#
682fd21a |
| 30-Nov-2023 |
Neil Horman |
Detect and prevent recursive config parsing If a malformed config file is provided such as the following: openssl_conf = openssl_init [openssl_init] providers = provider_sec
Detect and prevent recursive config parsing If a malformed config file is provided such as the following: openssl_conf = openssl_init [openssl_init] providers = provider_sect [provider_sect] = provider_sect The config parsing library will crash overflowing the stack, as it recursively parses the same provider_sect ad nauseum. Prevent this by maintaing a list of visited nodes as we recurse through referenced sections, and erroring out in the event we visit any given section node more than once. Note, adding the test for this revealed that our diagnostic code inadvertently pops recorded errors off the error stack because provider_conf_load returns success even in the event that a configuration parse failed. The call path to provider_conf_load has been updated in this commit to address that shortcoming, allowing recorded errors to be visibile to calling applications. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22898)
show more ...
|
#
b93f6c2d |
| 25-May-2021 |
Pauli |
err: rename err_load_xxx_strings_int functions The new names are ossl_err_load_xxx_strings. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@ope
err: rename err_load_xxx_strings_int functions The new names are ossl_err_load_xxx_strings. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15446)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16 |
|
#
3fb985fd |
| 29-Apr-2021 |
Rich Salz |
Allow absolute paths to be set It was a mistake to allow relative paths for include files (just like root shouldn't have "." in its PATH), but we probably can't change it now. Add a
Allow absolute paths to be set It was a mistake to allow relative paths for include files (just like root shouldn't have "." in its PATH), but we probably can't change it now. Add a new pragma "abspath" that someone can put in the system-wide config file to require absolute paths. Also update the config documentation to better explain how file inclusion works. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15090)
show more ...
|
Revision tags: openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
14a6c6a4 |
| 12-Nov-2020 |
Richard Levitte |
ERR: Rebuild all generated error headers and source files This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from ht
ERR: Rebuild all generated error headers and source files This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13390)
show more ...
|
Revision tags: openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
#
33b4f731 |
| 07-Aug-2020 |
Pauli |
conf: add an error if the openssl_conf section isn't found. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12602)
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
#
0255c174 |
| 06-May-2019 |
Richard Levitte |
Add a .pragma directive for configuration files Currently added pragma: .pragma dollarid:on This allows dollar signs to be a keyword character unless it's followed by a
Add a .pragma directive for configuration files Currently added pragma: .pragma dollarid:on This allows dollar signs to be a keyword character unless it's followed by a opening brace or parenthesis. Fixes #8207 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8882)
show more ...
|
#
0cd1b144 |
| 04-Sep-2019 |
Richard Levitte |
util/mkerr.pl: make it not depend on the function code The output C code was made to use ERR_func_error_string() to see if a string table was already loaded or not. Since this function
util/mkerr.pl: make it not depend on the function code The output C code was made to use ERR_func_error_string() to see if a string table was already loaded or not. Since this function returns NULL always, this check became useless. Change it to use ERR_reason_error_string() instead, as there's no reason to believe we will get rid of reason strings, ever. To top it off, we rebuild all affected C sources. Fixes #9756 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9756)
show more ...
|
#
cbfa5b03 |
| 11-Jul-2019 |
Rich Salz |
Regenerate mkerr files Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9058)
|
Revision tags: OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
2044d382 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in crypto/conf/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull
Following the license change, modify the boilerplates in crypto/conf/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7785)
show more ...
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i |
|
#
c9ecb131 |
| 03-Jul-2018 |
Pauli |
NCONF_get_number refix. Fix the NULL check lack in a different way that is more compatible with non-NULL branch. Refer #6632 Also mark and pop the error stack instead of cleari
NCONF_get_number refix. Fix the NULL check lack in a different way that is more compatible with non-NULL branch. Refer #6632 Also mark and pop the error stack instead of clearing all errors when something goes awry in CONF_get_number. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6643)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4 |
|
#
d8f031e8 |
| 30-Mar-2018 |
Matt Caswell |
Move the loading of the ssl_conf module to libcrypto The GOST engine needs to be loaded before we initialise libssl. Otherwise the GOST ciphersuites are not enabled. However the SSL conf
Move the loading of the ssl_conf module to libcrypto The GOST engine needs to be loaded before we initialise libssl. Otherwise the GOST ciphersuites are not enabled. However the SSL conf module must be loaded before we initialise libcrypto. Otherwise we will fail to read the SSL config from a config file properly. Another problem is that an application may make use of both libcrypto and libssl. If it performs libcrypto stuff first and OPENSSL_init_crypto() is called and loads a config file it will fail if that config file has any libssl stuff in it. This commit separates out the loading of the SSL conf module from the interpretation of its contents. The loading piece doesn't know anything about SSL so this can be moved to libcrypto. The interpretation of what it means remains in libssl. This means we can load the SSL conf data before libssl is there and interpret it when it later becomes available. Fixes #5809 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5818)
show more ...
|
#
cdb10bae |
| 03-Apr-2018 |
Rich Salz |
Set error code on alloc failures Almost all *alloc failures now set an error code. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.co
Set error code on alloc failures Almost all *alloc failures now set an error code. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5842)
show more ...
|
Revision tags: OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2 |
|
#
b524b808 |
| 27-Feb-2018 |
Tomas Mraz |
Add support for .include directive in config files Either files or directories of *.cnf or *.conf files can be included. Recursive inclusion of directories is not supported.
Add support for .include directive in config files Either files or directories of *.cnf or *.conf files can be included. Recursive inclusion of directories is not supported. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5351)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
52df25cf |
| 07-Jun-2017 |
Rich Salz |
make error tables const and separate header file Run perltidy on util/mkerr Change some mkerr flags, write some doc comments Make generated tables "const" when genearting lib-interna
make error tables const and separate header file Run perltidy on util/mkerr Change some mkerr flags, write some doc comments Make generated tables "const" when genearting lib-internal ones. Add "state" file for mkerr Renerate error tables and headers Rationalize declaration of ERR_load_XXX_strings Fix out-of-tree build Add -static; sort flags/vars for options. Also tweak code output Moved engines/afalg to engines (from master) Use -static flag Standard engine #include's of errors Don't linewrap err string tables unless necessary Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3392)
show more ...
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16 |
|
#
8a585601 |
| 10-Mar-2017 |
Matt Caswell |
Fix out-of-memory condition in conf conf has the ability to expand variables in config files. Repeatedly doing this can lead to an exponential increase in the amount of memory required.
Fix out-of-memory condition in conf conf has the ability to expand variables in config files. Repeatedly doing this can lead to an exponential increase in the amount of memory required. This places a limit on the length of a value that can result from an expansion. Credit to OSS-Fuzz for finding this problem. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2894)
show more ...
|
Revision tags: OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6 |
|
#
69588edb |
| 12-Jul-2016 |
Kurt Roeckx |
Check for errors allocating the error strings. Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #1330
|
Revision tags: OpenSSL-fips-2_0_13 |
|
#
0cd0a820 |
| 23-May-2016 |
Rich Salz |
Remove unused error/function codes. Add script to find unused err/reason codes Remove unused reason codes. Remove entries for unused functions Reviewed-by: Matt Caswell <mat
Remove unused error/function codes. Add script to find unused err/reason codes Remove unused reason codes. Remove entries for unused functions Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
b6cff313 |
| 17-May-2016 |
Rich Salz |
Manual fixes after copyright consolidation Reviewed-by: Richard Levitte <levitte@openssl.org>
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4, OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12, OpenSSL_1_0_1r, OpenSSL_1_0_2f, OpenSSL_1_1_0-pre2 |
|
#
34980760 |
| 18-Dec-2015 |
Rich Salz |
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
#
b8fb5989 |
| 03-Nov-2015 |
Dr. Stephen Henson |
Rebuild error source files. Rebuild error source files: the new mkerr.pl functionality will now pick up and translate static function names properly. Reviewed-by: Richard Levitt
Rebuild error source files. Rebuild error source files: the new mkerr.pl functionality will now pick up and translate static function names properly. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_1p, OpenSSL_1_0_2d, OpenSSL-fips-2_0_11, OpenSSL_1_0_1o, OpenSSL_1_0_2c, OpenSSL_0_9_8zg, OpenSSL_1_0_0s, OpenSSL_1_0_1n, OpenSSL_1_0_2b, OpenSSL-fips-2_0_10, OpenSSL_0_9_8zf, OpenSSL_1_0_0r, OpenSSL_1_0_1m, OpenSSL_1_0_2a, OpenSSL_1_0_2, master-post-auto-reformat |
