summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGES.md17
-rw-r--r--Configurations/unix-Makefile.tmpl3
-rw-r--r--NEWS.md1
-rw-r--r--crypto/err/build.info2
-rw-r--r--crypto/err/err.c6
-rw-r--r--crypto/err/err_all.c140
-rw-r--r--crypto/err/err_all_legacy.c101
-rw-r--r--include/crypto/err.h1
-rw-r--r--include/internal/dso.h2
-rw-r--r--include/openssl/cryptoerr_legacy.h81
-rw-r--r--include/openssl/err.h.in2
-rw-r--r--include/openssl/kdferr.h107
-rw-r--r--include/openssl/sslerr_legacy.h36
-rw-r--r--ssl/build.info2
-rw-r--r--ssl/ssl_err_legacy.c21
-rw-r--r--ssl/ssl_init.c5
-rw-r--r--util/libcrypto.num66
-rw-r--r--util/libssl.num2
-rw-r--r--util/missingcrypto.txt5
19 files changed, 373 insertions, 227 deletions
diff --git a/CHANGES.md b/CHANGES.md
index ca4e096ed2..48957676f6 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,23 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+ * Deprecated all the libcrypto and libssl error string loading
+ functions: ERR_load_ASN1_strings(), ERR_load_ASYNC_strings(),
+ ERR_load_BIO_strings(), ERR_load_BN_strings(), ERR_load_BUF_strings(),
+ ERR_load_CMS_strings(), ERR_load_COMP_strings(), ERR_load_CONF_strings(),
+ ERR_load_CRYPTO_strings(), ERR_load_CT_strings(), ERR_load_DH_strings(),
+ ERR_load_DSA_strings(), ERR_load_EC_strings(), ERR_load_ENGINE_strings(),
+ ERR_load_ERR_strings(), ERR_load_EVP_strings(), ERR_load_KDF_strings(),
+ ERR_load_OBJ_strings(), ERR_load_OCSP_strings(), ERR_load_PEM_strings(),
+ ERR_load_PKCS12_strings(), ERR_load_PKCS7_strings(), ERR_load_RAND_strings(),
+ ERR_load_RSA_strings(), ERR_load_OSSL_STORE_strings(), ERR_load_TS_strings(),
+ ERR_load_UI_strings(), ERR_load_X509_strings(), ERR_load_X509V3_strings().
+
+ Calling these functions is not necessary since OpenSSL 1.1.0, as OpenSSL
+ now loads error strings automatically.
+
+ *Richard Levitte*
+
* The functions SSL_CTX_set_tmp_dh_callback and SSL_set_tmp_dh_callback, as
well as the macros SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() have been
deprecated. These are used to set the Diffie-Hellman (DH) parameters that
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 4fab096121..342e46d24d 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1083,7 +1083,8 @@ errors:
include/openssl/sslerr.h
include/openssl/tls1.h
include/openssl/dtls1.h
- include/openssl/srtp.h );
+ include/openssl/srtp.h
+ include/openssl/sslerr_legacy.h );
my @cryptoheaders_tmpl =
qw( include/internal/dso.h
include/internal/o_dir.h
diff --git a/NEWS.md b/NEWS.md
index 2ba338c745..054a55324f 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -20,6 +20,7 @@ OpenSSL 3.0
### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development]
+ * Deprecated the `ERR_load_` functions.
* Remove the `RAND_DRBG` API.
* Deprecated the `ENGINE` API.
* Added `OSSL_LIB_CTX`, a libcrypto library context.
