Backwards-compatibility subject to OPENSSL_API_COMPAT

Provide backwards-compatiblity for functions, macros and include
files if OPENSSL_API_COMPAT is either not defined or defined less
than the version number of the release in which the feature was
deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
diff --git a/doc/crypto/BN_BLINDING_new.pod b/doc/crypto/BN_BLINDING_new.pod
index 2e575c6..8688e48 100644
--- a/doc/crypto/BN_BLINDING_new.pod
+++ b/doc/crypto/BN_BLINDING_new.pod
@@ -22,10 +22,6 @@
 	BN_CTX *ctx);
  int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
 	BN_CTX *ctx);
- #ifndef OPENSSL_NO_DEPRECATED
- unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
- void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
- #endif
  CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
  unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
  void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
@@ -35,6 +31,13 @@
 			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
 	BN_MONT_CTX *m_ctx);
 
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x10000000L
+ unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
+ void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+ #endif
+
 =head1 DESCRIPTION
 
 BN_BLINDING_new() allocates a new B<BN_BLINDING> structure and copies
diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod
index 90f399d..8ea3d0b 100644
--- a/doc/crypto/BN_generate_prime.pod
+++ b/doc/crypto/BN_generate_prime.pod
@@ -35,6 +35,7 @@
 
 Deprecated:
 
+ #if OPENSSL_API_COMPAT < 0x00908000L
  BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
      BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
 
@@ -44,6 +45,7 @@
  int BN_is_prime_fasttest(const BIGNUM *a, int checks,
      void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg,
      int do_trial_division);
+ #endif
 
 =head1 DESCRIPTION
 
diff --git a/doc/crypto/BN_zero.pod b/doc/crypto/BN_zero.pod
index e0f653f..5334aaa 100644
--- a/doc/crypto/BN_zero.pod
+++ b/doc/crypto/BN_zero.pod
@@ -9,7 +9,7 @@
 
  #include <openssl/bn.h>
 
- int BN_zero(BIGNUM *a);
+ void BN_zero(BIGNUM *a);
  int BN_one(BIGNUM *a);
 
  const BIGNUM *BN_value_one(void);
@@ -17,6 +17,12 @@
  int BN_set_word(BIGNUM *a, unsigned long w);
  unsigned long BN_get_word(BIGNUM *a);
 
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x00908000L
+ int BN_zero(BIGNUM *a);
+ #endif
+
 =head1 DESCRIPTION
 
 BN_zero(), BN_one() and BN_set_word() set B<a> to the values 0, 1 and
@@ -33,8 +39,10 @@
 BN_get_word() returns the value B<a>, and 0xffffffffL if B<a> cannot
 be represented as an unsigned long.
 
-BN_zero(), BN_one() and BN_set_word() return 1 on success, 0 otherwise.
+BN_one(), BN_set_word() and the deprecated version of BN_zero()
+return 1 on success, 0 otherwise.
 BN_value_one() returns the constant.
+The preferred version of BN_zer() never fails and returns no value.
 
 =head1 BUGS
 
diff --git a/doc/crypto/DH_generate_parameters.pod b/doc/crypto/DH_generate_parameters.pod
index 1491d9f..93d7b9c 100644
--- a/doc/crypto/DH_generate_parameters.pod
+++ b/doc/crypto/DH_generate_parameters.pod
@@ -16,8 +16,10 @@
 
 Deprecated:
 
+ #if OPENSSL_API_COMPAT < 0x00908000L
  DH *DH_generate_parameters(int prime_len, int generator,
      void (*callback)(int, int, void *), void *cb_arg);
+ #endif
 
 =head1 DESCRIPTION
 
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod
index efe46eb..b639db6 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -14,9 +14,11 @@
 
 Deprecated:
 
+ #if OPENSSL_API_COMPAT < 0x00908000L
  DSA *DSA_generate_parameters(int bits, unsigned char *seed,
                 int seed_len, int *counter_ret, unsigned long *h_ret,
 		void (*callback)(int, int, void *), void *cb_arg);
+ #endif
 
 =head1 DESCRIPTION
 
diff --git a/doc/crypto/ERR_remove_state.pod b/doc/crypto/ERR_remove_state.pod
index 1d20fc2..55ded84 100644
--- a/doc/crypto/ERR_remove_state.pod
+++ b/doc/crypto/ERR_remove_state.pod
@@ -12,7 +12,9 @@
 
 Deprecated:
 
+ #if OPENSSL_API_COMPAT < 0x10000000L
  void ERR_remove_state(unsigned long pid);
+ #endif
 
 =head1 DESCRIPTION
 
diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod
index d57618d..03c6e7f 100644
--- a/doc/crypto/RAND_bytes.pod
+++ b/doc/crypto/RAND_bytes.pod
@@ -12,7 +12,9 @@
 
 Deprecated:
 
+ #if OPENSSL_API_COMPAT < 0x10100000L
  int RAND_pseudo_bytes(unsigned char *buf, int num);
+ #endif
 
 =head1 DESCRIPTION
 
diff --git a/doc/crypto/RSA_generate_key.pod b/doc/crypto/RSA_generate_key.pod
index 7f6a157..380bf12 100644
--- a/doc/crypto/RSA_generate_key.pod
+++ b/doc/crypto/RSA_generate_key.pod
@@ -12,8 +12,10 @@
 
 Deprecated:
 
+ #if OPENSSL_API_COMPAT < 0x00908000L
  RSA *RSA_generate_key(int num, unsigned long e,
     void (*callback)(int,int,void *), void *cb_arg);
+ #endif
 
 =head1 DESCRIPTION
 
diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod
index 1a3c223..4f512e6 100644
--- a/doc/crypto/err.pod
+++ b/doc/crypto/err.pod
@@ -22,6 +22,7 @@
  int ERR_GET_REASON(unsigned long e);
 
  void ERR_clear_error(void);
+ void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
 
  char *ERR_error_string(unsigned long e, char *buf);
  const char *ERR_lib_error_string(unsigned long e);
@@ -34,8 +35,6 @@
  void ERR_load_crypto_strings(void);
  void ERR_free_strings(void);
 
- void ERR_remove_state(unsigned long pid);
-
  void ERR_put_error(int lib, int func, int reason, const char *file,
          int line);
  void ERR_add_error_data(int num, ...);
@@ -44,6 +43,12 @@
  unsigned long ERR_PACK(int lib, int func, int reason);
  int ERR_get_next_error_library(void);
 
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x10000000L
+ void ERR_remove_state(unsigned long pid);
+ #endif
+
 =head1 DESCRIPTION
 
 When a call to the OpenSSL library fails, this is usually signaled
@@ -62,7 +67,7 @@
 L<ERR_clear_error(3)> can be used to clear the
 error queue.
 
-Note that L<ERR_remove_state(3)> should be used to
+Note that L<ERR_remove_thread_state(3)> should be used to
 avoid memory leaks when threads are terminated.
 
 =head1 ADDING NEW ERROR CODES TO OPENSSL
@@ -178,7 +183,7 @@
 L<ERR_error_string(3)>,
 L<ERR_print_errors(3)>,
 L<ERR_load_crypto_strings(3)>,
-L<ERR_remove_state(3)>,
+L<ERR_remove_thread_state(3)>,
 L<ERR_put_error(3)>,
 L<ERR_load_strings(3)>,
 L<SSL_get_error(3)>
diff --git a/doc/crypto/hmac.pod b/doc/crypto/hmac.pod
index d8e2498..57c274c 100644
--- a/doc/crypto/hmac.pod
+++ b/doc/crypto/hmac.pod
@@ -15,8 +15,6 @@
  HMAC_CTX *HMAC_CTX_new(void);
  int HMAC_CTX_reset(HMAC_CTX *ctx);
 
- int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
-               const EVP_MD *md);
  int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
                	   const EVP_MD *md, ENGINE *impl);
  int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
@@ -24,6 +22,13 @@
 
  void HMAC_CTX_free(HMAC_CTX *ctx);
 
+Deprecated:
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
+               const EVP_MD *md);
+ #endif
+
 =head1 DESCRIPTION
 
 HMAC is a MAC (message authentication code), i.e. a keyed hash