diff options
| author | Matt Caswell <matt@openssl.org> | 2014-12-17 13:17:26 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2014-12-18 19:56:31 +0000 |
| commit | 07c4c14c4739da0c44562328afb6e7273e51298c (patch) | |
| tree | 1c936bd77997d866504eb97ef3cdf3fd76601713 | |
| parent | 59ff1ce06108508eba0f289b295dd89582c9fbfc (diff) | |
| download | openssl-07c4c14c4739da0c44562328afb6e7273e51298c.tar.gz | |
Turn on OPENSSL_NO_DEPRECATED by default.
Also introduce OPENSSL_USE_DEPRECATED. If OPENSSL_NO_DEPRECATED is
defined at config stage then OPENSSL_USE_DEPRECATED has no effect -
deprecated functions are not available.
If OPENSSL_NO_DEPRECATED is not defined at config stage then
applications must define OPENSSL_USE_DEPRECATED in order to access
deprecated functions.
Also introduce compiler warnings for gcc for applications using
deprecated functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
| -rwxr-xr-x | Configure | 6 | ||||
| -rw-r--r-- | crypto/opensslconf.h.in | 17 | ||||
| -rwxr-xr-x | util/mkdef.pl | 28 |
3 files changed, 50 insertions, 1 deletions
@@ -740,6 +740,7 @@ my $fips=0; # All of the following is disabled by default (RC5 was enabled before 0.9.8): my %disabled = ( # "what" => "comment" [or special keyword "experimental"] + "deprecated" => "default", "ec_nistp_64_gcc_128" => "default", "gmp" => "default", "jpake" => "experimental", @@ -758,7 +759,7 @@ my @experimental = (); # This is what $depflags will look like with the above defaults # (we need this to see if we should advise the user to run "make depend"): -my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; +my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; # Explicit "no-..." options will be collected in %disabled along with the defaults. # To remove something from %disabled, use "enable-foo" (unless it's experimental). @@ -1418,6 +1419,9 @@ if ($zlib) } } +#Always build the library with OPENSSL_USE_DEPRECATED. This is overridden by OPENSSL_NO_DEPRECATED +$cflags = "-DOPENSSL_USE_DEPRECATED $cflags"; + # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org my $shared_mark = ""; if ($shared_target eq "") diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in index 97e3745563..31a01c1c8b 100644 --- a/crypto/opensslconf.h.in +++ b/crypto/opensslconf.h.in @@ -1,5 +1,22 @@ /* crypto/opensslconf.h.in */ +/* + * Applications should use -DOPENSSL_USE_DEPRECATED to enable access to + * deprecated functions. But if the library has been built to disable + * deprecated functions then this will not work + */ +#if defined(OPENSSL_NO_DEPRECATED) && defined(OPENSSL_USE_DEPRECATED) +#undef OPENSSL_USE_DEPRECATED +#endif + +/* Test for support for deprecated attribute */ +#if __GNUC__ > 3 || \ + (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +#define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)) +#else +#define DECLARE_DEPRECATED(f) f +#endif + /* Generate 80386 code? */ #undef I386_ONLY diff --git a/util/mkdef.pl b/util/mkdef.pl index 03a9b40a0a..fa3f3dbe76 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -433,6 +433,7 @@ sub do_defs # is the same name as the original. my $cpp; my %unknown_algorithms = (); + my $parens = 0; foreach $file (split(/\s+/,$symhacksfile." ".$files)) { @@ -443,6 +444,7 @@ sub do_defs (map { $_ => 0 } @known_platforms), (map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms), (map { "OPENSSL_NO_".$_ => 0 } @known_algorithms), + (map { "OPENSSL_USE_".$_ => 0 } @known_algorithms), NOPROTO => 0, PERL5 => 0, _WINDLL => 0, @@ -505,6 +507,11 @@ sub do_defs print STDERR "DEBUG: parsing ----------\n" if $debug; while(<IN>) { + if($parens > 0) { + #Inside a DECLARE_DEPRECATED + $parens += count_parens($_); + next; + } if (/\/\* Error codes for the \w+ functions\. \*\//) { undef @tag; @@ -608,6 +615,8 @@ sub do_defs pop(@tag); if ($t =~ /^OPENSSL_NO_([A-Z0-9_]+)$/) { $t=$1; + } elsif($t =~ /^OPENSSL_USE_([A-Z0-9_]+)$/) { + $t=$1; } else { $t=""; } @@ -657,10 +666,15 @@ sub do_defs map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ : $tag{"OPENSSL_SYS_".$_} == -1 ? "!".$_ : "" } @known_ossl_platforms); + @current_algorithms = (); @current_algorithms = grep(!/^$/, map { $tag{"OPENSSL_NO_".$_} == -1 ? $_ : "" } @known_algorithms); + push @current_algorithms + , grep(!/^$/, + map { $tag{"OPENSSL_USE_".$_} == 1 ? $_ : "" } + @known_algorithms); $def .= "#INFO:" .join(',',@current_platforms).":" @@ -891,6 +905,10 @@ sub do_defs &$make_variant("_shadow_$2","_shadow_$2", "EXPORT_VAR_AS_FUNCTION", "FUNCTION"); + } elsif (/^\s*DECLARE_DEPRECATED\s*\(\s*(\w*(\s|\*|\w)*)/) { + $def .= "$1(void);"; + $parens = count_parens($_); + next; } elsif ($tag{'CONST_STRICT'} != 1) { if (/\{|\/\*|\([^\)]*$/) { $line = $_; @@ -1549,3 +1567,13 @@ sub check_existing } } +sub count_parens +{ + my $line = shift(@_); + + my $open = $line =~ tr/\(//; + my $close = $line =~ tr/\)//; + + return $open - $close; +} + |