diff --git a/crypto/err/build.info b/crypto/err/build.info
index c010ea4cb9..98f8801e34 100644
--- a/crypto/err/build.info
+++ b/crypto/err/build.info
@@ -1,3 +1,3 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
- err_blocks.c err.c err_all.c err_prn.c
+ err_blocks.c err.c err_all.c err_all_legacy.c err_prn.c
diff --git a/crypto/err/err.c b/crypto/err/err.c
index a66ea63adf..8500fe7988 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -237,7 +237,7 @@ static int err_load_strings(const ERR_STRING_DATA *str)
return 1;
}
-int ERR_load_ERR_strings(void)
+int err_load_ERR_strings_int(void)
{
#ifndef OPENSSL_NO_ERR
if (!RUN_ONCE(&err_string_init, do_err_strings_init))
@@ -251,7 +251,7 @@ int ERR_load_ERR_strings(void)
int ERR_load_strings(int lib, ERR_STRING_DATA *str)
{
- if (ERR_load_ERR_strings() == 0)
+ if (err_load_ERR_strings_int() == 0)
return 0;
err_patch(lib, str);
@@ -261,7 +261,7 @@ int ERR_load_strings(int lib, ERR_STRING_DATA *str)
int ERR_load_strings_const(const ERR_STRING_DATA *str)
{
- if (ERR_load_ERR_strings() == 0)
+ if (err_load_ERR_strings_int() == 0)
return 0;
err_load_strings(str);
return 1;
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index f16cb6926f..e90928edef 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -8,105 +8,107 @@
*/
#include <stdio.h>
-#include "crypto/err.h"
-#include <openssl/asn1err.h>
-#include <openssl/bnerr.h>
-#include <openssl/ecerr.h>
-#include <openssl/buffererr.h>
-#include <openssl/bioerr.h>
-#include <openssl/comperr.h>
-#include <openssl/rsaerr.h>
-#include <openssl/dherr.h>
-#include <openssl/dsaerr.h>
-#include <openssl/evperr.h>
-#include <openssl/objectserr.h>
-#include <openssl/pemerr.h>
-#include <openssl/pkcs7err.h>
-#include <openssl/x509err.h>
-#include <openssl/x509v3err.h>
-#include <openssl/conferr.h>
-#include <openssl/pkcs12err.h>
-#include <openssl/randerr.h>
-#include "internal/dso.h"
-#include <openssl/engineerr.h>
-#include <openssl/uierr.h>
-#include <openssl/httperr.h>
-#include <openssl/ocsperr.h>
#include <openssl/err.h>
-#include <openssl/tserr.h>
-#include <openssl/cmserr.h>
-#include <openssl/crmferr.h>
-#include <openssl/cmperr.h>
-#include <openssl/cterr.h>
-#include <openssl/asyncerr.h>
-#include <openssl/storeerr.h>
-#include <openssl/esserr.h>
+#include "crypto/err.h"
+#include "crypto/cryptoerr.h"
+#include "crypto/asn1err.h"
+#include "crypto/bnerr.h"
+#include "crypto/ecerr.h"
+#include "crypto/buffererr.h"
+#include "crypto/bioerr.h"
+#include "crypto/comperr.h"
+#include "crypto/rsaerr.h"
+#include "crypto/dherr.h"
+#include "crypto/dsaerr.h"
+#include "crypto/evperr.h"
+#include "crypto/objectserr.h"
+#include "crypto/pemerr.h"
+#include "crypto/pkcs7err.h"
+#include "crypto/x509err.h"
+#include "crypto/x509v3err.h"
+#include "crypto/conferr.h"
+#include "crypto/pkcs12err.h"
+#include "crypto/randerr.h"
+#include "internal/dsoerr.h"
+#include "crypto/engineerr.h"
+#include "crypto/uierr.h"
+#include "crypto/httperr.h"
+#include "crypto/ocsperr.h"
+#include "crypto/tserr.h"
+#include "crypto/cmserr.h"
+#include "crypto/crmferr.h"
+#include "crypto/cmperr.h"
+#include "crypto/cterr.h"
+#include "crypto/asyncerr.h"
+#include "crypto/storeerr.h"
+#include "crypto/esserr.h"
#include "internal/propertyerr.h"
#include "prov/providercommonerr.h"
int err_load_crypto_strings_int(void)
{
- if (
+ if (0
#ifndef OPENSSL_NO_ERR
- ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */
- ERR_load_BN_strings() == 0 ||
+ || err_load_ERR_strings_int() == 0 /* include error strings for SYSerr */
+ || err_load_BN_strings_int() == 0
# ifndef OPENSSL_NO_RSA
- ERR_load_RSA_strings() == 0 ||
+ || err_load_RSA_strings_int() == 0
# endif
# ifndef OPENSSL_NO_DH
- ERR_load_DH_strings() == 0 ||
+ || err_load_DH_strings_int() == 0
# endif
- ERR_load_EVP_strings() == 0 ||
- ERR_load_BUF_strings() == 0 ||
- ERR_load_OBJ_strings() == 0 ||
- ERR_load_PEM_strings() == 0 ||
+ || err_load_EVP_strings_int() == 0
+ || err_load_BUF_strings_int() == 0
+ || err_load_OBJ_strings_int() == 0
+ || err_load_PEM_strings_int() == 0
# ifndef OPENSSL_NO_DSA
- ERR_load_DSA_strings() == 0 ||
+ || err_load_DSA_strings_int() == 0
# endif
- ERR_load_X509_strings() == 0 ||
- ERR_load_ASN1_strings() == 0 ||
- ERR_load_CONF_strings() == 0 ||
- ERR_load_CRYPTO_strings() == 0 ||
+ || err_load_X509_strings_int() == 0
+ || err_load_ASN1_strings_int() == 0
+ || err_load_CONF_strings_int() == 0
+ || err_load_CRYPTO_strings_int() == 0
# ifndef OPENSSL_NO_COMP
- ERR_load_COMP_strings() == 0 ||
+ || err_load_COMP_strings_int() == 0
# endif
# ifndef OPENSSL_NO_EC
- ERR_load_EC_strings() == 0 ||
+ || err_load_EC_strings_int() == 0
# endif
- /* skip ERR_load_SSL_strings() because it is not in this library */
- ERR_load_BIO_strings() == 0 ||
- ERR_load_PKCS7_strings() == 0 ||
- ERR_load_X509V3_strings() == 0 ||
- ERR_load_PKCS12_strings() == 0 ||
- ERR_load_RAND_strings() == 0 ||
- ERR_load_DSO_strings() == 0 ||
+ /* skip err_load_SSL_strings_int() because it is not in this library */
+ || err_load_BIO_strings_int() == 0
+ || err_load_PKCS7_strings_int() == 0
+ || err_load_X509V3_strings_int() == 0
+ || err_load_PKCS12_strings_int() == 0
+ || err_load_RAND_strings_int() == 0
+ || err_load_DSO_strings_int() == 0
# ifndef OPENSSL_NO_TS
- ERR_load_TS_strings() == 0 ||
+ || err_load_TS_strings_int() == 0
# endif
# ifndef OPENSSL_NO_ENGINE
- ERR_load_ENGINE_strings() == 0 ||
+ || err_load_ENGINE_strings_int() == 0
# endif
- ERR_load_HTTP_strings() == 0 ||
+ || err_load_HTTP_strings_int() == 0
# ifndef OPENSSL_NO_OCSP
- ERR_load_OCSP_strings() == 0 ||
+ || err_load_OCSP_strings_int() == 0
# endif
- ERR_load_UI_strings() == 0 ||
+ || err_load_UI_strings_int() == 0
# ifndef OPENSSL_NO_CMS
- ERR_load_CMS_strings() == 0 ||
+ || err_load_CMS_strings_int() == 0
# endif
# ifndef OPENSSL_NO_CRMF
- ERR_load_CRMF_strings() == 0 ||
- ERR_load_CMP_strings() == 0 ||
+ || err_load_CRMF_strings_int() == 0
+ || err_load_CMP_strings_int() == 0
# endif
# ifndef OPENSSL_NO_CT
- ERR_load_CT_strings() == 0 ||
+ || err_load_CT_strings_int() == 0
# endif
- ERR_load_ESS_strings() == 0 ||
- ERR_load_ASYNC_strings() == 0 ||
+ || err_load_ESS_strings_int() == 0
+ || err_load_ASYNC_strings_int() == 0
+ || err_load_OSSL_STORE_strings_int() == 0
+ || err_load_PROP_strings_int() == 0
+ || err_load_PROV_strings_int() == 0
#endif
- ERR_load_OSSL_STORE_strings() == 0 ||
- ERR_load_PROP_strings() == 0 ||
- ERR_load_PROV_strings() == 0)
+ )
return 0;
return 1;
diff --git a/crypto/err/err_all_legacy.c b/crypto/err/err_all_legacy.c
new file mode 100644
index 0000000000..489036fd8b
--- /dev/null
+++ b/crypto/err/err_all_legacy.c
@@ -0,0 +1,101 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This is the C source file where we include this header directly */
