add OPENSSL_DEPRECATED macro for no-op functions

aws · Mar 8, 2024 · d6e8b8b · d6e8b8b
1 parent a436cec
commit d6e8b8b
Show file tree

Hide file tree

Showing 14 changed files with 165 additions and 128 deletions.
diff --git a/crypto/rand_extra/rand_extra.c b/crypto/rand_extra/rand_extra.c
@@ -54,6 +54,7 @@ int RAND_status(void) {
   return 1;
 }
 
+OPENSSL_BEGIN_ALLOW_DEPRECATED
 static const struct rand_meth_st kSSLeayMethod = {
   RAND_seed,
   RAND_bytes,
@@ -62,6 +63,7 @@ static const struct rand_meth_st kSSLeayMethod = {
   RAND_pseudo_bytes,
   RAND_status,
 };
+OPENSSL_END_ALLOW_DEPRECATED
 
 RAND_METHOD *RAND_SSLeay(void) {
   return (RAND_METHOD*) &kSSLeayMethod;

diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
@@ -1406,8 +1406,8 @@ OPENSSL_EXPORT int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
 // ASN1_TIME conversion functions.
 //
 // |struct| |tm| represents a calendar date: year, month, day... it is not
-// necessarily a valid day, e.g. month 13. |time_t| is a typedef for the system's
-// type that represents the seconds since the UNIX epoch. Posix time is
+// necessarily a valid day, e.g. month 13. |time_t| is a typedef for the
+// system's type that represents the seconds since the UNIX epoch. Posix time is
 // a signed 64-bit integer which also represents the seconds since the UNIX
 // epoch.
 
@@ -2011,19 +2011,22 @@ OPENSSL_EXPORT long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
 
 
 // General No-op Functions [Deprecated].
-  
+
 // ASN1_STRING_set_default_mask does nothing.
-OPENSSL_EXPORT void ASN1_STRING_set_default_mask(unsigned long mask);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void ASN1_STRING_set_default_mask(
+    unsigned long mask);
 
 // ASN1_STRING_set_default_mask_asc returns one.
-OPENSSL_EXPORT int ASN1_STRING_set_default_mask_asc(const char *p);
+OPENSSL_EXPORT OPENSSL_DEPRECATED int ASN1_STRING_set_default_mask_asc(
+    const char *p);
 
 // ASN1_STRING_get_default_mask returns |B_ASN1_UTF8STRING|. This is
 // the value AWS-LC uses by default and is not configurable.
-OPENSSL_EXPORT unsigned long ASN1_STRING_get_default_mask(void);
+OPENSSL_EXPORT OPENSSL_DEPRECATED unsigned long ASN1_STRING_get_default_mask(
+    void);
 
 // ASN1_STRING_TABLE_cleanup does nothing.
-OPENSSL_EXPORT void ASN1_STRING_TABLE_cleanup(void);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void ASN1_STRING_TABLE_cleanup(void);
 
 
 #if defined(__cplusplus)

diff --git a/include/openssl/bio.h b/include/openssl/bio.h
@@ -880,7 +880,8 @@ OPENSSL_EXPORT int (*BIO_meth_get_puts(const BIO_METHOD *method)) (BIO *, const
 // General No-op Functions [Deprecated].
 
 // BIO_set_write_buffer_size returns zero.
-OPENSSL_EXPORT int BIO_set_write_buffer_size(BIO *bio, int buffer_size);
+OPENSSL_EXPORT OPENSSL_DEPRECATED int BIO_set_write_buffer_size(
+    BIO *bio, int buffer_size);
 
 
 // Private functions

diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h
@@ -356,7 +356,7 @@ OPENSSL_EXPORT int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
 #define EVP_CIPH_CCM_MODE 0x8
 
 // Buffer length in bits not bytes: CFB1 mode only.
-# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
+#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
 // The following values are never returned from |EVP_CIPHER_mode| and are
 // included only to make it easier to compile code with BoringSSL.
 #define EVP_CIPH_OCB_MODE 0x9
@@ -409,7 +409,8 @@ OPENSSL_EXPORT int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
 // the named cipher algorithm. They are imported from OpenSSL to provide AES CBC
 // HMAC SHA stitch implementation. These methods are TLS specific.
 //
-// WARNING: these APIs usage can get wrong easily. Below functions include details.
+// WARNING: these APIs usage can get wrong easily. Below functions include
+// details.
 //     |aesni_cbc_hmac_sha1_cipher| and |aesni_cbc_hmac_sha256_cipher|.
 
