From: Tomas Mraz Date: Fri, 13 Feb 2026 16:11:03 +0000 (+0100) Subject: Make ERR_STATE opaque and remove related deprecated functions X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c14539427ab2890655e6ac5cb47a65d20f0cb53;p=thirdparty%2Fopenssl.git Make ERR_STATE opaque and remove related deprecated functions ERR_get_state(), ERR_remove_state() and ERR_remove_thread_state() and useless SYS_F_ macros are removed. Fixes #4654 Reviewed-by: Eugene Syromiatnikov Reviewed-by: Dmitry Belyavskiy Reviewed-by: Neil Horman MergeDate: Sat Feb 14 23:07:56 2026 (Merged from https://github.com/openssl/openssl/pull/30005) --- diff --git a/CHANGES.md b/CHANGES.md index a8682317e53..8dc17dcbbc9 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -209,6 +209,11 @@ OpenSSL 4.0 *Tomáš Mráz* + * Removed deprecated functions `ERR_get_state()`, `ERR_remove_state()` and + `ERR_remove_thread_state()`. The `ERR_STATE` object is now always opaque. + + *Tomáš Mráz* + * Added SNMP KDF (EVP_KDF_SNMPKDF) to EVP_KDF *Barry Fussell and Helen Zhang* diff --git a/crypto/err/err.c b/crypto/err/err.c index e9920f00e3b..dfadbcd50df 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -7,8 +7,6 @@ * https://www.openssl.org/source/license.html */ -#define OSSL_FORCE_ERR_STATE - #include #include #include @@ -650,18 +648,6 @@ static void err_delete_thread_state(void *unused) OSSL_ERR_STATE_free(state); } -#ifndef OPENSSL_NO_DEPRECATED_1_1_0 -void ERR_remove_thread_state(void *dummy) -{ -} -#endif - -#ifndef OPENSSL_NO_DEPRECATED_1_0_0 -void ERR_remove_state(unsigned long pid) -{ -} -#endif - ERR_STATE *ossl_err_get_state_int(void) { ERR_STATE *state; @@ -704,13 +690,6 @@ ERR_STATE *ossl_err_get_state_int(void) return state; } -#ifndef OPENSSL_NO_DEPRECATED_3_0 -ERR_STATE *ERR_get_state(void) -{ - return ossl_err_get_state_int(); -} -#endif - /* * err_shelve_state returns the current thread local error state * and freezes the error module until err_unshelve_state is called. diff --git a/crypto/err/err_blocks.c b/crypto/err/err_blocks.c index a658df05766..728802f65ee 100644 --- a/crypto/err/err_blocks.c +++ b/crypto/err/err_blocks.c @@ -7,8 +7,6 @@ * https://www.openssl.org/source/license.html */ -#define OSSL_FORCE_ERR_STATE - #include #include #include "err_local.h" diff --git a/crypto/err/err_local.h b/crypto/err/err_local.h index 4d300593861..f982f67b47a 100644 --- a/crypto/err/err_local.h +++ b/crypto/err/err_local.h @@ -10,6 +10,23 @@ #include #include #include +#include "internal/err.h" + +#define ERR_FLAG_MARK 0x01 +#define ERR_FLAG_CLEAR 0x02 + +struct err_state_st { + int err_flags[ERR_NUM_ERRORS]; + int err_marks[ERR_NUM_ERRORS]; + unsigned long err_buffer[ERR_NUM_ERRORS]; + char *err_data[ERR_NUM_ERRORS]; + size_t err_data_size[ERR_NUM_ERRORS]; + int err_data_flags[ERR_NUM_ERRORS]; + char *err_file[ERR_NUM_ERRORS]; + int err_line[ERR_NUM_ERRORS]; + char *err_func[ERR_NUM_ERRORS]; + int top, bottom; +}; static ossl_inline void