From 4d301427a96010468da2bb67bf1025fa8d886ab9 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Sun, 10 Nov 2019 13:07:46 +0100
Subject: [PATCH] Make sure KDF reason codes are conserved in their current
 state

Because KDF errors are deprecated and only conserved for backward
compatibilty, we must make sure that they remain untouched.  A simple
way to signal that is by modifying crypto/err/openssl.ec and replace
the main header file (include/openssl/kdf.h in this case) with 'NONE',
while retaining the error table file (crypto/kdf/kdf_err.c).

util/mkerr.pl is modified to silently ignore anything surrounding a
conserved lib when such a .ec line is found.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)
---
 crypto/err/openssl.ec | 2 +-
 util/mkerr.pl         | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index 65633717ee..211edd42f3 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -34,7 +34,7 @@ L CRMF          include/openssl/crmf.h          crypto/crmf/crmf_err.c
 L CMP           include/openssl/cmp.h           crypto/cmp/cmp_err.c
 L CT            include/openssl/ct.h            crypto/ct/ct_err.c
 L ASYNC         include/openssl/async.h         crypto/async/async_err.c
-L KDF           include/openssl/kdf.h           crypto/kdf/kdf_err.c
+L KDF           NONE                            crypto/kdf/kdf_err.c
 L SM2           include/crypto/sm2.h            crypto/sm2/sm2_err.c
 L OSSL_STORE    include/openssl/store.h         crypto/store/store_err.c
 L ESS           include/openssl/ess.h           crypto/ess/ess_err.c
diff --git a/util/mkerr.pl b/util/mkerr.pl
index 1d8cdfdfb4..0b09fb3327 100755
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -210,6 +210,12 @@ if ( ! $reindex && $statefile ) {
             print "Skipping $_";
             $skippedstate++;
             next;
+        } elsif ( $hinc{$lib} eq 'NONE' ) {
+            # When the header is NONE but the err file is specified,
+            # it signifies that the err file should be conserved but
+            # remain untouched, and the same goes for the symbols in
+            # the state file.
+            next;
         }
         if ( $name =~ /^(?:OSSL_|OPENSSL_)?[A-Z0-9]{2,}_R_/ ) {
             die "$lib reason code $code collision at $name\n"
@@ -417,6 +423,7 @@ foreach my $lib ( keys %errorfile ) {
     next if ! $fnew{$lib} && ! $rnew{$lib} && ! $rebuild;
     next if scalar keys %modules > 0 && !$modules{$lib};
     next if $nowrite;
+    next if $hinc{$lib} eq 'NONE';
     print STDERR "$lib: $fnew{$lib} new functions\n" if $fnew{$lib};
     print STDERR "$lib: $rnew{$lib} new reasons\n" if $rnew{$lib};
     $newstate = 1;
-- 
2.25.1