[openssl-commits] [openssl] OpenSSL source code branch master updated. c0fc27f88ea0933a3e201325fc683b52fe55d848

Matt Caswell matt at openssl.org
Thu Dec 18 19:58:33 UTC 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".

The branch, master has been updated
       via  c0fc27f88ea0933a3e201325fc683b52fe55d848 (commit)
       via  bd2bd374b37a3718be4a6c0c198be8ff3123c81a (commit)
       via  6385043fa165491e67fc1eff3c14143465dd2f81 (commit)
       via  53e95716f5c11a8a9cbdcbbb3be0e8e538b5a2ea (commit)
       via  5bafb04d2e8a792afbc97395410ef3291f3fbc8b (commit)
       via  07c4c14c4739da0c44562328afb6e7273e51298c (commit)
      from  59ff1ce06108508eba0f289b295dd89582c9fbfc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c0fc27f88ea0933a3e201325fc683b52fe55d848
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Dec 18 15:03:09 2014 +0000

    Made it an error to define OPENSSL_USE_DEPRECATED if OpenSSL has been built
    with OPENSSL_NO_DEPRECATED defined
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit bd2bd374b37a3718be4a6c0c198be8ff3123c81a
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Dec 17 14:27:22 2014 +0000

    Update CHANGES for deprecated updates
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 6385043fa165491e67fc1eff3c14143465dd2f81
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Dec 17 14:24:21 2014 +0000

    make update following changes to default config settings
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 53e95716f5c11a8a9cbdcbbb3be0e8e538b5a2ea
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Dec 17 13:30:41 2014 +0000

    Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED
    Introduce use of DECLARE_DEPRECATED
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 5bafb04d2e8a792afbc97395410ef3291f3fbc8b
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Dec 17 13:21:54 2014 +0000

    Remove redundant OPENSSL_NO_DEPRECATED suppression
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 07c4c14c4739da0c44562328afb6e7273e51298c
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Dec 17 13:17:26 2014 +0000

    Turn on OPENSSL_NO_DEPRECATED by default.
    Also introduce OPENSSL_USE_DEPRECATED. If OPENSSL_NO_DEPRECATED is
    defined at config stage then OPENSSL_USE_DEPRECATED has no effect -
    deprecated functions are not available.
    If OPENSSL_NO_DEPRECATED is not defined at config stage then
    applications must define OPENSSL_USE_DEPRECATED in order to access
    deprecated functions.
    Also introduce compiler warnings for gcc for applications using
    deprecated functions
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 CHANGES                 |    9 ++++
 Configure               |    9 +++-
 apps/Makefile           |  118 ++++++++++++++++++++++-------------------------
 apps/dsaparam.c         |    5 --
 apps/gendh.c            |    5 --
 apps/genrsa.c           |    5 --
 apps/req.c              |    6 ---
 apps/s_server.c         |    5 --
 crypto/asn1/asn1.h      |    2 +-
 crypto/bn/bn.h          |   34 +++++++-------
 crypto/bn/bntest.c      |    6 ---
 crypto/crypto.h         |   10 ++--
 crypto/dh/dh.h          |   10 ++--
 crypto/dh/dhtest.c      |    6 ---
 crypto/dsa/dsa.h        |   10 ++--
 crypto/dsa/dsatest.c    |    6 ---
 crypto/ec/ec.h          |    2 +-
 crypto/ecdh/ecdh.h      |    2 +-
 crypto/ecdsa/ecdsa.h    |    2 +-
 crypto/engine/engine.h  |    2 +-
 crypto/err/err.h        |    4 +-
 crypto/opensslconf.h.in |   17 +++++++
 crypto/rsa/rsa.h        |   12 ++---
 crypto/store/store.h    |    2 +-
 crypto/ui/ui.h          |    2 +-
 crypto/x509/x509.h      |    2 +-
 ssl/ssl.h               |    2 +-
 test/Makefile           |   24 +++++-----
 util/mkdef.pl           |   28 +++++++++++
 29 files changed, 179 insertions(+), 168 deletions(-)

diff --git a/CHANGES b/CHANGES
index 4510706..34a85b2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,10 +4,19 @@
 
