[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Thu Dec 6 11:25:07 UTC 2018
The branch master has been updated
via fcd2d5a6121ad3e5e65edc714ad99fc36f609f81 (commit)
via 0695b193428b25b9fbb905ab5b913e69384e2554 (commit)
via 478d4f912c001f18717d1364132184ff9d31f944 (commit)
via db2f2d49b90a7738804e1af9d11e1010be37ee11 (commit)
via 3a63dbef15b62b121c5df8762f8cb915fb06b27a (commit)
via 672f943ad6c6d16b1f65a77b8e2c83c8f44a112b (commit)
via 2284f64c871c2f7611678dba6eadd1989cee9981 (commit)
from 0fb2815b873304d145ed00283454fc9f3bd35e6b (commit)
- Log -----------------------------------------------------------------
commit fcd2d5a6121ad3e5e65edc714ad99fc36f609f81
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Nov 29 23:05:03 2018 +0000
Refactor the computation of API version limits
Previously, the API version limit was indicated with a numeric version
number. This was "natural" in the pre-3.0.0 because the version was
this simple number.
With 3.0.0, the version is divided into three separate numbers, and
it's only the major number that counts, but we still need to be able
to support pre-3.0.0 version limits.
Therefore, we allow OPENSSL_API_COMPAT to be defined with a pre-3.0.0
style numeric version number or with a simple major number, i.e. can
be defined like this for any application:
-D OPENSSL_API_COMPAT=0x10100000L
-D OPENSSL_API_COMPAT=3
Since the pre-3.0.0 numerical version numbers are high, it's easy to
distinguish between a simple major number and a pre-3.0.0 numerical
version number and to thereby support both forms at the same time.
Internally, we define the following macros depending on the value of
OPENSSL_API_COMPAT:
OPENSSL_API_0_9_8
OPENSSL_API_1_0_0
OPENSSL_API_1_1_0
OPENSSL_API_3
They indicate that functions marked for deprecation in the
corresponding major release shall not be built if defined.
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
commit 0695b193428b25b9fbb905ab5b913e69384e2554
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Nov 29 11:03:03 2018 +0000
util/find-doc-nits: allow #undef
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
commit 478d4f912c001f18717d1364132184ff9d31f944
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Sep 27 16:15:54 2018 +0200
include/openssl/opensslconf.h.in: allow future deprecation for v4.0
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
commit db2f2d49b90a7738804e1af9d11e1010be37ee11
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Sep 27 16:14:45 2018 +0200
Configure: allow building without things deprecated up to and including v3.0
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
commit 3a63dbef15b62b121c5df8762f8cb915fb06b27a
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Sep 27 15:56:35 2018 +0200
Switch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev
We're strictly use version numbers of the form MAJOR.MINOR.PATCH.
Letter releases are things of days past.
The most central change is that we now express the version number with
three macros, one for each part of the version number:
OPENSSL_VERSION_MAJOR
OPENSSL_VERSION_MINOR
OPENSSL_VERSION_PATCH
We also provide two additional macros to express pre-release and build
metadata information (also specified in semantic versioning):
OPENSSL_VERSION_PRE_RELEASE
OPENSSL_VERSION_BUILD_METADATA
To get the library's idea of all those values, we introduce the
following functions:
unsigned int OPENSSL_version_major(void);
unsigned int OPENSSL_version_minor(void);
unsigned int OPENSSL_version_patch(void);
const char *OPENSSL_version_pre_release(void);
const char *OPENSSL_version_build_metadata(void);
Additionally, for shared library versioning (which is out of scope in
semantic versioning, but that we still need):
OPENSSL_SHLIB_VERSION
We also provide a macro that contains the release date. This is not
part of the version number, but is extra information that we want to
be able to display:
OPENSSL_RELEASE_DATE
Finally, also provide the following convenience functions:
const char *OPENSSL_version_text(void);
const char *OPENSSL_version_text_full(void);
The following macros and functions are deprecated, and while currently
existing for backward compatibility, they are expected to disappear:
OPENSSL_VERSION_NUMBER
OPENSSL_VERSION_TEXT
OPENSSL_VERSION
OpenSSL_version_num()
OpenSSL_version()
Also, this function is introduced to replace OpenSSL_version() for all
indexes except for OPENSSL_VERSION:
OPENSSL_info()
For configuration, the option 'newversion-only' is added to disable all
the macros and functions that are mentioned as deprecated above.
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
commit 672f943ad6c6d16b1f65a77b8e2c83c8f44a112b
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Sep 27 15:40:03 2018 +0200
Switch future deprecation version from 1.2.0 to 3.0
This is in preparation for a switch to MAJOR.MINOR.PATCH versioning
and calling the next major version 3.0.0.
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
commit 2284f64c871c2f7611678dba6eadd1989cee9981
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Sep 27 15:29:29 2018 +0200
util/mkdef.pl: prepare for DEPRECATEDIN_X
This is in preparation for new versioning scheme, where the
recommendation is to start deprecations at major version boundary.
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 23 +++-
Configurations/descrip.mms.tmpl | 7 +-
Configurations/unix-Makefile.tmpl | 7 +-
Configurations/windows-makefile.tmpl | 4 +-
Configure | 65 +++++-----
NEWS | 4 +-
README | 2 +-
VMS/openssl_shutdown.com.in | 2 +-
VMS/openssl_startup.com.in | 2 +-
apps/speed.c | 4 +-
apps/version.c | 3 +-
build.info | 11 +-
crypto/asn1/asn1_item_list.h | 4 +-
crypto/asn1/asn1_lib.c | 2 +-
crypto/asn1/x_long.c | 2 +-
crypto/bio/b_sock.c | 6 +-
crypto/bn/bn_depr.c | 2 +-
crypto/bn/bn_lib.c | 2 +-
crypto/conf/conf_sap.c | 2 +-
crypto/cversion.c | 31 +++++
crypto/dh/dh_depr.c | 2 +-
crypto/dsa/dsa_depr.c | 2 +-
crypto/dsa/dsa_sign.c | 2 +-
crypto/ec/ec_lib.c | 6 +-
crypto/ec/ec_oct.c | 2 +-
crypto/ec/ecdh_kdf.c | 2 +-
crypto/engine/eng_all.c | 3 +-
crypto/err/err.c | 4 +-
crypto/evp/e_old.c | 2 +-
crypto/hmac/hmac.c | 2 +-
crypto/pkcs12/p12_sbag.c | 2 +-
crypto/rand/rand_lib.c | 2 +-
crypto/rand/rand_win.c | 2 +-
crypto/rsa/rsa_depr.c | 2 +-
crypto/srp/srp_vfy.c | 2 +-
crypto/x509/x509cset.c | 2 +-
doc/man3/EVP_PKEY_supports_digest_nid.pod | 2 +-
doc/man3/OPENSSL_VERSION_NUMBER.pod | 113 -----------------
doc/man3/OPENSSL_config.pod | 6 +-
doc/man3/OpenSSL_version.pod | 191 ++++++++++++++++++++++++++++
doc/man3/RAND_cleanup.pod | 6 +-
doc/man7/openssl_user_macros.pod.in | 39 +++++-
engines/e_padlock.c | 13 --
fuzz/asn1.c | 4 +-
include/openssl/asn1.h | 2 +-
include/openssl/asn1t.h | 2 +-
include/openssl/bio.h | 2 +-
include/openssl/bn.h | 6 +-
include/openssl/comp.h | 2 +-
include/openssl/conf.h | 4 +-
include/openssl/crypto.h | 32 ++---
include/openssl/dh.h | 4 +-
include/openssl/dsa.h | 6 +-
include/openssl/ec.h | 94 +++++++-------
include/openssl/engine.h | 6 +-
include/openssl/err.h | 2 +-
include/openssl/evp.h | 6 +-
include/openssl/hmac.h | 2 +-
include/openssl/idea.h | 2 +-
include/openssl/lhash.h | 2 +-
include/openssl/objects.h | 2 +-
include/openssl/opensslconf.h.in | 96 ++++++++++----
include/openssl/opensslv.h | 200 ++++++++++++++++++------------
include/openssl/pkcs12.h | 2 +-
include/openssl/rand.h | 2 +-
include/openssl/rand_drbg.h | 2 +-
include/openssl/rsa.h | 6 +-
include/openssl/ssl.h | 16 +--
include/openssl/stack.h | 2 +-
include/openssl/tls1.h | 2 +-
include/openssl/ui.h | 4 +-
include/openssl/x509.h | 6 +-
include/openssl/x509_vfy.h | 6 +-
include/openssl/x509v3.h | 2 +-
ssl/methods.c | 2 +-
ssl/ssl_lib.c | 2 +-
test/asn1_decode_test.c | 4 +-
test/asn1_encode_test.c | 6 +-
test/recipes/80-test_cipherlist.t | 2 +-
test/recipes/90-test_shlibload.t | 3 +-
test/shlibloadtest.c | 39 +++---
test/versions.c | 5 +-
util/find-doc-nits | 2 +-
util/libcrypto.num | 91 +++++++-------
util/mkdef.pl | 18 +--
util/mkrc.pl | 32 +----
util/perl/OpenSSL/Ordinals.pm | 8 +-
util/perl/OpenSSL/ParseC.pm | 18 +--
util/perl/OpenSSL/Test.pm | 11 +-
util/private.num | 9 +-
90 files changed, 798 insertions(+), 574 deletions(-)
delete mode 100644 doc/man3/OPENSSL_VERSION_NUMBER.pod
create mode 100644 doc/man3/OpenSSL_version.pod
diff --git a/CHANGES b/CHANGES
index c554575..ab56f9b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,7 +7,28 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
- Changes between 1.1.1 and 1.1.2 [xx XXX xxxx]
+ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
+
+ *) Change the possible version information given with OPENSSL_API_COMPAT.
+ It may be a pre-3.0.0 style numerical version number as it was defined
+ in 1.1.0, and it may also simply take the major version number.
+
+ Because of the version numbering of pre-3.0.0 releases, the values 0,
+ 1 and 2 are equivalent to 0x00908000L (0.9.8), 0x10000000L (1.0.0) and
+ 0x10100000L (1.1.0), respectively.
+ [Richard Levitte]
+
+ *) Switch to a new version scheme using three numbers MAJOR.MINOR.PATCH.
+
+ o Major releases (indicated by incrementing the MAJOR release number)
+ may introduce incompatible API/ABI changes.
+ o Minor releases (indicated by incrementing the MINOR release number)
+ may introduce new features but retain API/ABI compatibility.
+ o Patch releases (indicated by incrementing the PATCH number)
+ are intended for bug fixes and other improvements of existing
+ features only (like improving performance or adding documentation)
+ and retain API/ABI compatibility.
+ [Richard Levitte]
*) Remove the 'dist' target and add a tarball building script. The
'dist' target has fallen out of use, and it shouldn't be
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index c6a31c8..4215fe9 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -104,13 +104,10 @@ BLDDIR={- $config{builddir} -}
# to testing.
VERBOSE=$(V)
-VERSION={- $config{version} -}
+VERSION={- "$config{major}.$config{minor}.$config{patch}$config{prerelease}$config{build_metadata}" -}
MAJOR={- $config{major} -}
MINOR={- $config{minor} -}
-SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
-SHLIB_VERSION_HISTORY={- $config{shlib_version_history} -}
-SHLIB_MAJOR={- $config{shlib_major} -}
-SHLIB_MINOR={- $config{shlib_minor} -}
+SHLIB_VERSION_NUMBER={- $config{shlib_version} -}
SHLIB_TARGET={- $target{shared_target} -}
EXE_EXT=.EXE
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index ecdd0c1..c0e6d52 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -88,13 +88,10 @@ CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -})
SRCDIR={- $config{sourcedir} -}
BLDDIR={- $config{builddir} -}
-VERSION={- $config{version} -}
+VERSION={- "$config{major}.$config{minor}.$config{patch}$config{prerelease}$config{build_metadata}" -}
MAJOR={- $config{major} -}
MINOR={- $config{minor} -}
-SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
-SHLIB_VERSION_HISTORY={- $config{shlib_version_history} -}
-SHLIB_MAJOR={- $config{shlib_major} -}
-SHLIB_MINOR={- $config{shlib_minor} -}
+SHLIB_VERSION_NUMBER={- $config{shlib_version} -}
SHLIB_TARGET={- $target{shared_target} -}
SHLIB_EXT={- $shlibext -}
SHLIB_EXT_SIMPLE={- $shlibextsimple -}
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index e1426cc..8b3914d 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -71,11 +71,11 @@ PLATFORM={- $config{target} -}
SRCDIR={- $config{sourcedir} -}
BLDDIR={- $config{builddir} -}
-VERSION={- $config{version} -}
+VERSION={- "$config{major}.$config{minor}.$config{patch}$config{prerelease}$config{build_metadata}" -}
MAJOR={- $config{major} -}
MINOR={- $config{minor} -}
-SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
+SHLIB_VERSION_NUMBER={- $config{shlib_version} -}
LIBS={- join(" ", map { ( shlib_import($_), lib($_) ) } @{$unified_info{libraries}}) -}
SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
diff --git a/Configure b/Configure
index 65bbec1..5c67591 100755
--- a/Configure
+++ b/Configure
@@ -43,8 +43,9 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
#
# --cross-compile-prefix Add specified prefix to binutils components.
#
-# --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for
-# interfaces deprecated as of the specified OpenSSL version.
+# --api One of 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, or 3.0.0 / 3.
+# Do not compile support for interfaces deprecated as of the
+# specified OpenSSL version.
