Make sure KDF reason codes are conserved in their current state

Because KDF errors are deprecated and only conserved for backward compatibilty, we must make sure that they remain untouched. A simple way to signal that is by modifying crypto/err/openssl.ec and replace the main header file (include/openssl/kdf.h in this case) with 'NONE', while retaining the error table file (crypto/kdf/kdf_err.c). util/mkerr.pl is modified to silently ignore anything surrounding a conserved lib when such a .ec line is found. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10368)
2019-11-10 13:07:46 +01:00 · 2019-11-10 13:07:46 +01:00 · 4d301427a9
commit 4d301427a9
parent 905b097fd5
2 changed files with 8 additions and 1 deletions
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@ -34,7 +34,7 @@ L CRMF          include/openssl/crmf.h          crypto/crmf/crmf_err.c
 L CMP           include/openssl/cmp.h           crypto/cmp/cmp_err.c
 L CT            include/openssl/ct.h            crypto/ct/ct_err.c
 L ASYNC         include/openssl/async.h         crypto/async/async_err.c
-L KDF           include/openssl/kdf.h           crypto/kdf/kdf_err.c
+L KDF           NONE                            crypto/kdf/kdf_err.c
 L SM2           include/crypto/sm2.h            crypto/sm2/sm2_err.c
 L OSSL_STORE    include/openssl/store.h         crypto/store/store_err.c
 L ESS           include/openssl/ess.h           crypto/ess/ess_err.c
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@ -210,6 +210,12 @@ if ( ! $reindex && $statefile ) {
            print "Skipping $_";
            $skippedstate++;
            next;
+        } elsif ( $hinc{$lib} eq 'NONE' ) {
+            # When the header is NONE but the err file is specified,
+            # it signifies that the err file should be conserved but
+            # remain untouched, and the same goes for the symbols in
+            # the state file.
+            next;
        }
        if ( $name =~ /^(?:OSSL_|OPENSSL_)?[A-Z0-9]{2,}_R_/ ) {
            die "$lib reason code $code collision at $name\n"
@ -417,6 +423,7 @@ foreach my $lib ( keys %errorfile ) {
    next if ! $fnew{$lib} && ! $rnew{$lib} && ! $rebuild;
    next if scalar keys %modules > 0 && !$modules{$lib};
    next if $nowrite;
+    next if $hinc{$lib} eq 'NONE';
    print STDERR "$lib: $fnew{$lib} new functions\n" if $fnew{$lib};
    print STDERR "$lib: $rnew{$lib} new reasons\n" if $rnew{$lib};
    $newstate = 1;