  Changes between 1.0.2 and 1.1.0  [xx XXX xxxx]
 
+  *) config has been changed so that by default OPENSSL_NO_DEPRECATED is used.
+     Access to deprecated functions can be re-enabled by running config with
+     "enable-deprecated". In addition applications wishing to use deprecated
+     functions must define OPENSSL_USE_DEPRECATED. Note that this new behaviour
+     will, by default, disable some transitive includes that previously existed
+     in the header files (e.g. ec.h will no longer, by default, include bn.h)
+     [Matt Caswell]
+
   *) Added support for OCB mode. OpenSSL has been granted a patent license
      compatible with the OpenSSL license for use of OCB. Details are available
      at https://www.openssl.org/docs/misc/OCB-patent-grant-OpenSSL.pdf. Support
      for OCB can be removed by calling config with no-ocb.
+     [Matt Caswell]
 
   *) SSLv2 support has been removed.  It still supports receiving a SSLv2
      compatible client hello.
diff --git a/Configure b/Configure
index 43f1b30..b97f961 100755
--- a/Configure
+++ b/Configure
@@ -740,6 +740,7 @@ my $fips=0;
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 
 my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
+		 "deprecated" => "default",
 		 "ec_nistp_64_gcc_128" => "default",
 		 "gmp"		  => "default",
 		 "jpake"          => "experimental",
@@ -758,7 +759,7 @@ my @experimental = ();
 
 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
 
 # Explicit "no-..." options will be collected in %disabled along with the defaults.
 # To remove something from %disabled, use "enable-foo" (unless it's experimental).
@@ -1418,6 +1419,12 @@ if ($zlib)
 		}
 	}
 
+#Build the library with OPENSSL_USE_DEPRECATED if deprecation is not disabled
+if(!defined($disabled{"deprecated"}))
+	{
+	$cflags = "-DOPENSSL_USE_DEPRECATED $cflags";
+	}
+
 # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
 my $shared_mark = "";
 if ($shared_target eq "")
diff --git a/apps/Makefile b/apps/Makefile
index 76fa21b..6ced2bd 100644
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -349,20 +349,18 @@ dsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dsa.c
 dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
-dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsaparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
+dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsaparam.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+dsaparam.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+dsaparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 dsaparam.o: dsaparam.c
 ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
@@ -457,22 +455,20 @@ errstr.o: ../include/openssl/x509v3.h apps.h errstr.c
 gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
-gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+gendh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h
+gendh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+gendh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+gendh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/rand.h ../include/openssl/safestack.h
 gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
 gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
-gendh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-gendh.o: gendh.c
+gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+gendh.o: ../include/openssl/x509v3.h apps.h gendh.c
 gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -509,7 +505,6 @@ genpkey.o: genpkey.c
 genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
@@ -522,9 +517,8 @@ genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
 genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
-genrsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-genrsa.o: genrsa.c
+genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c
 nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -729,21 +723,20 @@ rand.o: ../include/openssl/x509v3.h apps.h rand.c
 req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-req.o: ../include/openssl/engine.h ../include/openssl/err.h
-req.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-req.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+req.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+req.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+req.o: ../include/openssl/err.h ../include/openssl/evp.h
+req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+req.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 req.o: ../include/openssl/sha.h ../include/openssl/stack.h
 req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-req.o: ../include/openssl/ui.h ../include/openssl/x509.h
-req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
+req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+req.o: ../include/openssl/x509v3.h apps.h req.c
 rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -826,25 +819,24 @@ s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_server.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_server.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_server.o: ../include/openssl/srp.h ../include/openssl/srtp.h
-s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h
+s_server.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s_server.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s_server.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_server.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_server.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_server.o: ../include/openssl/sha.h ../include/openssl/srp.h
+s_server.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_server.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 s_server.o: s_apps.h s_server.c timeouts.h
 s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 8ee5d42..fcbd794 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -57,11 +57,6 @@
  */
 