#
# no-hw-xxx do not compile support for specific crypto hardware.
# Generic OpenSSL-style methods relating to this support
@@ -173,11 +174,15 @@ our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
#
# API compatibility name to version number mapping.
#
-my $maxapi = "1.1.0"; # API for "no-deprecated" builds
+my $maxapi = "3.0.0"; # API for "no-deprecated" builds
my $apitable = {
- "1.1.0" => "0x10100000L",
- "1.0.0" => "0x10000000L",
- "0.9.8" => "0x00908000L",
+ "3.0.0" => 3,
+ "1.1.1" => 2,
+ "1.1.0" => 2,
+ "1.0.2" => 1,
+ "1.0.1" => 1,
+ "1.0.0" => 1,
+ "0.9.8" => 0,
};
our %table = ();
@@ -242,28 +247,34 @@ if (grep /^reconf(igure)?$/, @argvcopy) {
$config{perlargv} = [ @argvcopy ];
# Collect version numbers
-$config{version} = "unknown";
-$config{version_num} = "unknown";
-$config{shlib_version_number} = "unknown";
-$config{shlib_version_history} = "unknown";
+$config{major} = "unknown";
+$config{minor} = "unknown";
+$config{patch} = "unknown";
+$config{prerelease} = "";
+$config{build_metadata} = "";
+$config{shlib_version} = "unknown";
collect_information(
collect_from_file(catfile($srcdir,'include/openssl/opensslv.h')),
- qr/OPENSSL.VERSION.TEXT.*OpenSSL (\S+) / => sub { $config{version} = $1; },
- qr/OPENSSL.VERSION.NUMBER.*(0x\S+)/ => sub { $config{version_num}=$1 },
- qr/SHLIB_VERSION_NUMBER *"([^"]+)"/ => sub { $config{shlib_version_number}=$1 },
- qr/SHLIB_VERSION_HISTORY *"([^"]*)"/ => sub { $config{shlib_version_history}=$1 }
+ qr/#\s+define\s+OPENSSL_VERSION_MAJOR\s+(\d+)/ =>
+ sub { $config{major} = $1; },
+ qr/#\s+define\s+OPENSSL_VERSION_MINOR\s+(\d+)/ =>
+ sub { $config{minor} = $1; },
+ qr/#\s+define\s+OPENSSL_VERSION_PATCH\s+(\d+)/ =>
+ sub { $config{patch} = $1; },
+ qr/#\s+define\s+OPENSSL_VERSION_PRE_RELEASE\s+"((?:\\.|[^"])*)"/ =>
+ sub { $config{prerelease} = $1; },
+ qr/#\s+define\s+OPENSSL_VERSION_BUILD_METADATA\s+"((?:\\.|[^"])*)"/ =>
+ sub { $config{build_metadata} = $1; },
+ qr/#\s+define\s+OPENSSL_SHLIB_VERSION\s+([\d\.]+)/ =>
+ sub { $config{shlib_version} = $1; },
);
-if ($config{shlib_version_history} ne "") { $config{shlib_version_history} .= ":"; }
-
-($config{major}, $config{minor})
- = ($config{version} =~ /^([0-9]+)\.([0-9\.]+)/);
-($config{shlib_major}, $config{shlib_minor})
- = ($config{shlib_version_number} =~ /^([0-9]+)\.([0-9\.]+)/);
die "erroneous version information in opensslv.h: ",
- "$config{major}, $config{minor}, $config{shlib_major}, $config{shlib_minor}\n"
- if ($config{major} eq "" || $config{minor} eq ""
- || $config{shlib_major} eq "" || $config{shlib_minor} eq "");
+ "$config{major}.$config{minor}.$config{patch}, $config{shlib_version}\n"
+ if ($config{major} eq "unknown"
+ || $config{minor} eq "unknown"
+ || $config{patch} eq "unknown"
+ || $config{shlib_version} eq "unknown");
# Collect target configurations
@@ -1487,11 +1498,9 @@ $config{cflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x }
$config{cxxflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x }
@{$config{cxxflags}} ] if $config{CXX};
-if (defined($config{api})) {
- $config{openssl_api_defines} = [ "OPENSSL_MIN_API=".$apitable->{$config{api}} ];
- my $apiflag = sprintf("OPENSSL_API_COMPAT=%s", $apitable->{$config{api}});
- push @{$config{defines}}, $apiflag;
-}
+$config{openssl_api_defines} = [
+ "OPENSSL_MIN_API=".($apitable->{$config{api} // ""} // -1)
+];
if ($strict_warnings)
{
diff --git a/NEWS b/NEWS
index df16b78..7ac249e 100644
--- a/NEWS
+++ b/NEWS
@@ -5,8 +5,10 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.2 [under development]
+ Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development]
+ o Changed our version number scheme and set the next major release to
+ 3.0.0
o Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC
bridge.
diff --git a/README b/README
index 6818807..fe3f980 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
- OpenSSL 1.1.2-dev
+ OpenSSL 3.0.0-dev
Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/VMS/openssl_shutdown.com.in b/VMS/openssl_shutdown.com.in
index fd4e3d5..c3b8de8 100644
--- a/VMS/openssl_shutdown.com.in
+++ b/VMS/openssl_shutdown.com.in
@@ -26,7 +26,7 @@ $ ENDIF
$
$ ! Abbrevs
$ DEAS := DEASSIGN /NOLOG 'P1'
-$ sv := {- sprintf "%02d%02d", split m|\.|, $config{shlib_version_number} -}
+$ sv := {- sprintf "%02d%02d", split m|\.|, $config{shlib_version} -}
$ pz := {- $config{pointer_size} -}
$
$ DEAS OSSL$DATAROOT
diff --git a/VMS/openssl_startup.com.in b/VMS/openssl_startup.com.in
index 9e6e1c0..a6624eb 100644
--- a/VMS/openssl_startup.com.in
+++ b/VMS/openssl_startup.com.in
@@ -88,7 +88,7 @@ $
$ ! Abbrevs
$ DEFT := DEFINE /TRANSLATION=CONCEALED /NOLOG 'P1'
$ DEF := DEFINE /NOLOG 'P1'
-$ sv := {- sprintf "%02d%02d", split m|\.|, $config{shlib_version_number} -}
+$ sv := {- sprintf "%02d%02d", split m|\.|, $config{shlib_version} -}
$ pz := {- $config{pointer_size} -}
$
$ DEFT OSSL$DATAROOT 'OPENSSLDIR_']
diff --git a/apps/speed.c b/apps/speed.c
index 833bb9b..08ddad0 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -3223,8 +3223,8 @@ int speed_main(int argc, char **argv)
show_res:
#endif
if (!mr) {
- printf("%s\n", OpenSSL_version(OPENSSL_VERSION));
- printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
+ printf("version: %s\n", OpenSSL_version(OPENSSL_FULL_VERSION_STRING));
+ printf("built on: %s\n", OpenSSL_version(OPENSSL_BUILT_ON));
printf("options:");
printf("%s ", BN_options());
#ifndef OPENSSL_NO_MD2
diff --git a/apps/version.c b/apps/version.c
index 2aca163..515a107 100644
--- a/apps/version.c
+++ b/apps/version.c
@@ -118,7 +118,8 @@ opthelp:
version = 1;
if (version) {
- if (OpenSSL_version_num() == OPENSSL_VERSION_NUMBER)
+ if (strcmp(OpenSSL_version(OPENSSL_FULL_VERSION_STRING),
+ OPENSSL_FULL_VERSION_STR) == 0)
printf("%s\n", OpenSSL_version(OPENSSL_VERSION));
else
printf("%s (Library: %s)\n",
diff --git a/build.info b/build.info
index c2ed667..afcb772 100644
--- a/build.info
+++ b/build.info
@@ -3,14 +3,11 @@
SUBDIRS=crypto ssl apps test util tools fuzz engines
{-
- use File::Spec::Functions;
-
- our $sover = $config{shlib_version_number};
- our $sover_filename = $sover;
- $sover_filename =~ s|\.|_|g
+ my @sover = split(/\./, $config{shlib_version});
+ our $sover_filename;
+ $sover_filename = join('.', @sover)
if $config{target} =~ /^mingw/ || $config{target} =~ /^VC-/;
- $sover_filename =
- sprintf "%02d%02d", split m|\.|, $config{shlib_version_number}
+ $sover_filename = join('', map { sprintf "%02d", $_ } @sover)
if $config{target} =~ /^vms/;
"";
-}
diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h
index db8107e..1892a26 100644
--- a/crypto/asn1/asn1_item_list.h
+++ b/crypto/asn1/asn1_item_list.h
@@ -78,7 +78,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = {
ASN1_ITEM_ref(IPAddressRange),
#endif
ASN1_ITEM_ref(ISSUING_DIST_POINT),
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
ASN1_ITEM_ref(LONG),
#endif
ASN1_ITEM_ref(NAME_CONSTRAINTS),
@@ -164,7 +164,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = {
ASN1_ITEM_ref(X509_SIG),
ASN1_ITEM_ref(X509_VAL),
ASN1_ITEM_ref(X509),
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
ASN1_ITEM_ref(ZLONG),
#endif
ASN1_ITEM_ref(INT32),
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 88c4b53..f2ba4bc 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -383,7 +383,7 @@ const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
return x->data;
}
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
unsigned char *ASN1_STRING_data(ASN1_STRING *x)
{
return x->data;
diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
index bf9371e..1c622cf 100644
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
@@ -11,7 +11,7 @@
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
-#if !(OPENSSL_API_COMPAT < 0x10200000L)
+#if OPENSSL_API_3
NON_EMPTY_TRANSLATION_UNIT
#else
diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
index e7a24d0..df51546 100644
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -24,7 +24,7 @@
static int wsa_init_done = 0;
# endif
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
int BIO_get_host_ip(const char *str, unsigned char *ip)
{
BIO_ADDRINFO *res = NULL;
@@ -103,7 +103,7 @@ int BIO_sock_error(int sock)
return j;
}
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
struct hostent *BIO_gethostbyname(const char *name)
{
/*
@@ -196,7 +196,7 @@ int BIO_socket_ioctl(int fd, long type, void *arg)
return i;
}
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
int BIO_get_accept_socket(char *host, int bind_mode)
{
int s = INVALID_SOCKET;
diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c
index 7d89214..8c30c21 100644
--- a/crypto/bn/bn_depr.c
+++ b/crypto/bn/bn_depr.c
@@ -13,7 +13,7 @@
*/
#include <openssl/opensslconf.h>
-#if OPENSSL_API_COMPAT >= 0x00908000L
+#if OPENSSL_API_0_9_8
NON_EMPTY_TRANSLATION_UNIT
#else
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 040c4cd..b6893af 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -15,7 +15,7 @@
#include "internal/constant_time_locl.h"
/* This stuff appears to be completely unused, so is deprecated */
-#if OPENSSL_API_COMPAT < 0x00908000L
+#if !OPENSSL_API_0_9_8
/*-
* For a 32 bit machine
* 2 - 4 == 128
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index 3d2e065..2b3e23e 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -27,7 +27,7 @@
static int openssl_configured = 0;
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
void OPENSSL_config(const char *appname)
{
OPENSSL_INIT_SETTINGS settings;
diff --git a/crypto/cversion.c b/crypto/cversion.c
index 534e7eb..b3fc30d 100644
--- a/crypto/cversion.c
+++ b/crypto/cversion.c
@@ -11,16 +11,47 @@
#include "buildinf.h"
+#if !OPENSSL_API_3
unsigned long OpenSSL_version_num(void)
{
return OPENSSL_VERSION_NUMBER;
}
+#endif
+
+unsigned int OPENSSL_version_major(void)
+{
+ return OPENSSL_VERSION_MAJOR;
+}
+
+unsigned int OPENSSL_version_minor(void)
+{
+ return OPENSSL_VERSION_MINOR;
+}
+
+unsigned int OPENSSL_version_patch(void)
+{
+ return OPENSSL_VERSION_PATCH;
+}
+
+const char *OPENSSL_version_pre_release(void)
+{
+ return OPENSSL_VERSION_PRE_RELEASE_STR;
+}
+
+const char *OPENSSL_version_build_metadata(void)
+{
+ return OPENSSL_VERSION_BUILD_METADATA_STR;
+}
const char *OpenSSL_version(int t)
{
switch (t) {
case OPENSSL_VERSION:
return OPENSSL_VERSION_TEXT;
+ case OPENSSL_VERSION_STRING:
+ return OPENSSL_VERSION_STR;
+ case OPENSSL_FULL_VERSION_STRING:
+ return OPENSSL_FULL_VERSION_STR;
case OPENSSL_BUILT_ON:
return DATE;
case OPENSSL_CFLAGS:
diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c
index f8ed1b7..f2ccde4 100644
--- a/crypto/dh/dh_depr.c
+++ b/crypto/dh/dh_depr.c
@@ -10,7 +10,7 @@
/* This file contains deprecated functions as wrappers to the new ones */
#include <openssl/opensslconf.h>
-#if OPENSSL_API_COMPAT >= 0x00908000L
+#if OPENSSL_API_0_9_8
NON_EMPTY_TRANSLATION_UNIT
#else
diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c
index f51aea7..f5526a6 100644
--- a/crypto/dsa/dsa_depr.c
+++ b/crypto/dsa/dsa_depr.c
@@ -20,7 +20,7 @@
#define xxxHASH EVP_sha1()
#include <openssl/opensslconf.h>
-#if OPENSSL_API_COMPAT >= 0x00908000L
+#if OPENSSL_API_0_9_8
NON_EMPTY_TRANSLATION_UNIT
#else
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index e9466b2..034b2fc 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -16,7 +16,7 @@ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
}
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index b89e397..f111ffa 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -435,7 +435,7 @@ int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
return group->meth->group_get_curve(group, p, a, b, ctx);
}
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
@@ -726,7 +726,7 @@ int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
return 1;
}
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
EC_POINT *point, const BIGNUM *x,
const BIGNUM *y, BN_CTX *ctx)
@@ -764,7 +764,7 @@ int EC_POINT_get_affine_coordinates(const EC_GROUP *group,
return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
}
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
const EC_POINT *point, BIGNUM *x,
BIGNUM *y, BN_CTX *ctx)
diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c
index 522f79e..12f476d 100644
--- a/crypto/ec/ec_oct.c
+++ b/crypto/ec/ec_oct.c
@@ -49,7 +49,7 @@ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
y_bit, ctx);
}
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
EC_POINT *point, const BIGNUM *x,
int y_bit, BN_CTX *ctx)
diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c
index c21e788..1d260b5 100644
--- a/crypto/ec/ecdh_kdf.c
+++ b/crypto/ec/ecdh_kdf.c
@@ -72,7 +72,7 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
* The old name for ecdh_KDF_X9_63
* Retained for ABI compatibility
*/
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
const unsigned char *sinfo, size_t sinfolen,
diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
index af306cc..ef82947 100644
--- a/crypto/engine/eng_all.c
+++ b/crypto/engine/eng_all.c
@@ -18,7 +18,8 @@ void ENGINE_load_builtin_engines(void)
OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
}
-#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) && OPENSSL_API_COMPAT < 0x10100000L
+#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) \
+ && !OPENSSL_API_1_1_0
void ENGINE_setup_bsd_cryptodev(void)
{
}
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 66a60e9..da1b90d 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -672,13 +672,13 @@ void err_delete_thread_state(void)
ERR_STATE_free(state);
}
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
void ERR_remove_thread_state(void *dummy)
{
}
#endif
-#if OPENSSL_API_COMPAT < 0x10000000L
+#if !OPENSSL_API_1_0_0
void ERR_remove_state(unsigned long pid)
{
}
diff --git a/crypto/evp/e_old.c b/crypto/evp/e_old.c
index 927908f..ffce916 100644
--- a/crypto/evp/e_old.c
+++ b/crypto/evp/e_old.c
@@ -8,7 +8,7 @@
*/
#include <openssl/opensslconf.h>
-#if OPENSSL_API_COMPAT >= 0x00908000L
+#if OPENSSL_API_0_9_8
NON_EMPTY_TRANSLATION_UNIT
#else
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index e4031b4..eec54d5 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -79,7 +79,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
return rv;
}
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
{
if (key && md)
diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c
index a09c5b9..ee28981 100644
--- a/crypto/pkcs12/p12_sbag.c
+++ b/crypto/pkcs12/p12_sbag.c
@@ -12,7 +12,7 @@
#include <openssl/pkcs12.h>
#include "p12_lcl.h"
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
{
return PKCS12_get_attr_gen(bag->attrib, attr_nid);
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index d8639c4..d2f5be1 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -838,7 +838,7 @@ int RAND_bytes(unsigned char *buf, int num)
return -1;
}
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
int RAND_pseudo_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index d2039eb..f8f371c 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -156,7 +156,7 @@ int rand_pool_add_additional_data(RAND_POOL *pool)
return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
}
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
{
RAND_poll();
diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c
index 21e0562..4e9b709 100644
--- a/crypto/rsa/rsa_depr.c
+++ b/crypto/rsa/rsa_depr.c
@@ -13,7 +13,7 @@
*/
#include <openssl/opensslconf.h>
-#if OPENSSL_API_COMPAT >= 0x00908000L
+#if OPENSSL_API_0_9_8
NON_EMPTY_TRANSLATION_UNIT
#else
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index bfe517b..814f042 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -525,7 +525,7 @@ int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd)
return 1;
}
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
/*
* DEPRECATED: use SRP_VBASE_get1_by_user instead.
