Browse Source

Add better support for using deprecated symbols internally

OPENSSL_SUPPRESS_DEPRECATED only does half the job, in telling the
deprecation macros not to add the warning attribute.  However, with
'no-deprecated', the symbols are still removed entirely, while we
might still want to use them internally.

The solution is to permit <openssl/opensslconf.h> macros to be
modified internally, such as undefining OPENSSL_NO_DEPRECATED in this
case.

However, with the way <openssl/opensslconf.h> includes
<openssl/macros.h>, that's easier said than done.  That's solved by
generating <openssl/configuration.h> instead, and add a new
<openssl/opensslconf.h> that includes <openssl/configuration.h> as
well as <openssl/macros.h>, thus allowing to replace an inclusion of
<openssl/opensslconf.h> with this:

    #include <openssl/configuration.h>

    #undef OPENSSL_NO_DEPRECATED
    #define OPENSSL_SUPPRESS_DEPRECATED

    #include <openssl/macros.h>

Or simply add the following prior to any other openssl inclusion:

    #include <openssl/configuration.h>

    #undef OPENSSL_NO_DEPRECATED
    #define OPENSSL_SUPPRESS_DEPRECATED

Note that undefining OPENSSL_NO_DEPRECATED must never be done by
applications, since the symbols must still be exported by the
library.  Internal test programs are excempt of this rule, though.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10608)
master
Richard Levitte 2 years ago
parent
commit
46994f7163
6 changed files with 44 additions and 10 deletions
  1. +1
    -1
      .gitignore
  2. +20
    -0
      CHANGES
  3. +2
    -2
      INSTALL
  4. +2
    -2
      build.info
  5. +3
    -5
      include/openssl/configuration.h.in
  6. +16
    -0
      include/openssl/opensslconf.h

+ 1
- 1
.gitignore View File

@ -22,7 +22,7 @@
# Auto generated headers
/crypto/buildinf.h
/include/crypto/*_conf.h
/include/openssl/opensslconf.h
/include/openssl/configuration.h
/include/openssl/opensslv.h
# Auto generated doc files


+ 20
- 0
CHANGES View File

@ -9,6 +9,26 @@
Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
*) Removed include/openssl/opensslconf.h.in and replaced it with
include/openssl/configuration.h.in, which differs in not including
<openssl/macros.h>. A short header include/openssl/opensslconf.h
was added to include both.
This allows internal hacks where one might need to modify the set
of configured macros, for example this if deprecated symbols are
still supposed to be available internally:
#include <openssl/configuration.h>
#undef OPENSSL_NO_DEPRECATED
#define OPENSSL_SUPPRESS_DEPRECATED
#include <openssl/macros.h>
This should not be used by applications that use the exported
symbols, as that will lead to linking errors.
[Richard Levitte]
*) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure
used in exponentiation with 512-bit moduli. No EC algorithms are
affected. Analysis suggests that attacks against 2-prime RSA1024,


+ 2
- 2
INSTALL View File

@ -836,8 +836,8 @@
Configure creates a build file ("Makefile" on Unix, "makefile" on Windows
and "descrip.mms" on OpenVMS) from a suitable template in Configurations,
and defines various macros in include/openssl/opensslconf.h (generated from
include/openssl/opensslconf.h.in).
and defines various macros in include/openssl/configuration.h (generated
from include/openssl/configuration.h.in).
1c. Configure OpenSSL for building outside of the source tree.


+ 2
- 2
build.info View File

@ -9,11 +9,11 @@ DEPEND[libssl]=libcrypto
# Empty DEPEND "indices" means the dependencies are expected to be built
# unconditionally before anything else.
DEPEND[]=include/openssl/opensslconf.h include/openssl/opensslv.h \
DEPEND[]=include/openssl/configuration.h include/openssl/opensslv.h \
include/crypto/bn_conf.h include/crypto/dso_conf.h \
doc/man7/openssl_user_macros.pod
GENERATE[include/openssl/opensslconf.h]=include/openssl/opensslconf.h.in
GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in
GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in
GENERATE[include/crypto/bn_conf.h]=include/crypto/bn_conf.h.in
GENERATE[include/crypto/dso_conf.h]=include/crypto/dso_conf.h.in


include/openssl/opensslconf.h.in → include/openssl/configuration.h.in View File


+ 16
- 0
include/openssl/opensslconf.h View File

@ -0,0 +1,16 @@
/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef OPENSSL_OPENSSLCONF_H
# define OPENSSL_OPENSSLCONF_H
#include <openssl/configuration.h>
#include <openssl/macros.h>
#endif /* OPENSSL_OPENSSLCONF_H */

Loading…
Cancel
Save