[openssl] master update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Thu Feb 11 08:35:15 UTC 2021


The branch master has been updated
       via  283df0b84bb6c35ad1291cabd6f693328faca267 (commit)
       via  f5f29796f00b94d150087bc72469a4f60a67a23b (commit)
       via  2741128e9deeb7f6fd73f10a1c657c05433a41cb (commit)
      from  dc9ec65a018d92306e4b3139239505c5cfc5b15e (commit)


- Log -----------------------------------------------------------------
commit 283df0b84bb6c35ad1291cabd6f693328faca267
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue Feb 9 13:25:16 2021 +0100

    Rename internal providercommonerr.h to less mouthful proverr.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/14086)

commit f5f29796f00b94d150087bc72469a4f60a67a23b
Author: Tomas Mraz <tomas at openssl.org>
Date:   Fri Feb 5 18:51:37 2021 +0100

    Various cleanup of PROV_R_ reason codes
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/14086)

commit 2741128e9deeb7f6fd73f10a1c657c05433a41cb
Author: Tomas Mraz <tomas at openssl.org>
Date:   Fri Feb 5 17:40:42 2021 +0100

    Move the PROV_R reason codes to a public header
    
    The PROV_R codes can be returned to applications so it is useful
    to have some common set of provider reason codes for the applications
    or third party providers.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/14086)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/err_all.c                               |  2 +-
 crypto/err/openssl.ec                              |  2 +-
 crypto/err/openssl.txt                             | 24 +++----------
 .../openssl/proverr.h                              | 38 +++++---------------
 .../common/include/prov/proverr.h                  |  6 ++--
 providers/common/provider_err.c                    | 41 ++++++----------------
 providers/common/provider_util.c                   |  2 +-
 providers/common/securitycheck.c                   |  2 +-
 providers/common/securitycheck_fips.c              |  2 +-
 providers/fips/fipsprov.c                          |  2 +-
 providers/fips/self_test.c                         |  2 +-
 providers/implementations/asymciphers/rsa_enc.c    |  2 +-
 providers/implementations/asymciphers/sm2_enc.c    |  2 +-
 .../ciphers/cipher_aes_cbc_hmac_sha.c              |  2 +-
 .../implementations/ciphers/cipher_aes_cts.inc     |  2 +-
 providers/implementations/ciphers/cipher_aes_hw.c  |  4 +--
 .../ciphers/cipher_aes_hw_aesni.inc                |  2 +-
 .../implementations/ciphers/cipher_aes_hw_t4.inc   |  2 +-
 providers/implementations/ciphers/cipher_aes_ocb.c |  4 +--
 providers/implementations/ciphers/cipher_aes_siv.c |  2 +-
 providers/implementations/ciphers/cipher_aes_wrp.c |  2 +-
 providers/implementations/ciphers/cipher_aes_xts.c |  2 +-
 providers/implementations/ciphers/cipher_aria_hw.c |  3 +-
 .../implementations/ciphers/cipher_camellia_hw.c   |  5 +--
 .../ciphers/cipher_camellia_hw_t4.inc              |  2 +-
 providers/implementations/ciphers/cipher_cast5.c   |  2 +-
 .../implementations/ciphers/cipher_chacha20.c      |  2 +-
 .../ciphers/cipher_chacha20_poly1305.c             | 10 +++---
 providers/implementations/ciphers/cipher_des.c     |  6 ++--
 providers/implementations/ciphers/cipher_null.c    |  2 +-
 providers/implementations/ciphers/cipher_rc2.c     |  2 +-
 .../implementations/ciphers/cipher_rc4_hmac_md5.c  |  2 +-
 providers/implementations/ciphers/cipher_rc5.c     |  2 +-
 providers/implementations/ciphers/cipher_tdes.c    |  4 +--
 .../implementations/ciphers/cipher_tdes_common.c   |  6 ++--
 .../implementations/ciphers/cipher_tdes_wrap.c     |  2 +-
 providers/implementations/ciphers/ciphercommon.c   |  6 ++--
 .../implementations/ciphers/ciphercommon_block.c   |  2 +-
 .../implementations/ciphers/ciphercommon_ccm.c     | 18 +++++-----
 .../implementations/ciphers/ciphercommon_gcm.c     |  6 ++--
 providers/implementations/digests/digestcommon.c   |  4 +--
 providers/implementations/digests/mdc2_prov.c      |  2 +-
 providers/implementations/digests/sha3_prov.c      |  2 +-
 .../implementations/encode_decode/decode_der2key.c |  4 +--
 .../implementations/encode_decode/decode_pem2der.c |  2 +-
 .../implementations/encode_decode/encode_key2any.c |  4 +--
 .../encode_decode/encode_key2text.c                |  2 +-
 providers/implementations/exchange/ecx_exch.c      |  2 +-
 providers/implementations/kdfs/hkdf.c              |  2 +-
 providers/implementations/kdfs/kbkdf.c             |  2 +-
 providers/implementations/kdfs/krb5kdf.c           |  2 +-
 providers/implementations/kdfs/pbkdf2.c            |  6 ++--
 providers/implementations/kdfs/pkcs12kdf.c         |  2 +-
 providers/implementations/kdfs/scrypt.c            |  2 +-
 providers/implementations/kdfs/sshkdf.c            |  2 +-
 providers/implementations/kdfs/sskdf.c             |  2 +-
 providers/implementations/kdfs/tls1_prf.c          |  2 +-
 providers/implementations/kdfs/x942kdf.c           |  2 +-
 providers/implementations/kem/rsa_kem.c            |  2 +-
 providers/implementations/keymgmt/ec_kmgmt.c       |  2 +-
 .../implementations/keymgmt/mac_legacy_kmgmt.c     |  3 +-
 providers/implementations/macs/blake2_mac_impl.c   |  2 +-
 providers/implementations/macs/gmac_prov.c         |  6 ++--
 providers/implementations/macs/kmac_prov.c         |  4 +--
 providers/implementations/macs/poly1305_prov.c     |  2 +-
 providers/implementations/macs/siphash_prov.c      |  2 +-
 providers/implementations/rands/drbg.c             |  2 +-
 providers/implementations/rands/drbg_ctr.c         |  2 +-
 providers/implementations/rands/drbg_hash.c        |  2 +-
 providers/implementations/rands/drbg_hmac.c        |  2 +-
 providers/implementations/rands/seed_src.c         |  2 +-
 providers/implementations/signature/dsa.c          |  2 +-
 providers/implementations/signature/ecdsa.c        |  2 +-
 providers/implementations/signature/eddsa.c        |  2 +-
 providers/implementations/signature/rsa.c          |  7 ++--
 providers/implementations/signature/sm2sig.c       |  2 +-
 providers/implementations/storemgmt/file_store.c   |  2 +-
 77 files changed, 139 insertions(+), 188 deletions(-)
 rename providers/common/include/prov/providercommonerr.h => include/openssl/proverr.h (84%)
 copy ssl/sslerr.h => providers/common/include/prov/proverr.h (86%)

diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index 1d26c19d90..b1e69b5cc5 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -43,7 +43,7 @@
 #include "crypto/storeerr.h"
 #include "crypto/esserr.h"
 #include "internal/propertyerr.h"
-#include "prov/providercommonerr.h"
+#include "prov/proverr.h"
 
 int err_load_crypto_strings_int(void)
 {
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index f265ca0f5d..3612c195f0 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -40,7 +40,7 @@ L SM2           NONE                            crypto/sm2/sm2_err.c
 L OSSL_STORE    include/openssl/storeerr.h      crypto/store/store_err.c                include/crypto/storeerr.h
 L ESS           include/openssl/esserr.h        crypto/ess/ess_err.c                    include/crypto/esserr.h
 L PROP          NONE                            crypto/property/property_err.c          include/internal/propertyerr.h
-L PROV          NONE                            providers/common/provider_err.c         providers/common/include/prov/providercommonerr.h
+L PROV          include/openssl/proverr.h       providers/common/provider_err.c         providers/common/include/prov/proverr.h
 L OSSL_ENCODER  include/openssl/encodererr.h    crypto/encode_decode/encoder_err.c      include/crypto/encodererr.h
 L OSSL_DECODER  include/openssl/decodererr.h    crypto/encode_decode/decoder_err.c      include/crypto/decodererr.h
 L HTTP          include/openssl/httperr.h       crypto/http/http_err.c                  include/crypto/httperr.h
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index c1a0f1d0bd..0e4f017287 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -936,7 +936,6 @@ PROP_R_PARSE_FAILED:108:parse failed
 PROP_R_STRING_TOO_LONG:109:string too long
 PROP_R_TRAILING_CHARACTERS:110:trailing characters
 PROV_R_ADDITIONAL_INPUT_TOO_LONG:184:additional input too long
-PROV_R_AES_KEY_SETUP_FAILED:101:aes key setup failed
 PROV_R_ALGORITHM_MISMATCH:173:algorithm mismatch
 PROV_R_ALREADY_INSTANTIATED:185:already instantiated
 PROV_R_BAD_DECRYPT:100:bad decrypt
@@ -944,13 +943,9 @@ PROV_R_BAD_ENCODING:141:bad encoding
 PROV_R_BAD_LENGTH:142:bad length
 PROV_R_BAD_TLS_CLIENT_VERSION:161:bad tls client version
 PROV_R_BN_ERROR:160:bn error
-PROV_R_BOTH_MODE_AND_MODE_INT:127:both mode and mode int
 PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed
 PROV_R_DERIVATION_FUNCTION_INIT_FAILED:205:derivation function init failed
-PROV_R_DERIVATION_FUNCTION_MANDATORY_FOR_FIPS:186:\
-	derivation function mandatory for fips
 PROV_R_DIGEST_NOT_ALLOWED:174:digest not allowed
-PROV_R_DRBG_ALREADY_INITIALIZED:187:drbg already initialized
 PROV_R_ERROR_INSTANTIATING_DRBG:188:error instantiating drbg
 PROV_R_ERROR_RETRIEVING_ENTROPY:189:error retrieving entropy
 PROV_R_ERROR_RETRIEVING_NONCE:190:error retrieving nonce
@@ -967,7 +962,6 @@ PROV_R_FIPS_MODULE_IN_ERROR_STATE:225:fips module in error state
 PROV_R_GENERATE_ERROR:191:generate error
 PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE:165:\
 	illegal or unsupported padding mode
-PROV_R_INAVLID_UKM_LENGTH:146:inavlid ukm length
 PROV_R_INDICATOR_INTEGRITY_FAILURE:210:indicator integrity failure
 PROV_R_INSUFFICIENT_DRBG_STRENGTH:181:insufficient drbg strength
 PROV_R_INVALID_AAD:108:invalid aad
@@ -980,29 +974,24 @@ PROV_R_INVALID_DIGEST:122:invalid digest
 PROV_R_INVALID_DIGEST_LENGTH:166:invalid digest length
 PROV_R_INVALID_DIGEST_SIZE:218:invalid digest size
 PROV_R_INVALID_ITERATION_COUNT:123:invalid iteration count
-PROV_R_INVALID_IVLEN:116:invalid ivlen
 PROV_R_INVALID_IV_LENGTH:109:invalid iv length
 PROV_R_INVALID_KEY:158:invalid key
-PROV_R_INVALID_KEYLEN:117:invalid keylen
-PROV_R_INVALID_KEY_LEN:124:invalid key len
 PROV_R_INVALID_KEY_LENGTH:105:invalid key length
 PROV_R_INVALID_MAC:151:invalid mac
 PROV_R_INVALID_MGF1_MD:167:invalid mgf1 md
 PROV_R_INVALID_MODE:125:invalid mode
-PROV_R_INVALID_MODE_INT:126:invalid mode int
 PROV_R_INVALID_PADDING_MODE:168:invalid padding mode
-PROV_R_INVALID_PSS_SALTLEN:169:invalid pss saltlen
 PROV_R_INVALID_PUBINFO:198:invalid pubinfo
-PROV_R_INVALID_RSA_KEY:217:invalid rsa key
 PROV_R_INVALID_SALT_LENGTH:112:invalid salt length
 PROV_R_INVALID_SEED_LENGTH:154:invalid seed length
 PROV_R_INVALID_SIGNATURE_SIZE:179:invalid signature size
 PROV_R_INVALID_STATE:212:invalid state
 PROV_R_INVALID_TAG:110:invalid tag
-PROV_R_INVALID_TAGLEN:118:invalid taglen
+PROV_R_INVALID_TAG_LENGTH:118:invalid tag length
 PROV_R_INVALID_UKM_LENGTH:200:invalid ukm length
 PROV_R_INVALID_X931_DIGEST:170:invalid x931 digest
 PROV_R_IN_ERROR_STATE:192:in error state
+PROV_R_KEY_SETUP_FAILED:101:key setup failed
 PROV_R_KEY_SIZE_TOO_SMALL:171:key size too small
 PROV_R_MISSING_CEK_ALG:144:missing cek alg
 PROV_R_MISSING_CIPHER:155:missing cipher
@@ -1038,7 +1027,6 @@ PROV_R_PARENT_STRENGTH_TOO_WEAK:194:parent strength too weak
 PROV_R_PATH_MUST_BE_ABSOLUTE:219:path must be absolute
 PROV_R_PERSONALISATION_STRING_TOO_LONG:195:personalisation string too long
 PROV_R_PSS_SALTLEN_TOO_SMALL:172:pss saltlen too small
-PROV_R_READ_KEY:159:read key
 PROV_R_REQUEST_TOO_LARGE_FOR_DRBG:196:request too large for drbg
 PROV_R_REQUIRE_CTR_MODE_CIPHER:206:require ctr mode cipher
 PROV_R_RESEED_ERROR:197:reseed error
@@ -1048,18 +1036,16 @@ PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT:229:\
 	seed sources must not have a parent
 PROV_R_SELF_TEST_KAT_FAILURE:215:self test kat failure
 PROV_R_SELF_TEST_POST_FAILURE:216:self test post failure
-PROV_R_TAG_NOTSET:119:tag notset
+PROV_R_TAG_NOT_SET:119:tag not set
 PROV_R_TAG_NOT_NEEDED:120:tag not needed
+PROV_R_TOO_MANY_RECORDS:126:too many records
 PROV_R_UNABLE_TO_FIND_CIPHERS:207:unable to find ciphers
-PROV_R_UNABLE_TO_GET_ENTROPY:202:unable to get entropy
-PROV_R_UNABLE_TO_GET_NONCE:203:unable to get nonce
 PROV_R_UNABLE_TO_GET_PARENT_STRENGTH:199:unable to get parent strength
+PROV_R_UNABLE_TO_GET_PASSPHRASE:159:unable to get passphrase
 PROV_R_UNABLE_TO_INITIALISE_CIPHERS:208:unable to initialise ciphers
-PROV_R_UNABLE_TO_LOAD_SHA1:143:unable to load sha1
 PROV_R_UNABLE_TO_LOAD_SHA256:147:unable to load sha256
 PROV_R_UNABLE_TO_LOCK_PARENT:201:unable to lock parent
 PROV_R_UNABLE_TO_RESEED:204:unable to reseed
-PROV_R_UNKNOWN_PADDING_TYPE:163:unknown padding type
 PROV_R_UNSUPPORTED_CEK_ALG:145:unsupported cek alg
 PROV_R_UNSUPPORTED_KEY_SIZE:153:unsupported key size
 PROV_R_UNSUPPORTED_MAC_TYPE:137:unsupported mac type
diff --git a/providers/common/include/prov/providercommonerr.h b/include/openssl/proverr.h
similarity index 84%
rename from providers/common/include/prov/providercommonerr.h
rename to include/openssl/proverr.h
index e59ee36abb..6e5c0debe7 100644
--- a/providers/common/include/prov/providercommonerr.h
+++ b/include/openssl/proverr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,24 +8,20 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef OSSL_PROVIDERCOMMONERR_H
-# define OSSL_PROVIDERCOMMONERR_H
+#ifndef OPENSSL_PROVERR_H
+# define OPENSSL_PROVERR_H
 # pragma once
 
 # include <openssl/opensslconf.h>
 # include <openssl/symhacks.h>
+# include <openssl/cryptoerr_legacy.h>
 
-# ifdef  __cplusplus
-extern "C" {
-# endif
 
-int err_load_PROV_strings_int(void);
 
 /*
  * PROV reason codes.
  */
 # define PROV_R_ADDITIONAL_INPUT_TOO_LONG                 184
-# define PROV_R_AES_KEY_SETUP_FAILED                      101
 # define PROV_R_ALGORITHM_MISMATCH                        173
 # define PROV_R_ALREADY_INSTANTIATED                      185
 # define PROV_R_BAD_DECRYPT                               100
@@ -33,12 +29,9 @@ int err_load_PROV_strings_int(void);
 # define PROV_R_BAD_LENGTH                                142
 # define PROV_R_BAD_TLS_CLIENT_VERSION                    161
 # define PROV_R_BN_ERROR                                  160
-# define PROV_R_BOTH_MODE_AND_MODE_INT                    127
 # define PROV_R_CIPHER_OPERATION_FAILED                   102
 # define PROV_R_DERIVATION_FUNCTION_INIT_FAILED           205
-# define PROV_R_DERIVATION_FUNCTION_MANDATORY_FOR_FIPS    186
 # define PROV_R_DIGEST_NOT_ALLOWED                        174
-# define PROV_R_DRBG_ALREADY_INITIALIZED                  187
 # define PROV_R_ERROR_INSTANTIATING_DRBG                  188
 # define PROV_R_ERROR_RETRIEVING_ENTROPY                  189
 # define PROV_R_ERROR_RETRIEVING_NONCE                    190
@@ -54,7 +47,6 @@ int err_load_PROV_strings_int(void);
 # define PROV_R_FIPS_MODULE_IN_ERROR_STATE                225
 # define PROV_R_GENERATE_ERROR                            191
 # define PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE       165
-# define PROV_R_INAVLID_UKM_LENGTH                        146
 # define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
@@ -67,29 +59,24 @@ int err_load_PROV_strings_int(void);
 # define PROV_R_INVALID_DIGEST_LENGTH                     166
 # define PROV_R_INVALID_DIGEST_SIZE                       218
 # define PROV_R_INVALID_ITERATION_COUNT                   123
-# define PROV_R_INVALID_IVLEN                             116
 # define PROV_R_INVALID_IV_LENGTH                         109
 # define PROV_R_INVALID_KEY                               158
-# define PROV_R_INVALID_KEYLEN                            117
-# define PROV_R_INVALID_KEY_LEN                           124
 # define PROV_R_INVALID_KEY_LENGTH                        105
 # define PROV_R_INVALID_MAC                               151
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
-# define PROV_R_INVALID_MODE_INT                          126
 # define PROV_R_INVALID_PADDING_MODE                      168
-# define PROV_R_INVALID_PSS_SALTLEN                       169
 # define PROV_R_INVALID_PUBINFO                           198
-# define PROV_R_INVALID_RSA_KEY                           217
 # define PROV_R_INVALID_SALT_LENGTH                       112
 # define PROV_R_INVALID_SEED_LENGTH                       154
 # define PROV_R_INVALID_SIGNATURE_SIZE                    179
 # define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
-# define PROV_R_INVALID_TAGLEN                            118
+# define PROV_R_INVALID_TAG_LENGTH                        118
 # define PROV_R_INVALID_UKM_LENGTH                        200
 # define PROV_R_INVALID_X931_DIGEST                       170
 # define PROV_R_IN_ERROR_STATE                            192
+# define PROV_R_KEY_SETUP_FAILED                          101
 # define PROV_R_KEY_SIZE_TOO_SMALL                        171
 # define PROV_R_MISSING_CEK_ALG                           144
 # define PROV_R_MISSING_CIPHER                            155
@@ -123,7 +110,6 @@ int err_load_PROV_strings_int(void);
 # define PROV_R_PATH_MUST_BE_ABSOLUTE                     219
 # define PROV_R_PERSONALISATION_STRING_TOO_LONG           195
 # define PROV_R_PSS_SALTLEN_TOO_SMALL                     172
-# define PROV_R_READ_KEY                                  159
 # define PROV_R_REQUEST_TOO_LARGE_FOR_DRBG                196
 # define PROV_R_REQUIRE_CTR_MODE_CIPHER                   206
 # define PROV_R_RESEED_ERROR                              197
@@ -131,18 +117,16 @@ int err_load_PROV_strings_int(void);
 # define PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT       229
 # define PROV_R_SELF_TEST_KAT_FAILURE                     215
 # define PROV_R_SELF_TEST_POST_FAILURE                    216
-# define PROV_R_TAG_NOTSET                                119
+# define PROV_R_TAG_NOT_SET                               119
 # define PROV_R_TAG_NOT_NEEDED                            120
+# define PROV_R_TOO_MANY_RECORDS                          126
 # define PROV_R_UNABLE_TO_FIND_CIPHERS                    207
-# define PROV_R_UNABLE_TO_GET_ENTROPY                     202
-# define PROV_R_UNABLE_TO_GET_NONCE                       203
 # define PROV_R_UNABLE_TO_GET_PARENT_STRENGTH             199
+# define PROV_R_UNABLE_TO_GET_PASSPHRASE                  159
 # define PROV_R_UNABLE_TO_INITIALISE_CIPHERS              208
-# define PROV_R_UNABLE_TO_LOAD_SHA1                       143
 # define PROV_R_UNABLE_TO_LOAD_SHA256                     147
 # define PROV_R_UNABLE_TO_LOCK_PARENT                     201
 # define PROV_R_UNABLE_TO_RESEED                          204
-# define PROV_R_UNKNOWN_PADDING_TYPE                      163
 # define PROV_R_UNSUPPORTED_CEK_ALG                       145
 # define PROV_R_UNSUPPORTED_KEY_SIZE                      153
 # define PROV_R_UNSUPPORTED_MAC_TYPE                      137
@@ -155,8 +139,4 @@ int err_load_PROV_strings_int(void);
 # define PROV_R_XTS_DATA_UNIT_IS_TOO_LARGE                148
 # define PROV_R_XTS_DUPLICATED_KEYS                       149
 
-
-# ifdef  __cplusplus
-}
-# endif
 #endif
diff --git a/ssl/sslerr.h b/providers/common/include/prov/proverr.h
similarity index 86%
copy from ssl/sslerr.h
copy to providers/common/include/prov/proverr.h
index 3ad54e4dcc..d9744d06b8 100644
--- a/ssl/sslerr.h
+++ b/providers/common/include/prov/proverr.h
@@ -8,8 +8,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef OSSL_SSLERR_H
-# define OSSL_SSLERR_H
+#ifndef OSSL_PROVERR_H
+# define OSSL_PROVERR_H
 # pragma once
 
 # include <openssl/opensslconf.h>
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_SSL_strings_int(void);
+int err_load_PROV_strings_int(void);
 
 # ifdef  __cplusplus
 }
diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c
index 3a28eaaa2d..a64c5d2ece 100644
--- a/providers/common/provider_err.c
+++ b/providers/common/provider_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,15 +9,14 @@
  */
 
 #include <openssl/err.h>
-#include "include/prov/providercommonerr.h"
+#include <openssl/proverr.h>
+#include "include/prov/proverr.h"
 
 #ifndef OPENSSL_NO_ERR
 
 static const ERR_STRING_DATA PROV_str_reasons[] = {
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ADDITIONAL_INPUT_TOO_LONG),
     "additional input too long"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_AES_KEY_SETUP_FAILED),
-    "aes key setup failed"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ALGORITHM_MISMATCH),
     "algorithm mismatch"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ALREADY_INSTANTIATED),
@@ -28,18 +27,12 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_TLS_CLIENT_VERSION),
     "bad tls client version"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BN_ERROR), "bn error"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BOTH_MODE_AND_MODE_INT),
-    "both mode and mode int"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_CIPHER_OPERATION_FAILED),
     "cipher operation failed"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_DERIVATION_FUNCTION_INIT_FAILED),
     "derivation function init failed"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_DERIVATION_FUNCTION_MANDATORY_FOR_FIPS),
-    "derivation function mandatory for fips"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_DIGEST_NOT_ALLOWED),
     "digest not allowed"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_DRBG_ALREADY_INITIALIZED),
-    "drbg already initialized"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ERROR_INSTANTIATING_DRBG),
     "error instantiating drbg"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ERROR_RETRIEVING_ENTROPY),
@@ -67,8 +60,6 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_GENERATE_ERROR), "generate error"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),
     "illegal or unsupported padding mode"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INAVLID_UKM_LENGTH),
-    "inavlid ukm length"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INDICATOR_INTEGRITY_FAILURE),
     "indicator integrity failure"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INSUFFICIENT_DRBG_STRENGTH),
@@ -89,23 +80,16 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     "invalid digest size"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_ITERATION_COUNT),
     "invalid iteration count"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_IVLEN), "invalid ivlen"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_IV_LENGTH), "invalid iv length"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEY), "invalid key"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEYLEN), "invalid keylen"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEY_LEN), "invalid key len"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEY_LENGTH),
     "invalid key length"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MAC), "invalid mac"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MGF1_MD), "invalid mgf1 md"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MODE), "invalid mode"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MODE_INT), "invalid mode int"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PADDING_MODE),
     "invalid padding mode"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PSS_SALTLEN),
-    "invalid pss saltlen"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PUBINFO), "invalid pubinfo"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_RSA_KEY), "invalid rsa key"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SALT_LENGTH),
     "invalid salt length"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SEED_LENGTH),
@@ -114,12 +98,15 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     "invalid signature size"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_STATE), "invalid state"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG), "invalid tag"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAGLEN), "invalid taglen"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG_LENGTH),
+    "invalid tag_length"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_UKM_LENGTH),
     "invalid ukm length"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_X931_DIGEST),
     "invalid x931 digest"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_IN_ERROR_STATE), "in error state"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_KEY_SETUP_FAILED),
+    "key setup failed"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_KEY_SIZE_TOO_SMALL),
     "key size too small"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CEK_ALG), "missing cek alg"},
@@ -167,7 +154,6 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     "personalisation string too long"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PSS_SALTLEN_TOO_SMALL),
     "pss saltlen too small"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_READ_KEY), "read key"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_REQUEST_TOO_LARGE_FOR_DRBG),
     "request too large for drbg"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_REQUIRE_CTR_MODE_CIPHER),
@@ -181,27 +167,22 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     "self test kat failure"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SELF_TEST_POST_FAILURE),
     "self test post failure"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TAG_NOTSET), "tag notset"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TAG_NOT_SET), "tag not set"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TAG_NOT_NEEDED), "tag not needed"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TOO_MANY_RECORDS), "too many records"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_FIND_CIPHERS),
     "unable to find ciphers"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_ENTROPY),
-    "unable to get entropy"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_NONCE),
-    "unable to get nonce"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_PARENT_STRENGTH),
     "unable to get parent strength"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_PASSPHRASE),
+    "unable to get passphrase"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_INITIALISE_CIPHERS),
     "unable to initialise ciphers"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_LOAD_SHA1),
-    "unable to load sha1"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_LOAD_SHA256),
     "unable to load sha256"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_LOCK_PARENT),
     "unable to lock parent"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_RESEED), "unable to reseed"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNKNOWN_PADDING_TYPE),
-    "unknown padding type"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_CEK_ALG),
     "unsupported cek alg"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_KEY_SIZE),
diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c
index 2499d1534e..516ec46dd7 100644
--- a/providers/common/provider_util.c
+++ b/providers/common/provider_util.c
@@ -13,8 +13,8 @@
 #include <openssl/evp.h>
 #include <openssl/core_names.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 #include "prov/provider_util.h"
-#include "prov/providercommonerr.h"
 #include "internal/nelem.h"
 
 void ossl_prov_cipher_reset(PROV_CIPHER *pc)
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
index 9d02536c38..9457f4b53a 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -14,10 +14,10 @@
 #include <openssl/dh.h>
 #include <openssl/ec.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 #include <openssl/core_names.h>
 #include <openssl/obj_mac.h>
 #include "prov/securitycheck.h"
-#include "prov/providercommonerr.h"
 
 /*
  * FIPS requires a minimum security strength of 112 bits (for encryption or
diff --git a/providers/common/securitycheck_fips.c b/providers/common/securitycheck_fips.c
index 94457d6ccf..5bf59c9a35 100644
--- a/providers/common/securitycheck_fips.c
+++ b/providers/common/securitycheck_fips.c
@@ -14,10 +14,10 @@
 #include <openssl/dh.h>
 #include <openssl/ec.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 #include <openssl/core_names.h>
 #include <openssl/obj_mac.h>
 #include "prov/securitycheck.h"
-#include "prov/providercommonerr.h"
 
 extern int FIPS_security_check_enabled(void);
 
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index dc1bd7b472..90491b0e5f 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -12,11 +12,11 @@
 #include <openssl/params.h>
 #include <openssl/fips_names.h>
 #include <openssl/rand.h> /* RAND_get0_public() */
+#include <openssl/proverr.h>
 #include "internal/cryptlib.h"
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/provider_util.h"
 #include "prov/seeding.h"
 #include "self_test.h"
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index a3dd621262..17053d6f9f 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -13,8 +13,8 @@
 #include <openssl/crypto.h>
 #include <openssl/fipskey.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 #include "e_os.h"
-#include "prov/providercommonerr.h"
 #include "prov/providercommon.h"
 
 /*
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index 3b6dbe09fa..461dee8c6d 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -20,12 +20,12 @@
 #include <openssl/rsa.h>
 #include <openssl/params.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 /* Just for SSL_MAX_MASTER_KEY_LENGTH */
 #include <openssl/ssl.h>
 #include "internal/constant_time.h"
 #include "internal/sizes.h"
 #include "crypto/rsa.h"
-#include "prov/providercommonerr.h"
 #include "prov/provider_ctx.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
diff --git a/providers/implementations/asymciphers/sm2_enc.c b/providers/implementations/asymciphers/sm2_enc.c
index 3dd4d83838..923ee5694a 100644
--- a/providers/implementations/asymciphers/sm2_enc.c
+++ b/providers/implementations/asymciphers/sm2_enc.c
@@ -15,8 +15,8 @@
 #include <openssl/core_names.h>
 #include <openssl/params.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 #include <crypto/sm2.h>
-#include "prov/providercommonerr.h"
 #include "prov/provider_ctx.h"
 #include "prov/implementations.h"
 #include "prov/provider_util.h"
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
index 03f216d22e..abefc20ab2 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
@@ -18,6 +18,7 @@
 
 /* Only for SSL3_VERSION and TLS1_VERSION */
 #include <openssl/ssl.h>
+#include <openssl/proverr.h>
 #include "cipher_aes_cbc_hmac_sha.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
@@ -28,7 +29,6 @@ const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = {                    \
     { 0, NULL }                                                                \
 };
 #else
-# include "prov/providercommonerr.h"
 
 # define AES_CBC_HMAC_SHA_FLAGS (PROV_CIPHER_FLAG_AEAD                         \
                                  | PROV_CIPHER_FLAG_TLS1_MULTIBLOCK)
diff --git a/providers/implementations/ciphers/cipher_aes_cts.inc b/providers/implementations/ciphers/cipher_aes_cts.inc
index dae112febf..f398534dda 100644
--- a/providers/implementations/ciphers/cipher_aes_cts.inc
+++ b/providers/implementations/ciphers/cipher_aes_cts.inc
@@ -9,8 +9,8 @@
 
 /* Dispatch functions for AES CBC CTS ciphers */
 
+#include <openssl/proverr.h>
 #include "cipher_aes_cts.h"
-#include "prov/providercommonerr.h"
 
 #define AES_CTS_FLAGS PROV_CIPHER_FLAG_CTS
 
diff --git a/providers/implementations/ciphers/cipher_aes_hw.c b/providers/implementations/ciphers/cipher_aes_hw.c
index 0b6f06f915..588e030417 100644
--- a/providers/implementations/ciphers/cipher_aes_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_hw.c
@@ -13,8 +13,8 @@
  */
 #include "internal/deprecated.h"
 
+#include <openssl/proverr.h>
 #include "cipher_aes.h"
-#include "prov/providercommonerr.h"
 
 static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat,
                                  const unsigned char *key, size_t keylen)
@@ -114,7 +114,7 @@ static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat,
     }
 
     if (ret < 0) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED);
+        ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
         return 0;
     }
 
diff --git a/providers/implementations/ciphers/cipher_aes_hw_aesni.inc b/providers/implementations/ciphers/cipher_aes_hw_aesni.inc
index 13b52d5987..a2358b43f9 100644
--- a/providers/implementations/ciphers/cipher_aes_hw_aesni.inc
+++ b/providers/implementations/ciphers/cipher_aes_hw_aesni.inc
@@ -45,7 +45,7 @@ static int cipher_hw_aesni_initkey(PROV_CIPHER_CTX *dat,
     }
 
     if (ret < 0) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED);
+        ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
         return 0;
     }
 
diff --git a/providers/implementations/ciphers/cipher_aes_hw_t4.inc b/providers/implementations/ciphers/cipher_aes_hw_t4.inc
index 2ccc383e9d..826ff0239d 100644
--- a/providers/implementations/ciphers/cipher_aes_hw_t4.inc
+++ b/providers/implementations/ciphers/cipher_aes_hw_t4.inc
@@ -78,7 +78,7 @@ static int cipher_hw_aes_t4_initkey(PROV_CIPHER_CTX *dat,
     }
 
     if (ret < 0) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED);
+        ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
         return 0;
     }
 
diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c b/providers/implementations/ciphers/cipher_aes_ocb.c
index 26ffdab7a4..faa6cb470c 100644
--- a/providers/implementations/ciphers/cipher_aes_ocb.c
+++ b/providers/implementations/ciphers/cipher_aes_ocb.c
@@ -14,9 +14,9 @@
  */
 #include "internal/deprecated.h"
 
+#include <openssl/proverr.h>
 #include "cipher_aes_ocb.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/ciphercommon_aead.h"
 #include "prov/implementations.h"
 
@@ -451,7 +451,7 @@ static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[])
             return 0;
         }
         if (!ctx->base.enc || p->data_size != ctx->taglen) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAGLEN);
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
             return 0;
         }
         memcpy(p->data, ctx->tag, ctx->taglen);
diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c
index 469515bb8c..9a9adb02d9 100644
--- a/providers/implementations/ciphers/cipher_aes_siv.c
+++ b/providers/implementations/ciphers/cipher_aes_siv.c
@@ -15,10 +15,10 @@
  */
 #include "internal/deprecated.h"
 
+#include <openssl/proverr.h>
 #include "cipher_aes_siv.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/ciphercommon_aead.h"
 #include "prov/provider_ctx.h"
 
diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c
index dc625216ca..967e12206b 100644
--- a/providers/implementations/ciphers/cipher_aes_wrp.c
+++ b/providers/implementations/ciphers/cipher_aes_wrp.c
@@ -13,9 +13,9 @@
  */
 #include "internal/deprecated.h"
 
+#include <openssl/proverr.h>
 #include "cipher_aes.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 
 /* AES wrap with padding has IV length of 4, without padding 8 */
diff --git a/providers/implementations/ciphers/cipher_aes_xts.c b/providers/implementations/ciphers/cipher_aes_xts.c
index cf768d27d4..c5699d645b 100644
--- a/providers/implementations/ciphers/cipher_aes_xts.c
+++ b/providers/implementations/ciphers/cipher_aes_xts.c
@@ -15,10 +15,10 @@
  */
 #include "internal/deprecated.h"
 
+#include <openssl/proverr.h>
 #include "cipher_aes_xts.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 
 #define AES_XTS_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV
 #define AES_XTS_IV_BITS 128
diff --git a/providers/implementations/ciphers/cipher_aria_hw.c b/providers/implementations/ciphers/cipher_aria_hw.c
index f457aaf750..67a282f59c 100644
--- a/providers/implementations/ciphers/cipher_aria_hw.c
+++ b/providers/implementations/ciphers/cipher_aria_hw.c
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/proverr.h>
 #include "cipher_aria.h"
 
 static int cipher_hw_aria_initkey(PROV_CIPHER_CTX *dat,
@@ -21,7 +22,7 @@ static int cipher_hw_aria_initkey(PROV_CIPHER_CTX *dat,
     else
         ret = aria_set_decrypt_key(key, keylen * 8, ks);
     if (ret < 0) {
-        ERR_raise(ERR_LIB_PROV, EVP_R_ARIA_KEY_SETUP_FAILED);
+        ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
         return 0;
     }
     dat->ks = ks;
diff --git a/providers/implementations/ciphers/cipher_camellia_hw.c b/providers/implementations/ciphers/cipher_camellia_hw.c
index e8ada99a7e..66a2b143c3 100644
--- a/providers/implementations/ciphers/cipher_camellia_hw.c
+++ b/providers/implementations/ciphers/cipher_camellia_hw.c
@@ -13,8 +13,9 @@
  */
 #include "internal/deprecated.h"
 
-#include "cipher_camellia.h"
 #include <openssl/camellia.h>
+#include <openssl/proverr.h>
+#include "cipher_camellia.h"
 
 static int cipher_hw_camellia_initkey(PROV_CIPHER_CTX *dat,
                                       const unsigned char *key, size_t keylen)
@@ -26,7 +27,7 @@ static int cipher_hw_camellia_initkey(PROV_CIPHER_CTX *dat,
     dat->ks = ks;
     ret = Camellia_set_key(key, keylen * 8, ks);
     if (ret < 0) {
-        ERR_raise(ERR_LIB_PROV, EVP_R_ARIA_KEY_SETUP_FAILED);
+        ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
         return 0;
     }
     if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) {
diff --git a/providers/implementations/ciphers/cipher_camellia_hw_t4.inc b/providers/implementations/ciphers/cipher_camellia_hw_t4.inc
index c04613700a..032402a556 100644
--- a/providers/implementations/ciphers/cipher_camellia_hw_t4.inc
+++ b/providers/implementations/ciphers/cipher_camellia_hw_t4.inc
@@ -67,7 +67,7 @@ static int cipher_hw_camellia_t4_initkey(PROV_CIPHER_CTX *dat,
         }
     }
     if (ret < 0) {
-        ERR_raise(ERR_LIB_PROV, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
+        ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
         return 0;
     }
     return 1;
diff --git a/providers/implementations/ciphers/cipher_cast5.c b/providers/implementations/ciphers/cipher_cast5.c
index 1d525343b4..f5f7cba631 100644
--- a/providers/implementations/ciphers/cipher_cast5.c
+++ b/providers/implementations/ciphers/cipher_cast5.c
@@ -15,10 +15,10 @@
 
 /* Dispatch functions for cast cipher modes ecb, cbc, ofb, cfb */
 
+#include <openssl/proverr.h>
 #include "cipher_cast.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 
 #define CAST5_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH
 
diff --git a/providers/implementations/ciphers/cipher_chacha20.c b/providers/implementations/ciphers/cipher_chacha20.c
index b2fe1b1957..c4042c1b39 100644
--- a/providers/implementations/ciphers/cipher_chacha20.c
+++ b/providers/implementations/ciphers/cipher_chacha20.c
@@ -9,10 +9,10 @@
 
 /* Dispatch functions for chacha20 cipher */
 
+#include <openssl/proverr.h>
 #include "cipher_chacha20.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 
 #define CHACHA20_KEYLEN (CHACHA_KEY_SIZE)
 #define CHACHA20_BLKLEN (1)
diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305.c b/providers/implementations/ciphers/cipher_chacha20_poly1305.c
index 919d4fba94..b328cdb993 100644
--- a/providers/implementations/ciphers/cipher_chacha20_poly1305.c
+++ b/providers/implementations/ciphers/cipher_chacha20_poly1305.c
@@ -9,10 +9,10 @@
 
 /* Dispatch functions for chacha20_poly1305 cipher */
 
+#include <openssl/proverr.h>
 #include "cipher_chacha20_poly1305.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 
 
 #define CHACHA20_POLY1305_KEYLEN CHACHA_KEY_SIZE
@@ -113,11 +113,11 @@ static int chacha20_poly1305_get_ctx_params(void *vctx, OSSL_PARAM params[])
             return 0;
         }
         if (!ctx->base.enc) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOTSET);
+            ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
             return 0;
         }
         if (p->data_size == 0 || p->data_size > POLY1305_BLOCK_SIZE) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAGLEN);
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
             return 0;
         }
         memcpy(p->data, ctx->tag, p->data_size);
@@ -180,7 +180,7 @@ static int chacha20_poly1305_set_ctx_params(void *vctx,
             return 0;
         }
         if (p->data_size == 0 || p->data_size > POLY1305_BLOCK_SIZE) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAGLEN);
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
             return 0;
         }
         if (p->data != NULL) {
@@ -214,7 +214,7 @@ static int chacha20_poly1305_set_ctx_params(void *vctx,
             return 0;
         }
         if (hw->tls_iv_set_fixed(&ctx->base, p->data, p->data_size) == 0) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
             return 0;
         }
     }
diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c
index ec186445c8..11688080ce 100644
--- a/providers/implementations/ciphers/cipher_des.c
+++ b/providers/implementations/ciphers/cipher_des.c
@@ -13,12 +13,12 @@
  */
 #include "internal/deprecated.h"
 
+#include <openssl/rand.h>
+#include <openssl/proverr.h>
 #include "prov/ciphercommon.h"
 #include "cipher_des.h"
-#include <openssl/rand.h>
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 
 #define DES_FLAGS 0
 
@@ -89,7 +89,7 @@ static int des_init(void *vctx, const unsigned char *key, size_t keylen,
 
     if (key != NULL) {
         if (keylen != ctx->keylen) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
             return 0;
         }
         return ctx->hw->init(ctx, key, keylen);
diff --git a/providers/implementations/ciphers/cipher_null.c b/providers/implementations/ciphers/cipher_null.c
index c3ebb25c28..01db056983 100644
--- a/providers/implementations/ciphers/cipher_null.c
+++ b/providers/implementations/ciphers/cipher_null.c
@@ -10,10 +10,10 @@
 #include <string.h>
 #include <openssl/crypto.h>
 #include <openssl/core_dispatch.h>
+#include <openssl/proverr.h>
 #include "prov/implementations.h"
 #include "prov/ciphercommon.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 
 typedef struct prov_cipher_null_ctx_st {
     int enc;
diff --git a/providers/implementations/ciphers/cipher_rc2.c b/providers/implementations/ciphers/cipher_rc2.c
index 09d66b2cdd..6e25d1534a 100644
--- a/providers/implementations/ciphers/cipher_rc2.c
+++ b/providers/implementations/ciphers/cipher_rc2.c
@@ -15,10 +15,10 @@
  */
 #include "internal/deprecated.h"
 
+#include <openssl/proverr.h>
 #include "cipher_rc2.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 
 #define RC2_40_MAGIC    0xa0
 #define RC2_64_MAGIC    0x78
diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
index b757197110..c69b9aecb8 100644
--- a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
+++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
@@ -15,10 +15,10 @@
  */
 #include "internal/deprecated.h"
 
+#include <openssl/proverr.h>
 #include "cipher_rc4_hmac_md5.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 
 #define RC4_HMAC_MD5_FLAGS (PROV_CIPHER_FLAG_VARIABLE_LENGTH                   \
                             | PROV_CIPHER_FLAG_AEAD)
diff --git a/providers/implementations/ciphers/cipher_rc5.c b/providers/implementations/ciphers/cipher_rc5.c
index ec408ed885..db0dbaaf05 100644
--- a/providers/implementations/ciphers/cipher_rc5.c
+++ b/providers/implementations/ciphers/cipher_rc5.c
@@ -15,10 +15,10 @@
  */
 #include "internal/deprecated.h"
 
+#include <openssl/proverr.h>
 #include "cipher_rc5.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 
 #define RC5_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH
 
diff --git a/providers/implementations/ciphers/cipher_tdes.c b/providers/implementations/ciphers/cipher_tdes.c
index a2855af481..6ab083db41 100644
--- a/providers/implementations/ciphers/cipher_tdes.c
+++ b/providers/implementations/ciphers/cipher_tdes.c
@@ -13,11 +13,11 @@
  */
 #include "internal/deprecated.h"
 
+#include <openssl/rand.h>
+#include <openssl/proverr.h>
 #include "prov/ciphercommon.h"
 #include "cipher_tdes.h"
-#include <openssl/rand.h>
 #include "prov/implementations.h"
-#include "prov/providercommonerr.h"
 
 /*
  * NOTE: ECB mode does not use an IV - but existing test code is setting
diff --git a/providers/implementations/ciphers/cipher_tdes_common.c b/providers/implementations/ciphers/cipher_tdes_common.c
index 17b8ce40b0..59c8a976cc 100644
--- a/providers/implementations/ciphers/cipher_tdes_common.c
+++ b/providers/implementations/ciphers/cipher_tdes_common.c
@@ -13,12 +13,12 @@
  */
 #include "internal/deprecated.h"
 
+#include <openssl/rand.h>
+#include <openssl/proverr.h>
 #include "prov/ciphercommon.h"
 #include "cipher_tdes.h"
-#include <openssl/rand.h>
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 
 void *tdes_newctx(void *provctx, int mode, size_t kbits, size_t blkbits,
                   size_t ivbits, uint64_t flags, const PROV_CIPHER_HW *hw)
@@ -80,7 +80,7 @@ static int tdes_init(void *vctx, const unsigned char *key, size_t keylen,
 
     if (key != NULL) {
         if (keylen != ctx->keylen) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
             return 0;
         }
         return ctx->hw->init(ctx, key, ctx->keylen);
diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c
index b78a77c254..d42bf78d8e 100644
--- a/providers/implementations/ciphers/cipher_tdes_wrap.c
+++ b/providers/implementations/ciphers/cipher_tdes_wrap.c
@@ -15,11 +15,11 @@
 
 #include <openssl/sha.h>
 #include <openssl/rand.h>
+#include <openssl/proverr.h>
 #include "cipher_tdes_default.h"
 #include "crypto/evp.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 
 #define TDES_WRAP_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV
 
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index fa73edb473..9f6c82bddd 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -13,10 +13,10 @@
 
 /* For SSL3_VERSION */
 #include <openssl/ssl.h>
+#include <openssl/proverr.h>
 #include "ciphercommon_local.h"
 #include "prov/provider_ctx.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 
 /*-
  * Generic cipher functions for OSSL_PARAM gettables and settables
@@ -191,7 +191,7 @@ static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
     if (key != NULL) {
         if (ctx->variable_keylength == 0) {
             if (keylen != ctx->keylen) {
-                ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
+                ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
                 return 0;
             }
         } else {
@@ -613,7 +613,7 @@ int ossl_cipher_generic_initiv(PROV_CIPHER_CTX *ctx, const unsigned char *iv,
 {
     if (ivlen != ctx->ivlen
         || ivlen > sizeof(ctx->iv)) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
         return 0;
     }
     ctx->iv_set = 1;
diff --git a/providers/implementations/ciphers/ciphercommon_block.c b/providers/implementations/ciphers/ciphercommon_block.c
index 68d5495b77..de375a6327 100644
--- a/providers/implementations/ciphers/ciphercommon_block.c
+++ b/providers/implementations/ciphers/ciphercommon_block.c
@@ -11,9 +11,9 @@
 /* For SSL3_VERSION, TLS1_VERSION etc */
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
+#include <openssl/proverr.h>
 #include "internal/constant_time.h"
 #include "ciphercommon_local.h"
-#include "prov/providercommonerr.h"
 
 /* Functions defined in ssl/tls_pad.c */
 int ssl3_cbc_remove_padding_and_mac(size_t *reclen,
diff --git a/providers/implementations/ciphers/ciphercommon_ccm.c b/providers/implementations/ciphers/ciphercommon_ccm.c
index 0009e9876c..a780e7aed3 100644
--- a/providers/implementations/ciphers/ciphercommon_ccm.c
+++ b/providers/implementations/ciphers/ciphercommon_ccm.c
@@ -9,10 +9,10 @@
 
 /* Dispatch functions for ccm mode */
 
+#include <openssl/proverr.h>
 #include "prov/ciphercommon.h"
 #include "prov/ciphercommon_ccm.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 
 static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
                                size_t *padlen, const unsigned char *in,
@@ -78,7 +78,7 @@ int ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
             return 0;
         }
         if ((p->data_size & 1) || (p->data_size < 4) || p->data_size > 16) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAGLEN);
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
             return 0;
         }
 
@@ -103,7 +103,7 @@ int ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
         }
         ivlen = 15 - sz;
         if (ivlen < 2 || ivlen > 8) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
             return 0;
         }
         ctx->l = ivlen;
@@ -130,7 +130,7 @@ int ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
             return 0;
         }
         if (ccm_tls_iv_set_fixed(ctx, p->data, p->data_size) == 0) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
             return 0;
         }
     }
@@ -162,7 +162,7 @@ int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
     if (p != NULL) {
         if (ccm_get_ivlen(ctx) > p->data_size) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
             return 0;
         }
         if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)
@@ -175,7 +175,7 @@ int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
     if (p != NULL) {
         if (ccm_get_ivlen(ctx) > p->data_size) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
             return 0;
         }
         if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)
@@ -200,7 +200,7 @@ int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
     if (p != NULL) {
         if (!ctx->enc || !ctx->tag_set) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOTSET);
+            ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
             return 0;
         }
         if (p->data_type != OSSL_PARAM_OCTET_STRING) {
@@ -228,7 +228,7 @@ static int ccm_init(void *vctx, const unsigned char *key, size_t keylen,
 
     if (iv != NULL) {
         if (ivlen != ccm_get_ivlen(ctx)) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
             return 0;
         }
         memcpy(ctx->iv, iv, ivlen);
@@ -236,7 +236,7 @@ static int ccm_init(void *vctx, const unsigned char *key, size_t keylen,
     }
     if (key != NULL) {
         if (keylen != ctx->keylen) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
             return 0;
         }
         return ctx->hw->setkey(ctx, key, keylen);
diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c
index 974a8f6026..02a496d1dd 100644
--- a/providers/implementations/ciphers/ciphercommon_gcm.c
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c
@@ -9,11 +9,11 @@
 
 /* Dispatch functions for gcm mode */
 
+#include <openssl/rand.h>
+#include <openssl/proverr.h>
 #include "prov/ciphercommon.h"
 #include "prov/ciphercommon_gcm.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
-#include <openssl/rand.h>
 #include "prov/provider_ctx.h"
 
 static int gcm_tls_init(PROV_GCM_CTX *dat, unsigned char *aad, size_t aad_len);
@@ -513,7 +513,7 @@ static int gcm_tls_cipher(PROV_GCM_CTX *ctx, unsigned char *out, size_t *padlen,
      * side only.
      */
     if (ctx->enc && ++ctx->tls_enc_records == 0) {
-        ERR_raise(ERR_LIB_PROV, EVP_R_TOO_MANY_RECORDS);
+        ERR_raise(ERR_LIB_PROV, PROV_R_TOO_MANY_RECORDS);
         goto err;
     }
 
diff --git a/providers/implementations/digests/digestcommon.c b/providers/implementations/digests/digestcommon.c
index b8e7efde60..cbf32ac2f9 100644
--- a/providers/implementations/digests/digestcommon.c
+++ b/providers/implementations/digests/digestcommon.c
@@ -7,9 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "openssl/err.h"
+#include <openssl/err.h>
+#include <openssl/proverr.h>
 #include "prov/digestcommon.h"
-#include "prov/providercommonerr.h"
 
 int digest_default_get_params(OSSL_PARAM params[], size_t blksz, size_t paramsz,
                               unsigned long flags)
diff --git a/providers/implementations/digests/mdc2_prov.c b/providers/implementations/digests/mdc2_prov.c
index b184c8393c..8dc1d1af74 100644
--- a/providers/implementations/digests/mdc2_prov.c
+++ b/providers/implementations/digests/mdc2_prov.c
@@ -18,9 +18,9 @@
 #include <openssl/mdc2.h>
 #include <openssl/core_names.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 #include "prov/digestcommon.h"
 #include "prov/implementations.h"
-#include "prov/providercommonerr.h"
 
 static OSSL_FUNC_digest_set_ctx_params_fn mdc2_set_ctx_params;
 static OSSL_FUNC_digest_settable_ctx_params_fn mdc2_settable_ctx_params;
diff --git a/providers/implementations/digests/sha3_prov.c b/providers/implementations/digests/sha3_prov.c
index 6e731fd842..cd8045f92c 100644
--- a/providers/implementations/digests/sha3_prov.c
+++ b/providers/implementations/digests/sha3_prov.c
@@ -13,10 +13,10 @@
 #include <openssl/evp.h>
 #include <openssl/params.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 #include "internal/sha3.h"
 #include "prov/digestcommon.h"
 #include "prov/implementations.h"
-#include "prov/providercommonerr.h"
 
 #define SHA3_FLAGS PROV_DIGEST_FLAG_ALGID_ABSENT
 #define SHAKE_FLAGS PROV_DIGEST_FLAG_XOF
diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c
index 6611e808d1..09776127d4 100644
--- a/providers/implementations/encode_decode/decode_der2key.c
+++ b/providers/implementations/encode_decode/decode_der2key.c
@@ -22,6 +22,7 @@
 #include <openssl/pem.h>         /* PEM_BUFSIZE and public PEM functions */
 #include <openssl/pkcs12.h>
 #include <openssl/x509.h>
+#include <openssl/proverr.h>
 #include "internal/cryptlib.h"   /* ossl_assert() */
 #include "internal/asn1.h"
 #include "crypto/dh.h"
@@ -31,7 +32,6 @@
 #include "crypto/rsa.h"
 #include "prov/bio.h"
 #include "prov/implementations.h"
-#include "prov/providercommonerr.h"
 #include "endecoder_local.h"
 
 #define SET_ERR_MARK() ERR_set_mark()
@@ -87,7 +87,7 @@ static int der_from_p8(unsigned char **new_der, long *new_der_len,
         size_t plen = 0;
 
         if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_READ_KEY);
+            ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
         } else {
             const X509_ALGOR *alg = NULL;
             const ASN1_OCTET_STRING *oct = NULL;
diff --git a/providers/implementations/encode_decode/decode_pem2der.c b/providers/implementations/encode_decode/decode_pem2der.c
index 6c8b108290..cb6ebcefb6 100644
--- a/providers/implementations/encode_decode/decode_pem2der.c
+++ b/providers/implementations/encode_decode/decode_pem2der.c
@@ -21,10 +21,10 @@
 #include <openssl/err.h>
 #include <openssl/params.h>
 #include <openssl/pem.h>
+#include <openssl/proverr.h>
 #include "internal/nelem.h"
 #include "prov/bio.h"
 #include "prov/implementations.h"
-#include "prov/providercommonerr.h"
 #include "endecoder_local.h"
 
 static int read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c
index 7af53cca96..8f868249ee 100644
--- a/providers/implementations/encode_decode/encode_key2any.c
+++ b/providers/implementations/encode_decode/encode_key2any.c
@@ -25,12 +25,12 @@
 #include <openssl/dh.h>
 #include <openssl/dsa.h>
 #include <openssl/ec.h>
+#include <openssl/proverr.h>
 #include "internal/passphrase.h"
 #include "internal/cryptlib.h"
 #include "crypto/ecx.h"
 #include "crypto/rsa.h"
 #include "prov/implementations.h"
-#include "prov/providercommonerr.h"
 #include "prov/bio.h"
 #include "prov/provider_ctx.h"
 #include "prov/der_rsa.h"
@@ -96,7 +96,7 @@ static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info,
 
     if (!ossl_pw_get_passphrase(kstr, sizeof(kstr), &klen, NULL, 1,
                                 &ctx->pwdata)) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_READ_KEY);
+        ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
         return NULL;
     }
     /* First argument == -1 means "standard" */
diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c
index 21cedbb0dd..05cccdce36 100644
--- a/providers/implementations/encode_decode/encode_key2text.c
+++ b/providers/implementations/encode_decode/encode_key2text.c
@@ -20,6 +20,7 @@
 #include <openssl/bn.h>
 #include <openssl/err.h>
 #include <openssl/safestack.h>
+#include <openssl/proverr.h>
 #include "internal/ffc.h"
 #include "crypto/bn.h"           /* bn_get_words() */
 #include "crypto/dh.h"           /* dh_get0_params() */
@@ -29,7 +30,6 @@
 #include "crypto/rsa.h"          /* RSA_PSS_PARAMS_30, etc... */
 #include "prov/bio.h"
 #include "prov/implementations.h"
-#include "prov/providercommonerr.h"
 #include "endecoder_local.h"
 
 DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
diff --git a/providers/implementations/exchange/ecx_exch.c b/providers/implementations/exchange/ecx_exch.c
index db6aa90c03..3b082ab503 100644
--- a/providers/implementations/exchange/ecx_exch.c
+++ b/providers/implementations/exchange/ecx_exch.c
@@ -12,11 +12,11 @@
 #include <openssl/core_names.h>
 #include <openssl/params.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 #include "internal/cryptlib.h"
 #include "crypto/ecx.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #ifdef S390X_EC_ASM
 # include "s390x_arch.h"
 #endif
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
index a985c85440..5fa24b93e3 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -20,12 +20,12 @@
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
 #include <openssl/core_names.h>
+#include <openssl/proverr.h>
 #include "internal/cryptlib.h"
 #include "internal/numbers.h"
 #include "crypto/evp.h"
 #include "prov/provider_ctx.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/provider_util.h"
 #include "e_os.h"
diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
index a8f09bdbff..2e1a96e28f 100644
--- a/providers/implementations/kdfs/kbkdf.c
+++ b/providers/implementations/kdfs/kbkdf.c
@@ -33,6 +33,7 @@
 #include <openssl/hmac.h>
 #include <openssl/kdf.h>
 #include <openssl/params.h>
+#include <openssl/proverr.h>
 
 #include "internal/cryptlib.h"
 #include "crypto/evp.h"
@@ -42,7 +43,6 @@
 #include "prov/provider_ctx.h"
 #include "prov/provider_util.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 
 #include "e_os.h"
 
diff --git a/providers/implementations/kdfs/krb5kdf.c b/providers/implementations/kdfs/krb5kdf.c
index 56a61b5cec..a928edbb0c 100644
--- a/providers/implementations/kdfs/krb5kdf.c
+++ b/providers/implementations/kdfs/krb5kdf.c
@@ -21,6 +21,7 @@
 #include <openssl/des.h>
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
+#include <openssl/proverr.h>
 
 #include "internal/cryptlib.h"
 #include "crypto/evp.h"
@@ -29,7 +30,6 @@
 #include "prov/provider_ctx.h"
 #include "prov/provider_util.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 
 /* KRB5 KDF defined in RFC 3961, Section 5.1 */
 
diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
index 37a81f00ba..a3ecea2b03 100644
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
@@ -20,12 +20,12 @@
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
 #include <openssl/core_names.h>
+#include <openssl/proverr.h>
 #include "internal/cryptlib.h"
 #include "internal/numbers.h"
 #include "crypto/evp.h"
 #include "prov/provider_ctx.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/provider_util.h"
 #include "pbkdf2.h"
@@ -285,13 +285,13 @@ static int pbkdf2_derive(const char *pass, size_t passlen,
      * results in an overflow of the loop counter 'i'.
      */
     if ((keylen / mdlen) >= KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LEN);
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
         return 0;
     }
 
     if (lower_bound_checks) {
         if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LEN);
+            ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
             return 0;
         }
         if (saltlen < KDF_PBKDF2_MIN_SALT_LEN) {
diff --git a/providers/implementations/kdfs/pkcs12kdf.c b/providers/implementations/kdfs/pkcs12kdf.c
index b058005e1d..b388efe786 100644
--- a/providers/implementations/kdfs/pkcs12kdf.c
+++ b/providers/implementations/kdfs/pkcs12kdf.c
@@ -14,12 +14,12 @@
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
 #include <openssl/core_names.h>
+#include <openssl/proverr.h>
 #include "internal/cryptlib.h"
 #include "internal/numbers.h"
 #include "crypto/evp.h"
 #include "prov/provider_ctx.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/provider_util.h"
 
diff --git a/providers/implementations/kdfs/scrypt.c b/providers/implementations/kdfs/scrypt.c
index 023b1916a1..3aba9f7955 100644
--- a/providers/implementations/kdfs/scrypt.c
+++ b/providers/implementations/kdfs/scrypt.c
@@ -14,12 +14,12 @@
 #include <openssl/kdf.h>
 #include <openssl/err.h>
 #include <openssl/core_names.h>
+#include <openssl/proverr.h>
 #include "crypto/evp.h"
 #include "internal/numbers.h"
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 
 #ifndef OPENSSL_NO_SCRYPT
diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c
index e86c502184..058f3b95b7 100644
--- a/providers/implementations/kdfs/sshkdf.c
+++ b/providers/implementations/kdfs/sshkdf.c
@@ -13,12 +13,12 @@
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
 #include <openssl/core_names.h>
+#include <openssl/proverr.h>
 #include "internal/cryptlib.h"
 #include "internal/numbers.h"
 #include "crypto/evp.h"
 #include "prov/provider_ctx.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/provider_util.h"
 
diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c
index 84711dde27..641aacbe97 100644
--- a/providers/implementations/kdfs/sskdf.c
+++ b/providers/implementations/kdfs/sskdf.c
@@ -42,12 +42,12 @@
 #include <openssl/kdf.h>
 #include <openssl/core_names.h>
 #include <openssl/params.h>
+#include <openssl/proverr.h>
 #include "internal/cryptlib.h"
 #include "internal/numbers.h"
 #include "crypto/evp.h"
 #include "prov/provider_ctx.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/provider_util.h"
 
diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c
index aba08068ca..2cb825229b 100644
--- a/providers/implementations/kdfs/tls1_prf.c
+++ b/providers/implementations/kdfs/tls1_prf.c
@@ -52,12 +52,12 @@
 #include <openssl/kdf.h>
 #include <openssl/core_names.h>
 #include <openssl/params.h>
+#include <openssl/proverr.h>
 #include "internal/cryptlib.h"
 #include "internal/numbers.h"
 #include "crypto/evp.h"
 #include "prov/provider_ctx.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/provider_util.h"
 #include "e_os.h"
diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c
index ae3ed69201..7f1f0e6c9d 100644
--- a/providers/implementations/kdfs/x942kdf.c
+++ b/providers/implementations/kdfs/x942kdf.c
@@ -14,11 +14,11 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/params.h>
+#include <openssl/proverr.h>
 #include "internal/packet.h"
 #include "internal/der.h"
 #include "prov/provider_ctx.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/provider_util.h"
 #include "prov/der_wrap.h"
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
index 58a223fe42..0007224072 100644
--- a/providers/implementations/kem/rsa_kem.c
+++ b/providers/implementations/kem/rsa_kem.c
@@ -22,7 +22,7 @@
 #include <openssl/params.h>
 #include <openssl/err.h>
 #include <crypto/rsa.h>
-#include "prov/providercommonerr.h"
+#include <openssl/proverr.h>
 #include "prov/provider_ctx.h"
 #include "prov/implementations.h"
 #include "prov/securitycheck.h"
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index 3a58d9e4dc..bb479181c3 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -20,11 +20,11 @@
 #include <openssl/bn.h>
 #include <openssl/err.h>
 #include <openssl/objects.h>
+#include <openssl/proverr.h>
 #include "crypto/bn.h"
 #include "crypto/ec.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/provider_ctx.h"
 #include "internal/param_build_set.h"
 
diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
index 08de2a07cc..0f7f65ddbb 100644
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -16,6 +16,7 @@
 #include <openssl/params.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
+#include <openssl/proverr.h>
 #include "openssl/param_build.h"
 #include "internal/param_build_set.h"
 #include "prov/implementations.h"
@@ -464,7 +465,7 @@ static void *mac_gen(void *genctx, OSSL_CALLBACK *cb, void *cbarg)
         return key;
 
     if (gctx->priv_key == NULL) {
-        ERR_raise(ERR_LIB_PROV, EVP_R_INVALID_KEY);
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY);
         ossl_mac_key_free(key);
         return NULL;
     }
diff --git a/providers/implementations/macs/blake2_mac_impl.c b/providers/implementations/macs/blake2_mac_impl.c
index 542595efa1..4f57795500 100644
--- a/providers/implementations/macs/blake2_mac_impl.c
+++ b/providers/implementations/macs/blake2_mac_impl.c
@@ -10,10 +10,10 @@
 #include <openssl/core_dispatch.h>
 #include <openssl/core_names.h>
 #include <openssl/params.h>
+#include <openssl/proverr.h>
 
 #include "prov/blake2.h"
 #include "internal/cryptlib.h"
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
 
diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c
index fe4d2c3c8a..1d5d26f170 100644
--- a/providers/implementations/macs/gmac_prov.c
+++ b/providers/implementations/macs/gmac_prov.c
@@ -14,8 +14,8 @@
 #include <openssl/engine.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "prov/provider_util.h"
@@ -191,7 +191,7 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
 
     if (EVP_CIPHER_mode(ossl_prov_cipher_cipher(&macctx->cipher))
         != EVP_CIPH_GCM_MODE) {
-        ERR_raise(ERR_LIB_PROV, EVP_R_CIPHER_NOT_GCM_MODE);
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE);
         return 0;
     }
     if (!EVP_EncryptInit_ex(ctx, ossl_prov_cipher_cipher(&macctx->cipher),
@@ -204,7 +204,7 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
             return 0;
 
         if (p->data_size != (size_t)EVP_CIPHER_CTX_key_length(ctx)) {
-            ERR_raise(ERR_LIB_PROV, EVP_R_INVALID_KEY_LENGTH);
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
             return 0;
         }
         if (!EVP_EncryptInit_ex(ctx, NULL, NULL, p->data, NULL))
diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c
index b9a6318e12..3a57dd0db6 100644
--- a/providers/implementations/macs/kmac_prov.c
+++ b/providers/implementations/macs/kmac_prov.c
@@ -53,8 +53,8 @@
 #include <openssl/params.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "prov/provider_util.h"
@@ -258,7 +258,7 @@ static int kmac_init(void *vmacctx)
 
     /* Check key has been set */
     if (kctx->key_len == 0) {
-        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
+        ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
         return 0;
     }
     if (!EVP_DigestInit_ex(kctx->ctx, ossl_prov_digest_md(&kctx->digest),
diff --git a/providers/implementations/macs/poly1305_prov.c b/providers/implementations/macs/poly1305_prov.c
index a3bc47253c..b029dfefd4 100644
--- a/providers/implementations/macs/poly1305_prov.c
+++ b/providers/implementations/macs/poly1305_prov.c
@@ -12,10 +12,10 @@
 #include <openssl/params.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 
 #include "crypto/poly1305.h"
 
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
 
diff --git a/providers/implementations/macs/siphash_prov.c b/providers/implementations/macs/siphash_prov.c
index 1a79ae0c6a..f2105a9c46 100644
--- a/providers/implementations/macs/siphash_prov.c
+++ b/providers/implementations/macs/siphash_prov.c
@@ -13,6 +13,7 @@
 #include <openssl/params.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 
 #include "crypto/siphash.h"
 /*
@@ -22,7 +23,6 @@
  */
 #include "../../../crypto/siphash/siphash_local.h"
 
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
 
diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
index cc965c9bc0..bdc980ef59 100644
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
@@ -13,13 +13,13 @@
 #include <openssl/rand.h>
 #include <openssl/evp.h>
 #include "crypto/rand.h"
+#include <openssl/proverr.h>
 #include "drbg_local.h"
 #include "internal/thread_once.h"
 #include "crypto/cryptlib.h"
 #include "prov/seeding.h"
 #include "crypto/rand_pool.h"
 #include "prov/provider_ctx.h"
-#include "prov/providercommonerr.h"
 #include "prov/providercommon.h"
 
 /*
diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c
index 9785c083fe..caf885c4cb 100644
--- a/providers/implementations/rands/drbg_ctr.c
+++ b/providers/implementations/rands/drbg_ctr.c
@@ -13,12 +13,12 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #include <openssl/aes.h>
+#include <openssl/proverr.h>
 #include "e_os.h" /* strcasecmp */
 #include "crypto/modes.h"
 #include "internal/thread_once.h"
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
-#include "prov/providercommonerr.h"
 #include "drbg_local.h"
 
 static OSSL_FUNC_rand_newctx_fn drbg_ctr_new_wrapper;
diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c
index 57e789099b..9c44c0bdb4 100644
--- a/providers/implementations/rands/drbg_hash.c
+++ b/providers/implementations/rands/drbg_hash.c
@@ -15,12 +15,12 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #include <openssl/core_dispatch.h>
+#include <openssl/proverr.h>
 #include "internal/thread_once.h"
 #include "prov/providercommon.h"
 #include "prov/provider_ctx.h"
 #include "prov/provider_util.h"
 #include "prov/implementations.h"
-#include "prov/providercommonerr.h"
 #include "drbg_local.h"
 
 static OSSL_FUNC_rand_newctx_fn drbg_hash_new_wrapper;
diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c
index 6311a57a97..314243d8ab 100644
--- a/providers/implementations/rands/drbg_hmac.c
+++ b/providers/implementations/rands/drbg_hmac.c
@@ -12,10 +12,10 @@
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include <openssl/proverr.h>
 #include "prov/provider_util.h"
 #include "internal/thread_once.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "drbg_local.h"
diff --git a/providers/implementations/rands/seed_src.c b/providers/implementations/rands/seed_src.c
index 0a533d016f..60088b2779 100644
--- a/providers/implementations/rands/seed_src.c
+++ b/providers/implementations/rands/seed_src.c
@@ -16,9 +16,9 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/randerr.h>
+#include <openssl/proverr.h>
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
-#include "prov/providercommonerr.h"
 #include "crypto/rand.h"
 #include "crypto/rand_pool.h"
 
diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c
index 515845c56c..be1a8fca3f 100644
--- a/providers/implementations/signature/dsa.c
+++ b/providers/implementations/signature/dsa.c
@@ -23,12 +23,12 @@
 #include <openssl/params.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 #include "internal/nelem.h"
 #include "internal/sizes.h"
 #include "internal/cryptlib.h"
 #include "prov/providercommon.h"
 #include "prov/implementations.h"
-#include "prov/providercommonerr.h"
 #include "prov/provider_ctx.h"
 #include "prov/securitycheck.h"
 #include "crypto/dsa.h"
diff --git a/providers/implementations/signature/ecdsa.c b/providers/implementations/signature/ecdsa.c
index e8e8e8d143..ed21ac79c3 100644
--- a/providers/implementations/signature/ecdsa.c
+++ b/providers/implementations/signature/ecdsa.c
@@ -21,11 +21,11 @@
 #include <openssl/params.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 #include "internal/nelem.h"
 #include "internal/sizes.h"
 #include "internal/cryptlib.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "prov/securitycheck.h"
diff --git a/providers/implementations/signature/eddsa.c b/providers/implementations/signature/eddsa.c
index 57c37096ef..0409ed1892 100644
--- a/providers/implementations/signature/eddsa.c
+++ b/providers/implementations/signature/eddsa.c
@@ -14,11 +14,11 @@
 #include <openssl/params.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 #include "internal/nelem.h"
 #include "internal/sizes.h"
 #include "prov/providercommon.h"
 #include "prov/implementations.h"
-#include "prov/providercommonerr.h"
 #include "prov/provider_ctx.h"
 #include "prov/der_ecx.h"
 #include "crypto/ecx.h"
diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c
index e61d8ab04e..cb68de3b3e 100644
--- a/providers/implementations/signature/rsa.c
+++ b/providers/implementations/signature/rsa.c
@@ -22,12 +22,12 @@
 #include <openssl/rsa.h>
 #include <openssl/params.h>
 #include <openssl/evp.h>
+#include <openssl/proverr.h>
 #include "internal/cryptlib.h"
 #include "internal/nelem.h"
 #include "internal/sizes.h"
 #include "crypto/rsa.h"
 #include "prov/providercommon.h"
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "prov/der_rsa.h"
@@ -1245,7 +1245,7 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
          * lowest saltlen number possible.
          */
         if (saltlen < RSA_PSS_SALTLEN_MAX) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PSS_SALTLEN);
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH);
             return 0;
         }
 
@@ -1253,7 +1253,8 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
             switch (saltlen) {
             case RSA_PSS_SALTLEN_AUTO:
                 if (prsactx->operation == EVP_PKEY_OP_VERIFY) {
-                    ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PSS_SALTLEN);
+                    ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH,
+                                   "Cannot use autodetected salt length");
                     return 0;
                 }
                 break;
diff --git a/providers/implementations/signature/sm2sig.c b/providers/implementations/signature/sm2sig.c
index 45fd70ef40..a3709ff074 100644
--- a/providers/implementations/signature/sm2sig.c
+++ b/providers/implementations/signature/sm2sig.c
@@ -21,10 +21,10 @@
 #include <openssl/params.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/proverr.h>
 #include "internal/nelem.h"
 #include "internal/sizes.h"
 #include "internal/cryptlib.h"
-#include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "crypto/ec.h"
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index 7f4dadbc28..a5edc53506 100644
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -24,6 +24,7 @@
 #include <openssl/params.h>
 #include <openssl/decoder.h>
 #include <openssl/store.h>       /* The OSSL_STORE_INFO type numbers */
+#include <openssl/proverr.h>
 #include "internal/cryptlib.h"
 #include "internal/o_dir.h"
 #include "crypto/pem.h"          /* For PVK and "blob" PEM headers */
@@ -31,7 +32,6 @@
 #include "prov/implementations.h"
 #include "prov/bio.h"
 #include "prov/provider_ctx.h"
-#include "prov/providercommonerr.h"
 #include "file_store_local.h"
 
 DEFINE_STACK_OF(OSSL_STORE_INFO)


More information about the openssl-commits mailing list