* This method ignores the configured seed and fails for an unknown user.
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index 7645ce3..99f730f 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -91,7 +91,7 @@ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl)
return crl->crl.nextUpdate;
}
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
{
return crl->crl.lastUpdate;
diff --git a/doc/man3/EVP_PKEY_supports_digest_nid.pod b/doc/man3/EVP_PKEY_supports_digest_nid.pod
index 4f0882c..48a75f8 100644
--- a/doc/man3/EVP_PKEY_supports_digest_nid.pod
+++ b/doc/man3/EVP_PKEY_supports_digest_nid.pod
@@ -39,7 +39,7 @@ L<EVP_PKEY_verify_recover(3)>,
=head1 HISTORY
-This function was first added to OpenSSL 1.1.2.
+This function was first added to OpenSSL 3.0.0.
=head1 COPYRIGHT
diff --git a/doc/man3/OPENSSL_VERSION_NUMBER.pod b/doc/man3/OPENSSL_VERSION_NUMBER.pod
deleted file mode 100644
index 55a55c7..0000000
--- a/doc/man3/OPENSSL_VERSION_NUMBER.pod
+++ /dev/null
@@ -1,113 +0,0 @@
-=pod
-
-=head1 NAME
-
-OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version,
-OpenSSL_version_num - get OpenSSL version number
-
-=head1 SYNOPSIS
-
- #include <openssl/opensslv.h>
- #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
- #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx"
-
- #include <openssl/crypto.h>
-
- unsigned long OpenSSL_version_num();
- const char *OpenSSL_version(int t);
-
-=head1 DESCRIPTION
-
-OPENSSL_VERSION_NUMBER is a numeric release version identifier:
-
- MNNFFPPS: major minor fix patch status
-
-The status nibble has one of the values 0 for development, 1 to e for betas
-1 to 14, and f for release.
-
-for example
-
- 0x000906000 == 0.9.6 dev
- 0x000906023 == 0.9.6b beta 3
- 0x00090605f == 0.9.6e release
-
-Versions prior to 0.9.3 have identifiers E<lt> 0x0930.
-Versions between 0.9.3 and 0.9.5 had a version identifier with this
-interpretation:
-
- MMNNFFRBB major minor fix final beta/patch
-
-for example
-
- 0x000904100 == 0.9.4 release
- 0x000905000 == 0.9.5 dev
-
-Version 0.9.5a had an interim interpretation that is like the current one,
-except the patch level got the highest bit set, to keep continuity. The
-number was therefore 0x0090581f.
-
-OPENSSL_VERSION_TEXT is the text variant of the version number and the
-release date. For example,
-"OpenSSL 1.0.1a 15 Oct 2015".
-
-OpenSSL_version_num() returns the version number.
-
-OpenSSL_version() returns different strings depending on B<t>:
-
-=over 4
-
-=item OPENSSL_VERSION
-
-The text variant of the version number and the release date. For example,
-"OpenSSL 1.0.1a 15 Oct 2015".
-
-=item OPENSSL_CFLAGS
-
-The compiler flags set for the compilation process in the form
-"compiler: ..." if available or "compiler: information not available"
-otherwise.
-
-=item OPENSSL_BUILT_ON
-
-The date of the build process in the form "built on: ..." if available
-or "built on: date not available" otherwise.
-
-=item OPENSSL_PLATFORM
-
-The "Configure" target of the library build in the form "platform: ..."
-if available or "platform: information not available" otherwise.
-
-=item OPENSSL_DIR
-
-The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "...""
-if available or "OPENSSLDIR: N/A" otherwise.
-
-=item OPENSSL_ENGINES_DIR
-
-The "ENGINESDIR" setting of the library build in the form "ENGINESDIR: "...""
-if available or "ENGINESDIR: N/A" otherwise.
-
-=back
-
-For an unknown B<t>, the text "not available" is returned.
-
-=head1 RETURN VALUES
-
-OpenSSL_version_num() returns the version number.
-
-OpenSSL_version() returns requested version strings.
-
-=head1 SEE ALSO
-
-L<crypto(7)>
-
-=head1 COPYRIGHT
-
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the OpenSSL license (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
diff --git a/doc/man3/OPENSSL_config.pod b/doc/man3/OPENSSL_config.pod
index 6294ee1..453c32b 100644
--- a/doc/man3/OPENSSL_config.pod
+++ b/doc/man3/OPENSSL_config.pod
@@ -8,10 +8,12 @@ OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions
#include <openssl/conf.h>
- #if OPENSSL_API_COMPAT < 0x10100000L
+Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
void OPENSSL_config(const char *appname);
void OPENSSL_no_config(void);
- #endif
=head1 DESCRIPTION
diff --git a/doc/man3/OpenSSL_version.pod b/doc/man3/OpenSSL_version.pod
new file mode 100644
index 0000000..cf5794a
--- /dev/null
+++ b/doc/man3/OpenSSL_version.pod
@@ -0,0 +1,191 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR, OPENSSL_VERSION_PATCH,
+OPENSSL_VERSION_PRE_RELEASE, OPENSSL_VERSION_BUILD_METADATA,
+OPENSSL_VERSION_PRE_RELEASE_STR, OPENSSL_VERSION_BUILD_METADATA_STR,
+OPENSSL_VERSION_TEXT,
+OPENSSL_version_major, OPENSSL_version_minor, OPENSSL_version_patch,
+OPENSSL_version_pre_release, OPENSSL_version_build_metadata, OpenSSL_version,
+OPENSSL_VERSION_NUMBER, OpenSSL_version_num
+- get OpenSSL version number
+
+=head1 SYNOPSIS
+
+ #include <openssl/opensslv.h>
+
+ #define OPENSSL_VERSION_MAJOR x
+ #define OPENSSL_VERSION_MINOR y
+ #define OPENSSL_VERSION_PATCH z
+
+ /* The definitions here are typical release values */
+ #undef OPENSSL_VERSION_PRE_RELEASE
+ #undef OPENSSL_VERSION_BUILD_METADATA
+ #define OPENSSL_VERSION_PRE_RELEASE_STR ""
+ #define OPENSSL_VERSION_BUILD_METADATA_STR ""
+
+ #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx"
+
+ unsigned int OPENSSL_version_major(void);
+ unsigned int OPENSSL_version_minor(void);
+ unsigned int OPENSSL_version_patch(void);
+ const char *OPENSSL_version_pre_release(void);
+ const char *OPENSSL_version_build_metadata(void);
+
+ #include <openssl/crypto.h>
+
+ const char *OpenSSL_version(int t);
+
+Deprecated:
+
+ /* from openssl/opensslv.h */
+ #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
+
+ /* from openssl/crypto.h */
+ unsigned long OpenSSL_version_num();
+
+=head1 DESCRIPTION
+
+=head2 Macros
+
+The three macros B<OPENSSL_VERSION_MAJOR>, B<OPENSSL_VERSION_MINOR> and
+B<OPENSSL_VERSION_PATCH> represent the three parts of a 3 numbered version
+number, MAJOR.MINOR.PATCH.
+
+The macro B<OPENSSL_VERSION_PRE_RELEASE> is an added bit of text that,
+when defined, indicates that this is a pre-release version, such as
+C<"-dev"> for an ongoing development snapshot, C<"-alpha3"> for an
+alpha release, etc...
+The value must be a string.
+
+The macro B<OPENSSL_VERSION_BUILD_METADATA> is extra metadata, reserved
+for other parties (examples: C<"+fips">, C<"+vendor.1">).
+The OpenSSL project will not touch this macro.
+The value must be a string.
+
+B<OPENSSL_VERSION_STR> is a convenience macro to get the short version
+number string, "MAJOR.MINOR.PATCH".
+
+B<OPENSSL_FULL_VERSION_STR> is a convenience macro to get the longer
+version number string, which combines B<OPENSSL_VERSION_STR>,
+B<OPENSSL_VERSION_PRE_RELEASE> and B<OPENSSL_VERSION_BUILD_METADATA>.
+
+B<OPENSSL_VERSION_TEXT> is a convenience macro to get a full descriptive
+version text, which includes B<OPENSSL_FULL_VERSION_STR> and the release
+date.
+
+=head2 Functions
+
+OPENSSL_version_major(), OPENSSL_version_minor(), OPENSSL_version_patch(),
+OPENSSL_version_pre_release(), and OPENSSL_version_build_metadata() return
+the values of the macros above for the build of the library, respectively.
+
+OpenSSL_version() returns different strings depending on B<t>:
+
+=over 4
+
+=item OPENSSL_VERSION
+
+The value of B<OPENSSL_VERSION_TEXT>
+
+=item OPENSSL_VERSION_STRING
+
+The value of B<OPENSSL_VERSION_STR>
+
+=item OPENSSL_FULL_VERSION_STRING
+
+The value of B<OPENSSL_FULL_VERSION_STR>
+
+=item OPENSSL_CFLAGS
+
+The compiler flags set for the compilation process in the form
+"compiler: ..." if available or "compiler: information not available"
+otherwise.
+
+=item OPENSSL_BUILT_ON
+
+The date of the build process in the form "built on: ..." if available
+or "built on: date not available" otherwise.
+
+=item OPENSSL_PLATFORM
+
+The "Configure" target of the library build in the form "platform: ..."
+if available or "platform: information not available" otherwise.
+
+=item OPENSSL_DIR
+
+The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "...""
+if available or "OPENSSLDIR: N/A" otherwise.
+
+=item OPENSSL_ENGINES_DIR
+
+The "ENGINESDIR" setting of the library build in the form "ENGINESDIR: "...""
+if available or "ENGINESDIR: N/A" otherwise.
+
+=back
+
+For an unknown B<t>, the text "not available" is returned.
+
+=head1 BACKWARD COMPATIBILITY
+
+For compatibility, some older macros and functions are retained or
+synthesised.
+They are all considered deprecated.
+
+=head2 Macros
+
+B<OPENSSL_VERSION_NUMBER> is a combination of the major, minor and
+patch version into a single integer 0xMNN00PP0L, where:
+
+=over 4
+
+=item M
+
+is the number from B<OPENSSL_VERSION_MAJOR>, in hexadecimal notation
+
+=item NN
+
+is the number from B<OPENSSL_VERSION_MINOR>, in hexadecimal notation
+
+=item PP
+
+is the number from B<OPENSSL_VERSION_PATCH>, in hexadecimal notation
+
+=back
+
+=head2 Functions
+
+OpenSSL_version_num() returns the value of B<OPENSSL_VERSION_NUMBER>.
+
+=head1 RETURN VALUES
+
+OPENSSL_version_major(), OPENSSL_version_minor() and OPENSSL_version_patch()
+return the version number parts as integers.
+
+OPENSSL_version_pre_release() and OPENSSL_version_build_metadata() return
+the values of B<OPENSSL_VERSION_PRE_RELEASE> and
+B<OPENSSL_VERSION_BUILD_METADATA> respectively as constant strings.
+For any of them that is undefined, the empty string is returned.
+
+OpenSSL_version() returns constant strings.
+
+=head1 SEE ALSO
+
+L<crypto(7)>
+
+=head1 HISTORY
+
+The macros and functions described here were added to OpenSSL 3.0.0,
+with the exception of the L</BACKWARD COMPATIBILITY> ones.
+
+=head1 COPYRIGHT
+
+Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man3/RAND_cleanup.pod b/doc/man3/RAND_cleanup.pod
index 3859ce3..39b166b 100644
--- a/doc/man3/RAND_cleanup.pod
+++ b/doc/man3/RAND_cleanup.pod
@@ -8,9 +8,11 @@ RAND_cleanup - erase the PRNG state
#include <openssl/rand.h>
- #if OPENSSL_API_COMPAT < 0x10100000L
+Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
void RAND_cleanup(void)
- #endif
=head1 DESCRIPTION
diff --git a/doc/man7/openssl_user_macros.pod.in b/doc/man7/openssl_user_macros.pod.in
index 8af5aea..dc554b7 100644
--- a/doc/man7/openssl_user_macros.pod.in
+++ b/doc/man7/openssl_user_macros.pod.in
@@ -26,7 +26,20 @@ user defined macros.
The value is a version number similar to the
L<OPENSSL_VERSION_NUMBER(3)> macro. Any symbol that is deprecated in
versions up to and including the version given in this macro will not
-be declared. Any version number may be given, but these numbers are
+be declared.
+
+The version number assigned to this macro can take one of two forms:
+
+=over
+
+=item C<0xMNNFF000L>
+
+This is the form supported for all versions up 1.1.x, where C<M>
+represents the major number, C<NN> represents the minor number, and
+C<FF> represents the fix number. For version 1.1.0, that's
+C<0x10100000L>.
+
+Any version number may be given, but these numbers are
the current known major deprecation points, making them the most
meaningful:
@@ -40,6 +53,30 @@ meaningful:
=back
+For convenience, higher numbers are accepted as well, as long as
+feasible. For example, C<0x60000000L> will work as expected.
