From: Richard Levitte <levitte@openssl.org>
Date: Sun, 10 Nov 2019 12:07:46 +0000 (+0100)
Subject: Make sure KDF reason codes are conserved in their current state
X-Git-Tag: openssl-3.0.0-alpha1~975
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=4d301427a96010468da2bb67bf1025fa8d886ab9;p=oweals%2Fopenssl.git

Make sure KDF reason codes are conserved in their current state

Because KDF errors are deprecated and only conserved for backward
compatibilty, we must make sure that they remain untouched.  A simple
way to signal that is by modifying crypto/err/openssl.ec and replace
the main header file (include/openssl/kdf.h in this case) with 'NONE',
while retaining the error table file (crypto/kdf/kdf_err.c).

util/mkerr.pl is modified to silently ignore anything surrounding a
conserved lib when such a .ec line is found.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)
---

diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index 65633717ee..211edd42f3 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -34,7 +34,7 @@ L CRMF          include/openssl/crmf.h          crypto/crmf/crmf_err.c
 L CMP           include/openssl/cmp.h           crypto/cmp/cmp_err.c
 L CT            include/openssl/ct.h            crypto/ct/ct_err.c
 L ASYNC         include/openssl/async.h         crypto/async/async_err.c
-L KDF           include/openssl/kdf.h           crypto/kdf/kdf_err.c
+L KDF           NONE                            crypto/kdf/kdf_err.c
 L SM2           include/crypto/sm2.h            crypto/sm2/sm2_err.c
 L OSSL_STORE    include/openssl/store.h         crypto/store/store_err.c
 L ESS           include/openssl/ess.h           crypto/ess/ess_err.c
diff --git a/util/mkerr.pl b/util/mkerr.pl
index 1d8cdfdfb4..0b09fb3327 100755
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -210,6 +210,12 @@ if ( ! $reindex && $statefile ) {
             print "Skipping $_";
             $skippedstate++;
             next;
+        } elsif ( $hinc{$lib} eq 'NONE' ) {
+            # When the header is NONE but the err file is specified,
+            # it signifies that the err file should be conserved but
+            # remain untouched, and the same goes for the symbols in
+            # the state file.
+            next;
         }
         if ( $name =~ /^(?:OSSL_|OPENSSL_)?[A-Z0-9]{2,}_R_/ ) {
             die "$lib reason code $code collision at $name\n"
@@ -417,6 +423,7 @@ foreach my $lib ( keys %errorfile ) {
     next if ! $fnew{$lib} && ! $rnew{$lib} && ! $rebuild;
     next if scalar keys %modules > 0 && !$modules{$lib};
     next if $nowrite;
+    next if $hinc{$lib} eq 'NONE';
     print STDERR "$lib: $fnew{$lib} new functions\n" if $fnew{$lib};
     print STDERR "$lib: $rnew{$lib} new reasons\n" if $rnew{$lib};
     $newstate = 1;