From ff234c6804571b70bc02ff44df1f42c4a3fe5cf1 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Tue, 25 May 2021 12:57:06 -0400 Subject: [PATCH] Make conf_method_st and conf_st deprecated So they can be made opaque in a future release. Fixes #15101 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15466) --- CHANGES.md | 5 +++++ crypto/conf/conf_api.c | 1 + crypto/conf/conf_def.c | 1 + crypto/conf/conf_lib.c | 1 + crypto/conf/conf_local.h | 1 + crypto/conf/conf_mod.c | 1 + crypto/conf/conf_sap.c | 1 + include/openssl/conf.h.in | 26 +++------------------- include/openssl/conftypes.h | 44 +++++++++++++++++++++++++++++++++++++ 9 files changed, 58 insertions(+), 23 deletions(-) create mode 100644 include/openssl/conftypes.h diff --git a/CHANGES.md b/CHANGES.md index 0eb7f14289..ed9ad1ce8f 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -44,6 +44,11 @@ breaking changes, and mappings for the large list of deprecated functions. *Rich Salz* + * The public definitions of conf_method_st and conf_st have been + deprecated. They will be made opaque in a future release. + + * Rich Salz * + * Client-initiated renegotiation is disabled by default. To allow it, use the -client_renegotiation option, the SSL_OP_ALLOW_CLIENT_RENEGOTIATION flag, or the "ClientRenegotiation" config parameter as appropriate. diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 41a09c42bc..e4e305c714 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -15,6 +15,7 @@ #include #include #include +#include "conf_local.h" static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf); static void value_free_stack_doall(CONF_VALUE *a); diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 25fcc0400c..7b67854c8b 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -21,6 +21,7 @@ #include #include #include +#include "conf_local.h" #include "conf_def.h" #include #include diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 1f106d8c07..99a33765ad 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -16,6 +16,7 @@ #include #include #include +#include "conf_local.h" #include static CONF_METHOD *default_CONF_method = NULL; diff --git a/crypto/conf/conf_local.h b/crypto/conf/conf_local.h index 1ee8424c50..f3b16f1138 100644 --- a/crypto/conf/conf_local.h +++ b/crypto/conf/conf_local.h @@ -7,4 +7,5 @@ * https://www.openssl.org/source/license.html */ +#include void ossl_config_add_ssl_module(void); diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index d82f0c7f2c..36b054ca51 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -21,6 +21,7 @@ #include #include #include +#include "conf_local.h" DEFINE_STACK_OF(CONF_MODULE) DEFINE_STACK_OF(CONF_IMODULE) diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 5cd018c167..6742ecf87f 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -11,6 +11,7 @@ #include #include "internal/cryptlib.h" #include "internal/conf.h" +#include "conf_local.h" #include #include #include diff --git a/include/openssl/conf.h.in b/include/openssl/conf.h.in index 0911a38f8b..928b14c28f 100644 --- a/include/openssl/conf.h.in +++ b/include/openssl/conf.h.in @@ -48,21 +48,11 @@ struct conf_st; struct conf_method_st; typedef struct conf_method_st CONF_METHOD; -struct conf_method_st { - const char *name; - CONF *(*create) (CONF_METHOD *meth); - int (*init) (CONF *conf); - int (*destroy) (CONF *conf); - int (*destroy_data) (CONF *conf); - int (*load_bio) (CONF *conf, BIO *bp, long *eline); - int (*dump) (const CONF *conf, BIO *bp); - int (*is_number) (const CONF *conf, char c); - int (*to_int) (const CONF *conf, char c); - int (*load) (CONF *conf, const char *name, long *eline); -}; +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# include +# endif /* Module definitions */ - typedef struct conf_imodule_st CONF_IMODULE; typedef struct conf_module_st CONF_MODULE; @@ -115,16 +105,6 @@ OSSL_DEPRECATEDIN_1_1_0 void OPENSSL_config(const char *config_name); * that wasn't the case, the above functions would have been replaced */ -struct conf_st { - CONF_METHOD *meth; - void *meth_data; - LHASH_OF(CONF_VALUE) *data; - int flag_dollarid; - int flag_abspath; - char *includedir; - OSSL_LIB_CTX *libctx; -}; - CONF *NCONF_new_ex(OSSL_LIB_CTX *libctx, CONF_METHOD *meth); CONF *NCONF_new(CONF_METHOD *meth); CONF_METHOD *NCONF_default(void); diff --git a/include/openssl/conftypes.h b/include/openssl/conftypes.h new file mode 100644 index 0000000000..17cefaa443 --- /dev/null +++ b/include/openssl/conftypes.h @@ -0,0 +1,44 @@ +/* + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CONFTYPES_H +# define OPENSSL_CONFTYPES_H +# pragma once + +#ifndef OPENSSL_CONF_H +# include +#endif + +/* + * The contents of this file are deprecated and will be made opaque + */ +struct conf_method_st { + const char *name; + CONF *(*create) (CONF_METHOD *meth); + int (*init) (CONF *conf); + int (*destroy) (CONF *conf); + int (*destroy_data) (CONF *conf); + int (*load_bio) (CONF *conf, BIO *bp, long *eline); + int (*dump) (const CONF *conf, BIO *bp); + int (*is_number) (const CONF *conf, char c); + int (*to_int) (const CONF *conf, char c); + int (*load) (CONF *conf, const char *name, long *eline); +}; + +struct conf_st { + CONF_METHOD *meth; + void *meth_data; + LHASH_OF(CONF_VALUE) *data; + int flag_dollarid; + int flag_abspath; + char *includedir; + OSSL_LIB_CTX *libctx; +}; + +#endif