 
@@ -559,16 +560,17 @@ OPENSSL_EXPORT OPENSSL_DEPRECATED const EVP_CIPHER *EVP_cast5_cbc(void);
 
 // EVP_CIPHER_CTX_set_flags does nothing. We strongly discourage doing
 // any additional configurations when consuming |EVP_CIPHER_CTX|.
-OPENSSL_EXPORT void EVP_CIPHER_CTX_set_flags(const EVP_CIPHER_CTX *ctx,
-                                             uint32_t flags);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void EVP_CIPHER_CTX_set_flags(
+    const EVP_CIPHER_CTX *ctx, uint32_t flags);
 
-// The following flags are related to |EVP_CIPHER_CTX_set_flags|. They 
+// The following flags are related to |EVP_CIPHER_CTX_set_flags|. They
 // do nothing and are included only to make it easier to compile code
 // with AWS-LC.
 #define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0
 
 // EVP_add_cipher_alias does nothing and returns one.
-OPENSSL_EXPORT int EVP_add_cipher_alias(const char *a, const char *b);
+OPENSSL_EXPORT OPENSSL_DEPRECATED int EVP_add_cipher_alias(const char *a,
+                                                           const char *b);
 
 
 // Private functions.
@@ -617,7 +619,7 @@ struct evp_cipher_ctx_st {
   const EVP_CIPHER *cipher;
 
   // app_data is a pointer to opaque, user data.
-  void *app_data;      // application stuff
+  void *app_data;  // application stuff
 
   // cipher_data points to the |cipher| specific state.
   void *cipher_data;

diff --git a/include/openssl/conf.h b/include/openssl/conf.h
@@ -59,8 +59,8 @@
 
 #include <openssl/base.h>
 
-#include <openssl/stack.h>
 #include <openssl/lhash.h>
+#include <openssl/stack.h>
 
 #if defined(__cplusplus)
 extern "C" {
@@ -136,25 +136,24 @@ OPENSSL_EXPORT const char *NCONF_get_string(const CONF *conf,
 
 // CONF_modules_load_file returns one. AWS-LC is defined to have no config
 // file options, thus loading from |filename| always succeeds by doing nothing.
-OPENSSL_EXPORT int CONF_modules_load_file(const char *filename,
-                                          const char *appname,
-                                          unsigned long flags);
+OPENSSL_EXPORT OPENSSL_DEPRECATED int CONF_modules_load_file(
+    const char *filename, const char *appname, unsigned long flags);
 
 // CONF_modules_free does nothing.
-OPENSSL_EXPORT void CONF_modules_free(void);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void CONF_modules_free(void);
 
 // CONF_modules_unload does nothing.
-OPENSSL_EXPORT void CONF_modules_unload(int all);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void CONF_modules_unload(int all);
 
 // CONF_modules_finish does nothing.
-OPENSSL_EXPORT void CONF_modules_finish(void);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void CONF_modules_finish(void);
 
 // OPENSSL_config does nothing. This has been deprecated since OpenSSL 1.1.0.
-OPENSSL_EXPORT void OPENSSL_config(const char *config_name);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void OPENSSL_config(const char *config_name);
 
 // OPENSSL_no_config does nothing. This has been deprecated since OpenSSL
 // 1.1.0.
-OPENSSL_EXPORT void OPENSSL_no_config(void);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void OPENSSL_no_config(void);
 
 
 #if defined(__cplusplus)

diff --git a/include/openssl/dh.h b/include/openssl/dh.h
@@ -353,7 +353,7 @@ OPENSSL_EXPORT DH *DH_get_2048_256(void);
 
 // DH_clear_flags does nothing and is included to simplify compiling code that
 // expects it.
-OPENSSL_EXPORT void DH_clear_flags(DH *dh, int flags);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void DH_clear_flags(DH *dh, int flags);
 