+#include <openssl/cryptoerr_legacy.h>
+
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+
+#include "crypto/err.h"
+#include "crypto/asn1err.h"
+#include "crypto/asyncerr.h"
+#include "crypto/bnerr.h"
+#include "crypto/buffererr.h"
+#include "crypto/bioerr.h"
+#include "crypto/cmserr.h"
+#include "crypto/comperr.h"
+#include "crypto/conferr.h"
+#include "crypto/cryptoerr.h"
+#include "crypto/cterr.h"
+#include "crypto/dherr.h"
+#include "crypto/dsaerr.h"
+#include "internal/dsoerr.h"
+#include "crypto/ecerr.h"
+#include "crypto/engineerr.h"
+#include "crypto/evperr.h"
+#include "crypto/httperr.h"
+#include "crypto/objectserr.h"
+#include "crypto/ocsperr.h"
+#include "crypto/pemerr.h"
+#include "crypto/pkcs12err.h"
+#include "crypto/pkcs7err.h"
+#include "crypto/randerr.h"
+#include "crypto/rsaerr.h"
+#include "crypto/storeerr.h"
+#include "crypto/tserr.h"
+#include "crypto/uierr.h"
+#include "crypto/x509err.h"
+#include "crypto/x509v3err.h"
+
+# define IMPLEMENT_LEGACY_ERR_LOAD(lib) \
+ int ERR_load_##lib##_strings(void) \
+ { \
+ return err_load_##lib##_strings_int(); \
+ }
+
+# ifndef OPENSSL_NO_ERR
+IMPLEMENT_LEGACY_ERR_LOAD(ASN1)
+IMPLEMENT_LEGACY_ERR_LOAD(ASYNC)
+IMPLEMENT_LEGACY_ERR_LOAD(BIO)
+IMPLEMENT_LEGACY_ERR_LOAD(BN)
+IMPLEMENT_LEGACY_ERR_LOAD(BUF)
+# ifndef OPENSSL_NO_CMS
+IMPLEMENT_LEGACY_ERR_LOAD(CMS)
+# endif
+# ifndef OPENSSL_NO_COMP
+IMPLEMENT_LEGACY_ERR_LOAD(COMP)
+# endif
+IMPLEMENT_LEGACY_ERR_LOAD(CONF)
+IMPLEMENT_LEGACY_ERR_LOAD(CRYPTO)
+# ifndef OPENSSL_NO_CT
+IMPLEMENT_LEGACY_ERR_LOAD(CT)
+# endif
+# ifndef OPENSSL_NO_DH
+IMPLEMENT_LEGACY_ERR_LOAD(DH)
+# endif
+# ifndef OPENSSL_NO_DSA
+IMPLEMENT_LEGACY_ERR_LOAD(DSA)
+# endif
+# ifndef OPENSSL_NO_EC
+IMPLEMENT_LEGACY_ERR_LOAD(EC)
+# endif
+# ifndef OPENSSL_NO_ENGINE
+IMPLEMENT_LEGACY_ERR_LOAD(ENGINE)
+# endif
+IMPLEMENT_LEGACY_ERR_LOAD(ERR)
+IMPLEMENT_LEGACY_ERR_LOAD(EVP)
+IMPLEMENT_LEGACY_ERR_LOAD(OBJ)
+# ifndef OPENSSL_NO_OCSP
+IMPLEMENT_LEGACY_ERR_LOAD(OCSP)
+# endif
+IMPLEMENT_LEGACY_ERR_LOAD(PEM)
+IMPLEMENT_LEGACY_ERR_LOAD(PKCS12)
+IMPLEMENT_LEGACY_ERR_LOAD(PKCS7)
+IMPLEMENT_LEGACY_ERR_LOAD(RAND)
+IMPLEMENT_LEGACY_ERR_LOAD(RSA)
+IMPLEMENT_LEGACY_ERR_LOAD(OSSL_STORE)
+# ifndef OPENSSL_NO_TS
+IMPLEMENT_LEGACY_ERR_LOAD(TS)
+# endif
+IMPLEMENT_LEGACY_ERR_LOAD(UI)
+IMPLEMENT_LEGACY_ERR_LOAD(X509)
+IMPLEMENT_LEGACY_ERR_LOAD(X509V3)
+# endif
+
+#endif
diff --git a/include/crypto/err.h b/include/crypto/err.h
index 527f19667d..d4c32bcf67 100644
--- a/include/crypto/err.h
+++ b/include/crypto/err.h
@@ -10,6 +10,7 @@
#ifndef OSSL_CRYPTO_ERR_H
# define OSSL_CRYPTO_ERR_H
+int err_load_ERR_strings_int(void);
int err_load_crypto_strings_int(void);
void err_cleanup(void);
int err_shelve_state(void **);
diff --git a/include/internal/dso.h b/include/internal/dso.h
index 76cb3c6e0a..214362f692 100644
--- a/include/internal/dso.h
+++ b/include/internal/dso.h
@@ -160,6 +160,4 @@ DSO *DSO_dsobyaddr(void *addr, int flags);
*/
void *DSO_global_lookup(const char *name);
-int ERR_load_DSO_strings(void);
-
#endif
diff --git a/include/openssl/cryptoerr_legacy.h b/include/openssl/cryptoerr_legacy.h
new file mode 100644
index 0000000000..2729afde70
--- /dev/null
+++ b/include/openssl/cryptoerr_legacy.h
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This header file preserves symbols from pre-3.0 OpenSSL.
