The OSSL_DEPRECATEDIN_3_0 macro introduced in PR #13074 is intended to
be passed as a parameter to the various PEM declaration macros. However,
in some cases OSSL_DEPRECATEDIN_3_0 is defined to be empty, and it is
not allowed to pass empty macro arguments in C90. Therefore we ensure
these macros are always defined. In the case where they were empty
previously we use a no-op value instead.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13227)
As opposed to DEPRECATEDIN_{major}_{minor}(), any use of these macros must
be guarded with a corresponding OPENSSL_NO_DEPRECATED_{major}_{minor}:
#ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0 int RSA_size(const RSA *rsa);
#endif
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13074)
It turns out that they have __declspec(deprecated) that correspond
pretty much to GCC's __attribute__((deprecated)), including for
messages.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13074)
The macro value is changed to use deprecation messages where whose are
supported.
We also add the macro OSSL_DEPRECATED_FOR(), to be used whenever an
additional message text is desirable, for example to tell the user
what the deprecated is replaced with. Example:
OSSL_DEPRECATED_FOR(3.0,"use EVP_PKEY and EVP_PKEY_size() instead")
int RSA_size(const RSA *rsa);
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13074)
The diverse DEPRECATEDIN_x_y_z macros are rewritten in terms of this macro.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13074)
Use of the low level AES functions has been informally discouraged for a
long time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10580)
We add a new macro OPENSSL_SUPRESS_DEPRECATED which enables applications
to supress deprecation warnings where necessary.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10558)
At some point in time, there was a 'no-deprecated' configuration
option, which had the effect of hiding all declarations of deprecated
stuff, i.e. make the public API look like they were all removed.
At some point in time, there was a '--api' configuration option, which
had the effect of having the public API look like it did in the version
given as value, on a best effort basis. In practice, this was used to
get different implementations of BN_zero(), depending on the desired
API compatibility level.
At some later point in time, '--api' was changed to mean the same as
'no-deprecated', but only for the deprecations up to and including the
desired API compatibility level. BN_zero() has been set to the
pre-1.0.0 implementation ever since, unless 'no-deprecation' has been
given.
This change turns these options back to their original meaning, but
with the slight twist that when combined, i.e. both '--api' and
'no-deprecated' is given, the declarations that are marked deprecated
up to an including the desired API compatibility level are hidden,
simulating that they have been removed.
If no desired API compatibility level has been given, then
configuration sets the current OpenSSL version by default.
Furthermore, the macro OPENSSL_API_LEVEL is now used exclusively to
check what API compatibility level is desired. For checking in code
if `no-deprecated` has been configured for the desired API
compatibility level, macros for each supported level is generated,
such as OPENSSL_NO_DEPRECATED_1_1_1, corresponding to the use of
DEPRECATEDIN_ macros, such as DEPRECATEDIN_1_1_1().
Just like before, to set an API compatibility level when building an
application, define OPENSSL_API_COMPAT with an appropriate value. If
it's desirable to hide deprecated functions up to and including that
level, additionally define OPENSSL_NO_DEPRECATED (the value is
ignored).
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Make sure OPENSSL_FUNC gets defined to something, no matter what.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9976)
OPENSSL_FUNC was defined as an alias for __FUNCTION__ with new enough
GNU C, regardless of the language standard used. We change this
slightly, so this won't happen unless __STDC_VERSION is defined.
Fixes#9911
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9913)
There was a section to define OPENSSL_FUNC that depended on PEDANTIC
being defined. That is an internal build macro that should never
appear in a public header. The solution was simple, replace it with
a check of __STRICT_ANSI__.
Fixes#9756
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9756)
When openssl/macros.h is included without openssl/opensslv.h, it can't
define OPENSSL_API_4 properly (with sufficient warnings enabled, the
compiler will complain about OPENSSL_VERSION_MAJOR not being defined).
The quick fix could have been to include openssl/opensslv.h in
openssl/macros.h, but that would create a nasty include loop, since
openssl/opensslv.h includes openssl/opensslconf.h, which includes
openssl/macros.h, in an order that leads back to macro check errors.
The objective is to make these headers more independent:
- openssl/opensslconf.h should really be completely independent, as it
only defines macros for configuration values. However, it needs to
include openssl/macros.h for backward compatibility reasons. We do
this at the very end, under inclusion guards.
- openssl/macros.h is changed to include openssl/opensslconf.h, so it
gets necessary configuration values to build some macros. This will
not cause an endless inclusion loop, since opensslconf.h's inclusion
of macros.h is under guard.
- openssl/opensslv.h is changed to include openssl/macros.h instead of
openssl/opensslconf.h.
Only one last piece needs to be done to make openssl/macros.h
independent from openssl/opensslv.h. We can realise that the
definition of OPENSSL_API_4 doesn't need to depend on the current
version number. There's nothing in our configuration that would have
OPENSSL_API_4 defined to 1, and if the user sets OPENSSL_API_COMPAT or
OPENSSL_API_LEVEL to a high enough value, we consider that a
deliberate and knowledgable action on their part.
Fixes#7874Fixes#9601
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9626)
New header file, include/openssl/macros.h, which contains diverse
useful macros that we use elsewhere.
We also add the new macro OPENSSL_FUNC, which is an alias for
__FUNC__, __FUNCTION__, __FUNCSIG or __func__, depending on what the
compiler supports. In the worst case, it's an alias for the string
"(unknown function)".
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)