|
#
0f113f3e |
| 22-Jan-2015 |
Matt Caswell |
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
|
Revision tags: OpenSSL_1_0_2-post-auto-reformat, OpenSSL_0_9_8-post-auto-reformat, OpenSSL_0_9_8-pre-auto-reformat, OpenSSL_1_0_0-post-auto-reformat, OpenSSL_1_0_0-pre-auto-reformat, OpenSSL_1_0_1-post-auto-reformat, OpenSSL_1_0_1-pre-auto-reformat, master-post-reformat, OpenSSL_0_9_8-pre-reformat, OpenSSL_0_9_8ze, OpenSSL_1_0_0-pre-reformat, OpenSSL_1_0_0q, OpenSSL_1_0_1-pre-reformat, OpenSSL_1_0_1l, master-pre-reformat, OpenSSL_1_0_2-pre-reformat, OpenSSL_0_9_8zd, OpenSSL_1_0_0p, OpenSSL_1_0_1k, OpenSSL_0_9_8-post-reformat, OpenSSL-fips-2_0_9, OpenSSL_1_0_1j, OpenSSL_1_0_0o, OpenSSL_0_9_8zc, OpenSSL_1_0_2-beta3, OpenSSL_0_9_8zb, OpenSSL_1_0_0n, OpenSSL_1_0_1i, OpenSSL_1_0_2-beta2, OpenSSL-fips-2_0_8, OpenSSL_1_0_1h, OpenSSL_1_0_0m, OpenSSL_0_9_8za, OpenSSL-fips-2_0_7, OpenSSL_1_0_1g, OpenSSL_1_0_2-beta1, OpenSSL_1_0_0l, OpenSSL_1_0_1f, OpenSSL-fips-2_0_6, OpenSSL-fips-2_0_5, OpenSSL-fips-2_0_4, OpenSSL-fips-2_0_3, OpenSSL_1_0_1e, OpenSSL_0_9_8y, OpenSSL_1_0_0k, OpenSSL_1_0_1d, OpenSSL-fips-2_0-pl1, OpenSSL-fips-2_0_2, OpenSSL-fips-2_0_1, OpenSSL_1_0_1c, OpenSSL_1_0_0j, OpenSSL_0_9_8x, OpenSSL_1_0_1b, OpenSSL_0_9_8w, OpenSSL_1_0_1a, OpenSSL_0_9_8v, OpenSSL_1_0_0i, OpenSSL_1_0_1, OpenSSL_1_0_0h, OpenSSL_0_9_8u, OpenSSL_1_0_1-beta3, OpenSSL_1_0_1-beta2, OpenSSL-fips-2_0, OpenSSL_1_0_0g, OpenSSL_0_9_8t, OpenSSL_0_9_8s, OpenSSL_1_0_0f, OpenSSL-fips-2_0-rc8, OpenSSL_1_0_1-beta1, OpenSSL-fips-2_0-rc7, OpenSSL-fips-2_0-rc6, OpenSSL-fips-2_0-rc5, OpenSSL-fips-2_0-rc4, OpenSSL-fips-2_0-rc3, OpenSSL-fips-2_0-rc2, OpenSSL-fips-2_0-rc1, OpenSSL-fips-1_2_3, OpenSSL-fips-1_2_2, OpenSSL-fips-1_2_1, OpenSSL_1_0_0e, OpenSSL_1_0_0d, OpenSSL_0_9_8r, OpenSSL_0_9_8q, OpenSSL_1_0_0c, OpenSSL_0_9_8p, OpenSSL_1_0_0b, OpenSSL_0_9_8o, OpenSSL_1_0_0a, OpenSSL_1_0_0, OpenSSL_0_9_8n, OpenSSL_0_9_8m, OpenSSL_0_9_8m-beta1, OpenSSL_1_0_0-beta5, OpenSSL_1_0_0-beta4, OpenSSL_0_9_8l, OpenSSL_1_0_0-beta3, OpenSSL_1_0_0-beta2, OpenSSL_1_0_0-beta1, OpenSSL_0_9_8k, OpenSSL_0_9_8j, OpenSSL_0_9_8i, OpenSSL_0_9_8h, OpenSSL_0_9_8g, OpenSSL_0_9_8f, FIPS_098_TEST_8, FIPS_098_TEST_7, FIPS_098_TEST_6, FIPS_098_TEST_5, FIPS_098_TEST_4, FIPS_098_TEST_3, FIPS_098_TEST_2, FIPS_098_TEST_1 |
|
#
2ec0be9e |
| 01-Apr-2007 |
Ben Laurie |
Don't die if the value is NULL (Coverity CID 98).
|
Revision tags: OpenSSL_0_9_7m, OpenSSL_0_9_8e |
|
#
47a9d527 |
| 21-Nov-2006 |
Dr. Stephen Henson |
Update from 0.9.8 stable. Eliminate duplicate error codes.
|
Revision tags: OpenSSL_0_9_7l, OpenSSL_0_9_8d, OpenSSL_0_9_8c, OpenSSL_0_9_7k, OpenSSL_0_9_7j, OpenSSL_0_9_8b, OpenSSL_FIPS_1_0, OpenSSL_0_9_7i, OpenSSL_0_9_8a, OpenSSL_0_9_7h, OpenSSL_0_9_8, FIPS_TEST_10, OpenSSL_0_9_8-beta6, OpenSSL_0_9_8-beta5, FIPS_TEST_9, OpenSSL_0_9_8-beta4, OpenSSL_0_9_8-beta3, BEN_FIPS_TEST_8, OpenSSL_0_9_8-beta2, OpenSSL_0_9_8-beta1 |
|
#
8afca8d9 |
| 11-May-2005 |
Bodo Möller |
Fix more error codes. (Also improve util/ck_errf.pl script, and occasionally fix source code formatting.)
|
#
aa4ce731 |
| 26-Apr-2005 |
Bodo Möller |
Fix various incorrect error function codes. ("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
|