+ * It should never be included directly, as it's already included
+ * by the public {lib}err.h headers, and since it will go away some
+ * time in the future.
+ */
+
+#ifndef OPENSSL_CRYPTOERR_LEGACY_H
+# define OPENSSL_CRYPTOERR_LEGACY_H
+# pragma once
+
+# include <openssl/macros.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ERR_load_ASN1_strings(void);
+OSSL_DEPRECATEDIN_3_0 int ERR_load_ASYNC_strings(void);
+OSSL_DEPRECATEDIN_3_0 int ERR_load_BIO_strings(void);
+OSSL_DEPRECATEDIN_3_0 int ERR_load_BN_strings(void);
+OSSL_DEPRECATEDIN_3_0 int ERR_load_BUF_strings(void);
+# ifndef OPENSSL_NO_CMS
+OSSL_DEPRECATEDIN_3_0 int ERR_load_CMS_strings(void);
+# endif
+# ifndef OPENSSL_NO_COMP
+OSSL_DEPRECATEDIN_3_0 int ERR_load_COMP_strings(void);
+# endif
+OSSL_DEPRECATEDIN_3_0 int ERR_load_CONF_strings(void);
+OSSL_DEPRECATEDIN_3_0 int ERR_load_CRYPTO_strings(void);
+# ifndef OPENSSL_NO_CT
+OSSL_DEPRECATEDIN_3_0 int ERR_load_CT_strings(void);
+# endif
+# ifndef OPENSSL_NO_DH
+OSSL_DEPRECATEDIN_3_0 int ERR_load_DH_strings(void);
+# endif
+# ifndef OPENSSL_NO_DSA
+OSSL_DEPRECATEDIN_3_0 int ERR_load_DSA_strings(void);
+# endif
+# ifndef OPENSSL_NO_EC
+OSSL_DEPRECATEDIN_3_0 int ERR_load_EC_strings(void);
+# endif
+# ifndef OPENSSL_NO_ENGINE
+OSSL_DEPRECATEDIN_3_0 int ERR_load_ENGINE_strings(void);
+# endif
+OSSL_DEPRECATEDIN_3_0 int ERR_load_ERR_strings(void);
+OSSL_DEPRECATEDIN_3_0 int ERR_load_EVP_strings(void);
+OSSL_DEPRECATEDIN_3_0 int ERR_load_KDF_strings(void);
+OSSL_DEPRECATEDIN_3_0 int ERR_load_OBJ_strings(void);
+# ifndef OPENSSL_NO_OCSP
+OSSL_DEPRECATEDIN_3_0 int ERR_load_OCSP_strings(void);
+# endif
+OSSL_DEPRECATEDIN_3_0 int ERR_load_PEM_strings(void);
+OSSL_DEPRECATEDIN_3_0 int ERR_load_PKCS12_strings(void);
+OSSL_DEPRECATEDIN_3_0 int ERR_load_PKCS7_strings(void);
+OSSL_DEPRECATEDIN_3_0 int ERR_load_RAND_strings(void);
+OSSL_DEPRECATEDIN_3_0 int ERR_load_RSA_strings(void);
+OSSL_DEPRECATEDIN_3_0 int ERR_load_OSSL_STORE_strings(void);
+# ifndef OPENSSL_NO_TS
+OSSL_DEPRECATEDIN_3_0 int ERR_load_TS_strings(void);
+# endif
+OSSL_DEPRECATEDIN_3_0 int ERR_load_UI_strings(void);
+OSSL_DEPRECATEDIN_3_0 int ERR_load_X509_strings(void);
+OSSL_DEPRECATEDIN_3_0 int ERR_load_X509V3_strings(void);
+# endif
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/include/openssl/err.h.in b/include/openssl/err.h.in
index 1f2fde8317..c36fe7d1ed 100644
--- a/include/openssl/err.h.in
+++ b/include/openssl/err.h.in
@@ -30,6 +30,7 @@ use OpenSSL::stackhash qw(generate_lhash_macros);
# include <openssl/types.h>
# include <openssl/bio.h>
# include <openssl/lhash.h>
+# include <openssl/cryptoerr_legacy.h>
#ifdef __cplusplus
extern "C" {
@@ -454,7 +455,6 @@ void ERR_add_error_mem_bio(const char *sep, BIO *bio);
int ERR_load_strings(int lib, ERR_STRING_DATA *str);
int ERR_load_strings_const(const ERR_STRING_DATA *str);
int ERR_unload_strings(int lib, ERR_STRING_DATA *str);
-int ERR_load_ERR_strings(void);
#ifndef OPENSSL_NO_DEPRECATED_1_1_0
# define ERR_load_crypto_strings() \
diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h
index 0daec1c2a5..d339871f6a 100644
--- a/include/openssl/kdferr.h
+++ b/include/openssl/kdferr.h
@@ -1,6 +1,5 @@
/*
- * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,106 +7,4 @@
* https://www.openssl.org/source/license.html
*/
-#ifndef OPENSSL_KDFERR_H
-# define OPENSSL_KDFERR_H
-# pragma once
-
-# include <openssl/opensslconf.h>
-# include <openssl/symhacks.h>
-
-
-# ifdef __cplusplus
-extern "C"
-# endif
-DEPRECATEDIN_3_0(int ERR_load_KDF_strings(void))
-
-/*
- * KDF function codes.