+However, it is recommended to start using the second form instead:
+
+=item C<m>
+
+This form is a simple number that represents the major version number
+and is supported for version 3.0.0 and up. For extra convenience,
+these numbers are also available:
+
+=over
+
+=item Z<>0 (C<0x00908000L>, i.e. version 0.9.8)
+
+=item Z<>1 (C<0x10000000L>, i.e. version 1.0.0)
+
+=item Z<>2 (C<0x10100000L>, i.e. version 1.1.0)
+
+=back
+
+For all other numbers C<m>, they are equivalent to version m.0.0.
+
+=back
+
If not set, this macro will default to
C<{- join('', map { my @x = split /=/,$_; $x[1] }
grep /^OPENSSL_MIN_API=/, @{$config{openssl_api_defines} // []})
diff --git a/engines/e_padlock.c b/engines/e_padlock.c
index f6b1f16..4d5df7f 100644
--- a/engines/e_padlock.c
+++ b/engines/e_padlock.c
@@ -22,19 +22,6 @@
#ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_PADLOCK
-/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
-# if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
-# ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define DYNAMIC_ENGINE
-# endif
-# elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)
-# ifdef ENGINE_DYNAMIC_SUPPORT
-# define DYNAMIC_ENGINE
-# endif
-# else
-# error "Only OpenSSL >= 0.9.7 is supported"
-# endif
-
/*
* VIA PadLock AES is available *ONLY* on some x86 CPUs. Not only that it
* doesn't exist elsewhere, but it even can't be compiled on other platforms!
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index fd2271b..9d23d47 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -106,7 +106,7 @@ static ASN1_ITEM_EXP *item_type[] = {
ASN1_ITEM_ref(IPAddressRange),
#endif
ASN1_ITEM_ref(ISSUING_DIST_POINT),
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
ASN1_ITEM_ref(LONG),
#endif
ASN1_ITEM_ref(NAME_CONSTRAINTS),
@@ -187,7 +187,7 @@ static ASN1_ITEM_EXP *item_type[] = {
ASN1_ITEM_ref(X509_REVOKED),
ASN1_ITEM_ref(X509_SIG),
ASN1_ITEM_ref(X509_VAL),
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
ASN1_ITEM_ref(ZLONG),
#endif
ASN1_ITEM_ref(INT32),
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index 9522eec..9210f2c 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -19,7 +19,7 @@
# include <openssl/symhacks.h>
# include <openssl/ossl_typ.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/bn.h>
# endif
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h
index a450ba0..38b9b76 100644
--- a/include/openssl/asn1t.h
+++ b/include/openssl/asn1t.h
@@ -915,7 +915,7 @@ DECLARE_ASN1_ITEM(ZINT64)
DECLARE_ASN1_ITEM(UINT64)
DECLARE_ASN1_ITEM(ZUINT64)
-# if OPENSSL_API_COMPAT < 0x10200000L
+# if !OPENSSL_API_3
/*
* LONG and ZLONG are strongly discouraged for use as stored data, as the
* underlying C type (long) differs in size depending on the architecture.
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index 2888b42..5587df6 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -681,7 +681,7 @@ int BIO_sock_error(int sock);
int BIO_socket_ioctl(int fd, long type, void *arg);
int BIO_socket_nbio(int fd, int mode);
int BIO_sock_init(void);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define BIO_sock_cleanup() while(0) continue
# endif
int BIO_set_tcp_ndelay(int sock, int turn_on);
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 8af05d0..769cc7f 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -61,7 +61,7 @@ extern "C" {
# define BN_FLG_CONSTTIME 0x04
# define BN_FLG_SECURE 0x08
-# if OPENSSL_API_COMPAT < 0x00908000L
+# if !OPENSSL_API_0_9_8
/* deprecated name for the flag */
# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
# define BN_FLG_FREE 0x8000 /* used for debugging */
@@ -190,7 +190,7 @@ int BN_is_odd(const BIGNUM *a);
void BN_zero_ex(BIGNUM *a);
-# if OPENSSL_API_COMPAT >= 0x00908000L
+# if OPENSSL_API_0_9_8
# define BN_zero(a) BN_zero_ex(a)
# else
# define BN_zero(a) (BN_set_word((a),0))
@@ -519,7 +519,7 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn);
BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn);
BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768
# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024
# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536
diff --git a/include/openssl/comp.h b/include/openssl/comp.h
index d814d3c..467ce6a 100644
--- a/include/openssl/comp.h
+++ b/include/openssl/comp.h
@@ -35,7 +35,7 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
COMP_METHOD *COMP_zlib(void);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
#define COMP_zlib_cleanup() while(0) continue
#endif
diff --git a/include/openssl/conf.h b/include/openssl/conf.h
index 7336cd2..f7b5b23 100644
--- a/include/openssl/conf.h
+++ b/include/openssl/conf.h
@@ -90,7 +90,7 @@ int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name))
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# define OPENSSL_no_config() \
OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)
#endif
@@ -137,7 +137,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,
unsigned long flags);
void CONF_modules_unload(int all);
void CONF_modules_finish(void);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# define CONF_modules_free() while(0) continue
#endif
int CONF_module_add(const char *name, conf_init_func *ifunc,
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 889b342..b69b04c 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -36,7 +36,7 @@
*/
# include <openssl/symhacks.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/opensslv.h>
# endif
@@ -44,7 +44,7 @@
extern "C" {
#endif
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define SSLeay OpenSSL_version_num
# define SSLeay_version OpenSSL_version
# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
@@ -62,7 +62,7 @@ typedef struct {
int dummy;
} CRYPTO_dynlock;
-# endif /* OPENSSL_API_COMPAT */
+# endif /* OPENSSL_API_1_1_0 */
typedef void CRYPTO_RWLOCK;
@@ -157,14 +157,16 @@ int OPENSSL_hexchar2int(unsigned char c);
# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type))
-unsigned long OpenSSL_version_num(void);
+DEPRECATEDIN_3(unsigned long OpenSSL_version_num(void))
const char *OpenSSL_version(int type);
-# define OPENSSL_VERSION 0
-# define OPENSSL_CFLAGS 1
-# define OPENSSL_BUILT_ON 2
-# define OPENSSL_PLATFORM 3
-# define OPENSSL_DIR 4
-# define OPENSSL_ENGINES_DIR 5
+# define OPENSSL_VERSION 0
+# define OPENSSL_CFLAGS 1
+# define OPENSSL_BUILT_ON 2
+# define OPENSSL_PLATFORM 3
+# define OPENSSL_DIR 4
+# define OPENSSL_ENGINES_DIR 5
+# define OPENSSL_VERSION_STRING 6
+# define OPENSSL_FULL_VERSION_STRING 7
int OPENSSL_issetugid(void);
@@ -197,7 +199,7 @@ void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
/*
* This function cleans up all "ex_data" state. It mustn't be called under
* potential race-conditions.
@@ -244,11 +246,11 @@ typedef struct crypto_threadid_st {
# define CRYPTO_THREADID_cpy(dest, src)
# define CRYPTO_THREADID_hash(id) (0UL)
-# if OPENSSL_API_COMPAT < 0x10000000L
+# if !OPENSSL_API_1_0_0
# define CRYPTO_set_id_callback(func)
# define CRYPTO_get_id_callback() (NULL)
# define CRYPTO_thread_id() (0UL)
-# endif /* OPENSSL_API_COMPAT < 0x10000000L */
+# endif /* OPENSSL_API_1_0_0 */
# define CRYPTO_set_dynlock_create_callback(dyn_create_function)
# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function)
@@ -256,7 +258,7 @@ typedef struct crypto_threadid_st {
# define CRYPTO_get_dynlock_create_callback() (NULL)
# define CRYPTO_get_dynlock_lock_callback() (NULL)
# define CRYPTO_get_dynlock_destroy_callback() (NULL)
-# endif /* OPENSSL_API_COMPAT < 0x10100000L */
+# endif /* OPENSSL_API_1_1_0 */
int CRYPTO_set_mem_functions(
void *(*m) (size_t, const char *, int),
@@ -325,7 +327,7 @@ int CRYPTO_mem_leaks(BIO *bio);
/* die if we have to */
ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l))
# endif
# define OPENSSL_assert(e) \
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index 3527540..d997e0d 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -17,7 +17,7 @@
# include <openssl/bio.h>
# include <openssl/asn1.h>
# include <openssl/ossl_typ.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/bn.h>
# endif
# include <openssl/dherr.h>
@@ -34,7 +34,7 @@ extern "C" {
# define DH_FLAG_CACHE_MONT_P 0x01
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
/*
* Does nothing. Previously this switched off constant time behaviour.
*/
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index 822eff3..ba7fcfe 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -21,7 +21,7 @@ extern "C" {
# include <openssl/crypto.h>
# include <openssl/ossl_typ.h>
# include <openssl/bn.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/dh.h>
# endif
# include <openssl/dsaerr.h>
@@ -33,7 +33,7 @@ extern "C" {
# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
# define DSA_FLAG_CACHE_MONT_P 0x01
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
/*
* Does nothing. Previously this switched off constant time behaviour.
*/
@@ -99,7 +99,7 @@ int DSA_size(const DSA *);
int DSA_bits(const DSA *d);
int DSA_security_bits(const DSA *d);
/* next 4 return -1 on error */
-DEPRECATEDIN_1_2_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp))
+DEPRECATEDIN_3(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp))
int DSA_sign(int type, const unsigned char *dgst, int dlen,
unsigned char *sig, unsigned int *siglen, DSA *dsa);
int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 747239a..beb197c 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -16,7 +16,7 @@
# ifndef OPENSSL_NO_EC
# include <openssl/asn1.h>
# include <openssl/symhacks.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/bn.h>
# endif
# include <openssl/ecerr.h>
@@ -258,9 +258,9 @@ int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
- const BIGNUM *a, const BIGNUM *b,
- BN_CTX *ctx))
+DEPRECATEDIN_3(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
+ const BIGNUM *a, const BIGNUM *b,
+ BN_CTX *ctx))
/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve
* \param group EC_GROUP object
@@ -271,9 +271,9 @@ DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
- BIGNUM *a, BIGNUM *b,
- BN_CTX *ctx))
+DEPRECATEDIN_3(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
+ BIGNUM *a, BIGNUM *b,
+ BN_CTX *ctx))
# ifndef OPENSSL_NO_EC2M
/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve
@@ -285,9 +285,9 @@ DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
- const BIGNUM *a, const BIGNUM *b,
- BN_CTX *ctx))
+DEPRECATEDIN_3(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
+ const BIGNUM *a, const BIGNUM *b,
+ BN_CTX *ctx))
/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve
* \param group EC_GROUP object
@@ -298,9 +298,9 @@ DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p,
- BIGNUM *a, BIGNUM *b,
- BN_CTX *ctx))
+DEPRECATEDIN_3(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p,
+ BIGNUM *a, BIGNUM *b,
+ BN_CTX *ctx))
# endif
/** Returns the number of bits needed to represent a field element
* \param group EC_GROUP object
@@ -525,11 +525,11 @@ int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
- EC_POINT *p,
- const BIGNUM *x,
- const BIGNUM *y,
- BN_CTX *ctx))
+DEPRECATEDIN_3(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
+ EC_POINT *p,
+ const BIGNUM *x,
+ const BIGNUM *y,
+ BN_CTX *ctx))
/** Gets the affine coordinates of an EC_POINT. A synonym of
* EC_POINT_get_affine_coordinates
@@ -540,11 +540,11 @@ DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
- const EC_POINT *p,
- BIGNUM *x,
- BIGNUM *y,
- BN_CTX *ctx))
+DEPRECATEDIN_3(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+ const EC_POINT *p,
+ BIGNUM *x,
+ BIGNUM *y,
+ BN_CTX *ctx))
/** Sets the x9.62 compressed coordinates of a EC_POINT
* \param group underlying EC_GROUP object
@@ -567,11 +567,11 @@ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
- EC_POINT *p,
- const BIGNUM *x,
- int y_bit,
- BN_CTX *ctx))
+DEPRECATEDIN_3(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+ EC_POINT *p,
+ const BIGNUM *x,
+ int y_bit,
+ BN_CTX *ctx))
# ifndef OPENSSL_NO_EC2M
/** Sets the affine coordinates of an EC_POINT. A synonym of
* EC_POINT_set_affine_coordinates
@@ -582,11 +582,11 @@ DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *g
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
- EC_POINT *p,
- const BIGNUM *x,
- const BIGNUM *y,
- BN_CTX *ctx))
+DEPRECATEDIN_3(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
+ EC_POINT *p,
+ const BIGNUM *x,
+ const BIGNUM *y,
+ BN_CTX *ctx))
/** Gets the affine coordinates of an EC_POINT. A synonym of
* EC_POINT_get_affine_coordinates
@@ -597,11 +597,11 @@ DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *grou
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
- const EC_POINT *p,
- BIGNUM *x,
- BIGNUM *y,
- BN_CTX *ctx))
+DEPRECATEDIN_3(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+ const EC_POINT *p,
+ BIGNUM *x,
+ BIGNUM *y,
+ BN_CTX *ctx))
/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of
* EC_POINT_set_compressed_coordinates
@@ -612,11 +612,11 @@ DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *grou
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
- EC_POINT *p,
- const BIGNUM *x,
- int y_bit,
- BN_CTX *ctx))
+DEPRECATEDIN_3(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
+ EC_POINT *p,
+ const BIGNUM *x,
+ int y_bit,
+ BN_CTX *ctx))
# endif
/** Encodes a EC_POINT object to a octet string
* \param group underlying EC_GROUP object
@@ -1112,10 +1112,10 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine);
* it is actually specified in ANSI X9.63.