 // DH_FLAG_CACHE_MONT_P is not supported by AWS-LC and is included to simplify
 // compiling code that expects it. This flag controls if the DH APIs should

diff --git a/include/openssl/digest.h b/include/openssl/digest.h
@@ -271,7 +271,8 @@ OPENSSL_EXPORT int EVP_marshal_digest_algorithm(CBB *cbb, const EVP_MD *md);
 // EVP_MD_unstable_sha3_enable is a no-op as SHA3 is always enabled.
 OPENSSL_EXPORT void EVP_MD_unstable_sha3_enable(bool enable);
 
-// EVP_MD_unstable_sha3_is_enabled always returns true as SHA3 is always enabled.
+// EVP_MD_unstable_sha3_is_enabled always returns true as SHA3 is always
+// enabled.
 OPENSSL_EXPORT bool EVP_MD_unstable_sha3_is_enabled(void);
 
 // EVP_MD_CTX_copy sets |out|, which must /not/ be initialised, to be a copy of
@@ -312,9 +313,10 @@ OPENSSL_EXPORT int EVP_MD_nid(const EVP_MD *md);
 // associated.
 //
 // |EVP_MD_CTX_set_pkey_ctx| will overwrite any |EVP_PKEY_CTX| object associated
-// to |ctx|. If it was not associated through a previous |EVP_MD_CTX_set_pkey_ctx|
-// call, it will be freed first.
-OPENSSL_EXPORT void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
+// to |ctx|. If it was not associated through a previous
+// |EVP_MD_CTX_set_pkey_ctx| call, it will be freed first.
+OPENSSL_EXPORT void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx,
+                                            EVP_PKEY_CTX *pctx);
 
 struct evp_md_pctx_ops;
 
@@ -352,8 +354,8 @@ struct env_md_ctx_st {
 
 // General No-op Functions [Deprecated].
 
-// EVP_MD_CTX_set_flags does nothing. We strongly discourage doing any additional
-// configurations when consuming |EVP_MD_CTX|.
+// EVP_MD_CTX_set_flags does nothing. We strongly discourage doing any
+// additional configurations when consuming |EVP_MD_CTX|.
 OPENSSL_EXPORT void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
 
 // EVP_MD_CTX_FLAG_NON_FIPS_ALLOW is meaningless. In OpenSSL it permits non-FIPS
@@ -365,7 +367,7 @@ OPENSSL_EXPORT void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
 // EVP_add_digest does nothing and returns one. It exists only for
 // compatibility with OpenSSL, which requires manually loading supported digests
 // when certain options are turned on.
-OPENSSL_EXPORT int EVP_add_digest(const EVP_MD *digest);
+OPENSSL_EXPORT OPENSSL_DEPRECATED int EVP_add_digest(const EVP_MD *digest);
 
 
 #if defined(__cplusplus)

diff --git a/include/openssl/ec.h b/include/openssl/ec.h
@@ -432,17 +432,19 @@ OPENSSL_EXPORT void EC_POINT_clear_free(EC_POINT *point);
 
 // EC_GROUP_set_asn1_flag does nothing. AWS-LC only supports
 // |OPENSSL_EC_NAMED_CURVE|.
-OPENSSL_EXPORT void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void EC_GROUP_set_asn1_flag(EC_GROUP *group,
+                                                              int flag);
 
 // EC_GROUP_get_asn1_flag returns |OPENSSL_EC_NAMED_CURVE|. This is the only
 // type AWS-LC supports.
-OPENSSL_EXPORT int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
+OPENSSL_EXPORT OPENSSL_DEPRECATED int EC_GROUP_get_asn1_flag(
+    const EC_GROUP *group);
 
