[openssl] master update

Richard Levitte levitte at openssl.org
Fri Dec 13 09:14:35 UTC 2019 

The branch master has been updated
       via  46994f71631922565924e3ca6303950c36337b33 (commit)
      from  97ba39547d4c79b60131475a1512cc7d7e8952b2 (commit)


- Log -----------------------------------------------------------------
commit 46994f71631922565924e3ca6303950c36337b33
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Dec 11 14:36:36 2019 +0100

    Add better support for using deprecated symbols internally
    
    OPENSSL_SUPPRESS_DEPRECATED only does half the job, in telling the
    deprecation macros not to add the warning attribute.  However, with
    'no-deprecated', the symbols are still removed entirely, while we
    might still want to use them internally.
    
    The solution is to permit <openssl/opensslconf.h> macros to be
    modified internally, such as undefining OPENSSL_NO_DEPRECATED in this
    case.
    
    However, with the way <openssl/opensslconf.h> includes
    <openssl/macros.h>, that's easier said than done.  That's solved by
    generating <openssl/configuration.h> instead, and add a new
    <openssl/opensslconf.h> that includes <openssl/configuration.h> as
    well as <openssl/macros.h>, thus allowing to replace an inclusion of
    <openssl/opensslconf.h> with this:
    
        #include <openssl/configuration.h>
    
        #undef OPENSSL_NO_DEPRECATED
        #define OPENSSL_SUPPRESS_DEPRECATED
    
        #include <openssl/macros.h>
    
    Or simply add the following prior to any other openssl inclusion:
    
        #include <openssl/configuration.h>
    
        #undef OPENSSL_NO_DEPRECATED
        #define OPENSSL_SUPPRESS_DEPRECATED
    
    Note that undefining OPENSSL_NO_DEPRECATED must never be done by
    applications, since the symbols must still be exported by the
    library.  Internal test programs are excempt of this rule, though.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/10608)

-----------------------------------------------------------------------

Summary of changes:
 .gitignore                                           |  2 +-
 CHANGES                                              | 20 ++++++++++++++++++++
 INSTALL                                              |  4 ++--
 build.info                                           |  4 ++--
 .../openssl/{opensslconf.h.in => configuration.h.in} |  8 +++-----
 .../app_params.h => include/openssl/opensslconf.h    |  7 +++++--
 6 files changed, 33 insertions(+), 12 deletions(-)
 rename include/openssl/{opensslconf.h.in => configuration.h.in} (91%)
 copy apps/include/app_params.h => include/openssl/opensslconf.h (67%)

diff --git a/.gitignore b/.gitignore
index 0d02ecdf8f..659be22843 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,7 +22,7 @@
 # Auto generated headers
 /crypto/buildinf.h
 /include/crypto/*_conf.h
-/include/openssl/opensslconf.h
+/include/openssl/configuration.h
 /include/openssl/opensslv.h
 
 # Auto generated doc files
diff --git a/CHANGES b/CHANGES
index e0b15b35f6..45f97e6740 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,26 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 
+  *) Removed include/openssl/opensslconf.h.in and replaced it with
+     include/openssl/configuration.h.in, which differs in not including
+     <openssl/macros.h>.  A short header include/openssl/opensslconf.h
+     was added to include both.
+
+     This allows internal hacks where one might need to modify the set
+     of configured macros, for example this if deprecated symbols are
+     still supposed to be available internally:
+
+         #include <openssl/configuration.h>
+
+         #undef OPENSSL_NO_DEPRECATED
+         #define OPENSSL_SUPPRESS_DEPRECATED
+
+         #include <openssl/macros.h>
+
+     This should not be used by applications that use the exported
+     symbols, as that will lead to linking errors.
+     [Richard Levitte]
+
   *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure
      used in exponentiation with 512-bit moduli. No EC algorithms are
      affected. Analysis suggests that attacks against 2-prime RSA1024,
diff --git a/INSTALL b/INSTALL
index 7578733f4e..4dcc452562 100644
--- a/INSTALL
+++ b/INSTALL
@@ -836,8 +836,8 @@
 
      Configure creates a build file ("Makefile" on Unix, "makefile" on Windows
      and "descrip.mms" on OpenVMS) from a suitable template in Configurations,
-     and defines various macros in include/openssl/opensslconf.h (generated from
-     include/openssl/opensslconf.h.in).
+     and defines various macros in include/openssl/configuration.h (generated
+     from include/openssl/configuration.h.in).
 
  1c. Configure OpenSSL for building outside of the source tree.
 
diff --git a/build.info b/build.info
index a28ddbe739..6cfa2017c4 100644
--- a/build.info
+++ b/build.info
@@ -9,11 +9,11 @@ DEPEND[libssl]=libcrypto
 
 # Empty DEPEND "indices" means the dependencies are expected to be built
 # unconditionally before anything else.
-DEPEND[]=include/openssl/opensslconf.h include/openssl/opensslv.h \
+DEPEND[]=include/openssl/configuration.h include/openssl/opensslv.h \
          include/crypto/bn_conf.h include/crypto/dso_conf.h \
          doc/man7/openssl_user_macros.pod
 
-GENERATE[include/openssl/opensslconf.h]=include/openssl/opensslconf.h.in
+GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in
 GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in
 GENERATE[include/crypto/bn_conf.h]=include/crypto/bn_conf.h.in
 GENERATE[include/crypto/dso_conf.h]=include/crypto/dso_conf.h.in
diff --git a/include/openssl/opensslconf.h.in b/include/openssl/configuration.h.in
similarity index 91%
rename from include/openssl/opensslconf.h.in
rename to include/openssl/configuration.h.in
index c0ef3ddcff..00a4fc0aa3 100644
--- a/include/openssl/opensslconf.h.in
+++ b/include/openssl/configuration.h.in
@@ -9,8 +9,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef OPENSSL_OPENSSLCONF_H
-# define OPENSSL_OPENSSLCONF_H
+#ifndef OPENSSL_CONFIGURATION_H
+# define OPENSSL_CONFIGURATION_H
 
 # ifdef  __cplusplus
 extern "C" {
@@ -65,6 +65,4 @@ extern "C" {
 }
 # endif
 
-# include <openssl/macros.h>
-
-#endif                          /* OPENSSL_OPENSSLCONF_H */
+#endif                          /* OPENSSL_CONFIGURATION_H */
diff --git a/apps/include/app_params.h b/include/openssl/opensslconf.h
similarity index 67%
copy from apps/include/app_params.h
copy to include/openssl/opensslconf.h
index 2060b5200e..9a49bceea3 100644
--- a/apps/include/app_params.h
+++ b/include/openssl/opensslconf.h
@@ -7,7 +7,10 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/core.h>
+#ifndef OPENSSL_OPENSSLCONF_H
+# define OPENSSL_OPENSSLCONF_H
 
-int print_param_types(const char *thing, const OSSL_PARAM *pdefs, int indent);
+#include <openssl/configuration.h>
+#include <openssl/macros.h>
 
+#endif  /* OPENSSL_OPENSSLCONF_H */

More information about the openssl-commits mailing list