSL_library_init()
# define SSLeay_add_ssl_algorithms() SSL_library_init()
# endif
SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
# define SSL_set_tmp_dh(ssl,dh) \
SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh))
-# if OPENSSL_API_COMPAT < 0x10200000L
+# if !OPENSSL_API_3
# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh))
# define SSL_set_tmp_ecdh(ssl,ecdh) \
# define SSL_get_shared_curve SSL_get_shared_group
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
/* Provide some compatibility macros for removed functionality. */
# define SSL_CTX_need_tmp_RSA(ctx) 0
# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
const char *dir);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define SSL_load_error_strings() \
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
__owur long SSL_get_default_timeout(const SSL *s);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define SSL_library_init() OPENSSL_init_ssl(0, NULL)
# endif
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
*meths);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define SSL_COMP_free_compression_methods() while(0) continue
# endif
__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define SSL_cache_hit(s) SSL_session_reused(s)
# endif
void OPENSSL_sk_sort(OPENSSL_STACK *st);
int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define _STACK OPENSSL_STACK
# define sk_num OPENSSL_sk_num
# define sk_value OPENSSL_sk_value
# define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \
SSL_ctrl(ssl,SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \
SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT
# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \
# include <openssl/opensslconf.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/crypto.h>
# endif
# include <openssl/safestack.h>
# include <openssl/uierr.h>
/* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */
-# if OPENSSL_API_COMPAT < 0x30000000L
+# if !OPENSSL_API_3
# ifdef OPENSSL_NO_UI_CONSOLE
# define OPENSSL_NO_UI
# endif
# include <openssl/safestack.h>
# include <openssl/ec.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/rsa.h>
# include <openssl/dsa.h>
# include <openssl/dh.h>
int X509_up_ref(X509 *x);
int X509_get_signature_type(const X509 *x);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define X509_get_notBefore X509_getm_notBefore
# define X509_get_notAfter X509_getm_notAfter
# define X509_set_notBefore X509_set1_notBefore
int X509_CRL_sort(X509_CRL *crl);
int X509_CRL_up_ref(X509_CRL *crl);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
#endif
X509_LU_X509, X509_LU_CRL
} X509_LOOKUP_TYPE;
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
#define X509_LU_RETRY -1
#define X509_LU_FAIL 0
#endif
/* Certificate verify flags */
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */
# endif
/* Use check time instead of current time */
X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx);
X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain
# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
int crit, unsigned long flags);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
/* The new declarations are in crypto.h, but the old ones were here. */
# define hex_to_string OPENSSL_buf2hexstr
# define string_to_hex OPENSSL_hexstr2buf
DTLS_client_method,
ssl_undefined_function,
ossl_statem_connect, DTLSv1_2_enc_data)
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# ifndef OPENSSL_NO_TLS1_2_METHOD
const SSL_METHOD *TLSv1_2_method(void)
{
return s->server;
}
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
void SSL_set_debug(SSL *s, int debug)
{
/* Old function was do-nothing anyway... */
0x02, 0x00 /* INTEGER tag + length */
};
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if !OPENSSL_API_3
/* LONG case ************************************************************* */
typedef struct {
int setup_tests(void)
{
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if !OPENSSL_API_3
ADD_TEST(test_long);
#endif
ADD_TEST(test_int32);
ENCDEC_DATA(-1, -1), \
ENCDEC_DATA(0, ASN1_LONG_UNDEF)
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if !OPENSSL_API_3
/***** LONG ******************************************************************/
typedef struct {
return fail == 0;
}
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if !OPENSSL_API_3
static int test_long_32bit(void)
{
return test_intern(&long_test_package_32bit);
int setup_tests(void)
{
-#if OPENSSL_API_COMPAT < 0x30000000L
+#if !OPENSSL_API_3
ADD_TEST(test_long_32bit);
ADD_TEST(test_long_64bit);
#endif
# These are used to convert certain pre-precessor expressions into
# others that @cpphandlers have a better chance to understand.
- { regexp => qr/#if OPENSSL_API_COMPAT(\S+)(0x[0-9a-fA-F]{8})L$/,
+ { regexp => qr/#if (!?)OPENSSL_API_([0-9_]+)$/,
massager => sub {
- my $op = $1;
- my $v = hex($2);
- if ($op ne '<' && $op ne '>=') {
- die "Error: unacceptable operator $op: $_[0]\n";
- }
- my ($major, $minor, $edit) =
- ( ($v >> 28) & 0xf,
- ($v >> 20) & 0xff,
- ($v >> 12) & 0xff );
- my $t = "DEPRECATEDIN_" .
- ($major <= 1
- ? "${major}_${minor}_${edit}"
- : "${major}");
- my $cond = $op eq '<' ? 'ifndef' : 'ifdef';
+ my $cnd = $1 eq '!' ? 'ndef' : 'def';
return (<<"EOF");
-#$cond $t
+#if$cnd DEPRECATEDIN_$2
EOF
}
}