diff options
-rw-r--r-- | CHANGES.md | 17 | ||||
-rw-r--r-- | Configurations/unix-Makefile.tmpl | 3 | ||||
-rw-r--r-- | NEWS.md | 1 | ||||
-rw-r--r-- | crypto/err/build.info | 2 | ||||
-rw-r--r-- | crypto/err/err.c | 6 | ||||
-rw-r--r-- | crypto/err/err_all.c | 140 | ||||
-rw-r--r-- | crypto/err/err_all_legacy.c | 101 | ||||
-rw-r--r-- | include/crypto/err.h | 1 | ||||
-rw-r--r-- | include/internal/dso.h | 2 | ||||
-rw-r--r-- | include/openssl/cryptoerr_legacy.h | 81 | ||||
-rw-r--r-- | include/openssl/err.h.in | 2 | ||||
-rw-r--r-- | include/openssl/kdferr.h | 107 | ||||
-rw-r--r-- | include/openssl/sslerr_legacy.h | 36 | ||||
-rw-r--r-- | ssl/build.info | 2 | ||||
-rw-r--r-- | ssl/ssl_err_legacy.c | 21 | ||||
-rw-r--r-- | ssl/ssl_init.c | 5 | ||||
-rw-r--r-- | util/libcrypto.num | 66 | ||||
-rw-r--r-- | util/libssl.num | 2 | ||||
-rw-r--r-- | util/missingcrypto.txt | 5 |
19 files changed, 373 insertions, 227 deletions
diff --git a/CHANGES.md b/CHANGES.md index ca4e096ed2..48957676f6 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,23 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Deprecated all the libcrypto and libssl error string loading + functions: ERR_load_ASN1_strings(), ERR_load_ASYNC_strings(), + ERR_load_BIO_strings(), ERR_load_BN_strings(), ERR_load_BUF_strings(), + ERR_load_CMS_strings(), ERR_load_COMP_strings(), ERR_load_CONF_strings(), + ERR_load_CRYPTO_strings(), ERR_load_CT_strings(), ERR_load_DH_strings(), + ERR_load_DSA_strings(), ERR_load_EC_strings(), ERR_load_ENGINE_strings(), + ERR_load_ERR_strings(), ERR_load_EVP_strings(), ERR_load_KDF_strings(), + ERR_load_OBJ_strings(), ERR_load_OCSP_strings(), ERR_load_PEM_strings(), + ERR_load_PKCS12_strings(), ERR_load_PKCS7_strings(), ERR_load_RAND_strings(), + ERR_load_RSA_strings(), ERR_load_OSSL_STORE_strings(), ERR_load_TS_strings(), + ERR_load_UI_strings(), ERR_load_X509_strings(), ERR_load_X509V3_strings(). + + Calling these functions is not necessary since OpenSSL 1.1.0, as OpenSSL + now loads error strings automatically. + + *Richard Levitte* + * The functions SSL_CTX_set_tmp_dh_callback and SSL_set_tmp_dh_callback, as well as the macros SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() have been deprecated. These are used to set the Diffie-Hellman (DH) parameters that diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 4fab096121..342e46d24d 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1083,7 +1083,8 @@ errors: include/openssl/sslerr.h include/openssl/tls1.h include/openssl/dtls1.h - include/openssl/srtp.h ); + include/openssl/srtp.h + include/openssl/sslerr_legacy.h ); my @cryptoheaders_tmpl = qw( include/internal/dso.h include/internal/o_dir.h @@ -20,6 +20,7 @@ OpenSSL 3.0 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] + * Deprecated the `ERR_load_` functions. * Remove the `RAND_DRBG` API. * Deprecated the `ENGINE` API. * Added `OSSL_LIB_CTX`, a libcrypto library context. diff --git a/crypto/err/build.info b/crypto/err/build.info index c010ea4cb9..98f8801e34 100644 --- a/crypto/err/build.info +++ b/crypto/err/build.info @@ -1,3 +1,3 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - err_blocks.c err.c err_all.c err_prn.c + err_blocks.c err.c err_all.c err_all_legacy.c err_prn.c diff --git a/crypto/err/err.c b/crypto/err/err.c index a66ea63adf..8500fe7988 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -237,7 +237,7 @@ static int err_load_strings(const ERR_STRING_DATA *str) return 1; } -int ERR_load_ERR_strings(void) +int err_load_ERR_strings_int(void) { #ifndef OPENSSL_NO_ERR if (!RUN_ONCE(&err_string_init, do_err_strings_init)) @@ -251,7 +251,7 @@ int ERR_load_ERR_strings(void) int ERR_load_strings(int lib, ERR_STRING_DATA *str) { - if (ERR_load_ERR_strings() == 0) + if (err_load_ERR_strings_int() == 0) return 0; err_patch(lib, str); @@ -261,7 +261,7 @@ int ERR_load_strings(int lib, ERR_STRING_DATA *str) int ERR_load_strings_const(const ERR_STRING_DATA *str) { - if (ERR_load_ERR_strings() == 0) + if (err_load_ERR_strings_int() == 0) return 0; err_load_strings(str); return 1; diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index f16cb6926f..e90928edef 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -8,105 +8,107 @@ */ #include <stdio.h> -#include "crypto/err.h" -#include <openssl/asn1err.h> -#include <openssl/bnerr.h> -#include <openssl/ecerr.h> -#include <openssl/buffererr.h> -#include <openssl/bioerr.h> -#include <openssl/comperr.h> -#include <openssl/rsaerr.h> -#include <openssl/dherr.h> -#include <openssl/dsaerr.h> -#include <openssl/evperr.h> -#include <openssl/objectserr.h> -#include <openssl/pemerr.h> -#include <openssl/pkcs7err.h> -#include <openssl/x509err.h> -#include <openssl/x509v3err.h> -#include <openssl/conferr.h> -#include <openssl/pkcs12err.h> -#include <openssl/randerr.h> -#include "internal/dso.h" -#include <openssl/engineerr.h> -#include <openssl/uierr.h> -#include <openssl/httperr.h> -#include <openssl/ocsperr.h> #include <openssl/err.h> -#include <openssl/tserr.h> -#include <openssl/cmserr.h> -#include <openssl/crmferr.h> -#include <openssl/cmperr.h> -#include <openssl/cterr.h> -#include <openssl/asyncerr.h> -#include <openssl/storeerr.h> -#include <openssl/esserr.h> +#include "crypto/err.h" +#include "crypto/cryptoerr.h" +#include "crypto/asn1err.h" +#include "crypto/bnerr.h" +#include "crypto/ecerr.h" +#include "crypto/buffererr.h" +#include "crypto/bioerr.h" +#include "crypto/comperr.h" +#include "crypto/rsaerr.h" +#include "crypto/dherr.h" +#include "crypto/dsaerr.h" +#include "crypto/evperr.h" +#include "crypto/objectserr.h" +#include "crypto/pemerr.h" +#include "crypto/pkcs7err.h" +#include "crypto/x509err.h" +#include "crypto/x509v3err.h" +#include "crypto/conferr.h" +#include "crypto/pkcs12err.h" +#include "crypto/randerr.h" +#include "internal/dsoerr.h" +#include "crypto/engineerr.h" +#include "crypto/uierr.h" +#include "crypto/httperr.h" +#include "crypto/ocsperr.h" +#include "crypto/tserr.h" +#include "crypto/cmserr.h" +#include "crypto/crmferr.h" +#include "crypto/cmperr.h" +#include "crypto/cterr.h" +#include "crypto/asyncerr.h" +#include "crypto/storeerr.h" +#include "crypto/esserr.h" #include "internal/propertyerr.h" #include "prov/providercommonerr.h" int err_load_crypto_strings_int(void) { - if ( + if (0 #ifndef OPENSSL_NO_ERR - ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */ - ERR_load_BN_strings() == 0 || + || err_load_ERR_strings_int() == 0 /* include error strings for SYSerr */ + || err_load_BN_strings_int() == 0 # ifndef OPENSSL_NO_RSA - ERR_load_RSA_strings() == 0 || + || err_load_RSA_strings_int() == 0 # endif # ifndef OPENSSL_NO_DH - ERR_load_DH_strings() == 0 || + || err_load_DH_strings_int() == 0 # endif - ERR_load_EVP_strings() == 0 || - ERR_load_BUF_strings() == 0 || - ERR_load_OBJ_strings() == 0 || - ERR_load_PEM_strings() == 0 || + || err_load_EVP_strings_int() == 0 + || err_load_BUF_strings_int() == 0 + || err_load_OBJ_strings_int() == 0 + || err_load_PEM_strings_int() == 0 # ifndef OPENSSL_NO_DSA - ERR_load_DSA_strings() == 0 || + || err_load_DSA_strings_int() == 0 # endif - ERR_load_X509_strings() == 0 || - ERR_load_ASN1_strings() == 0 || - ERR_load_CONF_strings() == 0 || - ERR_load_CRYPTO_strings() == 0 || + || err_load_X509_strings_int() == 0 + || err_load_ASN1_strings_int() == 0 + || err_load_CONF_strings_int() == 0 + || err_load_CRYPTO_strings_int() == 0 # ifndef OPENSSL_NO_COMP - ERR_load_COMP_strings() == 0 || + || err_load_COMP_strings_int() == 0 # endif # ifndef OPENSSL_NO_EC - ERR_load_EC_strings() == 0 || + || err_load_EC_strings_int() == 0 # endif - /* skip ERR_load_SSL_strings() because it is not in this library */ - ERR_load_BIO_strings() == 0 || - ERR_load_PKCS7_strings() == 0 || - ERR_load_X509V3_strings() == 0 || - ERR_load_PKCS12_strings() == 0 || - ERR_load_RAND_strings() == 0 || - ERR_load_DSO_strings() == 0 || + /* skip err_load_SSL_strings_int() because it is not in this library */ + || err_load_BIO_strings_int() == 0 + || err_load_PKCS7_strings_int() == 0 + || err_load_X509V3_strings_int() == 0 + || err_load_PKCS12_strings_int() == 0 + || err_load_RAND_strings_int() == 0 + || err_load_DSO_strings_int() == 0 # ifndef OPENSSL_NO_TS - ERR_load_TS_strings() == 0 || + || err_load_TS_strings_int() == 0 # endif # ifndef OPENSSL_NO_ENGINE - ERR_load_ENGINE_strings() == 0 || + || err_load_ENGINE_strings_int() == 0 # endif - ERR_load_HTTP_strings() == 0 || + || err_load_HTTP_strings_int() == 0 # ifndef OPENSSL_NO_OCSP - ERR_load_OCSP_strings() == 0 || + || err_load_OCSP_strings_int() == 0 # endif - ERR_load_UI_strings() == 0 || + || err_load_UI_strings_int() == 0 # ifndef OPENSSL_NO_CMS - ERR_load_CMS_strings() == 0 || + || err_load_CMS_strings_int() == 0 # endif # ifndef OPENSSL_NO_CRMF - ERR_load_CRMF_strings() == 0 || - ERR_load_CMP_strings() == 0 || + || err_load_CRMF_strings_int() == 0 + || err_load_CMP_strings_int() == 0 # endif # ifndef OPENSSL_NO_CT - ERR_load_CT_strings() == 0 || + || err_load_CT_strings_int() == 0 # endif - ERR_load_ESS_strings() == 0 || - ERR_load_ASYNC_strings() == 0 || + || err_load_ESS_strings_int() == 0 + || err_load_ASYNC_strings_int() == 0 + || err_load_OSSL_STORE_strings_int() == 0 + || err_load_PROP_strings_int() == 0 + || err_load_PROV_strings_int() == 0 #endif - ERR_load_OSSL_STORE_strings() == 0 || - ERR_load_PROP_strings() == 0 || - ERR_load_PROV_strings() == 0) + ) return 0; return 1; diff --git a/crypto/err/err_all_legacy.c b/crypto/err/err_all_legacy.c new file mode 100644 index 0000000000..489036fd8b --- /dev/null +++ b/crypto/err/err_all_legacy.c @@ -0,0 +1,101 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* This is the C source file where we include this header directly */ +#include <openssl/cryptoerr_legacy.h> + +#ifndef OPENSSL_NO_DEPRECATED_3_0 + +#include "crypto/err.h" +#include "crypto/asn1err.h" +#include "crypto/asyncerr.h" +#include "crypto/bnerr.h" +#include "crypto/buffererr.h" +#include "crypto/bioerr.h" +#include "crypto/cmserr.h" +#include "crypto/comperr.h" +#include "crypto/conferr.h" +#include "crypto/cryptoerr.h" +#include "crypto/cterr.h" +#include "crypto/dherr.h" +#include "crypto/dsaerr.h" +#include "internal/dsoerr.h" +#include "crypto/ecerr.h" +#include "crypto/engineerr.h" +#include "crypto/evperr.h" +#include "crypto/httperr.h" +#include "crypto/objectserr.h" +#include "crypto/ocsperr.h" +#include "crypto/pemerr.h" +#include "crypto/pkcs12err.h" +#include "crypto/pkcs7err.h" +#include "crypto/randerr.h" +#include "crypto/rsaerr.h" +#include "crypto/storeerr.h" +#include "crypto/tserr.h" +#include "crypto/uierr.h" +#include "crypto/x509err.h" +#include "crypto/x509v3err.h" + +# define IMPLEMENT_LEGACY_ERR_LOAD(lib) \ + int ERR_load_##lib##_strings(void) \ + { \ + return err_load_##lib##_strings_int(); \ + } + +# ifndef OPENSSL_NO_ERR +IMPLEMENT_LEGACY_ERR_LOAD(ASN1) +IMPLEMENT_LEGACY_ERR_LOAD(ASYNC) +IMPLEMENT_LEGACY_ERR_LOAD(BIO) +IMPLEMENT_LEGACY_ERR_LOAD(BN) +IMPLEMENT_LEGACY_ERR_LOAD(BUF) +# ifndef OPENSSL_NO_CMS +IMPLEMENT_LEGACY_ERR_LOAD(CMS) +# endif +# ifndef OPENSSL_NO_COMP +IMPLEMENT_LEGACY_ERR_LOAD(COMP) +# endif +IMPLEMENT_LEGACY_ERR_LOAD(CONF) +IMPLEMENT_LEGACY_ERR_LOAD(CRYPTO) +# ifndef OPENSSL_NO_CT +IMPLEMENT_LEGACY_ERR_LOAD(CT) +# endif +# ifndef OPENSSL_NO_DH +IMPLEMENT_LEGACY_ERR_LOAD(DH) +# endif +# ifndef OPENSSL_NO_DSA +IMPLEMENT_LEGACY_ERR_LOAD(DSA) +# endif +# ifndef OPENSSL_NO_EC +IMPLEMENT_LEGACY_ERR_LOAD(EC) +# endif +# ifndef OPENSSL_NO_ENGINE +IMPLEMENT_LEGACY_ERR_LOAD(ENGINE) +# endif +IMPLEMENT_LEGACY_ERR_LOAD(ERR) +IMPLEMENT_LEGACY_ERR_LOAD(EVP) +IMPLEMENT_LEGACY_ERR_LOAD(OBJ) +# ifndef OPENSSL_NO_OCSP +IMPLEMENT_LEGACY_ERR_LOAD(OCSP) +# endif +IMPLEMENT_LEGACY_ERR_LOAD(PEM) +IMPLEMENT_LEGACY_ERR_LOAD(PKCS12) +IMPLEMENT_LEGACY_ERR_LOAD(PKCS7) +IMPLEMENT_LEGACY_ERR_LOAD(RAND) +IMPLEMENT_LEGACY_ERR_LOAD(RSA) +IMPLEMENT_LEGACY_ERR_LOAD(OSSL_STORE) +# ifndef OPENSSL_NO_TS +IMPLEMENT_LEGACY_ERR_LOAD(TS) +# endif +IMPLEMENT_LEGACY_ERR_LOAD(UI) +IMPLEMENT_LEGACY_ERR_LOAD(X509) +IMPLEMENT_LEGACY_ERR_LOAD(X509V3) +# endif + +#endif diff --git a/include/crypto/err.h b/include/crypto/err.h index 527f19667d..d4c32bcf67 100644 --- a/include/crypto/err.h +++ b/include/crypto/err.h @@ -10,6 +10,7 @@ #ifndef OSSL_CRYPTO_ERR_H # define OSSL_CRYPTO_ERR_H +int err_load_ERR_strings_int(void); int err_load_crypto_strings_int(void); void err_cleanup(void); int err_shelve_state(void **); diff --git a/include/internal/dso.h b/include/internal/dso.h index 76cb3c6e0a..214362f692 100644 --- a/include/internal/dso.h +++ b/include/internal/dso.h @@ -160,6 +160,4 @@ DSO *DSO_dsobyaddr(void *addr, int flags); */ void *DSO_global_lookup(const char *name); -int ERR_load_DSO_strings(void); - #endif diff --git a/include/openssl/cryptoerr_legacy.h b/include/openssl/cryptoerr_legacy.h new file mode 100644 index 0000000000..2729afde70 --- /dev/null +++ b/include/openssl/cryptoerr_legacy.h @@ -0,0 +1,81 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This header file preserves symbols from pre-3.0 OpenSSL. + * It should