- */
-# ifndef OPENSSL_NO_DEPRECATED_3_0
-# define KDF_F_HKDF_EXTRACT 0
-# define KDF_F_KDF_HKDF_DERIVE 0
-# define KDF_F_KDF_HKDF_NEW 0
-# define KDF_F_KDF_HKDF_SIZE 0
-# define KDF_F_KDF_MD2CTRL 0
-# define KDF_F_KDF_PBKDF2_CTRL 0
-# define KDF_F_KDF_PBKDF2_CTRL_STR 0
-# define KDF_F_KDF_PBKDF2_DERIVE 0
-# define KDF_F_KDF_PBKDF2_NEW 0
-# define KDF_F_KDF_SCRYPT_CTRL_STR 0
-# define KDF_F_KDF_SCRYPT_CTRL_UINT32 0
-# define KDF_F_KDF_SCRYPT_CTRL_UINT64 0
-# define KDF_F_KDF_SCRYPT_DERIVE 0
-# define KDF_F_KDF_SCRYPT_NEW 0
-# define KDF_F_KDF_SSHKDF_CTRL 0
-# define KDF_F_KDF_SSHKDF_CTRL_STR 0
-# define KDF_F_KDF_SSHKDF_DERIVE 0
-# define KDF_F_KDF_SSHKDF_NEW 0
-# define KDF_F_KDF_TLS1_PRF_CTRL_STR 0
-# define KDF_F_KDF_TLS1_PRF_DERIVE 0
-# define KDF_F_KDF_TLS1_PRF_NEW 0
-# define KDF_F_PBKDF2_DERIVE 0
-# define KDF_F_PBKDF2_SET_MEMBUF 0
-# define KDF_F_PKEY_HKDF_CTRL_STR 0
-# define KDF_F_PKEY_HKDF_DERIVE 0
-# define KDF_F_PKEY_HKDF_INIT 0
-# define KDF_F_PKEY_SCRYPT_CTRL_STR 0
-# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 0
-# define KDF_F_PKEY_SCRYPT_DERIVE 0
-# define KDF_F_PKEY_SCRYPT_INIT 0
-# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 0
-# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 0
-# define KDF_F_PKEY_TLS1_PRF_DERIVE 0
-# define KDF_F_PKEY_TLS1_PRF_INIT 0
-# define KDF_F_SCRYPT_SET_MEMBUF 0
-# define KDF_F_SSKDF_CTRL_STR 0
-# define KDF_F_SSKDF_DERIVE 0
-# define KDF_F_SSKDF_MAC2CTRL 0
-# define KDF_F_SSKDF_NEW 0
-# define KDF_F_SSKDF_SIZE 0
-# define KDF_F_TLS1_PRF_ALG 0
-# define KDF_F_X942KDF_CTRL 0
-# define KDF_F_X942KDF_DERIVE 0
-# define KDF_F_X942KDF_HASH_KDM 0
-# define KDF_F_X942KDF_NEW 0
-# define KDF_F_X942KDF_SIZE 0
-# define KDF_F_X963KDF_DERIVE 0
-# endif
-
-/*
- * KDF reason codes.