 #include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
 
 #ifndef OPENSSL_NO_DSA
 #include <assert.h>
diff --git a/apps/gendh.c b/apps/gendh.c
index c8645a4..4581bfa 100644
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -58,11 +58,6 @@
  */
 
 #include <openssl/opensslconf.h>
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
 
 #ifndef OPENSSL_NO_DH
 #include <stdio.h>
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 54e30d3..fe00af9 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -57,11 +57,6 @@
  */
 
 #include <openssl/opensslconf.h>
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
 
 #ifndef OPENSSL_NO_RSA
 #include <stdio.h>
diff --git a/apps/req.c b/apps/req.c
index 87ab412..a69915f 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -56,12 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
diff --git a/apps/s_server.c b/apps/s_server.c
index 21f7e04..1e40769 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -140,11 +140,6 @@
  * OTHERWISE.
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
 
 #include <assert.h>
 #include <ctype.h>
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 37adcb3..68be533 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -70,7 +70,7 @@
 #include <openssl/symhacks.h>
 
 #include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
 #include <openssl/bn.h>
 #endif
 
diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
index 6bccbfe..5daee38 100644
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -263,13 +263,13 @@ extern "C" {
                                       * BN_mod_inverse() will call BN_mod_inverse_no_branch.
                                       */
 
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
 #define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */
                                       /* avoid leaking exponent information through timings
                                       * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
 #endif
 
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
 #define BN_FLG_FREE		0x8000	/* used for debuging */
 #endif
 
@@ -342,7 +342,7 @@ int BN_is_odd(const BIGNUM *a);
 
 void BN_zero_ex(BIGNUM *a);
 
-#ifdef OPENSSL_NO_DEPRECATED
+#ifndef OPENSSL_USE_DEPRECATED
 #define BN_zero(a)	BN_zero_ex(a)
 #else
 #define BN_zero(a)	(BN_set_word((a),0))
@@ -464,17 +464,17 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret,
 void	BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
 
 /* Deprecated versions */
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
+#ifdef OPENSSL_USE_DEPRECATED
+DECLARE_DEPRECATED(BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
 	const BIGNUM *add, const BIGNUM *rem,
-	void (*callback)(int,int,void *),void *cb_arg);
-int	BN_is_prime(const BIGNUM *p,int nchecks,
+	void (*callback)(int,int,void *),void *cb_arg));
+DECLARE_DEPRECATED(int	BN_is_prime(const BIGNUM *p,int nchecks,
 	void (*callback)(int,int,void *),
-	BN_CTX *ctx,void *cb_arg);
-int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
+	BN_CTX *ctx,void *cb_arg));
+DECLARE_DEPRECATED(int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
 	void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
-	int do_trial_division);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
+	int do_trial_division));
+#endif /* defined(OPENSSL_USE_DEPRECATED) */
 
 /* Newer versions */
 int	BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
@@ -517,9 +517,9 @@ int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
 int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
 int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
 int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-#ifndef OPENSSL_NO_DEPRECATED
-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
-void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+#ifdef OPENSSL_USE_DEPRECATED
+DECLARE_DEPRECATED(unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *));
+DECLARE_DEPRECATED(void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long));
 #endif
 CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
 unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
@@ -530,9 +530,9 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
 			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
 	BN_MONT_CTX *m_ctx);
 
-#ifndef OPENSSL_NO_DEPRECATED
-void BN_set_params(int mul,int high,int low,int mont);
-int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
+#ifdef OPENSSL_USE_DEPRECATED
+DECLARE_DEPRECATED(void BN_set_params(int mul,int high,int low,int mont));
+DECLARE_DEPRECATED(int BN_get_params(int which)); /* 0, mul, 1 high, 2 low, 3 mont */
 #endif
 
