[openssl] master update
Richard Levitte
levitte at openssl.org
Tue Nov 12 12:31:14 UTC 2019
The branch master has been updated
via 4d301427a96010468da2bb67bf1025fa8d886ab9 (commit)
via 905b097fd586ed0279aee05b5961224212014ec9 (commit)
via dc5ce51983713dfbb8f3d0c8b198dee32b563ac6 (commit)
via 7c6a0d909abda7c854b44831ef43ebdda49ed42e (commit)
from b6db6612d12460d3787b6cf94777e309ea75d058 (commit)
- Log -----------------------------------------------------------------
commit 4d301427a96010468da2bb67bf1025fa8d886ab9
Author: Richard Levitte <levitte at openssl.org>
Date: Sun Nov 10 13:07:46 2019 +0100
Make sure KDF reason codes are conserved in their current state
Because KDF errors are deprecated and only conserved for backward
compatibilty, we must make sure that they remain untouched. A simple
way to signal that is by modifying crypto/err/openssl.ec and replace
the main header file (include/openssl/kdf.h in this case) with 'NONE',
while retaining the error table file (crypto/kdf/kdf_err.c).
util/mkerr.pl is modified to silently ignore anything surrounding a
conserved lib when such a .ec line is found.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)
commit 905b097fd586ed0279aee05b5961224212014ec9
Author: Richard Levitte <levitte at openssl.org>
Date: Sun Nov 10 13:06:48 2019 +0100
Deprecate ERR_load_KDF_strings()
Not only deprecate, but also remove the reason strings and make
ERR_load_KDF_strings() do nothing.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)
commit dc5ce51983713dfbb8f3d0c8b198dee32b563ac6
Author: Richard Levitte <levitte at openssl.org>
Date: Sun Nov 10 13:03:15 2019 +0100
util/perl/OpenSSL/ParseC.pm: Fix 'extern "C" DEPRECATEDIN_x_y(...)'
The parser expected an 'extern "C"' followed by a single declaration
to always end with a semicolon. Then came along something like this:
extern "C" DEPRECATEDIN_3_0(int ERR_load_KDF_strings(void))
This change adjusts the detector of 'extern "C"' to also take in
accound a declaration that ends with a parenthesis.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)
commit 7c6a0d909abda7c854b44831ef43ebdda49ed42e
Author: Richard Levitte <levitte at openssl.org>
Date: Sun Nov 10 05:16:36 2019 +0100
Reinstate the KDF error macros
For minimum breakage with existing applications that might use them.
This reverts commit fe6ec26b204a056aee2a24b79df09a45b2308603 and
37ed62107112d95f7b7c9bf75602a6ac40883a89.
Fixes #10340
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)
-----------------------------------------------------------------------
Summary of changes:
crypto/build.info | 2 +-
crypto/err/err.c | 1 +
crypto/err/openssl.ec | 2 +-
crypto/kdf/build.info | 2 +
.../cipher_tdes_wrap_hw.c => crypto/kdf/kdf_err.c | 13 ++-
include/openssl/err.h | 14 +--
include/openssl/kdferr.h | 118 +++++++++++++++++++++
util/libcrypto.num | 1 +
util/missingcrypto.txt | 1 +
util/mkerr.pl | 7 ++
util/perl/OpenSSL/ParseC.pm | 2 +-
11 files changed, 150 insertions(+), 13 deletions(-)
create mode 100644 crypto/kdf/build.info
copy providers/implementations/ciphers/cipher_tdes_wrap_hw.c => crypto/kdf/kdf_err.c (64%)
create mode 100644 include/openssl/kdferr.h
diff --git a/crypto/build.info b/crypto/build.info
index 733aba8662..5f90a2eda2 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -1,7 +1,7 @@