- */
-# ifndef OPENSSL_NO_DEPRECATED_3_0
-# define KDF_R_BAD_ENCODING 122
-# define KDF_R_BAD_LENGTH 123
-# define KDF_R_BOTH_MODE_AND_MODE_INT 127
-# define KDF_R_INAVLID_UKM_LEN 124
-# define KDF_R_INVALID_DIGEST 100
-# define KDF_R_INVALID_ITERATION_COUNT 119
-# define KDF_R_INVALID_KEY_LEN 120
-# define KDF_R_INVALID_MAC_TYPE 116
-# define KDF_R_INVALID_MODE 128
-# define KDF_R_INVALID_MODE_INT 129
-# define KDF_R_INVALID_SALT_LEN 121
-# define KDF_R_MISSING_CEK_ALG 125
-# define KDF_R_MISSING_ITERATION_COUNT 109
-# define KDF_R_MISSING_KEY 104
-# define KDF_R_MISSING_MESSAGE_DIGEST 105
-# define KDF_R_MISSING_PARAMETER 101
-# define KDF_R_MISSING_PASS 110
-# define KDF_R_MISSING_SALT 111
-# define KDF_R_MISSING_SECRET 107
-# define KDF_R_MISSING_SEED 106
-# define KDF_R_MISSING_SESSION_ID 113
-# define KDF_R_MISSING_TYPE 114
-# define KDF_R_MISSING_XCGHASH 115
-# define KDF_R_NOT_SUPPORTED 118
-# define KDF_R_UNKNOWN_PARAMETER_TYPE 103
-# define KDF_R_UNSUPPORTED_CEK_ALG 126
-# define KDF_R_UNSUPPORTED_MAC_TYPE 117
-# define KDF_R_VALUE_ERROR 108
-# define KDF_R_VALUE_MISSING 102
-# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112
-# endif
-
-#endif
+#include <openssl/cryptoerr_legacy.h>
diff --git a/include/openssl/sslerr_legacy.h b/include/openssl/sslerr_legacy.h
new file mode 100644
index 0000000000..1607b4e7dc
--- /dev/null
+++ b/include/openssl/sslerr_legacy.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This header file preserves symbols from pre-3.0 OpenSSL.
+ * It should never be included directly, as it's already included
+ * by the public sslerr.h headers, and since it will go away some
+ * time in the future.
+ */
+
+#ifndef OPENSSL_SSLERR_LEGACY_H
+# define OPENSSL_SSLERR_LEGACY_H
+# pragma once
+
+# include <openssl/macros.h>
+# include <openssl/symhacks.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ERR_load_SSL_strings(void);
+# endif
+
+# ifdef __cplusplus
+}
+# endif
+#endif
+
diff --git a/ssl/build.info b/ssl/build.info
index 4efd9d02cc..703cbaff50 100644
--- a/ssl/build.info
+++ b/ssl/build.info
@@ -30,7 +30,7 @@ SOURCE[../libssl]=\
ssl_lib.c ssl_cert.c ssl_sess.c \
ssl_ciph.c ssl_stat.c ssl_rsa.c \
ssl_asn1.c ssl_txt.c ssl_init.c ssl_conf.c ssl_mcnf.c \
- bio_ssl.c ssl_err.c tls_srp.c t1_trce.c ssl_utst.c \
+ bio_ssl.c ssl_err.c ssl_err_legacy.c tls_srp.c t1_trce.c ssl_utst.c \
record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \
statem/statem.c record/ssl3_record_tls13.c record/tls_pad.c \
tls_depr.c $KTLSSRC
diff --git a/ssl/ssl_err_legacy.c b/ssl/ssl_err_legacy.c
new file mode 100644
index 0000000000..d1f27c964e
--- /dev/null
+++ b/ssl/ssl_err_legacy.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This is the C source file where we include this header directly */
+#include <openssl/sslerr_legacy.h>
+#include "sslerr.h"
+
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+int ERR_load_SSL_strings(void)
+{
+ return err_load_SSL_strings_int();
+}
+#else
+NON_EMPTY_TRANSLATION_UNIT
+#endif
diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
index 73b0ce2b4d..772dc2b474 100644
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -14,6 +14,7 @@
#include <openssl/evp.h>
#include <openssl/trace.h>
#include "ssl_local.h"
+#include "sslerr.h"
#include "internal/thread_once.h"
static int stopped;
@@ -53,8 +54,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
* pulling in all the error strings during static linking
*/
#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
- OSSL_TRACE(INIT, "ossl_init_load_ssl_strings: ERR_load_SSL_strings()\n");
- ERR_load_SSL_strings();
+ OSSL_TRACE(INIT, "ossl_init_load_ssl_strings: err_load_SSL_strings_int()\n");