 // EC_GROUP_set_point_conversion_form aborts the process if |form| is not
 // |POINT_CONVERSION_UNCOMPRESSED| or |POINT_CONVERSION_COMPRESSED|, and
 // otherwise does nothing.
-// AWS-LC always uses |POINT_CONVERSION_UNCOMPRESSED|. 
-OPENSSL_EXPORT void EC_GROUP_set_point_conversion_form(
+// AWS-LC always uses |POINT_CONVERSION_UNCOMPRESSED|.
+OPENSSL_EXPORT OPENSSL_DEPRECATED void EC_GROUP_set_point_conversion_form(
     EC_GROUP *group, point_conversion_form_t form);
 
 
@@ -458,10 +460,12 @@ OPENSSL_EXPORT void EC_GROUP_set_point_conversion_form(
 typedef struct ec_method_st EC_METHOD;
 
 // EC_GROUP_method_of returns a dummy non-NULL pointer.
-OPENSSL_EXPORT const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
+OPENSSL_EXPORT OPENSSL_DEPRECATED const EC_METHOD *EC_GROUP_method_of(
+    const EC_GROUP *group);
 
 // EC_METHOD_get_field_type returns NID_X9_62_prime_field.
-OPENSSL_EXPORT int EC_METHOD_get_field_type(const EC_METHOD *meth);
+OPENSSL_EXPORT OPENSSL_DEPRECATED int EC_METHOD_get_field_type(
+    const EC_METHOD *meth);
 
 
 #if defined(__cplusplus)

diff --git a/include/openssl/ec_key.h b/include/openssl/ec_key.h
@@ -359,7 +359,8 @@ OPENSSL_EXPORT int i2o_ECPublicKey(const EC_KEY *key, unsigned char **outp);
 
 // EC_KEY_set_asn1_flag does nothing. AWS-LC only supports
 // |OPENSSL_EC_NAMED_CURVE|.
-OPENSSL_EXPORT void EC_KEY_set_asn1_flag(EC_KEY *key, int flag);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void EC_KEY_set_asn1_flag(EC_KEY *key,
+                                                            int flag);
 
 
 #if defined(__cplusplus)

diff --git a/include/openssl/evp.h b/include/openssl/evp.h
@@ -1149,42 +1149,43 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *engine,
 // Note: In OpenSSL, the returned type will be different depending on the type
 //       of |EVP_PKEY| consumed. This leads to misuage very easily and has been
 //       deprecated as a no-op to avoid so.
-OPENSSL_EXPORT void *EVP_PKEY_get0(const EVP_PKEY *pkey);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void *EVP_PKEY_get0(const EVP_PKEY *pkey);
 
-// OpenSSL_add_all_algorithms does nothing. This has been deprecated since OpenSSL
-// 1.1.0.
-OPENSSL_EXPORT void OpenSSL_add_all_algorithms(void);
+// OpenSSL_add_all_algorithms does nothing. This has been deprecated since
+// OpenSSL 1.1.0.
+OPENSSL_EXPORT OPENSSL_DEPRECATED void OpenSSL_add_all_algorithms(void);
 
 // OPENSSL_add_all_algorithms_conf does nothing. This has been deprecated since
 // OpenSSL 1.1.0.
-OPENSSL_EXPORT void OPENSSL_add_all_algorithms_conf(void);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void OPENSSL_add_all_algorithms_conf(void);
 
 // OpenSSL_add_all_ciphers does nothing. This has been deprecated since OpenSSL
 // 1.1.0.
-OPENSSL_EXPORT void OpenSSL_add_all_ciphers(void);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void OpenSSL_add_all_ciphers(void);
 
 // OpenSSL_add_all_digests does nothing. This has been deprecated since OpenSSL
 // 1.1.0.
-OPENSSL_EXPORT void OpenSSL_add_all_digests(void);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void OpenSSL_add_all_digests(void);
 
 // EVP_cleanup does nothing. This has been deprecated since OpenSSL 1.1.0.
-OPENSSL_EXPORT void EVP_cleanup(void);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void EVP_cleanup(void);
 
 
 // EVP_PKEY_DSA No-ops [Deprecated].
 //
-// |EVP_PKEY_DSA| is deprecated. It is currently still possible to parse DER into a
-// DSA |EVP_PKEY|, but signing or verifying with those objects will not work.
+// |EVP_PKEY_DSA| is deprecated. It is currently still possible to parse DER
+// into a DSA |EVP_PKEY|, but signing or verifying with those objects will not
+// work.
 