# Note that these directories are filtered in Configure. Look for %skipdir
# there for further explanations.
SUBDIRS=objects buffer bio stack lhash rand evp asn1 pem x509 conf \
- txt_db pkcs7 pkcs12 ui store property \
+ txt_db pkcs7 pkcs12 ui kdf store property \
md2 md4 md5 sha mdc2 hmac ripemd whrlpool poly1305 \
siphash sm3 des aes rc2 rc4 rc5 idea aria bf cast camellia \
seed sm4 chacha modes bn ec rsa dsa dh sm2 dso engine \
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 28a5db8ad4..bc33a06b7e 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -70,6 +70,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
{ERR_PACK(ERR_LIB_HMAC, 0, 0), "HMAC routines"},
{ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines"},
{ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"},
+ {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"},
{ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"},
{ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"},
{ERR_PACK(ERR_LIB_ESS, 0, 0), "ESS routines"},
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index 65633717ee..211edd42f3 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -34,7 +34,7 @@ L CRMF include/openssl/crmf.h crypto/crmf/crmf_err.c
L CMP include/openssl/cmp.h crypto/cmp/cmp_err.c
L CT include/openssl/ct.h crypto/ct/ct_err.c
L ASYNC include/openssl/async.h crypto/async/async_err.c
-L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c
+L KDF NONE crypto/kdf/kdf_err.c
L SM2 include/crypto/sm2.h crypto/sm2/sm2_err.c
L OSSL_STORE include/openssl/store.h crypto/store/store_err.c
L ESS include/openssl/ess.h crypto/ess/ess_err.c
diff --git a/crypto/kdf/build.info b/crypto/kdf/build.info
new file mode 100644
index 0000000000..7707c00988
--- /dev/null
+++ b/crypto/kdf/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=kdf_err.c
diff --git a/providers/implementations/ciphers/cipher_tdes_wrap_hw.c b/crypto/kdf/kdf_err.c
similarity index 64%
copy from providers/implementations/ciphers/cipher_tdes_wrap_hw.c
copy to crypto/kdf/kdf_err.c
index 09155b6f48..5b794285e4 100644
--- a/providers/implementations/ciphers/cipher_tdes_wrap_hw.c
+++ b/crypto/kdf/kdf_err.c
@@ -1,4 +1,5 @@
/*
+ * Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -7,8 +8,12 @@
* https://www.openssl.org/source/license.html
*/
-#include "cipher_tdes_default.h"
+#include <openssl/err.h>
+#include <openssl/kdferr.h>
-#define cipher_hw_tdes_wrap_initkey cipher_hw_tdes_ede3_initkey
-
-PROV_CIPHER_HW_tdes_mode(wrap, cbc)
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+int ERR_load_KDF_strings(void)
+{
+ return 1;
+}
+#endif
diff --git a/include/openssl/err.h b/include/openssl/err.h
index e5766ee241..9244bb84b1 100644
--- a/include/openssl/err.h
+++ b/include/openssl/err.h
@@ -105,12 +105,13 @@ struct err_state_st {
/* # define ERR_LIB_JPAKE 49 */
# define ERR_LIB_CT 50
# define ERR_LIB_ASYNC 51
-# define ERR_LIB_SM2 52
-# define ERR_LIB_ESS 53
-# define ERR_LIB_PROP 54
-# define ERR_LIB_CRMF 55
-# define ERR_LIB_PROV 56
-# define ERR_LIB_CMP 57
+# define ERR_LIB_KDF 52
+# define ERR_LIB_SM2 53
+# define ERR_LIB_ESS 54
+# define ERR_LIB_PROP 55
+# define ERR_LIB_CRMF 56
+# define ERR_LIB_PROV 57
+# define ERR_LIB_CMP 58
# define ERR_LIB_USER 128
@@ -149,6 +150,7 @@ struct err_state_st {
# define PROVerr(f, r) ERR_raise_data(ERR_LIB_PROV, (r), NULL)
# define RANDerr(f, r) ERR_raise_data(ERR_LIB_RAND, (r), NULL)
# define RSAerr(f, r) ERR_raise_data(ERR_LIB_RSA, (r), NULL)
+# define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL)
# define SM2err(f, r) ERR_raise_data(ERR_LIB_SM2, (r), NULL)
# define SSLerr(f, r) ERR_raise_data(ERR_LIB_SSL, (r), NULL)
# define SYSerr(f, r) ERR_raise_data(ERR_LIB_SYS, (r), NULL)
diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h
new file mode 100644
index 0000000000..31f112c741
--- /dev/null
+++ b/include/openssl/kdferr.h
@@ -0,0 +1,118 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_KDFERR_H
+# define OPENSSL_KDFERR_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define HEADER_OSSL_KDFERR_H
+# endif
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+
+# ifdef __cplusplus
+extern "C"
+# endif
+DEPRECATEDIN_3_0(int ERR_load_KDF_strings(void))
+
+/*
+ * KDF function codes.
+ */
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define KDF_F_HKDF_EXTRACT 0
+# define KDF_F_KDF_HKDF_DERIVE 0
+# define KDF_F_KDF_HKDF_NEW 0
+# define KDF_F_KDF_HKDF_SIZE 0
+# define KDF_F_KDF_MD2CTRL 0
+# define KDF_F_KDF_PBKDF2_CTRL 0
+# define KDF_F_KDF_PBKDF2_CTRL_STR 0
+# define KDF_F_KDF_PBKDF2_DERIVE 0
+# define KDF_F_KDF_PBKDF2_NEW 0
+# define KDF_F_KDF_SCRYPT_CTRL_STR 0
+# define KDF_F_KDF_SCRYPT_CTRL_UINT32 0
+# define KDF_F_KDF_SCRYPT_CTRL_UINT64 0
+# define KDF_F_KDF_SCRYPT_DERIVE 0
+# define KDF_F_KDF_SCRYPT_NEW 0
+# define KDF_F_KDF_SSHKDF_CTRL 0
+# define KDF_F_KDF_SSHKDF_CTRL_STR 0
+# define KDF_F_KDF_SSHKDF_DERIVE 0
+# define KDF_F_KDF_SSHKDF_NEW 0
+# define KDF_F_KDF_TLS1_PRF_CTRL_STR 0
+# define KDF_F_KDF_TLS1_PRF_DERIVE 0
+# define KDF_F_KDF_TLS1_PRF_NEW 0
+# define KDF_F_PBKDF2_DERIVE 0
+# define KDF_F_PBKDF2_SET_MEMBUF 0
+# define KDF_F_PKEY_HKDF_CTRL_STR 0
+# define KDF_F_PKEY_HKDF_DERIVE 0
+# define KDF_F_PKEY_HKDF_INIT 0
+# define KDF_F_PKEY_SCRYPT_CTRL_STR 0
+# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 0
+# define KDF_F_PKEY_SCRYPT_DERIVE 0
+# define KDF_F_PKEY_SCRYPT_INIT 0
+# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 0
+# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 0
+# define KDF_F_PKEY_TLS1_PRF_DERIVE 0
+# define KDF_F_PKEY_TLS1_PRF_INIT 0
+# define KDF_F_SCRYPT_SET_MEMBUF 0
+# define KDF_F_SSKDF_CTRL_STR 0
+# define KDF_F_SSKDF_DERIVE 0
+# define KDF_F_SSKDF_MAC2CTRL 0
+# define KDF_F_SSKDF_NEW 0
+# define KDF_F_SSKDF_SIZE 0
+# define KDF_F_TLS1_PRF_ALG 0
+# define KDF_F_X942KDF_CTRL 0
+# define KDF_F_X942KDF_DERIVE 0
+# define KDF_F_X942KDF_HASH_KDM 0
+# define KDF_F_X942KDF_NEW 0
+# define KDF_F_X942KDF_SIZE 0
+# define KDF_F_X963KDF_DERIVE 0
+# endif
+
+/*
+ * KDF reason codes.
