[openssl] master update

Dr. Paul Dale pauli at openssl.org
Sat Nov 28 05:29:31 UTC 2020


The branch master has been updated
       via  edb7afb8fb8462c005026874211e8879df9a394d (commit)
       via  af2f14ace581d30b186429cb3f9f5d14c0b5b4ec (commit)
      from  b8fa02e8a4a4a9c274aafdb4fc834ba051301afb (commit)


- Log -----------------------------------------------------------------
commit edb7afb8fb8462c005026874211e8879df9a394d
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Nov 20 22:21:29 2020 +0100

    ERR: drop err_delete_thread_state() TODO marker
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/13466)

commit af2f14ace581d30b186429cb3f9f5d14c0b5b4ec
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Nov 20 22:13:11 2020 +0100

    ERR: Drop or deprecate dangerous or overly confusing functions
    
    ERR_get_error_line() is deprecated, and ERR_get_error_func() and
    ERR_get_error_data() are removed in favor of ERR_get_error_all(),
    since they pop the error record, leaving the caller with only partial
    error record data and no way to get the rest if the wish.
    
    If it's desirable to retrieve data piecemeal, the caller should
    consider using the diverse ERR_peek functions and finish off with
    ERR_get_error().
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/13466)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                 | 19 +++++----
 NEWS.md                    |  4 +-
 crypto/err/err.c           | 23 +++--------
 doc/man3/ERR_get_error.pod | 98 ++++++++++++++++++++++++----------------------
 include/openssl/err.h.in   | 39 ++++++++----------
 util/libcrypto.num         |  4 +-
 6 files changed, 89 insertions(+), 98 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index aad59a862b..e3ab1c5562 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -863,14 +863,17 @@ OpenSSL 3.0
  * Added ERR functionality to give callers access to the stored function
    names that have replaced the older function code based functions.
 
-   New functions are ERR_get_error_func(), ERR_peek_error_func(),
-   ERR_peek_last_error_func(), ERR_get_error_data(), ERR_peek_error_data(),
-   ERR_peek_last_error_data(), ERR_get_error_all(), ERR_peek_error_all()
-   and ERR_peek_last_error_all().
-
-   These functions have become deprecated: ERR_get_error_line_data(),
-   ERR_peek_error_line_data(), ERR_peek_last_error_line_data() and
-   ERR_func_error_string().
+   New functions are ERR_peek_error_func(), ERR_peek_last_error_func(),
+   ERR_peek_error_data(), ERR_peek_last_error_data(), ERR_get_error_all(),
+   ERR_peek_error_all() and ERR_peek_last_error_all().
+
+   These functions have become deprecated: ERR_get_error_line(),
+   ERR_get_error_line_data(), ERR_peek_error_line_data(),
+   ERR_peek_last_error_line_data() and ERR_func_error_string().
+
+   Users are recommended to use ERR_get_error_all(), or to pick information
+   with ERR_peek functions and finish off with getting the error code by using
+   ERR_get_error().
 
    *Richard Levitte*
 
diff --git a/NEWS.md b/NEWS.md
index 054a55324f..6cd797badf 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -47,7 +47,9 @@ OpenSSL 3.0
   * Added OSSL_ENCODER, a generic encoder API.
   * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM.
   * Added error raising macros, ERR_raise() and ERR_raise_data().
-  * Deprecated ERR_put_error().
+  * Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(),
+    ERR_peek_error_line_data(), ERR_peek_last_error_line_data() and
+    ERR_func_error_string().
   * Added OSSL_PROVIDER_available(), to check provider availibility.
   * Added 'openssl mac' that uses the EVP_MAC API.
   * Added 'openssl kdf' that uses the EVP_KDF API.
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 06f0d35054..9528158a08 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -312,21 +312,6 @@ unsigned long ERR_get_error(void)
     return get_error_values(EV_POP, NULL, NULL, NULL, NULL, NULL);
 }
 
-unsigned long ERR_get_error_line(const char **file, int *line)
-{
-    return get_error_values(EV_POP, file, line, NULL, NULL, NULL);
-}
-
-unsigned long ERR_get_error_func(const char **func)
-{
-    return get_error_values(EV_POP, NULL, NULL, func, NULL, NULL);
-}
-
-unsigned long ERR_get_error_data(const char **data, int *flags)
-{
-    return get_error_values(EV_POP, NULL, NULL, NULL, data, flags);
-}
-
 unsigned long ERR_get_error_all(const char **file, int *line,
                                 const char **func,
                                 const char **data, int *flags)
@@ -335,6 +320,11 @@ unsigned long ERR_get_error_all(const char **file, int *line,
 }
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
+unsigned long ERR_get_error_line(const char **file, int *line)
+{
+    return get_error_values(EV_POP, file, line, NULL, NULL, NULL);
+}
+
 unsigned long ERR_get_error_line_data(const char **file, int *line,
                                       const char **data, int *flags)
 {
@@ -603,8 +593,7 @@ const char *ERR_reason_error_string(unsigned long e)
     return ((p == NULL) ? NULL : p->string);
 }
 
-/* TODO(3.0): arg ignored for now */
-static void err_delete_thread_state(void *arg)
+static void err_delete_thread_state(void *unused)
 {
     ERR_STATE *state = CRYPTO_THREAD_get_local(&err_thread_local);
     if (state == NULL)
diff --git a/doc/man3/ERR_get_error.pod b/doc/man3/ERR_get_error.pod
index 97478dbe7c..4e33378cf3 100644
--- a/doc/man3/ERR_get_error.pod
+++ b/doc/man3/ERR_get_error.pod
@@ -4,8 +4,8 @@
 
 ERR_get_error, ERR_peek_error, ERR_peek_last_error,
 ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line,
-ERR_get_error_func, ERR_peek_error_func, ERR_peek_last_error_func,
-ERR_get_error_data, ERR_peek_error_data, ERR_peek_last_error_data,
+ERR_peek_error_func, ERR_peek_last_error_func,
+ERR_peek_error_data, ERR_peek_last_error_data,
 ERR_get_error_all, ERR_peek_error_all, ERR_peek_last_error_all,
 ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data
 - obtain error code and data
@@ -18,20 +18,17 @@ ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data
  unsigned long ERR_peek_error(void);
  unsigned long ERR_peek_last_error(void);
 
- unsigned long ERR_get_error_line(const char **file, int *line);
  unsigned long ERR_peek_error_line(const char **file, int *line);
  unsigned long ERR_peek_last_error_line(const char **file, int *line);
 
- unsigned long ERR_get_error_func(const char **func);
  unsigned long ERR_peek_error_func(const char **func);
  unsigned long ERR_peek_last_error_func(const char **func);
 
- unsigned long ERR_get_error_data(const char **data, int *flags);
  unsigned long ERR_peek_error_data(const char **data, int *flags);
  unsigned long ERR_peek_last_error_data(const char **data, int *flags);
 
  unsigned long ERR_get_error_all(const char **file, int *line,
-                                 const char *func,
+                                 const char **func,
                                  const char **data, int *flags);
  unsigned long ERR_peek_error_all(const char **file, int *line,
                                   const char *func,
@@ -42,6 +39,7 @@ ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data
 
 Deprecated since OpenSSL 3.0:
 
+ unsigned long ERR_get_error_line(const char **file, int *line);
  unsigned long ERR_get_error_line_data(const char **file, int *line,
                                        const char **data, int *flags);
  unsigned long ERR_peek_error_line_data(const char **file, int *line,
@@ -52,7 +50,7 @@ Deprecated since OpenSSL 3.0:
 =head1 DESCRIPTION
 
 ERR_get_error() returns the earliest error code from the thread's error
-queue and removes the entry. This function can be called repeatedly
+queue and removes the entry.  This function can be called repeatedly
 until there are no more error codes to return.
 
 ERR_peek_error() returns the earliest error code from the thread's
@@ -65,42 +63,48 @@ See L<ERR_GET_LIB(3)> for obtaining further specific information
 such as the reason of the error,
 and L<ERR_error_string(3)> for human-readable error messages.
 
-ERR_get_error_line(), ERR_peek_error_line() and
-ERR_peek_last_error_line() are the same as ERR_get_error(),
-ERR_peek_error() and ERR_peek_last_error(), but on success they
-additionally store the filename and line number where
-the error occurred in *B<file> and *B<line>, as far as they are not B<NULL>.
-An unset filename is indicated as B<"">, i.e., an empty string.
-An unset line number is indicated as B<0>.
+ERR_get_error_all() is the same as ERR_get_error(), but on success it
+additionally stores the filename, line number and function where the error
+occurred in *I<file>, *I<line> and *I<func>, and also extra text and flags
+in *I<data>, *I<flags>.  If any of those parameters are NULL, it will not
+be changed.
+An unset filename is indicated as "", i.e. an empty string.
+An unset line number is indicated as 0.
+An unset function name is indicated as "", i.e. an empty string.
 
 A pointer returned this way by these functions and the ones below
-is valid until the respective entry is removed from the error queue.
-
-ERR_get_error_func(), ERR_peek_error_func() and
-ERR_peek_last_error_func() are the same as ERR_get_error(),
-ERR_peek_error() and ERR_peek_last_error(), but on success they
-additionally store the name of the function where the error occurred
-in *B<func>, unless it is B<NULL>.
-An unset function name is indicated as B<"">.
-
-ERR_get_error_data(), ERR_peek_error_data() and
-ERR_peek_last_error_data() are the same as ERR_get_error(),
-ERR_peek_error() and ERR_peek_last_error(), but on success they
-additionally store additional data and flags associated with the error
-code in *B<data> and *B<flags>, as far as they are not B<NULL>.
-Unset data is indicated as B<"">.
-In this case the value given for the flag is irrelevant (and equals B<0>).
-*B<data> contains a string if *B<flags>&B<ERR_TXT_STRING> is true.
-
-ERR_get_error_all(), ERR_peek_error_all() and
-ERR_peek_last_error_all() are combinations of all of the above.
-
-ERR_get_error_line_data(), ERR_peek_error_line_data() and
-ERR_peek_last_error_line_data() are older variants of ERR_get_error_all(),
-ERR_peek_error_all() and ERR_peek_last_error_all(), and should no longer
-be used.
-
-An application B<MUST NOT> free the *B<data> pointer (or any other pointers
+is valid until the respective entry is overwritten in the error queue.
+
+ERR_peek_error_line() and ERR_peek_last_error_line() are the same as
+ERR_peek_error() and ERR_peek_last_error(), but on success they additionally
+store the filename and line number where the error occurred in *I<file> and
+*I<line>, as far as they are not NULL. 
+An unset filename is indicated as "", i.e., an empty string.
+An unset line number is indicated as 0.
+
+ERR_peek_error_func() and ERR_peek_last_error_func() are the same as
+ERR_peek_error() and ERR_peek_last_error(), but on success they additionally
+store the name of the function where the error occurred in *I<func>, unless
+it is NULL. 
+An unset function name is indicated as "".
+
+ERR_peek_error_data() and ERR_peek_last_error_data() are the same as
+ERR_peek_error() and ERR_peek_last_error(), but on success they additionally
+store additional data and flags associated with the error code in *I<data>
+and *I<flags>, as far as they are not NULL.
+Unset data is indicated as "".
+In this case the value given for the flag is irrelevant (and equals 0).
+*I<data> contains a string if *I<flags>&B<ERR_TXT_STRING> is true.
+
+ERR_peek_error_all() and ERR_peek_last_error_all() are combinations of all
+of the above.
+
+ERR_get_error_line(), ERR_get_error_line_data(), ERR_peek_error_line_data()
+and ERR_peek_last_error_line_data() are older variants of ERR_get_error_all(),
+ERR_peek_error_all() and ERR_peek_last_error_all(), and may give confusing
+results.  They should no longer be used and are therefore deprecated.
+
+An application B<MUST NOT> free the *I<data> pointer (or any other pointers
 returned by these functions) with OPENSSL_free() as freeing is handled
 automatically by the error library.
 
@@ -115,18 +119,18 @@ L<ERR_GET_LIB(3)>
 
 =head1 HISTORY
 
-ERR_get_error_func(), ERR_peek_error_func(), ERR_peek_last_error_func(),
-ERR_get_error_data(), ERR_peek_error_data(), ERR_peek_last_error_data(),
-ERR_get_error_all(), ERR_peek_error_all() and ERR_peek_last_error_all()
+ERR_peek_error_func(), ERR_peek_last_error_func(),
+ERR_peek_error_data(), ERR_peek_last_error_data(),
+ERR_peek_error_all() and ERR_peek_last_error_all()
 were added in OpenSSL 3.0.
 
-ERR_get_error_line_data(), ERR_peek_error_line_data() and
-ERR_peek_last_error_line_data() became deprecated in OpenSSL 3.0.
+ERR_get_error_line(), ERR_get_error_line_data(), ERR_peek_error_line_data()
+and ERR_peek_last_error_line_data() became deprecated in OpenSSL 3.0.
 
 
 =head1 COPYRIGHT
 
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/err.h.in b/include/openssl/err.h.in
index c36fe7d1ed..6fd749acd0 100644
--- a/include/openssl/err.h.in
+++ b/include/openssl/err.h.in
@@ -392,23 +392,16 @@ void ERR_vset_error(int lib, int reason, const char *fmt, va_list args);
 void ERR_set_error_data(char *data, int flags);
 
 unsigned long ERR_get_error(void);
-/*
- * TODO(3.0) consider if the following three functions should be deprecated.
- * They all drop the error record from the error queue, so regardless of which
- * one is used, the rest of the information is lost, making them not so useful.
- * The recommendation should be to use the peek functions to extract all the
- * additional data.
- */
-unsigned long ERR_get_error_line(const char **file, int *line);
-unsigned long ERR_get_error_func(const char **func);
-unsigned long ERR_get_error_data(const char **data, int *flags);
 unsigned long ERR_get_error_all(const char **file, int *line,
                                 const char **func,
                                 const char **data, int *flags);
-DEPRECATEDIN_3_0(unsigned long ERR_get_error_line_data(const char **file,
-                                                     int *line,
-                                                     const char **data,
-                                                     int *flags))
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
+unsigned long ERR_get_error_line(const char **file, int *line);
+OSSL_DEPRECATEDIN_3_0
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+                                      const char **data, int *flags);
+#endif
 unsigned long ERR_peek_error(void);
 unsigned long ERR_peek_error_line(const char **file, int *line);
 unsigned long ERR_peek_error_func(const char **func);
@@ -416,10 +409,11 @@ unsigned long ERR_peek_error_data(const char **data, int *flags);
 unsigned long ERR_peek_error_all(const char **file, int *line,
                                  const char **func,
                                  const char **data, int *flags);
-DEPRECATEDIN_3_0(unsigned long ERR_peek_error_line_data(const char **file,
-                                                      int *line,
-                                                      const char **data,
-                                                      int *flags))
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+                                       const char **data, int *flags);
+# endif
 unsigned long ERR_peek_last_error(void);
 unsigned long ERR_peek_last_error_line(const char **file, int *line);
 unsigned long ERR_peek_last_error_func(const char **func);
@@ -427,10 +421,11 @@ unsigned long ERR_peek_last_error_data(const char **data, int *flags);
 unsigned long ERR_peek_last_error_all(const char **file, int *line,
                                       const char **func,
                                       const char **data, int *flags);
-DEPRECATEDIN_3_0(unsigned long ERR_peek_last_error_line_data(const char **file,
-                                                           int *line,
-                                                           const char **data,
-                                                           int *flags))
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
+unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+                                            const char **data, int *flags);
+# endif
 
 void ERR_clear_error(void);
 
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 54a04d6d31..77afc6eeb4 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -3176,7 +3176,7 @@ ERR_load_EVP_strings                    3241	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 X509_ATTRIBUTE_set1_data                3242	3_0_0	EXIST::FUNCTION:
 d2i_X509_fp                             3243	3_0_0	EXIST::FUNCTION:STDIO
 MD2_Init                                3244	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2
-ERR_get_error_line                      3245	3_0_0	EXIST::FUNCTION:
+ERR_get_error_line                      3245	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 X509_CRL_get_ext_by_NID                 3246	3_0_0	EXIST::FUNCTION:
 OPENSSL_INIT_free                       3247	3_0_0	EXIST::FUNCTION:
 PBE2PARAM_free                          3248	3_0_0	EXIST::FUNCTION:
@@ -4693,8 +4693,6 @@ EVP_PKEY_CTX_get_params                 ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_gettable_params            ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_settable_params            ?	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_CTX_tag_length               ?	3_0_0	EXIST::FUNCTION:
-ERR_get_error_func                      ?	3_0_0	EXIST::FUNCTION:
-ERR_get_error_data                      ?	3_0_0	EXIST::FUNCTION:
 ERR_get_error_all                       ?	3_0_0	EXIST::FUNCTION:
 ERR_peek_error_func                     ?	3_0_0	EXIST::FUNCTION:
 ERR_peek_error_data                     ?	3_0_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list