+ err_load_SSL_strings_int();
ssl_strings_inited = 1;
#endif
return 1;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 75d98a5fda..404a706fab 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -150,7 +150,7 @@ i2d_IPAddressFamily 152 3_0_0 EXIST::FUNCTION:RFC3779
ENGINE_get_ctrl_function 153 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
X509_REVOKED_get_ext_count 154 3_0_0 EXIST::FUNCTION:
BN_is_prime_fasttest_ex 155 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
-ERR_load_PKCS12_strings 156 3_0_0 EXIST::FUNCTION:
+ERR_load_PKCS12_strings 156 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_sha384 157 3_0_0 EXIST::FUNCTION:
i2d_DHparams 158 3_0_0 EXIST::FUNCTION:DH
TS_VERIFY_CTX_set_store 159 3_0_0 EXIST::FUNCTION:TS
@@ -203,7 +203,7 @@ SCT_set_version 206 3_0_0 EXIST::FUNCTION:CT
CMS_add1_ReceiptRequest 207 3_0_0 EXIST::FUNCTION:CMS
d2i_CRL_DIST_POINTS 208 3_0_0 EXIST::FUNCTION:
X509_CRL_INFO_free 209 3_0_0 EXIST::FUNCTION:
-ERR_load_UI_strings 210 3_0_0 EXIST::FUNCTION:
+ERR_load_UI_strings 210 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ERR_load_strings 211 3_0_0 EXIST::FUNCTION:
RSA_X931_hash_id 212 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EC_KEY_set_method 213 3_0_0 EXIST::FUNCTION:EC
@@ -416,7 +416,7 @@ RIPEMD160 423 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
CRYPTO_ocb128_setiv 424 3_0_0 EXIST::FUNCTION:OCB
X509_CRL_digest 425 3_0_0 EXIST::FUNCTION:
EVP_aes_128_cbc_hmac_sha1 426 3_0_0 EXIST::FUNCTION:
-ERR_load_CMS_strings 427 3_0_0 EXIST::FUNCTION:CMS
+ERR_load_CMS_strings 427 3_0_0 EXIST::FUNCTION:CMS,DEPRECATEDIN_3_0
EVP_MD_CTX_md 428 3_0_0 EXIST::FUNCTION:
X509_REVOKED_get_ext 429 3_0_0 EXIST::FUNCTION:
d2i_RSA_PSS_PARAMS 430 3_0_0 EXIST::FUNCTION:RSA
@@ -556,7 +556,7 @@ TLS_FEATURE_new 567 3_0_0 EXIST::FUNCTION:
RSA_get_default_method 568 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
CRYPTO_cts128_encrypt_block 569 3_0_0 EXIST::FUNCTION:
ASN1_digest 570 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
-ERR_load_X509V3_strings 571 3_0_0 EXIST::FUNCTION:
+ERR_load_X509V3_strings 571 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_PKEY_meth_get_cleanup 572 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
d2i_X509 574 3_0_0 EXIST::FUNCTION:
a2i_ASN1_STRING 575 3_0_0 EXIST::FUNCTION:
@@ -564,7 +564,7 @@ EC_GROUP_get_mont_data 576 3_0_0 EXIST::FUNCTION:EC
CMAC_CTX_copy 577 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
EVP_camellia_128_cfb128 579 3_0_0 EXIST::FUNCTION:CAMELLIA
DH_compute_key_padded 580 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
-ERR_load_CONF_strings 581 3_0_0 EXIST::FUNCTION:
+ERR_load_CONF_strings 581 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ESS_ISSUER_SERIAL_dup 582 3_0_0 EXIST::FUNCTION:
BN_GF2m_mod_exp_arr 583 3_0_0 EXIST::FUNCTION:EC2M
ASN1_UTF8STRING_free 584 3_0_0 EXIST::FUNCTION:
@@ -606,7 +606,7 @@ DES_ede3_ofb64_encrypt 620 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
EC_KEY_METHOD_get_compute_key 621 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
RC2_cfb64_encrypt 622 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
EVP_EncryptFinal_ex 623 3_0_0 EXIST::FUNCTION:
-ERR_load_RSA_strings 624 3_0_0 EXIST::FUNCTION:
+ERR_load_RSA_strings 624 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
CRYPTO_secure_malloc_done 625 3_0_0 EXIST::FUNCTION:
RSA_OAEP_PARAMS_new 626 3_0_0 EXIST::FUNCTION:RSA
X509_NAME_free 627 3_0_0 EXIST::FUNCTION:
@@ -870,7 +870,7 @@ X509_EXTENSION_set_object 891 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_get_app_data 892 3_0_0 EXIST::FUNCTION: