From: Matt Caswell <matt@openssl.org>
Date: Fri, 28 Feb 2025 08:51:43 +0000 (+0000)
Subject: Move ssl_err.c into libcrypto
X-Git-Tag: openssl-3.4.2~159
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76c8363cb2cac1f81b47ac2163add3801b408fd2;p=thirdparty%2Fopenssl.git

Move ssl_err.c into libcrypto

We move ssl_err.c out of libssl and into libcrypto. This file is entirely
self contained and is used to load error strings into the libcrypto error
tables. By moving this file into libcrypto, libssl can be unloaded safely
without having dangling references to this error information.

Fixes #26672

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26931)

(cherry picked from commit aaad33c5ac1ce574229066ca3ce47ef3510a6e8d)
---

diff --git a/crypto/build.info b/crypto/build.info
index 2642d30754b..f9fbca0603b 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -107,7 +107,7 @@ SOURCE[../libcrypto]=$UTIL_COMMON \
         comp_methods.c cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c \
         o_dir.c o_fopen.c getenv.c o_init.c init.c trace.c provider.c \
         provider_child.c punycode.c passphrase.c sleep.c deterministic_nonce.c \
-        quic_vlint.c time.c defaults.c
+        quic_vlint.c time.c defaults.c ssl_err.c
 SOURCE[../providers/libfips.a]=$UTIL_COMMON
 
 SOURCE[../libcrypto]=$UPLINKSRC
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index f3802a05b5c..22f87d4c139 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -17,7 +17,7 @@ L ASN1          include/openssl/asn1err.h       crypto/asn1/asn1_err.c
 L CONF          include/openssl/conferr.h       crypto/conf/conf_err.c                  include/crypto/conferr.h
 L CRYPTO        include/openssl/cryptoerr.h     crypto/cpt_err.c                        include/crypto/cryptoerr.h
 L EC            include/openssl/ecerr.h         crypto/ec/ec_err.c                      include/crypto/ecerr.h
-L SSL           include/openssl/sslerr.h        ssl/ssl_err.c                           ssl/sslerr.h
+L SSL           include/openssl/sslerr.h        crypto/ssl_err.c                        crypto/sslerr.h
 L BIO           include/openssl/bioerr.h        crypto/bio/bio_err.c                    include/crypto/bioerr.h
 L PKCS7         include/openssl/pkcs7err.h      crypto/pkcs7/pkcs7err.c                 include/crypto/pkcs7err.h
 L X509V3        include/openssl/x509v3err.h     crypto/x509/v3err.c                     include/crypto/x509v3err.h
diff --git a/crypto/init.c b/crypto/init.c
index 07bcf839522..659e90968d2 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -32,7 +32,9 @@
 #include "crypto/store.h"
 #include <openssl/cmp_util.h> /* for OSSL_CMP_log_close() */
 #include <openssl/trace.h>
+#include <openssl/ssl.h> /* for OPENSSL_INIT_(NO_)?LOAD_SSL_STRINGS */
 #include "crypto/ctype.h"
+#include "sslerr.h"
 
 static int stopped = 0;
 static uint64_t optsdone = 0;
@@ -208,6 +210,28 @@ DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,
     return 1;
 }
 
+static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
+{
+    /*
+     * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
+     * pulling in all the error strings during static linking
+     */
+#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
+    OSSL_TRACE(INIT, "ossl_init_load_ssl_strings: ossl_err_load_SSL_strings()\n");
+    ossl_err_load_SSL_strings();
+#endif
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings,
+                           ossl_init_load_ssl_strings)
+{
+    /* Do nothing in this case */
+    return 1;
+}
+
 static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
 {
@@ -562,6 +586,15 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
             && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
         return 0;
 
+    if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
+        && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings,
+                         ossl_init_load_ssl_strings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
+        && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings))
+        return 0;
+
     if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
             && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers,
                              ossl_init_add_all_ciphers))
diff --git a/ssl/ssl_err.c b/crypto/ssl_err.c
similarity index 100%
rename from ssl/ssl_err.c
rename to crypto/ssl_err.c
diff --git a/ssl/sslerr.h b/crypto/sslerr.h
similarity index 100%
rename from ssl/sslerr.h
rename to crypto/sslerr.h
diff --git a/ssl/build.info b/ssl/build.info
index adfc966379a..8f41e15dbbf 100644
--- a/ssl/build.info
+++ b/ssl/build.info
@@ -17,7 +17,7 @@ SOURCE[../libssl]=\
         ssl_lib.c ssl_cert.c ssl_sess.c \
         ssl_ciph.c ssl_stat.c ssl_rsa.c \
         ssl_asn1.c ssl_txt.c ssl_init.c ssl_conf.c  ssl_mcnf.c \
-        bio_ssl.c ssl_err.c ssl_err_legacy.c tls_srp.c t1_trce.c ssl_utst.c \
+        bio_ssl.c ssl_err_legacy.c tls_srp.c t1_trce.c ssl_utst.c \
         statem/statem.c \
         ssl_cert_comp.c \
         tls_depr.c
diff --git a/ssl/ssl_err_legacy.c b/ssl/ssl_err_legacy.c
index 7ce25e1f111..db8fafbe42f 100644
--- a/ssl/ssl_err_legacy.c
+++ b/ssl/ssl_err_legacy.c
@@ -9,12 +9,12 @@
 
 /* This is the C source file where we include this header directly */
 #include <openssl/sslerr_legacy.h>
-#include "sslerr.h"
+#include <openssl/ssl.h>
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
 int ERR_load_SSL_strings(void)
 {
-    return ossl_err_load_SSL_strings();
+    return OPENSSL_init_crypto(OPENSSL_INIT_LOAD_SSL_STRINGS, 0);
 }
 #else
 NON_EMPTY_TRANSLATION_UNIT
diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
index ea6f60f72d6..0584b19b7b5 100644
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -14,7 +14,6 @@
 #include <openssl/evp.h>
 #include <openssl/trace.h>
 #include "ssl_local.h"
-#include "sslerr.h"
 #include "internal/thread_once.h"
 
 static int stopped;
@@ -38,28 +37,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
     return 1;
 }
 
-static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT;
-
-DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
-{
-    /*
-     * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
-     * pulling in all the error strings during static linking
-     */
-#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
-    OSSL_TRACE(INIT, "ossl_init_load_ssl_strings: ossl_err_load_SSL_strings()\n");
-    ossl_err_load_SSL_strings();
-#endif
-    return 1;
-}
-
-DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings,
-                           ossl_init_load_ssl_strings)
-{
-    /* Do nothing in this case */
-    return 1;
-}
-
 /*
  * If this function is called with a non NULL settings value then it must be
  * called prior to any threads making calls to any OpenSSL functions,
@@ -95,14 +72,5 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
     if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
         return 0;
 
-    if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
-        && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings,
-                         ossl_init_load_ssl_strings))
-        return 0;
-
-    if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
-        && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings))
-        return 0;
-
     return 1;
 }