 BN_RECP_CTX *BN_RECP_CTX_new(void);
diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c
index 6e18a69..0fa2504 100644
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -69,12 +69,6 @@
  *
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
diff --git a/crypto/crypto.h b/crypto/crypto.h
index c4c173f..d4be37b 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -442,10 +442,14 @@ void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
 int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b);
 void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src);
 unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
-#ifndef OPENSSL_NO_DEPRECATED
-void CRYPTO_set_id_callback(unsigned long (*func)(void));
+#ifdef OPENSSL_USE_DEPRECATED
+DECLARE_DEPRECATED(void CRYPTO_set_id_callback(unsigned long (*func)(void)));
+/*
+ * mkdef.pl cannot handle this next one so not inside DECLARE_DEPRECATED,
+ * but still inside OPENSSL_USE_DEPRECATED
+ */
 unsigned long (*CRYPTO_get_id_callback(void))(void);
-unsigned long CRYPTO_thread_id(void);
+DECLARE_DEPRECATED(unsigned long CRYPTO_thread_id(void));
 #endif
 
 const char *CRYPTO_get_lock_name(int type);
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index beaeac9..3f7dca1 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -69,7 +69,7 @@
 #include <openssl/bio.h>
 #endif
 #include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
 #include <openssl/bn.h>
 #endif
 	
@@ -204,10 +204,10 @@ int DH_set_ex_data(DH *d, int idx, void *arg);
 void *DH_get_ex_data(DH *d, int idx);
 
 /* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
-DH *	DH_generate_parameters(int prime_len,int generator,
-		void (*callback)(int,int,void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
+#ifdef OPENSSL_USE_DEPRECATED
+DECLARE_DEPRECATED(DH *	DH_generate_parameters(int prime_len,int generator,
+		void (*callback)(int,int,void *),void *cb_arg));
+#endif /* defined(OPENSSL_USE_DEPRECATED) */
 
 /* New version */
 int	DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c
index c98c804..f4c2fd9 100644
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@@ -56,12 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index 34d0704..8feb2a1 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -77,7 +77,7 @@
 #include <openssl/crypto.h>
 #include <openssl/ossl_typ.h>
 
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_DH
 # include <openssl/dh.h>
@@ -236,12 +236,12 @@ DSA *	d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
 DSA * 	d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
 
 /* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
-DSA *	DSA_generate_parameters(int bits,
+#ifdef OPENSSL_USE_DEPRECATED
+DECLARE_DEPRECATED(DSA *	DSA_generate_parameters(int bits,
 		unsigned char *seed,int seed_len,
 		int *counter_ret, unsigned long *h_ret,void
-		(*callback)(int, int, void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
+		(*callback)(int, int, void *),void *cb_arg));
+#endif /* defined(OPENSSL_USE_DEPRECATED) */
 
 /* New version */
 int	DSA_generate_parameters_ex(DSA *dsa, int bits,
diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c
index 271a8e0..152205f 100644
--- a/crypto/dsa/dsatest.c
+++ b/crypto/dsa/dsatest.c
@@ -56,12 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
index f8c927a..f448aac 100644
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -84,7 +84,7 @@
 
 #include <openssl/asn1.h>
 #include <openssl/symhacks.h>
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
 #include <openssl/bn.h>
 #endif
 
diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h
index 539e212..c030728 100644
--- a/crypto/ecdh/ecdh.h
+++ b/crypto/ecdh/ecdh.h
@@ -77,7 +77,7 @@
 
 #include <openssl/ec.h>
 #include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
 #include <openssl/bn.h>
 #endif
 
diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h
index 28a4d1c..657f0b9 100644
--- a/crypto/ecdsa/ecdsa.h
+++ b/crypto/ecdsa/ecdsa.h
@@ -67,7 +67,7 @@
 
 #include <openssl/ec.h>
 #include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
 #include <openssl/bn.h>
 #endif
 
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
index 830d391..5d382fa 100644
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -70,7 +70,7 @@
 #error ENGINE is disabled.
 #endif
 
