Move ssl_err.c into libcrypto

We move ssl_err.c out of libssl and into libcrypto. This file is entirely self contained and is used to load error strings into the libcrypto error tables. By moving this file into libcrypto, libssl can be unloaded safely without having dangling references to this error information. Fixes #26672 Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Tim Hudson <[email protected]> (Merged from openssl/openssl#26931)
ibmruntimes · Mar 1, 2025 · aaad33c · aaad33c
1 parent 31b5f3f
commit aaad33c
Show file tree

Hide file tree

Showing 8 changed files with 38 additions and 37 deletions.
diff --git a/crypto/build.info b/crypto/build.info
@@ -107,7 +107,7 @@ SOURCE[../libcrypto]=$UTIL_COMMON \
         comp_methods.c cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c \
         o_dir.c o_fopen.c getenv.c o_init.c init.c trace.c provider.c \
         provider_child.c punycode.c passphrase.c sleep.c deterministic_nonce.c \
-        quic_vlint.c time.c defaults.c
+        quic_vlint.c time.c defaults.c ssl_err.c
 SOURCE[../providers/libfips.a]=$UTIL_COMMON
 
 SOURCE[../libcrypto]=$UPLINKSRC

diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
@@ -17,7 +17,7 @@ L ASN1          include/openssl/asn1err.h       crypto/asn1/asn1_err.c
 L CONF          include/openssl/conferr.h       crypto/conf/conf_err.c                  include/crypto/conferr.h
 L CRYPTO        include/openssl/cryptoerr.h     crypto/cpt_err.c                        include/crypto/cryptoerr.h
 L EC            include/openssl/ecerr.h         crypto/ec/ec_err.c                      include/crypto/ecerr.h
-L SSL           include/openssl/sslerr.h        ssl/ssl_err.c                           ssl/sslerr.h
+L SSL           include/openssl/sslerr.h        crypto/ssl_err.c                        crypto/sslerr.h
 L BIO           include/openssl/bioerr.h        crypto/bio/bio_err.c                    include/crypto/bioerr.h
 L PKCS7         include/openssl/pkcs7err.h      crypto/pkcs7/pkcs7err.c                 include/crypto/pkcs7err.h
 L X509V3        include/openssl/x509v3err.h     crypto/x509/v3err.c                     include/crypto/x509v3err.h

diff --git a/crypto/init.c b/crypto/init.c
@@ -32,7 +32,9 @@
 #include "crypto/store.h"
 #include <openssl/cmp_util.h> /* for OSSL_CMP_log_close() */
 #include <openssl/trace.h>
+#include <openssl/ssl.h> /* for OPENSSL_INIT_(NO_)?LOAD_SSL_STRINGS */
 #include "crypto/ctype.h"
+#include "sslerr.h"
 
 static int stopped = 0;
 static uint64_t optsdone = 0;
@@ -208,6 +210,28 @@ DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,
     return 1;
 }
 
+static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
+{
+    /*
+     * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
+     * pulling in all the error strings during static linking
+     */
+#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
+    OSSL_TRACE(INIT, "ossl_init_load_ssl_strings: ossl_err_load_SSL_strings()\n");
+    ossl_err_load_SSL_strings();
+#endif
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings,
+                           ossl_init_load_ssl_strings)
+{
+    /* Do nothing in this case */
+    return 1;
+}
+
 static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
 {
@@ -562,6 +586,15 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
             && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
         return 0;
 
+    if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
+        && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings,
+                         ossl_init_load_ssl_strings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
+        && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings))
+        return 0;
+
     if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
             && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers,
                              ossl_init_add_all_ciphers))

diff --git a/ssl/ssl_err.c → crypto/ssl_err.c b/ssl/ssl_err.c → crypto/ssl_err.c
diff --git a/ssl/sslerr.h → crypto/sslerr.h b/ssl/sslerr.h → crypto/sslerr.h
diff --git a/ssl/build.info b/ssl/build.info
@@ -13,7 +13,7 @@ SOURCE[../libssl]=\
         ssl_lib.c ssl_cert.c ssl_sess.c \
         ssl_ciph.c ssl_stat.c ssl_rsa.c \
         ssl_asn1.c ssl_txt.c ssl_init.c ssl_conf.c  ssl_mcnf.c \
-        bio_ssl.c ssl_err.c ssl_err_legacy.c tls_srp.c t1_trce.c ssl_utst.c \
+        bio_ssl.c ssl_err_legacy.c tls_srp.c t1_trce.c ssl_utst.c \
         statem/statem.c \
         ssl_cert_comp.c \
         tls_depr.c

diff --git a/ssl/ssl_err_legacy.c b/ssl/ssl_err_legacy.c
@@ -9,12 +9,12 @@
 
 /* This is the C source file where we include this header directly */
 #include <openssl/sslerr_legacy.h>
-#include "sslerr.h"
+#include <openssl/ssl.h>
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
 int ERR_load_SSL_strings(void)
 {
-    return ossl_err_load_SSL_strings();
+    return OPENSSL_init_crypto(OPENSSL_INIT_LOAD_SSL_STRINGS, 0);
 }
 #else
 NON_EMPTY_TRANSLATION_UNIT

diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
@@ -14,7 +14,6 @@
 #include <openssl/evp.h>
 #include <openssl/trace.h>
 #include "ssl_local.h"
-#include "sslerr.h"
 #include "internal/thread_once.h"
 #include "internal/rio_notifier.h"    /* for ossl_wsa_cleanup() */
 
@@ -39,28 +38,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
     return 1;
 }
 
-static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT;
-
-DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
-{
-    /*
-     * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
-     * pulling in all the error strings during static linking
-     */
-#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
-    OSSL_TRACE(INIT, "ossl_init_load_ssl_strings: ossl_err_load_SSL_strings()\n");
-    ossl_err_load_SSL_strings();
-#endif
-    return 1;
-}
-
-DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings,
-                           ossl_init_load_ssl_strings)
-{
-    /* Do nothing in this case */
-    return 1;
-}
-
 /*
  * If this function is called with a non NULL settings value then it must be
  * called prior to any threads making calls to any OpenSSL functions,
@@ -96,14 +73,5 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
     if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
         return 0;
 
-    if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
-        && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings,
-                         ossl_init_load_ssl_strings))
-        return 0;
-
-    if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
-        && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings))
-        return 0;
-
     return 1;
 }