* This identifier is retained for backwards compatibility
*/
-DEPRECATEDIN_1_2_0(int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
- const unsigned char *Z, size_t Zlen,
- const unsigned char *sinfo, size_t sinfolen,
- const EVP_MD *md))
+DEPRECATEDIN_3(int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ const unsigned char *sinfo, size_t sinfolen,
+ const EVP_MD *md))
int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
const EC_KEY *ecdh,
diff --git a/include/openssl/engine.h b/include/openssl/engine.h
index 0780f0f..4c0afbb 100644
--- a/include/openssl/engine.h
+++ b/include/openssl/engine.h
@@ -14,7 +14,7 @@
# include <openssl/opensslconf.h>
# ifndef OPENSSL_NO_ENGINE
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/bn.h>
# include <openssl/rsa.h>
# include <openssl/dsa.h>
@@ -320,7 +320,7 @@ int ENGINE_remove(ENGINE *e);
/* Retrieve an engine from the list by its unique "id" value. */
ENGINE *ENGINE_by_id(const char *id);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# define ENGINE_load_openssl() \
OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL)
# define ENGINE_load_dynamic() \
@@ -494,7 +494,7 @@ int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
void *ENGINE_get_ex_data(const ENGINE *e, int idx);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
/*
* This function previously cleaned up anything that needs it. Auto-deinit will
* now take care of it so it is no longer required to call this function.
diff --git a/include/openssl/err.h b/include/openssl/err.h
index 6cae1a3..6cde714 100644
--- a/include/openssl/err.h
+++ b/include/openssl/err.h
@@ -250,7 +250,7 @@ int ERR_load_strings_const(const ERR_STRING_DATA *str);
int ERR_unload_strings(int lib, ERR_STRING_DATA *str);
int ERR_load_ERR_strings(void);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# define ERR_load_crypto_strings() \
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
# define ERR_free_strings() while(0) continue
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index d22956d..36249b4 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -486,7 +486,7 @@ void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c))
# endif
# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c))
@@ -670,7 +670,7 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
char *out, int *outl);
int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c)
# define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c)
# endif
@@ -938,7 +938,7 @@ const EVP_CIPHER *EVP_sm4_ofb(void);
const EVP_CIPHER *EVP_sm4_ctr(void);
# endif
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define OPENSSL_add_all_algorithms_conf() \
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
| OPENSSL_INIT_ADD_ALL_DIGESTS \
diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h
index 458efc1..ab12a89 100644
--- a/include/openssl/hmac.h
+++ b/include/openssl/hmac.h
@@ -14,7 +14,7 @@
# include <openssl/evp.h>
-# if OPENSSL_API_COMPAT < 0x10200000L
+# if !OPENSSL_API_3
# define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */
# endif
diff --git a/include/openssl/idea.h b/include/openssl/idea.h
index 4334f3e..56a8e60 100644
--- a/include/openssl/idea.h
+++ b/include/openssl/idea.h
@@ -45,7 +45,7 @@ void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
int *num);
void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define idea_options IDEA_options
# define idea_ecb_encrypt IDEA_ecb_encrypt
# define idea_set_encrypt_key IDEA_set_encrypt_key
diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h
index 88d7d97..b7f6129 100644
--- a/include/openssl/lhash.h
+++ b/include/openssl/lhash.h
@@ -91,7 +91,7 @@ void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define _LHASH OPENSSL_LHASH
# define LHASH_NODE OPENSSL_LH_NODE
# define lh_error OPENSSL_LH_error
diff --git a/include/openssl/objects.h b/include/openssl/objects.h
index 8e1eb0f..f14da86 100644
--- a/include/openssl/objects.h
+++ b/include/openssl/objects.h
@@ -156,7 +156,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
int OBJ_new_nid(int num);
int OBJ_add_object(const ASN1_OBJECT *obj);
int OBJ_create(const char *oid, const char *sn, const char *ln);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# define OBJ_cleanup() while(0) continue
#endif
int OBJ_create_objects(BIO *in);
diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in
index 41d1264..f306e48 100644
--- a/include/openssl/opensslconf.h.in
+++ b/include/openssl/opensslconf.h.in
@@ -52,9 +52,13 @@ extern "C" {
/*
* Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
- * declarations of functions deprecated in or before <version>. Otherwise, they
- * still won't see them if the library has been built to disable deprecated
- * functions.
+ * declarations of functions deprecated in or before <version>. If this is
+ * undefined, the value of the macro OPENSSL_API_MIN above is the default.
+ *
+ * For any version number up until version 1.1.x, <version> is expected to be
+ * the calculated version number 0xMNNFFPPSL. For version numbers 3.0.0 and
+ * on, <version> is expected to be only the major version number (i.e. 3 for
+ * version 3.0.0).
*/
#ifndef DECLARE_DEPRECATED
# define DECLARE_DEPRECATED(f) f;
@@ -66,53 +70,93 @@ extern "C" {
# endif
#endif
-#ifndef OPENSSL_FILE
-# ifdef OPENSSL_NO_FILENAMES
-# define OPENSSL_FILE ""
-# define OPENSSL_LINE 0
-# else
-# define OPENSSL_FILE __FILE__
-# define OPENSSL_LINE __LINE__
-# endif
-#endif
+/*
+ * We convert the OPENSSL_API_COMPAT value to an API level. The API level
+ * is the major version number for 3.0.0 and on. For earlier versions, it
+ * uses this scheme, which is close enough for our purposes:
+ *
+ * 0.x.y 0 (0.9.8 was the last release in this series)
+ * 1.0.x 1 (1.0.2 was the last release in this series)
+ * 1.1.x 2 (1.1.1 was the last release in this series)
+ */
-#ifndef OPENSSL_MIN_API
-# define OPENSSL_MIN_API 0
+/* In case someone defined both */
+#if defined(OPENSSL_API_COMPAT) && defined(OPENSSL_API_LEVEL)
+# error "Disallowed to defined both OPENSSL_API_COMPAT and OPENSSL_API_LEVEL"
#endif
-#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
-# undef OPENSSL_API_COMPAT
-# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#ifndef OPENSSL_API_COMPAT
+# define OPENSSL_API_LEVEL OPENSSL_MIN_API
+#else
+# if (OPENSSL_API_COMPAT < 0x1000L) /* Major version numbers up to 16777215 */
+# define OPENSSL_API_LEVEL OPENSSL_API_COMPAT
+# elif (OPENSSL_API_COMPAT & 0xF0000000L) == 0x00000000L
+# define OPENSSL_API_LEVEL 0
+# elif (OPENSSL_API_COMPAT & 0xFFF00000L) == 0x10000000L
+# define OPENSSL_API_LEVEL 1
+# elif (OPENSSL_API_COMPAT & 0xFFF00000L) == 0x10100000L
+# define OPENSSL_API_LEVEL 2
+# else
+/ * Major number 3 to 15 */
+# define OPENSSL_API_LEVEL ((OPENSSL_API_COMPAT >> 28) & 0xF)
+# endif
#endif
/*
- * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * Do not deprecate things to be deprecated in version 4.0 before the
* OpenSSL version number matches.
*/
-#if OPENSSL_VERSION_NUMBER < 0x10200000L
-# define DEPRECATEDIN_1_2_0(f) f;
-#elif OPENSSL_API_COMPAT < 0x10200000L
-# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
+#if OPENSSL_VERSION_MAJOR < 4
+# define DEPRECATEDIN_4(f) f;
+# define OPENSSL_API_4 0
+#elif OPENSSL_API_LEVEL < 4
+# define DEPRECATEDIN_4(f) DECLARE_DEPRECATED(f)
+# define OPENSSL_API_4 0
+#else
+# define DEPRECATEDIN_4(f)
+# define OPENSSL_API_4 1
+#endif
+
+#if OPENSSL_API_LEVEL < 3
+# define DEPRECATEDIN_3(f) DECLARE_DEPRECATED(f)
+# define OPENSSL_API_3 0
#else
-# define DEPRECATEDIN_1_2_0(f)
+# define DEPRECATEDIN_3(f)
+# define OPENSSL_API_3 1
#endif
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if OPENSSL_API_LEVEL < 2
# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
+# define OPENSSL_API_1_1_0 0
#else
# define DEPRECATEDIN_1_1_0(f)
+# define OPENSSL_API_1_1_0 1
#endif
-#if OPENSSL_API_COMPAT < 0x10000000L
+#if OPENSSL_API_LEVEL < 1
# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
+# define OPENSSL_API_1_0_0 0
#else
# define DEPRECATEDIN_1_0_0(f)
+# define OPENSSL_API_1_0_0 1
#endif
-#if OPENSSL_API_COMPAT < 0x00908000L
+#if OPENSSL_API_LEVEL < 0
# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
+# define OPENSSL_API_0_9_8 0
#else
# define DEPRECATEDIN_0_9_8(f)
+# define OPENSSL_API_0_9_8 1
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+# define OPENSSL_FILE ""
+# define OPENSSL_LINE 0
+# else
+# define OPENSSL_FILE __FILE__
+# define OPENSSL_LINE __LINE__
+# endif
#endif
/* Generate 80386 code? */
diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
index f22601a..7634eb1 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h
@@ -10,92 +10,134 @@
#ifndef HEADER_OPENSSLV_H
# define HEADER_OPENSSLV_H
-#ifdef __cplusplus
+# ifdef __cplusplus
extern "C" {
-#endif
-
-/*-
- * Numeric release version identifier:
- * MNNFFPPS: major minor fix patch status
- * The status nibble has one of the values 0 for development, 1 to e for betas
- * 1 to 14, and f for release. The patch level is exactly that.
- * For example:
- * 0.9.3-dev 0x00903000
- * 0.9.3-beta1 0x00903001
- * 0.9.3-beta2-dev 0x00903002
- * 0.9.3-beta2 0x00903002 (same as ...beta2-dev)
- * 0.9.3 0x0090300f
- * 0.9.3a 0x0090301f
- * 0.9.4 0x0090400f
- * 1.2.3z 0x102031af
- *
- * For continuity reasons (because 0.9.5 is already out, and is coded
- * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
- * part is slightly different, by setting the highest bit. This means
- * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start
- * with 0x0090600S...
- *
- * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
- * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
- * major minor fix final patch/beta)
+# endif
+
+/*
+ * SECTION 1: VERSION DATA. These will change for each release
*/
-# define OPENSSL_VERSION_NUMBER 0x10102000L
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.2-dev xx XXX xxxx"
-
-/*-
- * The macros below are to be used for shared library (.so, .dll, ...)
- * versioning. That kind of versioning works a bit differently between
- * operating systems. The most usual scheme is to set a major and a minor
- * number, and have the runtime loader check that the major number is equal
- * to what it was at application link time, while the minor number has to
- * be greater or equal to what it was at application link time. With this
- * scheme, the version number is usually part of the file name, like this:
- *
- * libcrypto.so.0.9
- *
- * Some unixen also make a softlink with the major version number only:
- *
- * libcrypto.so.0
- *
- * On Tru64 and IRIX 6.x it works a little bit differently. There, the
- * shared library version is stored in the file, and is actually a series
- * of versions, separated by colons. The rightmost version present in the
- * library when linking an application is stored in the application to be
- * matched at run time. When the application is run, a check is done to
- * see if the library version stored in the application matches any of the
- * versions in the version string of the library itself.
- * This version string can be constructed in any way, depending on what
- * kind of matching is desired. However, to implement the same scheme as
- * the one used in the other unixen, all compatible versions, from lowest
- * to highest, should be part of the string. Consecutive builds would
- * give the following versions strings:
- *
- * 3.0
- * 3.0:3.1
- * 3.0:3.1:3.2
- * 4.0
- * 4.0:4.1
+
+/*
+ * Base version macros
*
- * Notice how version 4 is completely incompatible with version, and
- * therefore give the breach you can see.
+ * These macros express version number MAJOR.MINOR.PATCH exactly
+ */
+# define OPENSSL_VERSION_MAJOR 3
+# define OPENSSL_VERSION_MINOR 0
+# define OPENSSL_VERSION_PATCH 0
+
+/*
+ * Additional version information, defined only when used.
*
- * There may be other schemes as well that I haven't yet discovered.
+ * These are also part of the new version scheme, but aren't part
+ * of the version number itself.
+ */
+
+/* Could be: #define OPENSSL_VERSION_PRE_RELEASE "-alpha.1" */
+# define OPENSSL_VERSION_PRE_RELEASE "-dev"
+/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+fips" */
+/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+vendor.1" */
+# undef OPENSSL_VERSION_BUILD_METADATA
+
+/*
+ * Note: OPENSSL_VERSION_BUILD_METADATA will never be defined by
+ * the OpenSSL Project, it's entirely reserved for others vendors
+ */
+
+/*
+ * Absolute string versions of OPENSSL_VERSION_PRE_RELEASE and
+ * OPENSSL_VERSION_BUILD_METADATA. As opposed to those, which
+ * may be undefined, these are guaranteed to have strings as
+ * values.
+ */
+
+# ifdef OPENSSL_VERSION_PRE_RELEASE
+# define OPENSSL_VERSION_PRE_RELEASE_STR OPENSSL_VERSION_PRE_RELEASE
+# else
+# define OPENSSL_VERSION_PRE_RELEASE_STR ""
+# endif
+# ifdef OPENSSL_VERSION_BUILD_METADATA
+# define OPENSSL_VERSION_BUILD_METADATA_STR OPENSSL_VERSION_BUILD_METADATA
+# else
+# define OPENSSL_VERSION_BUILD_METADATA_STR ""
+# endif
+
+/*
+ * Shared library version
*
- * So, here's the way it works here: first of all, the library version
- * number doesn't need at all to match the overall OpenSSL version.
- * However, it's nice and more understandable if it actually does.
- * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
- * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
- * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
- * we need to keep a history of version numbers, which is done in the
- * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and
- * should only keep the versions that are binary compatible with the current.
+ * This is strictly to express ABI version, which may or may not
+ * be related to the API version expressed with the macros above.
+ * This is defined in free form.
+ */
+# define OPENSSL_SHLIB_VERSION 3
+
+/*
+ * SECTION 2: USEFUL MACROS AND FUNCTIONS
+ */
+
+/* For checking general API compatibility when preprocessing */
+# define OPENSSL_VERSION_PREREQ(maj,min) \
+ ((OPENSSL_VERSION_MAJOR << 16) + OPENSSL_VERSION_MINOR >= (maj << 16) + min)
+
+/* Helper macros for CPP string composition */
+# define OPENSSL_MSTR_HELPER(x) #x
+# define OPENSSL_MSTR(x) OPENSSL_MSTR_HELPER(x)
+
+/*
+ * These return the values of OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR,
+ * OPENSSL_VERSION_PATCH, OPENSSL_VERSION_PRE_RELEASE and
+ * OPENSSL_VERSION_BUILD_METADATA, respectively.
+ */
+unsigned int OPENSSL_version_major(void);
+unsigned int OPENSSL_version_minor(void);
+unsigned int OPENSSL_version_patch(void);
+const char *OPENSSL_version_pre_release(void);
+const char *OPENSSL_version_build_metadata(void);
+
+/*
+ * Macros to get the version in easily digested string form, both the short
+ * "MAJOR.MINOR.PATCH" variant (where MAJOR, MINOR and PATCH are replaced
+ * with the values from the corresponding OPENSSL_VERSION_ macros) and the
+ * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
+ * OPENSSL_VERSION_BUILD_METADATA_STR appended.