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
diff --git a/crypto/err/err.h b/crypto/err/err.h
index 974cc9c..2a00e28 100644
--- a/crypto/err/err.h
+++ b/crypto/err/err.h
@@ -354,8 +354,8 @@ void ERR_load_crypto_strings(void);
 void ERR_free_strings(void);
 
 void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
-#ifndef OPENSSL_NO_DEPRECATED
-void ERR_remove_state(unsigned long pid); /* if zero we look it up */
+#ifdef OPENSSL_USE_DEPRECATED
+DECLARE_DEPRECATED(void ERR_remove_state(unsigned long pid)); /* if zero we look it up */
 #endif
 ERR_STATE *ERR_get_state(void);
 
diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
index 97e3745..faa33a4 100644
--- a/crypto/opensslconf.h.in
+++ b/crypto/opensslconf.h.in
@@ -1,5 +1,22 @@
 /* crypto/opensslconf.h.in */
 
+/*
+ * Applications should use -DOPENSSL_USE_DEPRECATED to enable access to
+ * deprecated functions. But if the library has been built to disable
+ * deprecated functions then this will not work
+ */
+#if defined(OPENSSL_NO_DEPRECATED) && defined(OPENSSL_USE_DEPRECATED)
+#error "OPENSSL_USE_DEPRECATED has been defined, but OpenSSL has been built without support for deprecated functions"
+#endif
+
+/* Test for support for deprecated attribute */
+#if __GNUC__ > 3 || \
+  (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated))
+#else
+#define DECLARE_DEPRECATED(f)    f
+#endif
+
 /* Generate 80386 code? */
 #undef I386_ONLY
 
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index f164d74..10e187e 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -66,7 +66,7 @@
 #endif
 #include <openssl/crypto.h>
 #include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
 #include <openssl/bn.h>
 #endif
 
@@ -208,7 +208,7 @@ struct rsa_st
                                                 * operations and results in faster RSA 
                                                 * private key operations.
                                                 */ 
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
 #define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/
                                                 /* new with 0.9.7h; the built-in RSA
                                                 * implementation now uses constant time
@@ -310,10 +310,10 @@ int	RSA_size(const RSA *rsa);
 int	RSA_security_bits(const RSA *rsa);
 
 /* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
-RSA *	RSA_generate_key(int bits, unsigned long e,void
-		(*callback)(int,int,void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
+#ifdef OPENSSL_USE_DEPRECATED
+DECLARE_DEPRECATED(RSA *	RSA_generate_key(int bits, unsigned long e,void
+		(*callback)(int,int,void *),void *cb_arg));
+#endif /* defined(OPENSSL_USE_DEPRECATED) */
 
 /* New version */
 int	RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
diff --git a/crypto/store/store.h b/crypto/store/store.h
index 0a28c7d..8b472a7 100644
--- a/crypto/store/store.h
+++ b/crypto/store/store.h
@@ -66,7 +66,7 @@
 #endif
 
 #include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
 #include <openssl/evp.h>
 #include <openssl/bn.h>
 #include <openssl/x509.h>
diff --git a/crypto/ui/ui.h b/crypto/ui/ui.h
index bd78aa4..5c4ff49 100644
--- a/crypto/ui/ui.h
+++ b/crypto/ui/ui.h
@@ -59,7 +59,7 @@
 #ifndef HEADER_UI_H
 #define HEADER_UI_H
 
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
 #include <openssl/crypto.h>
 #endif
 #include <openssl/safestack.h>
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 2fcc107..ad804f2 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -91,7 +91,7 @@
 #include <openssl/ecdh.h>
 #endif
 
