Turn on OPENSSL_NO_DEPRECATED by default.

Also introduce OPENSSL_USE_DEPRECATED. If OPENSSL_NO_DEPRECATED is defined at config stage then OPENSSL_USE_DEPRECATED has no effect - deprecated functions are not available. If OPENSSL_NO_DEPRECATED is not defined at config stage then applications must define OPENSSL_USE_DEPRECATED in order to access deprecated functions. Also introduce compiler warnings for gcc for applications using deprecated functions Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-17 13:17:26 +00:00 · 2014-12-17 13:17:26 +00:00 · 07c4c14c47
commit 07c4c14c47
parent 59ff1ce061
3 changed files with 50 additions and 1 deletions
--- a/6
+++ b/6
@ -740,6 +740,7 @@ my $fips=0;
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):

 my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
+		 "deprecated" => "default",
 		 "ec_nistp_64_gcc_128" => "default",
 		 "gmp"		  => "default",
 		 "jpake"          => "experimental",
@ -758,7 +759,7 @@ my @experimental = ();

 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";

 # Explicit "no-..." options will be collected in %disabled along with the defaults.
 # To remove something from %disabled, use "enable-foo" (unless it's experimental).
@ -1418,6 +1419,9 @@ if ($zlib)
 		}
 	}

+#Always build the library with OPENSSL_USE_DEPRECATED. This is overridden by OPENSSL_NO_DEPRECATED
+$cflags = "-DOPENSSL_USE_DEPRECATED $cflags";
+
 # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
 my $shared_mark = "";
 if ($shared_target eq "")
--- a/crypto/opensslconf.h.in
+++ b/crypto/opensslconf.h.in
@ -1,5 +1,22 @@
 /* crypto/opensslconf.h.in */

+/*
+ * Applications should use -DOPENSSL_USE_DEPRECATED to enable access to
+ * deprecated functions. But if the library has been built to disable
+ * deprecated functions then this will not work
+ */
+#if defined(OPENSSL_NO_DEPRECATED) && defined(OPENSSL_USE_DEPRECATED)
+#undef OPENSSL_USE_DEPRECATED
+#endif
+
+/* Test for support for deprecated attribute */
+#if __GNUC__ > 3 || \
+  (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated))
+#else
+#define DECLARE_DEPRECATED(f)    f
+#endif
+
 /* Generate 80386 code? */
 #undef I386_ONLY

--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@ -433,6 +433,7 @@ sub do_defs
 				# is the same name as the original.
 	my $cpp;
 	my %unknown_algorithms = ();
+	my $parens = 0;

 	foreach $file (split(/\s+/,$symhacksfile." ".$files))
 		{
@ -443,6 +444,7 @@ sub do_defs
 			(map { $_ => 0 } @known_platforms),
 			(map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms),
 			(map { "OPENSSL_NO_".$_ => 0 } @known_algorithms),
+			(map { "OPENSSL_USE_".$_ => 0 } @known_algorithms),
 			NOPROTO		=> 0,
 			PERL5		=> 0,
 			_WINDLL		=> 0,
@ -505,6 +507,11 @@ sub do_defs

 		print STDERR "DEBUG: parsing ----------\n" if $debug;
 		while(<IN>) {
+			if($parens > 0) {
+				#Inside a DECLARE_DEPRECATED
+				$parens += count_parens($_);
+				next;
+			}
 			if (/\/\* Error codes for the \w+ functions\. \*\//)
 				{
 				undef @tag;
@ -608,6 +615,8 @@ sub do_defs
 					pop(@tag);
 					if ($t =~ /^OPENSSL_NO_([A-Z0-9_]+)$/) {
 						$t=$1;
+					} elsif($t =~ /^OPENSSL_USE_([A-Z0-9_]+)$/) {
+						$t=$1;
 					} else {
 						$t="";
 					}
@ -657,10 +666,15 @@ sub do_defs
 					   map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ :
 						     $tag{"OPENSSL_SYS_".$_} == -1 ? "!".$_  : "" }
 					   @known_ossl_platforms);
+				@current_algorithms = ();
 				@current_algorithms =
 				    grep(!/^$/,
 					 map { $tag{"OPENSSL_NO_".$_} == -1 ? $_ : "" }
 					 @known_algorithms);
+				push @current_algorithms
+				    , grep(!/^$/,
+					 map { $tag{"OPENSSL_USE_".$_} == 1 ? $_ : "" }
+					 @known_algorithms);
 				$def .=
 				    "#INFO:"
 					.join(',',@current_platforms).":"
@ -891,6 +905,10 @@ sub do_defs
 					&$make_variant("_shadow_$2","_shadow_$2",
 						      "EXPORT_VAR_AS_FUNCTION",
 						      "FUNCTION");
+				} elsif (/^\s*DECLARE_DEPRECATED\s*\(\s*(\w*(\s|\*|\w)*)/) {
+					$def .= "$1(void);";
+					$parens = count_parens($_);
+					next;
 				} elsif ($tag{'CONST_STRICT'} != 1) {
 					if (/\{|\/\*|\([^\)]*$/) {
 						$line = $_;
@ -1549,3 +1567,13 @@ sub check_existing
 	}
 }

+sub count_parens
+{
+	my $line = shift(@_);
+
+	my $open = $line =~ tr/\(//;
+	my $close = $line =~ tr/\)//;
+
+	return $open - $close;
+}
+