+ */
+# define OPENSSL_VERSION_STR \
+ OPENSSL_MSTR(OPENSSL_VERSION_MAJOR) "." \
+ OPENSSL_MSTR(OPENSSL_VERSION_MINOR) "." \
+ OPENSSL_MSTR(OPENSSL_VERSION_PATCH)
+# define OPENSSL_FULL_VERSION_STR \
+ OPENSSL_VERSION_STR \
+ OPENSSL_VERSION_PRE_RELEASE_STR \
+ OPENSSL_VERSION_BUILD_METADATA_STR
+
+/*
+ * SECTION 3: ADDITIONAL METADATA
+ */
+# define OPENSSL_RELEASE_DATE "xx XXX xxxx"
+# define OPENSSL_VERSION_TEXT \
+ "OpenSSL " OPENSSL_FULL_VERSION_STR " " OPENSSL_RELEASE_DATE
+
+/*
+ * SECTION 3: BACKWARD COMPATIBILITY
*/
-# define SHLIB_VERSION_HISTORY ""
-# define SHLIB_VERSION_NUMBER "1.1"
+# include <openssl/opensslconf.h>
+# if !OPENSSL_API_4
+/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
+# ifdef OPENSSL_VERSION_PRE_RELEASE
+# define _OPENSSL_VERSION_PRE_RELEASE 0x0
+# else
+# define _OPENSSL_VERSION_PRE_RELEASE 0xf
+# endif
+# define OPENSSL_VERSION_NUMBER \
+ (long)( (OPENSSL_VERSION_MAJOR<<28) \
+ |(OPENSSL_VERSION_MINOR<<20) \
+ |(OPENSSL_VERSION_PATCH<<4) \
+ |_OPENSSL_VERSION_PRE_RELEASE )
+# endif
-#ifdef __cplusplus
+# ifdef __cplusplus
}
-#endif
+# endif
#endif /* HEADER_OPENSSLV_H */
diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h
index 3f43dad..2538abf 100644
--- a/include/openssl/pkcs12.h
+++ b/include/openssl/pkcs12.h
@@ -55,7 +55,7 @@ typedef struct pkcs12_bag_st PKCS12_BAGS;
/* Compatibility macros */
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# define M_PKCS12_bag_type PKCS12_bag_type
# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type
diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index 38a2a27..0d64711 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -36,7 +36,7 @@ int RAND_set_rand_engine(ENGINE *engine);
RAND_METHOD *RAND_OpenSSL(void);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define RAND_cleanup() while(0) continue
# endif
int RAND_bytes(unsigned char *buf, int num);
diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h
index df44701..a5e91e3 100644
--- a/include/openssl/rand_drbg.h
+++ b/include/openssl/rand_drbg.h
@@ -36,7 +36,7 @@
/* Used by RAND_DRBG_set_defaults() to set the private DRBG type and flags. */
# define RAND_DRBG_FLAG_PRIVATE 0x10
-# if OPENSSL_API_COMPAT < 0x10200000L
+# if !OPENSSL_API_3
/* This #define was replaced by an internal constant and should not be used. */
# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF)
# endif
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index cdce126..12633b0 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -17,7 +17,7 @@
# include <openssl/bio.h>
# include <openssl/crypto.h>
# include <openssl/ossl_typ.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/bn.h>
# endif
# include <openssl/rsaerr.h>
@@ -73,13 +73,13 @@ extern "C" {
* but other engines might not need it
*/
# define RSA_FLAG_NO_BLINDING 0x0080
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
/*
* Does nothing. Previously this switched off constant time behaviour.
*/
# define RSA_FLAG_NO_CONSTTIME 0x0000
# endif
-# if OPENSSL_API_COMPAT < 0x00908000L
+# if !OPENSSL_API_0_9_8
/* deprecated name for the flag*/
/*
* new with 0.9.7h; the built-in RSA
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 1e9e8d5..fe2e479 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -16,7 +16,7 @@
# include <openssl/opensslconf.h>
# include <openssl/comp.h>
# include <openssl/bio.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/x509.h>
# include <openssl/crypto.h>
# include <openssl/buffer.h>
@@ -1089,7 +1089,7 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
# define SSL_VERIFY_CLIENT_ONCE 0x04
# define SSL_VERIFY_POST_HANDSHAKE 0x08
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define OpenSSL_add_ssl_algorithms() SSL_library_init()
# define SSLeay_add_ssl_algorithms() SSL_library_init()
# endif
@@ -1313,7 +1313,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
# define SSL_set_tmp_dh(ssl,dh) \
SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh))
-# if OPENSSL_API_COMPAT < 0x10200000L
+# if !OPENSSL_API_3
# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh))
# define SSL_set_tmp_ecdh(ssl,ecdh) \
@@ -1466,7 +1466,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_get_shared_curve SSL_get_shared_group
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
/* Provide some compatibility macros for removed functionality. */
# define SSL_CTX_need_tmp_RSA(ctx) 0
# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1
@@ -1594,7 +1594,7 @@ __owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
const char *dir);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define SSL_load_error_strings() \
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
@@ -1943,7 +1943,7 @@ void SSL_set_accept_state(SSL *s);
__owur long SSL_get_default_timeout(const SSL *s);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define SSL_library_init() OPENSSL_init_ssl(0, NULL)
# endif
@@ -2072,7 +2072,7 @@ __owur int SSL_COMP_get_id(const SSL_COMP *comp);
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
*meths);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define SSL_COMP_free_compression_methods() while(0) continue
# endif
__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
@@ -2124,7 +2124,7 @@ size_t SSL_get_num_tickets(SSL *s);
int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define SSL_cache_hit(s) SSL_session_reused(s)
# endif
diff --git a/include/openssl/stack.h b/include/openssl/stack.h
index cfc0750..c1b5adc 100644
--- a/include/openssl/stack.h
+++ b/include/openssl/stack.h
@@ -50,7 +50,7 @@ OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st);
void OPENSSL_sk_sort(OPENSSL_STACK *st);
int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define _STACK OPENSSL_STACK
# define sk_num OPENSSL_sk_num
# define sk_value OPENSSL_sk_value
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index e13b5dd..434dff1 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -335,7 +335,7 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
# define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \
SSL_ctrl(ssl,SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \
SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT
# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \
diff --git a/include/openssl/ui.h b/include/openssl/ui.h
index 7c721ec..1d246dc 100644
--- a/include/openssl/ui.h
+++ b/include/openssl/ui.h
@@ -12,7 +12,7 @@
# include <openssl/opensslconf.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/crypto.h>
# endif
# include <openssl/safestack.h>
@@ -21,7 +21,7 @@
# include <openssl/uierr.h>
/* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */
-# if OPENSSL_API_COMPAT < 0x10200000L
+# if !OPENSSL_API_3
# ifdef OPENSSL_NO_UI_CONSOLE
# define OPENSSL_NO_UI
# endif
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 39ca0ba..874ea2b 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -21,7 +21,7 @@
# include <openssl/safestack.h>
# include <openssl/ec.h>
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# include <openssl/rsa.h>
# include <openssl/dsa.h>
# include <openssl/dh.h>
@@ -650,7 +650,7 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
int X509_up_ref(X509 *x);
int X509_get_signature_type(const X509 *x);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define X509_get_notBefore X509_getm_notBefore
# define X509_get_notAfter X509_getm_notAfter
# define X509_set_notBefore X509_set1_notBefore
@@ -716,7 +716,7 @@ int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_sort(X509_CRL *crl);
int X509_CRL_up_ref(X509_CRL *crl);
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
#endif
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 2adb155..d2ce309 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -49,7 +49,7 @@ typedef enum {
X509_LU_X509, X509_LU_CRL
} X509_LOOKUP_TYPE;
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
#define X509_LU_RETRY -1
#define X509_LU_FAIL 0
#endif
@@ -187,7 +187,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
/* Certificate verify flags */
-# if OPENSSL_API_COMPAT < 0x10100000L
+# if !OPENSSL_API_1_1_0
# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */
# endif
/* Use check time instead of current time */
@@ -357,7 +357,7 @@ X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *c
X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx);
X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain
# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index fe1791c..a4fecd5 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -629,7 +629,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
int crit, unsigned long flags);
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
/* The new declarations are in crypto.h, but the old ones were here. */
# define hex_to_string OPENSSL_buf2hexstr
# define string_to_hex OPENSSL_hexstr2buf
diff --git a/ssl/methods.c b/ssl/methods.c
index 348efe4..1906dee 100644
--- a/ssl/methods.c
+++ b/ssl/methods.c
@@ -172,7 +172,7 @@ IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
DTLS_client_method,
ssl_undefined_function,
ossl_statem_connect, DTLSv1_2_enc_data)
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
# ifndef OPENSSL_NO_TLS1_2_METHOD
const SSL_METHOD *TLSv1_2_method(void)
{
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 087f768..dfa9e59 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4466,7 +4466,7 @@ int SSL_is_server(const SSL *s)
return s->server;
}
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !OPENSSL_API_1_1_0
void SSL_set_debug(SSL *s, int debug)
{
/* Old function was do-nothing anyway... */
diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c
index 369023d..3f7e99e 100644
--- a/test/asn1_decode_test.c
+++ b/test/asn1_decode_test.c
@@ -28,7 +28,7 @@ static unsigned char t_invalid_zero[] = {
0x02, 0x00 /* INTEGER tag + length */
};
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
/* LONG case ************************************************************* */
typedef struct {
@@ -162,7 +162,7 @@ static int test_uint64(void)
int setup_tests(void)
{
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
ADD_TEST(test_long);
#endif
ADD_TEST(test_int32);
diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c
index 6a64bf9..5168f04 100644
--- a/test/asn1_encode_test.c
+++ b/test/asn1_encode_test.c
@@ -179,7 +179,7 @@ typedef struct {
ENCDEC_DATA(-1, -1), \
ENCDEC_DATA(0, ASN1_LONG_UNDEF)
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
/***** LONG ******************************************************************/
typedef struct {
@@ -824,7 +824,7 @@ static int test_intern(const TEST_PACKAGE *package)
return fail == 0;
}
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
static int test_long_32bit(void)
{
return test_intern(&long_test_package_32bit);
@@ -858,7 +858,7 @@ static int test_uint64(void)
int setup_tests(void)
{
-#if OPENSSL_API_COMPAT < 0x10200000L
+#if !OPENSSL_API_3
ADD_TEST(test_long_32bit);
ADD_TEST(test_long_64bit);
#endif
diff --git a/test/recipes/80-test_cipherlist.t b/test/recipes/80-test_cipherlist.t
index 5c1b1d4..bf6abc7 100644
--- a/test/recipes/80-test_cipherlist.t
+++ b/test/recipes/80-test_cipherlist.t
@@ -20,7 +20,7 @@ setup("test_cipherlist");
my ($build_version, $library_version) = openssl_versions();
plan skip_all =>
"This test recipe isn't supported when doing regression testing"
- if $build_version != $library_version;
+ if $build_version ne $library_version;
my $no_anytls = alldisabled(available_protocols("tls"));
diff --git a/test/recipes/90-test_shlibload.t b/test/recipes/90-test_shlibload.t
index 2761d58..82800a7 100644
--- a/test/recipes/90-test_shlibload.t
+++ b/test/recipes/90-test_shlibload.t
@@ -46,7 +46,6 @@ sub shlib {
$lib = $unified_info{sharednames}->{$lib}
. ($target{shlib_variant} || "")
. ($target{shared_extension} || ".so");
- $lib =~ s|\.\$\(SHLIB_VERSION_NUMBER\)
- |.$config{shlib_version_number}|x;
+ $lib =~ s|\.\$\(SHLIB_VERSION_NUMBER\)|.$config{shlib_version}|;
return $lib;
}
diff --git a/test/shlibloadtest.c b/test/shlibloadtest.c
index 53714aa..417fbfd 100644
--- a/test/shlibloadtest.c
+++ b/test/shlibloadtest.c
@@ -22,7 +22,9 @@ typedef const SSL_METHOD * (*TLS_method_t)(void);
typedef SSL_CTX * (*SSL_CTX_new_t)(const SSL_METHOD *meth);
typedef void (*SSL_CTX_free_t)(SSL_CTX *);
typedef unsigned long (*ERR_get_error_t)(void);
-typedef unsigned long (*OpenSSL_version_num_t)(void);
+typedef unsigned long (*OPENSSL_version_major_t)(void);
+typedef unsigned long (*OPENSSL_version_minor_t)(void);
+typedef unsigned long (*OPENSSL_version_patch_t)(void);
typedef DSO * (*DSO_dsobyaddr_t)(void (*addr)(void), int flags);
typedef int (*DSO_free_t)(DSO *dso);
@@ -107,12 +109,14 @@ static int test_lib(void)
union {
void (*func)(void);
SHLIB_SYM sym;
- } symbols[3];
+ } symbols[4];
TLS_method_t myTLS_method;
SSL_CTX_new_t mySSL_CTX_new;
SSL_CTX_free_t mySSL_CTX_free;
ERR_get_error_t myERR_get_error;
- OpenSSL_version_num_t myOpenSSL_version_num;
+ OPENSSL_version_major_t myOPENSSL_version_major;
+ OPENSSL_version_minor_t myOPENSSL_version_minor;
+ OPENSSL_version_patch_t myOPENSSL_version_patch;
int result = 0;
switch (test_type) {
@@ -150,26 +154,27 @@ static int test_lib(void)
}
if (!TEST_true(shlib_sym(cryptolib, "ERR_get_error", &symbols[0].sym))
- || !TEST_true(shlib_sym(cryptolib, "OpenSSL_version_num",
- &symbols[1].sym)))
+ || !TEST_true(shlib_sym(cryptolib, "OPENSSL_version_major",
+ &symbols[1].sym))
+ || !TEST_true(shlib_sym(cryptolib, "OPENSSL_version_minor",
+ &symbols[2].sym))
+ || !TEST_true(shlib_sym(cryptolib, "OPENSSL_version_patch",
+ &symbols[3].sym)))
goto end;
myERR_get_error = (ERR_get_error_t)symbols[0].func;
if (!TEST_int_eq(myERR_get_error(), 0))
goto end;
- /*
- * The bits that COMPATIBILITY_MASK lets through MUST be the same in
- * the library and in the application.
- * The bits that are masked away MUST be a larger or equal number in
- * the library compared to the application.