never be included directly, as it's already included + * by the public {lib}err.h headers, and since it will go away some + * time in the future. + */ + +#ifndef OPENSSL_CRYPTOERR_LEGACY_H +# define OPENSSL_CRYPTOERR_LEGACY_H +# pragma once + +# include <openssl/macros.h> +# include <openssl/symhacks.h> + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ERR_load_ASN1_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_ASYNC_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_BIO_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_BN_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_BUF_strings(void); +# ifndef OPENSSL_NO_CMS +OSSL_DEPRECATEDIN_3_0 int ERR_load_CMS_strings(void); +# endif +# ifndef OPENSSL_NO_COMP +OSSL_DEPRECATEDIN_3_0 int ERR_load_COMP_strings(void); +# endif +OSSL_DEPRECATEDIN_3_0 int ERR_load_CONF_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_CRYPTO_strings(void); +# ifndef OPENSSL_NO_CT +OSSL_DEPRECATEDIN_3_0 int ERR_load_CT_strings(void); +# endif +# ifndef OPENSSL_NO_DH +OSSL_DEPRECATEDIN_3_0 int ERR_load_DH_strings(void); +# endif +# ifndef OPENSSL_NO_DSA +OSSL_DEPRECATEDIN_3_0 int ERR_load_DSA_strings(void); +# endif +# ifndef OPENSSL_NO_EC +OSSL_DEPRECATEDIN_3_0 int ERR_load_EC_strings(void); +# endif +# ifndef OPENSSL_NO_ENGINE +OSSL_DEPRECATEDIN_3_0 int ERR_load_ENGINE_strings(void); +# endif +OSSL_DEPRECATEDIN_3_0 int ERR_load_ERR_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_EVP_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_KDF_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_OBJ_strings(void); +# ifndef OPENSSL_NO_OCSP +OSSL_DEPRECATEDIN_3_0 int ERR_load_OCSP_strings(void); +# endif +OSSL_DEPRECATEDIN_3_0 int ERR_load_PEM_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_PKCS12_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_PKCS7_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_RAND_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_RSA_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_OSSL_STORE_strings(void); +# ifndef OPENSSL_NO_TS +OSSL_DEPRECATEDIN_3_0 int ERR_load_TS_strings(void); +# endif +OSSL_DEPRECATEDIN_3_0 int ERR_load_UI_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_X509_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_X509V3_strings(void); +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/openssl/err.h.in b/include/openssl/err.h.in index 1f2fde8317..c36fe7d1ed 100644 --- a/include/openssl/err.h.in +++ b/include/openssl/err.h.in @@ -30,6 +30,7 @@ use OpenSSL::stackhash qw(generate_lhash_macros); # include <openssl/types.h> # include <openssl/bio.h> # include <openssl/lhash.h> +# include <openssl/cryptoerr_legacy.h> #ifdef __cplusplus extern "C" { @@ -454,7 +455,6 @@ void ERR_add_error_mem_bio(const char *sep, BIO *bio); int ERR_load_strings(int lib, ERR_STRING_DATA *str); int ERR_load_strings_const(const ERR_STRING_DATA *str); int ERR_unload_strings(int lib, ERR_STRING_DATA *str); -int ERR_load_ERR_strings(void); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define ERR_load_crypto_strings() \ diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h index 0daec1c2a5..d339871f6a 100644 --- a/include/openssl/kdferr.h +++ b/include/openssl/kdferr.h @@ -1,6 +1,5 @@ /* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,106 +7,4 @@ * https://www.openssl.org/source/license.html */ -#ifndef OPENSSL_KDFERR_H -# define OPENSSL_KDFERR_H -# pragma once - -# include <openssl/opensslconf.h> -# include <openssl/symhacks.h> - - -# ifdef __cplusplus -extern "C" -# endif -DEPRECATEDIN_3_0(int ERR_load_KDF_strings(void)) - -/* - * KDF function codes. - */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define KDF_F_HKDF_EXTRACT 0 -# define KDF_F_KDF_HKDF_DERIVE 0 -# define KDF_F_KDF_HKDF_NEW 0 -# define KDF_F_KDF_HKDF_SIZE 0 -# define KDF_F_KDF_MD2CTRL 0 -# define KDF_F_KDF_PBKDF2_CTRL 0 -# define KDF_F_KDF_PBKDF2_CTRL_STR 0 -# define KDF_F_KDF_PBKDF2_DERIVE 0 -# define KDF_F_KDF_PBKDF2_NEW 0 -# define KDF_F_KDF_SCRYPT_CTRL_STR 0 -# define KDF_F_KDF_SCRYPT_CTRL_UINT32 0 -# define KDF_F_KDF_SCRYPT_CTRL_UINT64 0 -# define KDF_F_KDF_SCRYPT_DERIVE 0 -# define KDF_F_KDF_SCRYPT_NEW 0 -# define KDF_F_KDF_SSHKDF_CTRL 0 -# define KDF_F_KDF_SSHKDF_CTRL_STR 0 -# define KDF_F_KDF_SSHKDF_DERIVE 0 -# define KDF_F_KDF_SSHKDF_NEW 0 -# define KDF_F_KDF_TLS1_PRF_CTRL_STR 0 -# define KDF_F_KDF_TLS1_PRF_DERIVE 0 -# define KDF_F_KDF_TLS1_PRF_NEW 0 -# define KDF_F_PBKDF2_DERIVE 0 -# define KDF_F_PBKDF2_SET_MEMBUF 0 -# define KDF_F_PKEY_HKDF_CTRL_STR 0 -# define KDF_F_PKEY_HKDF_DERIVE 0 -# define KDF_F_PKEY_HKDF_INIT 0 -# define KDF_F_PKEY_SCRYPT_CTRL_STR 0 -# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 0 -# define KDF_F_PKEY_SCRYPT_DERIVE 0 -# define KDF_F_PKEY_SCRYPT_INIT 0 -# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 0 -# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 0 -# define KDF_F_PKEY_TLS1_PRF_DERIVE 0 -# define KDF_F_PKEY_TLS1_PRF_INIT 0 -# define KDF_F_SCRYPT_SET_MEMBUF 0 -# define KDF_F_SSKDF_CTRL_STR 0 -# define KDF_F_SSKDF_DERIVE 0 -# define KDF_F_SSKDF_MAC2CTRL 0 -# define KDF_F_SSKDF_NEW 0 -# define KDF_F_SSKDF_SIZE 0 -# define KDF_F_TLS1_PRF_ALG 0 -# define KDF_F_X942KDF_CTRL 0 -# define KDF_F_X942KDF_DERIVE 0 -# define KDF_F_X942KDF_HASH_KDM 0 -# define KDF_F_X942KDF_NEW 0 -# define KDF_F_X942KDF_SIZE 0 -# define KDF_F_X963KDF_DERIVE 0 -# endif - -/* - * KDF reason codes. - */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 -# define KDF_R_BAD_ENCODING 122 -# define KDF_R_BAD_LENGTH 123 -# define KDF_R_BOTH_MODE_AND_MODE_INT 127 -# define KDF_R_INAVLID_UKM_LEN 124 -# define KDF_R_INVALID_DIGEST 100 -# define KDF_R_INVALID_ITERATION_COUNT 119 -# define KDF_R_INVALID_KEY_LEN 120 -# define KDF_R_INVALID_MAC_TYPE 116 -# define KDF_R_INVALID_MODE 128 -# define KDF_R_INVALID_MODE_INT 129 -# define KDF_R_INVALID_SALT_LEN 121 -# define KDF_R_MISSING_CEK_ALG 125 -# define KDF_R_MISSING_ITERATION_COUNT 109 -# define KDF_R_MISSING_KEY 104 -# define KDF_R_MISSING_MESSAGE_DIGEST 105 -# define KDF_R_MISSING_PARAMETER 101 -# define KDF_R_MISSING_PASS 110 -# define KDF_R_MISSING_SALT 111 -# define KDF_R_MISSING_SECRET 107 -# define KDF_R_MISSING_SEED 106 -# define KDF_R_MISSING_SESSION_ID 113 -# define KDF_R_MISSING_TYPE 114 -# define KDF_R_MISSING_XCGHASH 115 -# define KDF_R_NOT_SUPPORTED 118 -# define KDF_R_UNKNOWN_PARAMETER_TYPE 103 -# define KDF_R_UNSUPPORTED_CEK_ALG 126 -# define KDF_R_UNSUPPORTED_MAC_TYPE 117 -# define KDF_R_VALUE_ERROR 108 -# define KDF_R_VALUE_MISSING 