Deprecate ERR_free_strings() and make it a no-op

ERR_free_strings() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

7 files changed, 35 insertions, 20 deletions

diff --git a/crypto/err/err.c b/crypto/err/err.c
index da6d3ee981..b937155c98 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -117,7 +117,7 @@
 #include <openssl/crypto.h>
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
-#include <openssl/err.h>
+#include "internal/err.h"
 #include <openssl/opensslconf.h>
 
 static void err_load_strings(int lib, ERR_STRING_DATA *str);
@@ -447,7 +447,7 @@ void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
     CRYPTO_THREAD_unlock(err_string_lock);
 }
 
-void ERR_free_strings(void)
+void err_free_strings_intern(void)
 {
     CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
 
diff --git a/crypto/init.c b/crypto/init.c
index fe1ecd876c..3699145ac6 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -444,9 +444,9 @@ void OPENSSL_cleanup(void)
     if (load_crypto_strings_inited) {
 #ifdef OPENSSL_INIT_DEBUG
         fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
-                        "ERR_free_strings()\n");
+                        "err_free_strings_intern()\n");
 #endif
-        ERR_free_strings();
+        err_free_strings_intern();
     }
 
     CRYPTO_THREAD_cleanup_local(&threadstopkey);
diff --git a/doc/crypto/ERR_load_crypto_strings.pod b/doc/crypto/ERR_load_crypto_strings.pod
index 88678d9020..9e960d94c9 100644
--- a/doc/crypto/ERR_load_crypto_strings.pod
+++ b/doc/crypto/ERR_load_crypto_strings.pod
@@ -7,26 +7,36 @@ load and free error strings
 
 =head1 SYNOPSIS
 
+Deprecated:
+
  #include <openssl/err.h>
 
- void ERR_load_crypto_strings(void);
- void ERR_free_strings(void);
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ # define ERR_load_crypto_strings() \
+     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+ # define ERR_free_strings()
+ #endif
 
  #include <openssl/ssl.h>
 
- void SSL_load_error_strings(void);
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ # define SSL_load_error_strings() \
+     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
+                     | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+ #endif
 
 =head1 DESCRIPTION
 
+All of the following functions are deprecated from OpenSSL 1.1.0. No explicit
+initialisation or de-initialisation is necessary. See L<OPENSSL_init_crypto(3)>
+and L<OPENSSL_init_ssl(3)>.
+
 ERR_load_crypto_strings() registers the error strings for all
 B<libcrypto> functions. SSL_load_error_strings() does the same,
 but also registers the B<libssl> error strings.
 
-One of these functions should be called before generating
-textual error messages. However, this is not required when memory
-usage is an issue.
-
-ERR_free_strings() frees all previously loaded error strings.
+In versions of OpenSSL prior to 1.1.0 ERR_free_strings() freed all previously
+loaded error strings. However from OpenSSL 1.1.0 it does nothing.
 
 =head1 RETURN VALUES
 
diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod
index 6847f2153c..0313aa38b8 100644
--- a/doc/crypto/err.pod
+++ b/doc/crypto/err.pod
@@ -33,7 +33,6 @@ err - error codes
  void ERR_print_errors_fp(FILE *fp);
 
  void ERR_load_crypto_strings(void);
- void ERR_free_strings(void);
 
  void ERR_put_error(int lib, int func, int reason, const char *file,
          int line);
@@ -49,6 +48,11 @@ Deprecated:
  void ERR_remove_state(unsigned long pid);
  #endif
 
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ # define ERR_free_strings()
+ #endif
+
+
 =head1 DESCRIPTION
 
 When a call to the OpenSSL library fails, this is usually signaled
diff --git a/crypto/include/internal/err.h b/include/internal/err.h
index aa48019104..d1a413f091 100644
--- a/crypto/include/internal/err.h
+++ b/include/internal/err.h
@@ -56,3 +56,4 @@
  */
 
 void err_load_crypto_strings_intern(void);
+void err_free_strings_intern(void);
diff --git a/include/openssl/err.h b/include/openssl/err.h
index d372520d03..deb2fe246e 100644
--- a/include/openssl/err.h
+++ b/include/openssl/err.h
@@ -356,10 +356,9 @@ void ERR_load_ERR_strings(void);
 #if OPENSSL_API_COMPAT < 0x10100000L
 # define ERR_load_crypto_strings() \
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+# define ERR_free_strings()
 #endif
 
-void ERR_free_strings(void);
-
 void ERR_remove_thread_state(void);
 DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid)) /* if zero we
                                                               * look it up */
diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
index 413fa4105b..2462fa5eab 100644
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -57,7 +57,8 @@
 
 #include "e_os.h"
 
-#include <internal/threads.h>
+#include "internal/threads.h"
+#include "internal/err.h"
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <assert.h>
@@ -206,15 +207,15 @@ static void ssl_library_stop(void)
     if (ssl_strings_inited) {
 #ifdef OPENSSL_INIT_DEBUG
         fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
-                        "ERR_free_strings()\n");
+                        "err_free_strings_intern()\n");
 #endif
         /*
          * If both crypto and ssl error strings are inited we will end up
-         * calling ERR_free_strings() twice - but that's ok. The second time
-         * will be a no-op. It's easier to do that than to try and track
+         * calling err_free_strings_intern() twice - but that's ok. The second
+         * time will be a no-op. It's easier to do that than to try and track
          * between the two libraries whether they have both been inited.
          */
-        ERR_free_strings();
+        err_free_strings_intern();
     }
 }