- */
-# define COMPATIBILITY_MASK 0xfff00000L
- myOpenSSL_version_num = (OpenSSL_version_num_t)symbols[1].func;
- if (!TEST_int_eq(myOpenSSL_version_num() & COMPATIBILITY_MASK,
- OPENSSL_VERSION_NUMBER & COMPATIBILITY_MASK))
+ /* Make sure the libraries are a compatible version */
+ myOPENSSL_version_major = (OPENSSL_version_major_t)symbols[1].func;
+ myOPENSSL_version_minor = (OPENSSL_version_minor_t)symbols[2].func;
+ myOPENSSL_version_patch = (OPENSSL_version_patch_t)symbols[3].func;
+ if (!TEST_int_eq(myOPENSSL_version_major(), OPENSSL_VERSION_MAJOR))
goto end;
- if (!TEST_int_ge(myOpenSSL_version_num() & ~COMPATIBILITY_MASK,
- OPENSSL_VERSION_NUMBER & ~COMPATIBILITY_MASK))
+ if (!TEST_int_ge(myOPENSSL_version_minor(), OPENSSL_VERSION_MINOR))
+ goto end;
+ if (myOPENSSL_version_minor() == OPENSSL_VERSION_MINOR
+ && !TEST_int_ge(myOPENSSL_version_patch(), OPENSSL_VERSION_PATCH))
goto end;
if (test_type == DSO_REFTEST) {
diff --git a/test/versions.c b/test/versions.c
index 3ab05ec..3096709 100644
--- a/test/versions.c
+++ b/test/versions.c
@@ -14,7 +14,8 @@
/* A simple helper for the perl function OpenSSL::Test::openssl_versions */
int main(void)
{
- printf("Build version: 0x%08lX\n", OPENSSL_VERSION_NUMBER);
- printf("Library version: 0x%08lX\n", OpenSSL_version_num());
+ printf("Build version: %s\n", OPENSSL_FULL_VERSION_STR);
+ printf("Library version: %s\n",
+ OpenSSL_version(OPENSSL_FULL_VERSION_STRING));
return 0;
}
diff --git a/util/find-doc-nits b/util/find-doc-nits
index c041c1c..eb234ff 100755
--- a/util/find-doc-nits
+++ b/util/find-doc-nits
@@ -115,7 +115,7 @@ sub name_synopsis()
} elsif ( $line =~ /enum (\S*) \{/ ) {
# an enumeration: enum ... {
$sym = $1;
- } elsif ( $line =~ /#define ([A-Za-z0-9_]+)/ ) {
+ } elsif ( $line =~ /#(?:define|undef) ([A-Za-z0-9_]+)/ ) {
$sym = $1;
} elsif ( $line =~ /([A-Za-z0-9_]+)\(/ ) {
$sym = $1;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index f7d6cb5..964f581 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -261,7 +261,7 @@ ASN1_NULL_free 262 1_1_0 EXIST::FUNCTION:
EC_KEY_copy 263 1_1_0 EXIST::FUNCTION:EC
EVP_des_ede3 264 1_1_0 EXIST::FUNCTION:DES
PKCS7_add1_attrib_digest 265 1_1_0 EXIST::FUNCTION:
-EC_POINT_get_affine_coordinates_GFp 266 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC
+EC_POINT_get_affine_coordinates_GFp 266 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC
EVP_seed_ecb 267 1_1_0 EXIST::FUNCTION:SEED
BIO_dgram_sctp_wait_for_dry 268 1_1_0 EXIST::FUNCTION:DGRAM,SCTP
ASN1_OCTET_STRING_NDEF_it 269 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -285,7 +285,7 @@ X509V3_EXT_get_nid 285 1_1_0 EXIST::FUNCTION:
BIO_s_log 286 1_1_0 EXIST::FUNCTION:
EC_POINT_set_to_infinity 287 1_1_0 EXIST::FUNCTION:EC
EVP_des_ede_ofb 288 1_1_0 EXIST::FUNCTION:DES
-ECDH_KDF_X9_62 289 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC
+ECDH_KDF_X9_62 289 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC
ASN1_UNIVERSALSTRING_to_string 290 1_1_0 EXIST::FUNCTION:
CRYPTO_gcm128_setiv 291 1_1_0 EXIST::FUNCTION:
ASN1_PCTX_set_oid_flags 292 1_1_0 EXIST::FUNCTION:
@@ -544,7 +544,7 @@ CONF_get_number 544 1_1_0 EXIST::FUNCTION:
X509_EXTENSION_get_object 545 1_1_0 EXIST::FUNCTION:
X509_EXTENSIONS_it 546 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_EXTENSIONS_it 546 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_POINT_set_compressed_coordinates_GF2m 547 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M
+EC_POINT_set_compressed_coordinates_GF2m 547 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC,EC2M
RSA_sign_ASN1_OCTET_STRING 548 1_1_0 EXIST::FUNCTION:RSA
d2i_X509_CRL_fp 549 1_1_0 EXIST::FUNCTION:STDIO
i2d_RSA_PUBKEY 550 1_1_0 EXIST::FUNCTION:RSA
@@ -638,7 +638,7 @@ X509_REVOKED_it 638 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:
X509_REVOKED_it 638 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
CRYPTO_THREAD_write_lock 639 1_1_0 EXIST::FUNCTION:
X509V3_NAME_from_section 640 1_1_0 EXIST::FUNCTION:
-EC_POINT_set_compressed_coordinates_GFp 641 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC
+EC_POINT_set_compressed_coordinates_GFp 641 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC
OCSP_SINGLERESP_get0_id 642 1_1_0 EXIST::FUNCTION:OCSP
UI_add_info_string 643 1_1_0 EXIST::FUNCTION:
OBJ_NAME_remove 644 1_1_0 EXIST::FUNCTION:
@@ -728,7 +728,7 @@ BIO_snprintf 726 1_1_0 EXIST::FUNCTION:
EC_POINT_hex2point 727 1_1_0 EXIST::FUNCTION:EC
X509v3_get_ext_by_critical 728 1_1_0 EXIST::FUNCTION:
ENGINE_get_default_RSA 729 1_1_0 EXIST::FUNCTION:ENGINE
-DSA_sign_setup 730 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,DSA
+DSA_sign_setup 730 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_3,DSA
OPENSSL_sk_new_null 731 1_1_0 EXIST::FUNCTION:
PEM_read_PKCS8 732 1_1_0 EXIST::FUNCTION:STDIO
BN_mod_sqr 733 1_1_0 EXIST::FUNCTION:
@@ -1768,8 +1768,8 @@ ASYNC_init_thread 1755 1_1_0 EXIST::FUNCTION:
OCSP_BASICRESP_get_ext_by_OBJ 1756 1_1_0 EXIST::FUNCTION:OCSP
X509_reject_clear 1757 1_1_0 EXIST::FUNCTION:
DH_security_bits 1758 1_1_0 EXIST::FUNCTION:DH
-LONG_it 1759 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DEPRECATEDIN_1_2_0
-LONG_it 1759 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DEPRECATEDIN_1_2_0
+LONG_it 1759 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DEPRECATEDIN_3
+LONG_it 1759 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DEPRECATEDIN_3
ASN1_dup 1760 1_1_0 EXIST::FUNCTION:
TS_RESP_new 1761 1_1_0 EXIST::FUNCTION:TS
i2d_PKCS8PrivateKeyInfo_fp 1762 1_1_0 EXIST::FUNCTION:STDIO
@@ -1834,8 +1834,8 @@ X509V3_EXT_add_list 1821 1_1_0 EXIST::FUNCTION:
CMS_compress 1822 1_1_0 EXIST::FUNCTION:CMS
X509_get_ext_by_critical 1823 1_1_0 EXIST::FUNCTION:
ASYNC_WAIT_CTX_clear_fd 1824 1_1_0 EXIST::FUNCTION:
-ZLONG_it 1825 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DEPRECATEDIN_1_2_0
-ZLONG_it 1825 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DEPRECATEDIN_1_2_0
+ZLONG_it 1825 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DEPRECATEDIN_3
+ZLONG_it 1825 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DEPRECATEDIN_3
OPENSSL_sk_find_ex 1826 1_1_0 EXIST::FUNCTION:
ASN1_ENUMERATED_to_BN 1827 1_1_0 EXIST::FUNCTION:
X509_CRL_get_ext_d2i 1828 1_1_0 EXIST::FUNCTION:
@@ -1874,7 +1874,7 @@ i2b_PrivateKey_bio 1858 1_1_0 EXIST::FUNCTION:DSA
ASN1_STRING_length_set 1859 1_1_0 EXIST::FUNCTION:
PEM_write_PKCS8 1860 1_1_0 EXIST::FUNCTION:STDIO
PKCS7_digest_from_attributes 1861 1_1_0 EXIST::FUNCTION:
-EC_GROUP_set_curve_GFp 1862 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC
+EC_GROUP_set_curve_GFp 1862 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC
X509_PURPOSE_get0 1863 1_1_0 EXIST::FUNCTION:
EVP_PKEY_set1_DSA 1864 1_1_0 EXIST::FUNCTION:DSA
X509_NAME_it 1865 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -1982,7 +1982,7 @@ X509_CRL_it 1966 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
d2i_X509_ALGOR 1967 1_1_0 EXIST::FUNCTION:
PKCS12_PBE_keyivgen 1968 1_1_0 EXIST::FUNCTION:
BIO_test_flags 1969 1_1_0 EXIST::FUNCTION:
-EC_POINT_get_affine_coordinates_GF2m 1970 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M
+EC_POINT_get_affine_coordinates_GF2m 1970 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC,EC2M
EVP_ENCODE_CTX_num 1971 1_1_0 EXIST::FUNCTION:
Camellia_cfb1_encrypt 1972 1_1_0 EXIST::FUNCTION:CAMELLIA
NCONF_load_fp 1973 1_1_0 EXIST::FUNCTION:STDIO
@@ -2183,7 +2183,7 @@ i2d_ASN1_T61STRING 2156 1_1_0 EXIST::FUNCTION:
X509_add1_trust_object 2157 1_1_0 EXIST::FUNCTION:
PEM_write_X509 2158 1_1_0 EXIST::FUNCTION:STDIO
BN_CTX_free 2159 1_1_0 EXIST::FUNCTION:
-EC_GROUP_get_curve_GF2m 2160 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M
+EC_GROUP_get_curve_GF2m 2160 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC,EC2M
EVP_MD_flags 2161 1_1_0 EXIST::FUNCTION:
OPENSSL_sk_set 2162 1_1_0 EXIST::FUNCTION:
OCSP_request_sign 2163 1_1_0 EXIST::FUNCTION:OCSP
@@ -2263,7 +2263,7 @@ ENGINE_set_name 2235 1_1_0 EXIST::FUNCTION:ENGINE
TS_TST_INFO_get_policy_id 2236 1_1_0 EXIST::FUNCTION:TS
PKCS7_SIGNER_INFO_set 2237 1_1_0 EXIST::FUNCTION:
PEM_write_bio_PKCS8_PRIV_KEY_INFO 2238 1_1_0 EXIST::FUNCTION:
-EC_GROUP_set_curve_GF2m 2239 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M
+EC_GROUP_set_curve_GF2m 2239 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC,EC2M
ENGINE_load_builtin_engines 2240 1_1_0 EXIST::FUNCTION:ENGINE
SRP_VBASE_init 2241 1_1_0 EXIST::FUNCTION:SRP
SHA224_Final 2242 1_1_0 EXIST::FUNCTION:
@@ -2983,7 +2983,7 @@ EVP_aes_192_cbc 2936 1_1_0 EXIST::FUNCTION:
PKCS8_pkey_set0 2937 1_1_0 EXIST::FUNCTION:
X509_get1_email 2938 1_1_0 EXIST::FUNCTION:
EC_POINT_point2oct 2939 1_1_0 EXIST::FUNCTION:EC
-EC_GROUP_get_curve_GFp 2940 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC
+EC_GROUP_get_curve_GFp 2940 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC
ASYNC_block_pause 2941 1_1_0 EXIST::FUNCTION:
OCSP_SINGLERESP_get_ext 2942 1_1_0 EXIST::FUNCTION:OCSP
CRYPTO_strdup 2943 1_1_0 EXIST::FUNCTION:
@@ -3234,7 +3234,7 @@ X509_NAME_oneline 3186 1_1_0 EXIST::FUNCTION:
X509V3_set_nconf 3187 1_1_0 EXIST::FUNCTION:
RSAPrivateKey_dup 3188 1_1_0 EXIST::FUNCTION:RSA
BN_mod_add 3189 1_1_0 EXIST::FUNCTION:
-EC_POINT_set_affine_coordinates_GFp 3190 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC
+EC_POINT_set_affine_coordinates_GFp 3190 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC
X509_get_default_cert_file 3191 1_1_0 EXIST::FUNCTION:
UI_method_set_flusher 3192 1_1_0 EXIST::FUNCTION:
RSA_new_method 3193 1_1_0 EXIST::FUNCTION:RSA
@@ -3263,7 +3263,7 @@ CMS_RecipientInfo_get0_pkey_ctx 3215 1_1_0 EXIST::FUNCTION:CMS
OCSP_REQINFO_free 3216 1_1_0 EXIST::FUNCTION:OCSP
AUTHORITY_KEYID_new 3217 1_1_0 EXIST::FUNCTION:
i2d_DIST_POINT_NAME 3218 1_1_0 EXIST::FUNCTION:
-OpenSSL_version_num 3219 1_1_0 EXIST::FUNCTION:
+OpenSSL_version_num 3219 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_3
OCSP_CERTID_free 3220 1_1_0 EXIST::FUNCTION:OCSP
BIO_hex_string 3221 1_1_0 EXIST::FUNCTION:
X509_REQ_sign_ctx 3222 1_1_0 EXIST::FUNCTION:
@@ -3572,7 +3572,7 @@ PROXY_CERT_INFO_EXTENSION_new 3523 1_1_0 EXIST::FUNCTION:
EVP_bf_cbc 3524 1_1_0 EXIST::FUNCTION:BF
