Ensure that the ERR_STATE is left in a consistent state

We shouldn't ever have the case where the data flags indicate that
err_data has been malloc'd, but the err_data field is NULL.

Ensure that the ERR_STATE is left in a consistent state

We shouldn't ever have the case where the data flags indicate that
err_data has been malloc'd, but the err_data field is NULL.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)

show more ...

Fix typos found by codespell

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from ht

Fix typos found by codespell

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22063)

show more ...

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

QUIC err handling: Save and restore error state

We save the error state from the thread that encountered
a permanent error condition caused by system or internal
error to the QUIC_CH

QUIC err handling: Save and restore error state

We save the error state from the thread that encountered
a permanent error condition caused by system or internal
error to the QUIC_CHANNEL.

Then we restore it whenever we are returning to a user
call when protocol is shutdown.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21087)

show more ...

ERR: Make CRYPTO_malloc() and friends report ERR_R_MALLOC_FAILURE

Fixes #6251

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed

ERR: Make CRYPTO_malloc() and friends report ERR_R_MALLOC_FAILURE

Fixes #6251

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14833)

show more ...

err: get rid of err_free_strings_int()

Even though the function is not part of the public api, it is not
entirely removed, in order to minimize the chance of breakage,
because it is

err: get rid of err_free_strings_int()

Even though the function is not part of the public api, it is not
entirely removed, in order to minimize the chance of breakage,
because it is exported from libcrypto. Instead, we keep a dummy
implementation.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17974)

show more ...

err: fix crash in ERR_load_strings() when configured with no-err

This commit removes the entire initialization and cleanup of the
error string hash table (`int_error_hash`) if `no-err` i

err: fix crash in ERR_load_strings() when configured with no-err

This commit removes the entire initialization and cleanup of the
error string hash table (`int_error_hash`) if `no-err` is configured.
The only operative function remaining is `ERR_get_next_error_library()`.
That is the reason why the `err_string_lock` and hence the
`do_err_strings_init()` function can't be removed entirely.

Fixes #17971

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17974)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes

Move e_os.h to include/internal

Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.

Since we don't seem to b

Move e_os.h to include/internal

Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.

Since we don't seem to be able to stop ourselves, the better move is
to move e_os.h to an include directory that's part of the inclusion
path given to the compiler.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17641)

show more ...

ERR: Move ERR_set_mark(), ERR_pop_to_mark() and ERR_clear_last_mark()

Move them to their own source file, so they end up in a separate
object file. This allows providers to override the

ERR: Move ERR_set_mark(), ERR_pop_to_mark() and ERR_clear_last_mark()

Move them to their own source file, so they end up in a separate
object file. This allows providers to override their implementation
to use the corresponding OSSL_FUNC upcalls without having to
reimplement everything from crypto/err/err.c.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17474)

show more ...

Make ERR_str_reasons in err.c consistent again with err.h

Fixes printing generic reason strings, e.g., 'reason(524550)' vs. 'passed an invalid argument'

Reviewed-by: Richard Levitte

Make ERR_str_reasons in err.c consistent again with err.h

Fixes printing generic reason strings, e.g., 'reason(524550)' vs. 'passed an invalid argument'

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17056)

show more ...

ERR: exempt flags from fallback decimal reason code printing

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17072)

err: add unable to get lock errors

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15871)

DECODER: use property definitions instead of getting implementation parameters

The OSSL_DECODER library used to ask each decoder implementation for
certain data in form of parameters to

DECODER: use property definitions instead of getting implementation parameters

The OSSL_DECODER library used to ask each decoder implementation for
certain data in form of parameters to place them correctly in the
decoder chain, if at all. These parameters were duplicates of
properties of those same implementations, and therefore unnecessarily
redundant.

Now that we have functionality to query property definition values,
those duplicates are no longer needed, and are therefore not looked at
any more.

This adds the "global" error reason ERR_R_INVALID_PROPERTY_DEFINITION,
which can be re-used elsewhere.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15570)

show more ...

err: remove TODOs

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)

err: rename err_load_xxx_strings_int functions

The new names are ossl_err_load_xxx_strings.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@ope

err: rename err_load_xxx_strings_int functions

The new names are ossl_err_load_xxx_strings.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15446)

show more ...

rename err_get_state_int() to ossl_err_get_state_int()

Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/144

rename err_get_state_int() to ossl_err_get_state_int()

Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)

show more ...

Always check CRYPTO_LOCK_{read,write}_lock

Some functions that lock things are void, so we just return early.

Also make ossl_namemap_empty return 0 on error. Updated the docs, and

Always check CRYPTO_LOCK_{read,write}_lock

Some functions that lock things are void, so we just return early.

Also make ossl_namemap_empty return 0 on error. Updated the docs, and added
some code to ossl_namemap_stored() to handle the failure, and updated the
tests to allow for failure.

Fixes: #14230

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14238)

show more ...

Use OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL) in libcrypto

Calling OPENSSL_init_crypto(0, NULL) is a no-op and will
not properly initialize thread local handling.

Only t

Use OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL) in libcrypto

Calling OPENSSL_init_crypto(0, NULL) is a no-op and will
not properly initialize thread local handling.

Only the calls that are needed to initialize thread locals
are kept, the rest of the no-op calls are removed.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14497)

show more ...

Duplicate the file and func error strings

Errors raised from a provider that is subsequently unloaded from memory
may have references to strings representing the file and function that

Duplicate the file and func error strings

Errors raised from a provider that is subsequently unloaded from memory
may have references to strings representing the file and function that
are no longer present because the provider is no longer in memory. This
can cause crashes. To avoid this we duplicate the file and func strings.

Fixes #13623

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14213)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)

Use centralized fetching errors

We've spread around FETCH_FAILED errors in quite a few places, and
that gives somewhat crude error records, as there's no way to tell if
the error was

Use centralized fetching errors

We've spread around FETCH_FAILED errors in quite a few places, and
that gives somewhat crude error records, as there's no way to tell if
the error was unavailable algorithms or some other error at such high
levels.

As an alternative, we take recording of these kinds of errors down to
the fetching functions, which are in a much better place to tell what
kind of error it was, thereby relieving the higher level calls from
having to guess.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13467)

show more ...

ERR: drop err_delete_thread_state() TODO marker

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/ope

ERR: drop err_delete_thread_state() TODO marker

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13466)

show more ...

ERR: Drop or deprecate dangerous or overly confusing functions

ERR_get_error_line() is deprecated, and ERR_get_error_func() and
ERR_get_error_data() are removed in favor of ERR_get_error

ERR: Drop or deprecate dangerous or overly confusing functions

ERR_get_error_line() is deprecated, and ERR_get_error_func() and
ERR_get_error_data() are removed in favor of ERR_get_error_all(),
since they pop the error record, leaving the caller with only partial
error record data and no way to get the rest if the wish.

If it's desirable to retrieve data piecemeal, the caller should
consider using the diverse ERR_peek functions and finish off with
ERR_get_error().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13466)

show more ...

ERR: Restore the similarity of ERR_print_error_cb() and ERR_error_string_n()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13510)