diff options
| author | Richard Levitte <levitte@openssl.org> | 2019-11-10 13:07:46 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2019-11-12 13:30:35 +0100 |
| commit | 4d301427a96010468da2bb67bf1025fa8d886ab9 (patch) | |
| tree | 48d9d375970cb7c7c056a814c4066ada8c1491cc | |
| parent | 905b097fd586ed0279aee05b5961224212014ec9 (diff) | |
Make sure KDF reason codes are conserved in their current state
Because KDF errors are deprecated and only conserved for backward
compatibilty, we must make sure that they remain untouched. A simple
way to signal that is by modifying crypto/err/openssl.ec and replace
the main header file (include/openssl/kdf.h in this case) with 'NONE',
while retaining the error table file (crypto/kdf/kdf_err.c).
util/mkerr.pl is modified to silently ignore anything surrounding a
conserved lib when such a .ec line is found.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)
| -rw-r--r-- | crypto/err/openssl.ec | 2 | ||||
| -rwxr-xr-x | util/mkerr.pl | 7 |
2 files changed, 8 insertions, 1 deletions
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 65633717ee..211edd42f3 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -34,7 +34,7 @@ L CRMF include/openssl/crmf.h crypto/crmf/crmf_err.c L CMP include/openssl/cmp.h crypto/cmp/cmp_err.c L CT include/openssl/ct.h crypto/ct/ct_err.c L ASYNC include/openssl/async.h crypto/async/async_err.c -L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c +L KDF NONE crypto/kdf/kdf_err.c L SM2 include/crypto/sm2.h crypto/sm2/sm2_err.c L OSSL_STORE include/openssl/store.h crypto/store/store_err.c L ESS include/openssl/ess.h crypto/ess/ess_err.c diff --git a/util/mkerr.pl b/util/mkerr.pl index 1d8cdfdfb4..0b09fb3327 100755 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -210,6 +210,12 @@ if ( ! $reindex && $statefile ) { print "Skipping $_"; $skippedstate++; next; + } elsif ( $hinc{$lib} eq 'NONE' ) { + # When the header is NONE but the err file is specified, + # it signifies that the err file should be conserved but + # remain untouched, and the same goes for the symbols in + # the state file. + next; } if ( $name =~ /^(?:OSSL_|OPENSSL_)?[A-Z0-9]{2,}_R_/ ) { die "$lib reason code $code collision at $name\n" @@ -417,6 +423,7 @@ foreach my $lib ( keys %errorfile ) { next if ! $fnew{$lib} && ! $rnew{$lib} && ! $rebuild; next if scalar keys %modules > 0 && !$modules{$lib}; next if $nowrite; + next if $hinc{$lib} eq 'NONE'; print STDERR "$lib: $fnew{$lib} new functions\n" if $fnew{$lib}; print STDERR "$lib: $rnew{$lib} new reasons\n" if $rnew{$lib}; $newstate = 1; |