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 02c53c7..0318d04 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -151,7 +151,7 @@
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
 #ifndef OPENSSL_NO_X509
 #include <openssl/x509.h>
 #endif
diff --git a/test/Makefile b/test/Makefile
index 3eb551c..8d95239 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -557,18 +557,17 @@ bftest.o: ../include/openssl/opensslconf.h bftest.c
 bntest.o: ../crypto/bn/bn_lcl.h ../crypto/include/internal/bn_int.h ../e_os.h
 bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 bntest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-bntest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+bntest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 bntest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 bntest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
 bntest.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 bntest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 bntest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-bntest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-bntest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-bntest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bntest.c
+bntest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+bntest.o: ../include/openssl/x509_vfy.h bntest.c
 casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
 casttest.o: ../include/openssl/opensslconf.h casttest.c
 constant_time_test.o: ../crypto/constant_time_locl.h ../e_os.h
@@ -587,13 +586,12 @@ dhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
 dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h dhtest.c
 dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
-dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h
-dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
-dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-dsatest.o: ../include/openssl/symhacks.h dsatest.c
+dsatest.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+dsatest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+dsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h dsatest.c
 ecdhtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ecdhtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
 ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
diff --git a/util/mkdef.pl b/util/mkdef.pl
index 03a9b40..fa3f3db 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -433,6 +433,7 @@ sub do_defs
 				# is the same name as the original.
 	my $cpp;
 	my %unknown_algorithms = ();
+	my $parens = 0;
 
 	foreach $file (split(/\s+/,$symhacksfile." ".$files))
 		{
@@ -443,6 +444,7 @@ sub do_defs
 			(map { $_ => 0 } @known_platforms),
 			(map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms),
 			(map { "OPENSSL_NO_".$_ => 0 } @known_algorithms),
+			(map { "OPENSSL_USE_".$_ => 0 } @known_algorithms),
 			NOPROTO		=> 0,
 			PERL5		=> 0,
 			_WINDLL		=> 0,
@@ -505,6 +507,11 @@ sub do_defs
 
 		print STDERR "DEBUG: parsing ----------\n" if $debug;
 		while(<IN>) {
+			if($parens > 0) {
+				#Inside a DECLARE_DEPRECATED
+				$parens += count_parens($_);
+				next;
+			}
 			if (/\/\* Error codes for the \w+ functions\. \*\//)
 				{
 				undef @tag;
@@ -608,6 +615,8 @@ sub do_defs
 					pop(@tag);
 					if ($t =~ /^OPENSSL_NO_([A-Z0-9_]+)$/) {
 						$t=$1;
+					} elsif($t =~ /^OPENSSL_USE_([A-Z0-9_]+)$/) {
+						$t=$1;
 					} else {
 						$t="";
 					}
@@ -657,10 +666,15 @@ sub do_defs
 					   map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ :
 						     $tag{"OPENSSL_SYS_".$_} == -1 ? "!".$_  : "" }
 					   @known_ossl_platforms);
+				@current_algorithms = ();
 				@current_algorithms =
 				    grep(!/^$/,
 					 map { $tag{"OPENSSL_NO_".$_} == -1 ? $_ : "" }
 					 @known_algorithms);
+				push @current_algorithms
+				    , grep(!/^$/,
+					 map { $tag{"OPENSSL_USE_".$_} == 1 ? $_ : "" }
+					 @known_algorithms);
 				$def .=
 				    "#INFO:"
 					.join(',', at current_platforms).":"
@@ -891,6 +905,10 @@ sub do_defs
 					&$make_variant("_shadow_$2","_shadow_$2",
 						      "EXPORT_VAR_AS_FUNCTION",
 						      "FUNCTION");
+				} elsif (/^\s*DECLARE_DEPRECATED\s*\(\s*(\w*(\s|\*|\w)*)/) {
+					$def .= "$1(void);";
+					$parens = count_parens($_);
+					next;
 				} elsif ($tag{'CONST_STRICT'} != 1) {
 					if (/\{|\/\*|\([^\)]*$/) {
 						$line = $_;
@@ -1549,3 +1567,13 @@ sub check_existing
 	}
 }
 
+sub count_parens
+{
+	my $line = shift(@_);
+
+	my $open = $line =~ tr/\(//;
+	my $close = $line =~ tr/\)//;
+
+	return $open - $close;
+}
+


hooks/post-receive
-- 
OpenSSL source code


More information about the openssl-commits mailing list