102 -# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112 -# endif - -#endif +#include <openssl/cryptoerr_legacy.h> diff --git a/include/openssl/sslerr_legacy.h b/include/openssl/sslerr_legacy.h new file mode 100644 index 0000000000..1607b4e7dc --- /dev/null +++ b/include/openssl/sslerr_legacy.h @@ -0,0 +1,36 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This header file preserves symbols from pre-3.0 OpenSSL. + * It should never be included directly, as it's already included + * by the public sslerr.h headers, and since it will go away some + * time in the future. + */ + +#ifndef OPENSSL_SSLERR_LEGACY_H +# define OPENSSL_SSLERR_LEGACY_H +# pragma once + +# include <openssl/macros.h> +# include <openssl/symhacks.h> + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ERR_load_SSL_strings(void); +# endif + +# ifdef __cplusplus +} +# endif +#endif + diff --git a/ssl/build.info b/ssl/build.info index 4efd9d02cc..703cbaff50 100644 --- a/ssl/build.info +++ b/ssl/build.info @@ -30,7 +30,7 @@ SOURCE[../libssl]=\ ssl_lib.c ssl_cert.c ssl_sess.c \ ssl_ciph.c ssl_stat.c ssl_rsa.c \ ssl_asn1.c ssl_txt.c ssl_init.c ssl_conf.c ssl_mcnf.c \ - bio_ssl.c ssl_err.c tls_srp.c t1_trce.c ssl_utst.c \ + bio_ssl.c ssl_err.c ssl_err_legacy.c tls_srp.c t1_trce.c ssl_utst.c \ record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \ statem/statem.c record/ssl3_record_tls13.c record/tls_pad.c \ tls_depr.c $KTLSSRC diff --git a/ssl/ssl_err_legacy.c b/ssl/ssl_err_legacy.c new file mode 100644 index 0000000000..d1f27c964e --- /dev/null +++ b/ssl/ssl_err_legacy.c @@ -0,0 +1,21 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* This is the C source file where we include this header directly */ +#include <openssl/sslerr_legacy.h> +#include "sslerr.h" + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +int ERR_load_SSL_strings(void) +{ + return err_load_SSL_strings_int(); +} +#else +NON_EMPTY_TRANSLATION_UNIT +#endif diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index 73b0ce2b4d..772dc2b474 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -14,6 +14,7 @@ #include <openssl/evp.h> #include <openssl/trace.h> #include "ssl_local.h" +#include "sslerr.h" #include "internal/thread_once.h" static int stopped; @@ -53,8 +54,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) * pulling in all the error strings during static linking */ #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) - OSSL_TRACE(INIT, "ossl_init_load_ssl_strings: ERR_load_SSL_strings()\n"); - ERR_load_SSL_strings(); + OSSL_TRACE(INIT, "ossl_init_load_ssl_strings: err_load_SSL_strings_int()\n"); + err_load_SSL_strings_int(); ssl_strings_inited = 1; #endif return 1; diff --git a/util/libcrypto.num b/util/libcrypto.num index 75d98a5fda..404a706fab 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -150,7 +150,7 @@ i2d_IPAddressFamily 152 3_0_0 EXIST::FUNCTION:RFC3779 ENGINE_get_ctrl_function 153 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_REVOKED_get_ext_count 154 3_0_0 EXIST::FUNCTION: BN_is_prime_fasttest_ex 155 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -ERR_load_PKCS12_strings 156 3_0_0 EXIST::FUNCTION: +ERR_load_PKCS12_strings 156 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_sha384 157 3_0_0 EXIST::FUNCTION: i2d_DHparams 158 3_0_0 EXIST::FUNCTION:DH TS_VERIFY_CTX_set_store 159 3_0_0 EXIST::FUNCTION:TS @@ -203,7 +203,7 @@ SCT_set_version 206 3_0_0 EXIST::FUNCTION:CT CMS_add1_ReceiptRequest 207 3_0_0 EXIST::FUNCTION:CMS d2i_CRL_DIST_POINTS 208 3_0_0 EXIST::FUNCTION: X509_CRL_INFO_free 209 3_0_0 EXIST::FUNCTION: -ERR_load_UI_strings 210 3_0_0 EXIST::FUNCTION: +ERR_load_UI_strings 210 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ERR_load_strings 211 3_0_0 EXIST::FUNCTION: RSA_X931_hash_id 212 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EC_KEY_set_method 213 3_0_0 EXIST::FUNCTION:EC @@ -416,7 +416,7 @@ RIPEMD160 423 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 CRYPTO_ocb128_setiv 424 3_0_0 EXIST::FUNCTION:OCB X509_CRL_digest 425 3_0_0 EXIST::FUNCTION: EVP_aes_128_cbc_hmac_sha1 426 3_0_0 EXIST::FUNCTION: -ERR_load_CMS_strings 427 3_0_0 EXIST::FUNCTION:CMS +ERR_load_CMS_strings 427 3_0_0 EXIST::FUNCTION:CMS,DEPRECATEDIN_3_0 EVP_MD_CTX_md 428 3_0_0 EXIST::FUNCTION: X509_REVOKED_get_ext 429 3_0_0 EXIST::FUNCTION: d2i_RSA_PSS_PARAMS 430 3_0_0 EXIST::FUNCTION:RSA @@ -556,7 +556,7 @@ TLS_FEATURE_new 567 3_0_0 EXIST::FUNCTION: RSA_get_default_method 568 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA CRYPTO_cts128_encrypt_block 569 3_0_0 EXIST::FUNCTION: ASN1_digest 570 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -ERR_load_X509V3_strings 571 3_0_0 EXIST::FUNCTION: +ERR_load_X509V3_strings 571 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_PKEY_meth_get_cleanup 572 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 d2i_X509 574 3_0_0 EXIST::FUNCTION: a2i_ASN1_STRING 575 3_0_0 EXIST::FUNCTION: @@ -564,7 +564,7 @@ EC_GROUP_get_mont_data 576 3_0_0 EXIST::FUNCTION:EC CMAC_CTX_copy 577 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0 EVP_camellia_128_cfb128 579 3_0_0 EXIST::FUNCTION:CAMELLIA DH_compute_key_padded 580 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH -ERR_load_CONF_strings 581 3_0_0 EXIST::FUNCTION: +ERR_load_CONF_strings 581 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ESS_ISSUER_SERIAL_dup 582 3_0_0 EXIST::FUNCTION: BN_GF2m_mod_exp_arr 583 3_0_0 EXIST::FUNCTION:EC2M ASN1_UTF8STRING_free 584 3_0_0 EXIST::FUNCTION: @@ -606,7 +606,7 @@ DES_ede3_ofb64_encrypt 620 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 EC_KEY_METHOD_get_compute_key 621 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC RC2_cfb64_encrypt 622 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2 EVP_EncryptFinal_ex 623 3_0_0 EXIST::FUNCTION: -ERR_load_RSA_strings 624 3_0_0 EXIST::FUNCTION: +ERR_load_RSA_strings 624 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 CRYPTO_secure_malloc_done 625 3_0_0 EXIST::FUNCTION: RSA_OAEP_PARAMS_new 626 3_0_0 EXIST::FUNCTION:RSA X509_NAME_free 627 3_0_0 EXIST::FUNCTION: @@ -870,7 +870,7 @@ X509_EXTENSION_set_object 891 3_0_0 EXIST::FUNCTION: EVP_CIPHER_CTX_get_app_data 892 3_0_0 EXIST::FUNCTION: CRL_DIST_POINTS_it 893 3_0_0 EXIST::FUNCTION: DIRECTORYSTRING_new 894 3_0_0 EXIST::FUNCTION: -ERR_load_ASYNC_strings 895 3_0_0 EXIST::FUNCTION: +ERR_load_ASYNC_strings 895 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_bf_cfb64 896 3_0_0 EXIST::FUNCTION:BF PKCS7_sign_add_signer 897 3_0_0 EXIST::FUNCTION: X509_print_ex |