 #define EVP_PKEY_DSA NID_dsa
 
 // EVP_PKEY_CTX_set_dsa_paramgen_bits returns zero.
-OPENSSL_EXPORT int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx,
-                                                      int nbits);
+OPENSSL_EXPORT OPENSSL_DEPRECATED int EVP_PKEY_CTX_set_dsa_paramgen_bits(
+    EVP_PKEY_CTX *ctx, int nbits);
 
 // EVP_PKEY_CTX_set_dsa_paramgen_q_bits returns zero.
-OPENSSL_EXPORT int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx,
-                                                        int qbits);
+OPENSSL_EXPORT OPENSSL_DEPRECATED int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(
+    EVP_PKEY_CTX *ctx, int qbits);
 
 
 // EVP_PKEY_DH No-ops [Deprecated].
@@ -1197,10 +1198,10 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx,
 #define EVP_PKEY_DH NID_dhKeyAgreement
 
 // EVP_PKEY_get0_DH returns NULL.
-OPENSSL_EXPORT DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
+OPENSSL_EXPORT OPENSSL_DEPRECATED DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
 
 // EVP_PKEY_get1_DH returns NULL.
-OPENSSL_EXPORT DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey);
+OPENSSL_EXPORT OPENSSL_DEPRECATED DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey);
 
 
 // Preprocessor compatibility section (hidden).

diff --git a/include/openssl/ex_data.h b/include/openssl/ex_data.h
@@ -178,7 +178,7 @@ typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
 // General No-op Functions [Deprecated].
 
 // CRYPTO_cleanup_all_ex_data does nothing.
-OPENSSL_EXPORT void CRYPTO_cleanup_all_ex_data(void);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_cleanup_all_ex_data(void);
 
 // CRYPTO_EX_dup is a legacy callback function type which is ignored.
 typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,

diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h
@@ -58,8 +58,8 @@ OPENSSL_EXPORT int PKCS7_bundle_raw_certificates(
 
 // PKCS7_bundle_certificates behaves like |PKCS7_bundle_raw_certificates| but
 // takes |X509| objects as input.
-OPENSSL_EXPORT int PKCS7_bundle_certificates(
-    CBB *out, const STACK_OF(X509) *certs);
+OPENSSL_EXPORT int PKCS7_bundle_certificates(CBB *out,
+                                             const STACK_OF(X509) *certs);
 
 // PKCS7_get_CRLs parses a PKCS#7, SignedData structure from |cbs| and appends
 // the included CRLs to |out_crls|. It returns one on success and zero on error.
@@ -143,8 +143,7 @@ typedef struct {
 
 // d2i_PKCS7 parses a BER-encoded, PKCS#7 signed data ContentInfo structure from
 // |len| bytes at |*inp|, as described in |d2i_SAMPLE|.
-OPENSSL_EXPORT PKCS7 *d2i_PKCS7(PKCS7 **out, const uint8_t **inp,
-                                size_t len);
+OPENSSL_EXPORT PKCS7 *d2i_PKCS7(PKCS7 **out, const uint8_t **inp, size_t len);
 
 // d2i_PKCS7_bio behaves like |d2i_PKCS7| but reads the input from |bio|.  If
 // the length of the object is indefinite the full contents of |bio| are read.
@@ -245,8 +244,10 @@ OPENSSL_EXPORT int PKCS7_type_is_signedAndEnveloped(const PKCS7 *p7);
 //
 // Note this function only implements a subset of the corresponding OpenSSL
 // function. It is provided for backwards compatibility only.
-OPENSSL_EXPORT PKCS7 *PKCS7_sign(X509 *sign_cert, EVP_PKEY *pkey,
-                                 STACK_OF(X509) *certs, BIO *data, int flags);
+OPENSSL_EXPORT OPENSSL_DEPRECATED PKCS7 *PKCS7_sign(X509 *sign_cert,
+                                                    EVP_PKEY *pkey,
+                                                    STACK_OF(X509) *certs,
+                                                    BIO *data, int flags);
 
 
 #if defined(__cplusplus)