err_get_slot(ERR_STATE *es) { diff --git a/crypto/err/err_mark.c b/crypto/err/err_mark.c index 33fa6b21278..53fbf170fce 100644 --- a/crypto/err/err_mark.c +++ b/crypto/err/err_mark.c @@ -7,8 +7,6 @@ * https://www.openssl.org/source/license.html */ -#define OSSL_FORCE_ERR_STATE - #include #include "err_local.h" diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c index 907cbc22ef7..578e8e1d519 100644 --- a/crypto/err/err_prn.c +++ b/crypto/err/err_prn.c @@ -7,8 +7,6 @@ * https://www.openssl.org/source/license.html */ -#define OSSL_FORCE_ERR_STATE - #include #include "internal/cryptlib.h" #include diff --git a/crypto/err/err_save.c b/crypto/err/err_save.c index ab58081fefb..ac77458bb26 100644 --- a/crypto/err/err_save.c +++ b/crypto/err/err_save.c @@ -7,8 +7,6 @@ * https://www.openssl.org/source/license.html */ -#define OSSL_FORCE_ERR_STATE - #include #include "err_local.h" diff --git a/doc/build.info b/doc/build.info index fc7448f9f67..b111ddb5698 100644 --- a/doc/build.info +++ b/doc/build.info @@ -1107,10 +1107,6 @@ DEPEND[html/man3/ERR_put_error.html]=man3/ERR_put_error.pod GENERATE[html/man3/ERR_put_error.html]=man3/ERR_put_error.pod DEPEND[man/man3/ERR_put_error.3]=man3/ERR_put_error.pod GENERATE[man/man3/ERR_put_error.3]=man3/ERR_put_error.pod -DEPEND[html/man3/ERR_remove_state.html]=man3/ERR_remove_state.pod -GENERATE[html/man3/ERR_remove_state.html]=man3/ERR_remove_state.pod -DEPEND[man/man3/ERR_remove_state.3]=man3/ERR_remove_state.pod -GENERATE[man/man3/ERR_remove_state.3]=man3/ERR_remove_state.pod DEPEND[html/man3/ERR_set_mark.html]=man3/ERR_set_mark.pod GENERATE[html/man3/ERR_set_mark.html]=man3/ERR_set_mark.pod DEPEND[man/man3/ERR_set_mark.3]=man3/ERR_set_mark.pod @@ -3310,7 +3306,6 @@ html/man3/ERR_load_strings.html \ html/man3/ERR_new.html \ html/man3/ERR_print_errors.html \ html/man3/ERR_put_error.html \ -html/man3/ERR_remove_state.html \ html/man3/ERR_set_mark.html \ html/man3/EVP_ASYM_CIPHER_free.html \ html/man3/EVP_BytesToKey.html \ @@ -3982,7 +3977,6 @@ man/man3/ERR_load_strings.3 \ man/man3/ERR_new.3 \ man/man3/ERR_print_errors.3 \ man/man3/ERR_put_error.3 \ -man/man3/ERR_remove_state.3 \ man/man3/ERR_set_mark.3 \ man/man3/EVP_ASYM_CIPHER_free.3 \ man/man3/EVP_BytesToKey.3 \ diff --git a/doc/man3/ERR_remove_state.pod b/doc/man3/ERR_remove_state.pod deleted file mode 100644 index 2ef34c7c34c..00000000000 --- a/doc/man3/ERR_remove_state.pod +++ /dev/null @@ -1,51 +0,0 @@ -=pod - -=head1 NAME - -ERR_remove_thread_state, ERR_remove_state - DEPRECATED - -=head1 SYNOPSIS - -The following function has been deprecated since OpenSSL 1.0.0, and can be -hidden entirely by defining B with a suitable version value, -see L: - - void ERR_remove_state(unsigned long tid); - -The following function has been deprecated since OpenSSL 1.1.0, and can be -hidden entirely by defining B with a suitable version value, -see L: - - void ERR_remove_thread_state(void *tid); - -=head1 DESCRIPTION - -ERR_remove_state() frees the error queue associated with the specified -thread, identified by B. -ERR_remove_thread_state() does the same thing, except the identifier is -an opaque pointer. - -=head1 RETURN VALUES - -ERR_remove_state() and ERR_remove_thread_state() return no value. - -=head1 SEE ALSO - -LL - -=head1 HISTORY - -ERR_remove_state() was deprecated in OpenSSL 1.0.0 and -ERR_remove_thread_state() was deprecated in OpenSSL 1.1.0; these functions -and should not be used. - -=head1 COPYRIGHT - -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man7/ossl-removed-api.pod b/doc/man7/ossl-removed-api.pod index a0327c2fe2c..c9ada0b0573 100644 --- a/doc/man7/ossl-removed-api.pod +++ b/doc/man7/ossl-removed-api.pod @@ -3,6 +3,10 @@ =head1 NAME ASN1_STRING_data, +BIO_f_reliable, +ERR_get_state, +ERR_remove_state, +ERR_remove_thread_state, EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, @@ -93,7 +97,6 @@ EVP_PKEY_meth_get_check, EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, EVP_PKEY_meth_get_digest_custom, -BIO_f_reliable, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, EVP_PKEY_asn1_add0, @@ -153,6 +156,14 @@ This includes consulting the L documentation. =item ASN1_STRING_data (Deprecated in 1.1.1) - see L +=item BIO_f_reliable (Broken since 3.0.0) - removed without replacement + +=item ERR_get_state (Deprecated in 3.0.0) - removed, no use with opaque ERR_STATE + +=item ERR_remove_state (Deprecated in 1.0.0) - removed, no-op + +=item ERR_remove_thread_state (Deprecated in 1.1.0) - removed, no-op + =item EVP_CIPHER_meth_new (Deprecated in 3.0.0) - consult L =item EVP_CIPHER_meth_dup (Deprecated in 3.0.0) - consult L @@ -333,8 +344,6 @@ This includes consulting the L documentation. =item EVP_PKEY_meth_get_digest_custom (Deprecated in 3.0.0) - consult L -=item BIO_f_reliable (Broken since 3.0.0) - removed without replacement - =item EVP_MD_CTX_update_fn (Deprecated in 3.0.0) - consult L =item EVP_MD_CTX_set_update_fn (Deprecated in 3.0.0) - consult L diff --git a/include/internal/err.h b/include/internal/err.h index 41b28ac4731..eef6b4a706d 100644 --- a/include/internal/err.h +++ b/include/internal/err.h @@ -11,6 +11,8 @@ #define OSSL_INTERNAL_ERR_H #pragma once +#define ERR_NUM_ERRORS 16 + void err_free_strings_int(void); #endif diff --git a/include/openssl/err.h.in b/include/openssl/err.h.in index d451f82eca6..8a47426f542 100644 --- a/include/openssl/err.h.in +++ b/include/openssl/err.h.in @@ -52,25 +52,6 @@ extern "C" { #define ERR_TXT_MALLOCED 0x01 #define ERR_TXT_STRING 0x02 -#if !defined(OPENSSL_NO_DEPRECATED_3_0) || defined(OSSL_FORCE_ERR_STATE) -#define ERR_FLAG_MARK 0x01 -#define ERR_FLAG_CLEAR 0x02 - -#define ERR_NUM_ERRORS 16 -struct err_state_st { - int err_flags[ERR_NUM_ERRORS]; - int err_marks[ERR_NUM_ERRORS]; - unsigned long err_buffer[ERR_NUM_ERRORS]; - char *err_data[ERR_NUM_ERRORS]; - size_t err_data_size[ERR_NUM_ERRORS]; - int err_data_flags[ERR_NUM_ERRORS]; - char *err_file[ERR_NUM_ERRORS]; - int err_line[ERR_NUM_ERRORS]; - char *err_func[ERR_NUM_ERRORS]; - int top, bottom; -}; -#endif - /* library */ #define ERR_LIB_NONE 1 #define ERR_LIB_SYS 2 @@ -282,34 +263,6 @@ static ossl_unused ossl_inline int ERR_COMMON_ERROR(unsigned long errcode) #define ERR_PACK(lib, func, reason) \ ((((unsigned long)(lib) & ERR_LIB_MASK) << ERR_LIB_OFFSET) | (((unsigned long)(reason) & ERR_REASON_MASK))) -#ifndef OPENSSL_NO_DEPRECATED_3_0 -#define SYS_F_FOPEN 0 -#define SYS_F_CONNECT 0 -#define SYS_F_GETSERVBYNAME 0 -#define SYS_F_SOCKET 0 -#define SYS_F_IOCTLSOCKET 0 -#define SYS_F_BIND 0 -#define SYS_F_LISTEN 0 -#define SYS_F_ACCEPT 0 -#define SYS_F_WSASTARTUP 0 -#define SYS_F_OPENDIR 0 -#define SYS_F_FREAD 0 -#define SYS_F_GETADDRINFO 0 -#define SYS_F_GETNAMEINFO 0 -#define SYS_F_SETSOCKOPT 0 -#define SYS_F_GETSOCKOPT 0 -#define SYS_F_GETSOCKNAME 0 -#define SYS_F_GETHOSTBYNAME 0 -#define SYS_F_FFLUSH 0 -#define SYS_F_OPEN 0 -#define SYS_F_CLOSE 0 -#define SYS_F_IOCTL 0 -#define SYS_F_STAT 0 -#define SYS_F_FCNTL 0 -#define SYS_F_FSTAT 0 -#define SYS_F_SENDFILE 0 -#endif - /* * All ERR_R_ codes must be combined with ERR_RFLAG_COMMON. */ @@ -475,15 +428,6 @@ int ERR_unload_strings(int lib, ERR_STRING_DATA *str); while (0) \ continue #endif -#ifndef OPENSSL_NO_DEPRECATED_1_1_0 -OSSL_DEPRECATEDIN_1_1_0 void ERR_remove_thread_state(void *); -#endif -#ifndef OPENSSL_NO_DEPRECATED_1_0_0 -OSSL_DEPRECATEDIN_1_0_0 void ERR_remove_state(unsigned long pid); -#endif -#ifndef OPENSSL_NO_DEPRECATED_3_0 -OSSL_DEPRECATEDIN_3_0 ERR_STATE *ERR_get_state(void); -#endif int ERR_get_next_error_library(void); diff --git a/test/testutil.h b/test/testutil.h index 1a43a96faf4..f54af320e22 100644 --- a/test/testutil.h +++ b/test/testutil.h @@ -12,6 +12,7 @@ #include #include "internal/common.h" /* for HAS_PREFIX */ +#include "internal/err.h" /* for ERR_NUM_ERRORS */ #include #include diff --git a/util/libcrypto.num b/util/libcrypto.num index fb091d360c8..8e9b14b3c0d 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -3724,9 +3724,6 @@ ERR_add_error_mem_bio ? 4_0_0 EXIST::FUNCTION: ERR_load_strings ? 4_0_0 EXIST::FUNCTION: ERR_load_strings_const ? 4_0_0 EXIST::FUNCTION: ERR_unload_strings ? 4_0_0 EXIST::FUNCTION: -ERR_remove_thread_state ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0 -ERR_remove_state ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_0_0 -ERR_get_state ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ERR_get_next_error_library ? 4_0_0 EXIST::FUNCTION: ERR_set_mark ? 4_0_0 EXIST::FUNCTION: ERR_pop_to_mark ? 4_0_0 EXIST::FUNCTION: diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index fedf86d4bf6..94f5c5d0382 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -495,7 +495,6 @@ ENGINE_setup_bsd_cryptodev(3) ENGINE_unregister_EC(3) ENGINE_unregister_pkey_asn1_meths(3) ENGINE_unregister_pkey_meths(3) -ERR_get_state(3) ERR_load_ASN1_strings(3) ERR_load_ASYNC_strings(3) ERR_load_BIO_strings(3)