diff options
author | Richard Levitte <levitte@openssl.org> | 2019-12-11 14:36:36 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2019-12-13 10:09:49 +0100 |
commit | 46994f71631922565924e3ca6303950c36337b33 (patch) | |
tree | f8c702f9f06e6263dd5bb46b82135bb264e11e74 /CHANGES | |
parent | 97ba39547d4c79b60131475a1512cc7d7e8952b2 (diff) | |
download | openssl-new-46994f71631922565924e3ca6303950c36337b33.tar.gz |
Add better support for using deprecated symbols internally
OPENSSL_SUPPRESS_DEPRECATED only does half the job, in telling the
deprecation macros not to add the warning attribute. However, with
'no-deprecated', the symbols are still removed entirely, while we
might still want to use them internally.
The solution is to permit <openssl/opensslconf.h> macros to be
modified internally, such as undefining OPENSSL_NO_DEPRECATED in this
case.
However, with the way <openssl/opensslconf.h> includes
<openssl/macros.h>, that's easier said than done. That's solved by
generating <openssl/configuration.h> instead, and add a new
<openssl/opensslconf.h> that includes <openssl/configuration.h> as
well as <openssl/macros.h>, thus allowing to replace an inclusion of
<openssl/opensslconf.h> with this:
#include <openssl/configuration.h>
#undef OPENSSL_NO_DEPRECATED
#define OPENSSL_SUPPRESS_DEPRECATED
#include <openssl/macros.h>
Or simply add the following prior to any other openssl inclusion:
#include <openssl/configuration.h>
#undef OPENSSL_NO_DEPRECATED
#define OPENSSL_SUPPRESS_DEPRECATED
Note that undefining OPENSSL_NO_DEPRECATED must never be done by
applications, since the symbols must still be exported by the
library. Internal test programs are excempt of this rule, though.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10608)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 20 |
1 files changed, 20 insertions, 0 deletions
@@ -9,6 +9,26 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Removed include/openssl/opensslconf.h.in and replaced it with + include/openssl/configuration.h.in, which differs in not including + <openssl/macros.h>. A short header include/openssl/opensslconf.h + was added to include both. + + This allows internal hacks where one might need to modify the set + of configured macros, for example this if deprecated symbols are + still supposed to be available internally: + + #include <openssl/configuration.h> + + #undef OPENSSL_NO_DEPRECATED + #define OPENSSL_SUPPRESS_DEPRECATED + + #include <openssl/macros.h> + + This should not be used by applications that use the exported + symbols, as that will lead to linking errors. + [Richard Levitte] + *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, |