+ */
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define KDF_R_BAD_ENCODING 122
+# define KDF_R_BAD_LENGTH 123
+# define KDF_R_BOTH_MODE_AND_MODE_INT 127
+# define KDF_R_INAVLID_UKM_LEN 124
+# define KDF_R_INVALID_DIGEST 100
+# define KDF_R_INVALID_ITERATION_COUNT 119
+# define KDF_R_INVALID_KEY_LEN 120
+# define KDF_R_INVALID_MAC_TYPE 116
+# define KDF_R_INVALID_MODE 128
+# define KDF_R_INVALID_MODE_INT 129
+# define KDF_R_INVALID_SALT_LEN 121
+# define KDF_R_MISSING_CEK_ALG 125
+# define KDF_R_MISSING_ITERATION_COUNT 109
+# define KDF_R_MISSING_KEY 104
+# define KDF_R_MISSING_MESSAGE_DIGEST 105
+# define KDF_R_MISSING_PARAMETER 101
+# define KDF_R_MISSING_PASS 110
+# define KDF_R_MISSING_SALT 111
+# define KDF_R_MISSING_SECRET 107
+# define KDF_R_MISSING_SEED 106
+# define KDF_R_MISSING_SESSION_ID 113
+# define KDF_R_MISSING_TYPE 114
+# define KDF_R_MISSING_XCGHASH 115
+# define KDF_R_NOT_SUPPORTED 118
+# define KDF_R_UNKNOWN_PARAMETER_TYPE 103
+# define KDF_R_UNSUPPORTED_CEK_ALG 126
+# define KDF_R_UNSUPPORTED_MAC_TYPE 117
+# define KDF_R_VALUE_ERROR 108
+# define KDF_R_VALUE_MISSING 102
+# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112
+# endif
+
+#endif
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 69e245e122..2be8f118d0 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1807,6 +1807,7 @@ i2d_ASN1_bio_stream 1849 3_0_0 EXIST::FUNCTION:
CRYPTO_THREAD_init_local 1850 3_0_0 EXIST::FUNCTION:
TS_RESP_CTX_set_serial_cb 1851 3_0_0 EXIST::FUNCTION:TS
POLICY_MAPPING_it 1852 3_0_0 EXIST::FUNCTION:
+ERR_load_KDF_strings 1853 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
UI_method_set_reader 1854 3_0_0 EXIST::FUNCTION:
BIO_next 1855 3_0_0 EXIST::FUNCTION:
ASN1_STRING_set_default_mask_asc 1856 3_0_0 EXIST::FUNCTION:
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index 408e6ffc63..32018fc9e6 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -446,6 +446,7 @@ ERR_load_ENGINE_strings
ERR_load_ERR_strings
ERR_load_ESS_strings
ERR_load_EVP_strings
+ERR_load_KDF_strings
ERR_load_OBJ_strings
ERR_load_OCSP_strings
ERR_load_OSSL_STORE_strings
diff --git a/util/mkerr.pl b/util/mkerr.pl
index 1d8cdfdfb4..0b09fb3327 100755
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -210,6 +210,12 @@ if ( ! $reindex && $statefile ) {
print "Skipping $_";
$skippedstate++;
next;
+ } elsif ( $hinc{$lib} eq 'NONE' ) {
+ # When the header is NONE but the err file is specified,
+ # it signifies that the err file should be conserved but
+ # remain untouched, and the same goes for the symbols in
+ # the state file.
+ next;
}
if ( $name =~ /^(?:OSSL_|OPENSSL_)?[A-Z0-9]{2,}_R_/ ) {
die "$lib reason code $code collision at $name\n"
@@ -417,6 +423,7 @@ foreach my $lib ( keys %errorfile ) {
next if ! $fnew{$lib} && ! $rnew{$lib} && ! $rebuild;
next if scalar keys %modules > 0 && !$modules{$lib};
next if $nowrite;
+ next if $hinc{$lib} eq 'NONE';
print STDERR "$lib: $fnew{$lib} new functions\n" if $fnew{$lib};
print STDERR "$lib: $rnew{$lib} new reasons\n" if $rnew{$lib};
$newstate = 1;
diff --git a/util/perl/OpenSSL/ParseC.pm b/util/perl/OpenSSL/ParseC.pm
index 2db43e2a61..392e61faf2 100644
--- a/util/perl/OpenSSL/ParseC.pm
+++ b/util/perl/OpenSSL/ParseC.pm
@@ -561,7 +561,7 @@ my @chandlers = (
# Note that the main parse function has a special hack for 'extern "C" {'
# which can't be done in handlers
# We simply ignore it.
- { regexp => qr/extern "C" (.*;)/,
+ { regexp => qr/^extern "C" (.*(?:;|>>>))/,
massager => sub { return ($1); },
},
# any other extern is just ignored
More information about the openssl-commits
mailing list