DSA_do_verify 3525 1_1_0 EXIST::FUNCTION:DSA
EC_GROUP_get_seed_len 3526 1_1_0 EXIST::FUNCTION:EC
-EC_POINT_set_affine_coordinates_GF2m 3527 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M
+EC_POINT_set_affine_coordinates_GF2m 3527 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC,EC2M
TS_REQ_set_policy_id 3528 1_1_0 EXIST::FUNCTION:TS
BIO_callback_ctrl 3529 1_1_0 EXIST::FUNCTION:
v2i_GENERAL_NAME 3530 1_1_0 EXIST::FUNCTION:
@@ -4577,29 +4577,34 @@ OCSP_resp_get0_respdata 4530 1_1_0j EXIST::FUNCTION:OCSP
EVP_MD_CTX_set_pkey_ctx 4531 1_1_1 EXIST::FUNCTION:
EVP_PKEY_meth_set_digest_custom 4532 1_1_1 EXIST::FUNCTION:
EVP_PKEY_meth_get_digest_custom 4533 1_1_1 EXIST::FUNCTION:
-EVP_MAC_CTX_new 4534 1_1_2 EXIST::FUNCTION:
-EVP_MAC_CTX_new_id 4535 1_1_2 EXIST::FUNCTION:
-EVP_MAC_CTX_free 4536 1_1_2 EXIST::FUNCTION:
-EVP_MAC_CTX_copy 4537 1_1_2 EXIST::FUNCTION:
-EVP_MAC_CTX_mac 4538 1_1_2 EXIST::FUNCTION:
-EVP_MAC_size 4539 1_1_2 EXIST::FUNCTION:
-EVP_MAC_init 4540 1_1_2 EXIST::FUNCTION:
-EVP_MAC_update 4541 1_1_2 EXIST::FUNCTION:
-EVP_MAC_final 4542 1_1_2 EXIST::FUNCTION:
-EVP_MAC_ctrl 4543 1_1_2 EXIST::FUNCTION:
-EVP_MAC_vctrl 4544 1_1_2 EXIST::FUNCTION:
-EVP_MAC_ctrl_str 4545 1_1_2 EXIST::FUNCTION:
-EVP_MAC_str2ctrl 4546 1_1_2 EXIST::FUNCTION:
-EVP_MAC_hex2ctrl 4547 1_1_2 EXIST::FUNCTION:
-EVP_MAC_nid 4548 1_1_2 EXIST::FUNCTION:
-EVP_get_macbyname 4549 1_1_2 EXIST::FUNCTION:
-EVP_MAC_do_all 4550 1_1_2 EXIST::FUNCTION:
-EVP_MAC_do_all_sorted 4551 1_1_2 EXIST::FUNCTION:
-EVP_str2ctrl 4552 1_1_2 EXIST::FUNCTION:
-EVP_hex2ctrl 4553 1_1_2 EXIST::FUNCTION:
-EVP_PKEY_supports_digest_nid 4554 1_1_2 EXIST::FUNCTION:
-SRP_VBASE_add0_user 4555 1_1_2 EXIST::FUNCTION:SRP
-SRP_user_pwd_new 4556 1_1_2 EXIST::FUNCTION:SRP
-SRP_user_pwd_set_gN 4557 1_1_2 EXIST::FUNCTION:SRP
-SRP_user_pwd_set1_ids 4558 1_1_2 EXIST::FUNCTION:SRP
-SRP_user_pwd_set0_sv 4559 1_1_2 EXIST::FUNCTION:SRP
+EVP_MAC_CTX_new 4534 3_0_0 EXIST::FUNCTION:
+EVP_MAC_CTX_new_id 4535 3_0_0 EXIST::FUNCTION:
+EVP_MAC_CTX_free 4536 3_0_0 EXIST::FUNCTION:
+EVP_MAC_CTX_copy 4537 3_0_0 EXIST::FUNCTION:
+EVP_MAC_CTX_mac 4538 3_0_0 EXIST::FUNCTION:
+EVP_MAC_size 4539 3_0_0 EXIST::FUNCTION:
+EVP_MAC_init 4540 3_0_0 EXIST::FUNCTION:
+EVP_MAC_update 4541 3_0_0 EXIST::FUNCTION:
+EVP_MAC_final 4542 3_0_0 EXIST::FUNCTION:
+EVP_MAC_ctrl 4543 3_0_0 EXIST::FUNCTION:
+EVP_MAC_vctrl 4544 3_0_0 EXIST::FUNCTION:
+EVP_MAC_ctrl_str 4545 3_0_0 EXIST::FUNCTION:
+EVP_MAC_str2ctrl 4546 3_0_0 EXIST::FUNCTION:
+EVP_MAC_hex2ctrl 4547 3_0_0 EXIST::FUNCTION:
+EVP_MAC_nid 4548 3_0_0 EXIST::FUNCTION:
+EVP_get_macbyname 4549 3_0_0 EXIST::FUNCTION:
+EVP_MAC_do_all 4550 3_0_0 EXIST::FUNCTION:
+EVP_MAC_do_all_sorted 4551 3_0_0 EXIST::FUNCTION:
+EVP_str2ctrl 4552 3_0_0 EXIST::FUNCTION:
+EVP_hex2ctrl 4553 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_supports_digest_nid 4554 3_0_0 EXIST::FUNCTION:
+SRP_VBASE_add0_user 4555 3_0_0 EXIST::FUNCTION:SRP
+SRP_user_pwd_new 4556 3_0_0 EXIST::FUNCTION:SRP
+SRP_user_pwd_set_gN 4557 3_0_0 EXIST::FUNCTION:SRP
+SRP_user_pwd_set1_ids 4558 3_0_0 EXIST::FUNCTION:SRP
+SRP_user_pwd_set0_sv 4559 3_0_0 EXIST::FUNCTION:SRP
+OPENSSL_version_major 4560 3_0_0 EXIST::FUNCTION:
+OPENSSL_version_minor 4561 3_0_0 EXIST::FUNCTION:
+OPENSSL_version_patch 4562 3_0_0 EXIST::FUNCTION:
+OPENSSL_version_pre_release 4563 3_0_0 EXIST::FUNCTION:
+OPENSSL_version_build_metadata 4564 3_0_0 EXIST::FUNCTION:
diff --git a/util/mkdef.pl b/util/mkdef.pl
index b40fd26..eac4f50 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -193,8 +193,8 @@ sub feature_filter {
if ($apiv) {
foreach (@features) {
- next unless /^DEPRECATEDIN_(\d+)_(\d+)_(\d+)$/;
- my $symdep = sprintf "%x%02x%02x", $1, $2, $3;
+ next unless /^DEPRECATEDIN_(\d+)(?:_(\d+)_(\d+))?$/;
+ my $symdep = sprintf "%x%02x%02x", $1, ($2 // 0), ($3 // 0);
$verdict = 0 if $apiv ge $symdep;
}
}
@@ -386,19 +386,9 @@ _____
_____
if (defined $version) {
- my ($libvmajor, $libvminor, $libvedit, $libvpatch) =
- $version =~ /^(\d+)_(\d+)_(\d+)([a-z]{0,2})(?:-.*)?$/;
- my $libvpatchnum = 0;
- for (split '', $libvpatch // '') {
- $libvpatchnum += ord(lc($_)) - 96;
- # To compensate because the letter 'z' is always followed by
- # another, i.e. doesn't add any value on its own
- $libvpatchnum-- if lc($_) eq 'z';
- }
- my $match1 = $libvmajor * 100 + $libvminor;
- my $match2 = $libvedit * 100 + $libvpatchnum;
+ my ($libvmajor, $libvminor) = $version =~ /^(\d+)_(\d+)$/;
print <<"_____";
-GSMATCH=LEQUAL,$match1,$match2
+GSMATCH=LEQUAL,$libvmajor,$libvminor;
_____
}
}
diff --git a/util/mkrc.pl b/util/mkrc.pl
index 6762bc4..16b1ab4 100755
--- a/util/mkrc.pl
+++ b/util/mkrc.pl
@@ -10,33 +10,9 @@ use strict;
use warnings;
use lib ".";
use configdata;
-use File::Spec::Functions;
-my $versionfile = catfile( $config{sourcedir}, "include/openssl/opensslv.h" );
-
-my ( $ver, $v1, $v2, $v3, $v4, $beta, $version );
-
-open FD, $versionfile or die "Couldn't open include/openssl/opensslv.h: $!\n";
-while (<FD>) {
- if (/OPENSSL_VERSION_NUMBER\s+(0x[0-9a-f]+)/i) {
- $ver = hex($1);
- $v1 = ( $ver >> 28 );
- $v2 = ( $ver >> 20 ) & 0xff;
- $v3 = ( $ver >> 12 ) & 0xff;
- $v4 = ( $ver >> 4 ) & 0xff;
- $beta = $ver & 0xf;
- $version = "$v1.$v2.$v3";
- if ( $beta == 0xf ) {
- $version .= chr( ord('a') + $v4 - 1 ) if ($v4);
- } elsif ( $beta == 0 ) {
- $version .= "-dev";
- } else {
- $version .= "-beta$beta";
- }
- last;
- }
-}
-close(FD);
+my $cversion = "$config{major},$config{minor},$config{patch}";
+my $version = "$config{major}.$config{minor}.$config{patch}$config{prerelease}$config{build_metadata}";
my $filename = $ARGV[0];
my $description = "OpenSSL library";
@@ -53,8 +29,8 @@ print <<___;
LANGUAGE 0x09,0x01
1 VERSIONINFO
- FILEVERSION $v1,$v2,$v3,$v4
- PRODUCTVERSION $v1,$v2,$v3,$v4
+ FILEVERSION $cversion
+ PRODUCTVERSION $cversion
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x01L
diff --git a/util/perl/OpenSSL/Ordinals.pm b/util/perl/OpenSSL/Ordinals.pm
index 07bdf81..928e383 100644
--- a/util/perl/OpenSSL/Ordinals.pm
+++ b/util/perl/OpenSSL/Ordinals.pm
@@ -638,7 +638,7 @@ STRING must conform to the following EBNF description:
space = " " | "\t";
symbol = ( letter | "_"), { letter | digit | "_" };
ordinal = number;
- version = number, "_", number, "_", number, letter, [ letter ];
+ version = number, "_", number, "_", number, [ letter, [ letter ] ];
exist = "EXIST" | "NOEXIST";
platforms = platform, { ",", platform };
platform = ( letter | "_" ) { letter | digit | "_" };
@@ -678,7 +678,7 @@ sub new {
unless ( scalar @a == 4
&& $a[0] =~ /^[A-Za-z_][A-Za-z_0-9]*$/
&& $a[1] =~ /^\d+$/
- && $a[2] =~ /^(?:\*|\d+_\d+_\d+(?:[a-z]{0,2}))$/
+ && $a[2] =~ /^(?:\*|\d+_\d+_\d+[a-z]{0,2})$/
&& $a[3] =~ /^
(?:NO)?EXIST:
[^:]*:
@@ -841,6 +841,8 @@ OpenSSL::Ordinals::Item objects.
=cut
sub by_version {
+ # Until we're rid of everything with the old version scheme,
+ # we need to be able to handle older style x.y.zl versions.
sub _ossl_versionsplit {
my $textversion = shift;
return $textversion if $textversion eq '*';
@@ -891,7 +893,7 @@ sub f_version {
$version =~ s|\.|_|g if $version;
croak "No version specified"
- unless $version && $version =~ /^\d_\d_\d[a-z]{0,2}$/;
+ unless $version && $version =~ /^\d+_\d+_\d+[a-z]{0,2}$/;
return sub { $_[0]->version() eq $version };
}
diff --git a/util/perl/OpenSSL/ParseC.pm b/util/perl/OpenSSL/ParseC.pm
index ba2427c..2a009b3 100644
--- a/util/perl/OpenSSL/ParseC.pm
+++ b/util/perl/OpenSSL/ParseC.pm
@@ -65,21 +65,11 @@ my @opensslcpphandlers = (
# These are used to convert certain pre-precessor expressions into
# others that @cpphandlers have a better chance to understand.
- { regexp => qr/#if OPENSSL_API_COMPAT(\S+)(0x[0-9a-fA-F]{8})L$/,
+ { regexp => qr/#if (!?)OPENSSL_API_([0-9_]+)$/,
massager => sub {
- my $op = $1;
- my $v = hex($2);
- if ($op ne '<' && $op ne '>=') {
- die "Error: unacceptable operator $op: $_[0]\n";
- }
- my ($one, $major, $minor) =
- ( ($v >> 28) & 0xf,
- ($v >> 20) & 0xff,
- ($v >> 12) & 0xff );
- my $t = "DEPRECATEDIN_${one}_${major}_${minor}";
- my $cond = $op eq '<' ? 'ifndef' : 'ifdef';
+ my $cnd = $1 eq '!' ? 'ndef' : 'def';
return (<<"EOF");
-#$cond $t
+#if$cnd DEPRECATEDIN_$2
EOF
}
}
@@ -284,7 +274,7 @@ EOF
# We trick the parser by pretending that the declaration is wrapped in a
# check if the DEPRECATEDIN macro is defined or not. Callers of parse()
# will have to decide what to do with it.
- { regexp => qr/(DEPRECATEDIN_\d+_\d+_\d+)<<<\((.*)\)>>>/,
+ { regexp => qr/(DEPRECATEDIN_\d+(?:_\d+_\d+)?)<<<\((.*)\)>>>/,
massager => sub { return (<<"EOF");
#ifndef $1
$2;
diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm
index 9564b26..a9436e6 100644
--- a/util/perl/OpenSSL/Test.pm
+++ b/util/perl/OpenSSL/Test.pm
@@ -810,9 +810,9 @@ sub quotify {
=item B<openssl_versions>
-Returns a list of two numbers, the first representing the build version,
-the second representing the library version. See opensslv.h for more
-information on those numbers.
+Returns a list of two version numbers, the first representing the build
+version, the second representing the library version. See opensslv.h for
+more information on those numbers.
=back
@@ -823,9 +823,8 @@ sub openssl_versions {
unless (@versions) {
my %lines =
map { s/\R$//;
- /^(.*): (0x[[:xdigit:]]{8})$/;
- die "Weird line: $_" unless defined $1;
- $1 => hex($2) }
+ /^(.*): (.*)$/;
+ $1 => $2 }
run(test(['versions']), capture => 1);
@versions = ( $lines{'Build version'}, $lines{'Library version'} );
}
diff --git a/util/private.num b/util/private.num
index d6724ed..8e89f1f 100644
--- a/util/private.num
+++ b/util/private.num
@@ -282,7 +282,14 @@ EVP_rc5_32_12_16_cfb define
EVP_seed_cfb define
EVP_sm4_cfb define
OBJ_cleanup define deprecated 1.1.0
-OPENSSL_VERSION_NUMBER define
+OPENSSL_VERSION_MAJOR define
+OPENSSL_VERSION_MINOR define
+OPENSSL_VERSION_NUMBER define deprecated 3.0.0
+OPENSSL_VERSION_PATCH define
+OPENSSL_VERSION_PRE_RELEASE define
+OPENSSL_VERSION_BUILD_METADATA define
+OPENSSL_VERSION_PRE_RELEASE_STR define
+OPENSSL_VERSION_BUILD_METADATA_STR define
OPENSSL_VERSION_TEXT define
OPENSSL_clear_free define
OPENSSL_clear_realloc define
More information about the openssl-commits
mailing list