OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
							=pod

=head1 NAME

OPENSSL_NO_DEPRECATED_3_0, OSSL_DEPRECATEDIN_3_0,
OPENSSL_NO_DEPRECATED_1_1_1, OSSL_DEPRECATEDIN_1_1_1,
OPENSSL_NO_DEPRECATED_1_1_0, OSSL_DEPRECATEDIN_1_1_0,
OPENSSL_NO_DEPRECATED_1_0_2, OSSL_DEPRECATEDIN_1_0_2,
OPENSSL_NO_DEPRECATED_1_0_1, OSSL_DEPRECATEDIN_1_0_1,
OPENSSL_NO_DEPRECATED_1_0_0, OSSL_DEPRECATEDIN_1_0_0,
OPENSSL_NO_DEPRECATED_0_9_8, OSSL_DEPRECATEDIN_0_9_8,
deprecation - How to do deprecation

=head1 DESCRIPTION

Deprecation of a symbol is adding an attribute to the declaration of that
symbol (function, type, variable, but we currently only do that for
functions in our public header files, F<< <openssl/*.h> >>).

Removal of a symbol is not the same thing as deprecation, as it actually
explicitly removes the symbol from public view.

OpenSSL configuration supports deprecation as well as simulating removal of
symbols from public view (with the configuration option C<no-deprecated>, or
if the user chooses to do so, with L<OPENSSL_NO_DEPRECATED(7)>), and also
supports doing this in terms of a specified OpenSSL version (with the
configuration option C<--api>, or if the user chooses to do so, with
L<OPENSSL_API_COMPAT(7)>).

Deprecation is done using attribute macros named
B<OSSL_DEPRECATEDIN_I<version>>, used with any declaration it applies to.

Simulating removal is done with C<#ifndef> preprocessor guards using macros
named B<OPENSSL_NO_DEPRECATED_I<version>>.

B<OSSL_DEPRECATEDIN_I<version>> and B<OPENSSL_NO_DEPRECATED_I<version>> are
defined in F<< <openssl/macros.h> >>.

In those macro names, B<I<version>> corresponds to the OpenSSL release since
which the deprecation applies, with underscores instead of periods.  Because
of the change in version scheme with OpenSSL 3.0, the B<I<version>> for
versions before that are three numbers (such as C<1_1_0>), while they are
two numbers (such as C<3_0>) from 3.0 and on.

The implementation of a deprecated symbol is kept for one of two reasons:

=over 4

=item Planned to be removed

The symbol and its implementation are planned to be removed some time in the
future, but needs to remain available until that time.
Such an implementation needs to be guarded appropriately, as shown in
L</Implementations to be removed> below.

=item Planned to remain internally

The symbol is planned to be removed from public view, but will otherwise
remain for internal purposes.  In this case, the implementation doesn't need
to change or be guarded.

However, it's necessary to ensure that the declaration remains available for
the translation unit where the symbol is used or implemented, even when the
symbol is publicly unavailable through simulated removal.  That's done by
including an internal header file very early in the affected translation
units.  See L</Implementations to remain internally> below.

In the future, when the deprecated declaration is to actually be removed
from public view, it should be moved to an internal header file, with the
deprecation attribute removed, and the translation units that implement or
use that symbol should adjust their header inclusions accordingly.

=back

=head1 EXAMPLES

=head2 Header files

In public header files (F<< <openssl/*.h> >>), this is what a deprecation is
expected to look like, including the preprocessor wrapping for simulated
removal:

 # ifndef OPENSSL_NO_DEPRECATED_3_0
 /* ... */

 OSSL_DEPRECATEDIN_3_0 RSA *RSA_new_method(ENGINE *engine);

 /* ... */
 # endif

=head2 Implementations to be removed

For a deprecated function that we plan to remove in the future, for example
RSA_new_method(), the following should be found very early (before including
any OpenSSL header file) in the translation unit that implements it and in
any translation unit that uses it:

 /*
  * Suppress deprecation warnings for RSA low level implementations that are
  * kept until removal.
  */
 #define OPENSSL_SUPPRESS_DEPRECATED

The RSA_new_method() implementation itself must be guarded the same way as
its declaration in the public header file is:

 #ifndef OPENSSL_NO_DEPRECATED_3_0
 RSA *RSA_new_method(ENGINE *engine)
 {
     /* ... */
 }
 #endif

=head2 Implementations to remain internally

For a deprecated function that we plan to keep internally, for example
RSA_size(), the following should be found very early (before including any
other OpenSSL header file) in the translation unit that implements it and in
any translation unit that uses it:

 /*
  * RSA low level APIs are deprecated for public use, but are kept for
  * internal use.
  */
 #include "internal/deprecated.h"

=head1 SEE ALSO

L<openssl_user_macros(7)>

=head1 COPYRIGHT

Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut