Move ssl_err.c into libcrypto

We move ssl_err.c out of libssl and into libcrypto. This file is entirely
self contained and is used to load error strings into the libcrypto error
tables. By moving this file into libcrypto, libssl can be unloaded safely
without having dangling references to this error information.

Fixes #26672

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26931)

(cherry picked from commit aaad33c5ac1ce574229066ca3ce47ef3510a6e8d)

diff --git a/crypto/build.info b/crypto/build.info
index 2642d30754b585214d2bc888451eaa141c7467d2..f9fbca0603b198a369d83405e502d8870110f12c 100644 (file)
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -107,7 +107,7 @@ SOURCE[../libcrypto]=$UTIL_COMMON \
         comp_methods.c cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c \
         o_dir.c o_fopen.c getenv.c o_init.c init.c trace.c provider.c \
         provider_child.c punycode.c passphrase.c sleep.c deterministic_nonce.c \
-        quic_vlint.c time.c defaults.c
+        quic_vlint.c time.c defaults.c ssl_err.c
 SOURCE[../providers/libfips.a]=$UTIL_COMMON
 
 SOURCE[../libcrypto]=$UPLINKSRC

diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index f3802a05b5c325fa83d3f229c3ec5375146344ea..22f87d4c1397732c66e1f8ee9e213a547f2553ad 100644 (file)
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -17,7 +17,7 @@ L ASN1          include/openssl/asn1err.h       crypto/asn1/asn1_err.c
 L CONF          include/openssl/conferr.h       crypto/conf/conf_err.c                  include/crypto/conferr.h
 L CRYPTO        include/openssl/cryptoerr.h     crypto/cpt_err.c                        include/crypto/cryptoerr.h
 L EC            include/openssl/ecerr.h         crypto/ec/ec_err.c                      include/crypto/ecerr.h
-L SSL           include/openssl/sslerr.h        ssl/ssl_err.c                           ssl/sslerr.h
+L SSL           include/openssl/sslerr.h        crypto/ssl_err.c                        crypto/sslerr.h
 L BIO           include/openssl/bioerr.h        crypto/bio/bio_err.c                    include/crypto/bioerr.h
 L PKCS7         include/openssl/pkcs7err.h      crypto/pkcs7/pkcs7err.c                 include/crypto/pkcs7err.h
 L X509V3        include/openssl/x509v3err.h     crypto/x509/v3err.c                     include/crypto/x509v3err.h

diff --git a/crypto/init.c b/crypto/init.c
index 07bcf83952284c14a2f9c31acc69a1366cada213..659e90968d22c66f57b99d487d353c7c6fa7f01d 100644 (file)
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -32,7 +32,9 @@
 #include "crypto/store.h"
 #include <openssl/cmp_util.h> /* for OSSL_CMP_log_close() */
 #include <openssl/trace.h>
+#include <openssl/ssl.h> /* for OPENSSL_INIT_(NO_)?LOAD_SSL_STRINGS */
 #include "crypto/ctype.h"
+#include "sslerr.h"
 
 static int stopped = 0;
 static uint64_t optsdone = 0;
@@ -208,6 +210,28 @@ DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,
     return 1;
 }
 
+static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
+{
+    /*
+     * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
+     * pulling in all the error strings during static linking
+     */
+#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
+    OSSL_TRACE(INIT, "ossl_init_load_ssl_strings: ossl_err_load_SSL_strings()\n");
+    ossl_err_load_SSL_strings();
+#endif
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings,
+                           ossl_init_load_ssl_strings)
+{
+    /* Do nothing in this case */
+    return 1;
+}
+
 static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
 {
@@ -562,6 +586,15 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
             && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
         return 0;
 
+    if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
+        && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings,
+                         ossl_init_load_ssl_strings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
+        && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings))
+        return 0;
+
     if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
             && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers,
                              ossl_init_add_all_ciphers))

diff --git a/ssl/ssl_err.c b/crypto/ssl_err.c
similarity index 100%
rename from ssl/ssl_err.c
rename to crypto/ssl_err.c

diff --git a/ssl/sslerr.h b/crypto/sslerr.h
similarity index 100%
rename from ssl/sslerr.h
rename to crypto/sslerr.h

diff --git a/ssl/build.info b/ssl/build.info
index adfc966379aff4cc42b74873083f94c3a3f1995e..8f41e15dbbf274e7513a4562a3920f8c9ffbeb93 100644 (file)
--- a/ssl/build.info
+++ b/ssl/build.info
@@ -17,7 +17,7 @@ SOURCE[../libssl]=\
         ssl_lib.c ssl_cert.c ssl_sess.c \
         ssl_ciph.c ssl_stat.c ssl_rsa.c \
         ssl_asn1.c ssl_txt.c ssl_init.c ssl_conf.c  ssl_mcnf.c \
-        bio_ssl.c ssl_err.c ssl_err_legacy.c tls_srp.c t1_trce.c ssl_utst.c \
+        bio_ssl.c ssl_err_legacy.c tls_srp.c t1_trce.c ssl_utst.c \
         statem/statem.c \
         ssl_cert_comp.c \
         tls_depr.c

diff --git a/ssl/ssl_err_legacy.c b/ssl/ssl_err_legacy.c
index 7ce25e1f1112dec6565c769f53c1e55fe3a07eee..db8fafbe42f38136212cf6830e754583d498f22d 100644 (file)
--- a/ssl/ssl_err_legacy.c
+++ b/ssl/ssl_err_legacy.c
@@ -9,12 +9,12 @@
 
 /* This is the C source file where we include this header directly */
 #include <openssl/sslerr_legacy.h>
-#include "sslerr.h"
+#include <openssl/ssl.h>
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
 int ERR_load_SSL_strings(void)
 {
-    return ossl_err_load_SSL_strings();
+    return OPENSSL_init_crypto(OPENSSL_INIT_LOAD_SSL_STRINGS, 0);
 }
 #else
 NON_EMPTY_TRANSLATION_UNIT

diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
index ea6f60f72d6f90179b94bc85c176ecacdad7df34..0584b19b7b560554b2a85c52d267e73f5c865811 100644 (file)
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -14,7 +14,6 @@
 #include <openssl/evp.h>
 #include <openssl/trace.h>
 #include "ssl_local.h"
-#include "sslerr.h"
 #include "internal/thread_once.h"
 
 static int stopped;
@@ -38,28 +37,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
     return 1;
 }
 
-static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT;
-
-DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
-{
-    /*
-     * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
-     * pulling in all the error strings during static linking
-     */
-#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
-    OSSL_TRACE(INIT, "ossl_init_load_ssl_strings: ossl_err_load_SSL_strings()\n");
-    ossl_err_load_SSL_strings();
-#endif
-    return 1;
-}
-
-DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings,
-                           ossl_init_load_ssl_strings)
-{
-    /* Do nothing in this case */
-    return 1;
-}
-
 /*
  * If this function is called with a non NULL settings value then it must be
  * called prior to any threads making calls to any OpenSSL functions,
@@ -95,14 +72,5 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
     if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
         return 0;
 
-    if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
-        && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings,
-                         ossl_init_load_ssl_strings))
-        return 0;
-
-    if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
-        && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings))
-        return 0;
-
     return 1;
 }