git.openssl.org Git - openssl.git/rss - crypto/err/openssl.txt history https://git.openssl.org/gitweb/?p=openssl.git;a=history;f=crypto/err/openssl.txt Unnamed repository; edit this file 'description' to name the repository. en OpenSSL static/git-logo.png git.openssl.org Git - openssl.git/rss - crypto/err/openssl.txt history https://git.openssl.org/gitweb/?p=openssl.git;a=history;f=crypto/err/openssl.txt Tue, 12 Mar 2024 18:35:41 +0000 Tue, 12 Mar 2024 18:35:41 +0000 gitweb v.2.34.1/2.34.1 Limit the number of http headers when receiving the http response Alexandr Nedvedicky <sashan@openssl.org> Fri, 8 Mar 2024 10:21:18 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7f8aba2f44e9ca65b8a95987fa6c46020e1bdd6d https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7f8aba2f44e9ca65b8a95987fa6c46020e1bdd6d Limit the number of http headers when receiving the http response Limit the number of http headers when receiving the http response Change introduces a default limit on HTTP headers we expect to receive from server to 256. If limit is exceeded http client library indicates HTTP_R_RESPONSE_TOO_MANY_HDRLINES error. Application can use OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() to change default. Setting limit to 0 implies no limit (current behavior). Fixes #22264 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23781)
  • [D] crypto/err/openssl.txt
]]>
cmperr.h: use free reason value 106 rather than 197 for CMP_R_UNEXPECTED_SENDER Dr. David von Oheimb <dev@ddvo.net> Wed, 17 Jan 2024 17:32:46 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5003abae023e59f82add1d77d4b5739f9976c29c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5003abae023e59f82add1d77d4b5739f9976c29c cmperr.h: use free reason value 106 rather than 197 for CMP_R_UNEXPECTED_SENDER cmperr.h: use free reason value 106 rather than 197 for CMP_R_UNEXPECTED_SENDER Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/21660)
  • [D] crypto/err/openssl.txt
]]>
Add appropriate lower bound checks for GeneralizedTime and UTCTime Job Snijders <job@sobornost.net> Wed, 21 Feb 2024 21:26:50 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eadd8c4727b703049e4d2764751cb04f3108434d https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eadd8c4727b703049e4d2764751cb04f3108434d Add appropriate lower bound checks for GeneralizedTime and UTCTime Add appropriate lower bound checks for GeneralizedTime and UTCTime ITU-T X.690 / ISO/IEC 8825-1 section 11.7 and section 11.8 impose specific constraints on how GeneralizedTime and UTCTime can be encoded in BER/CER/DER. Following from these constraints a minimum length can be derived. Checking the length in this context can potentially help prevent applications from interpreting an invalid GeneralizedTime as a valid UTCTime. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23483)
  • [D] crypto/err/openssl.txt
]]>
make update Hugo Landau <hlandau@openssl.org> Fri, 2 Feb 2024 12:26:00 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f945986a180d0af7cc3029ffbae0c826f06e5c9d https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f945986a180d0af7cc3029ffbae0c826f06e5c9d make update make update Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23495)
  • [D] crypto/err/openssl.txt
]]>
QUIC: Add polling API Hugo Landau <hlandau@openssl.org> Wed, 31 Jan 2024 12:35:15 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a5ee0a08d2c074db741da99d29abb73386e00c7 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a5ee0a08d2c074db741da99d29abb73386e00c7 QUIC: Add polling API QUIC: Add polling API Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23495)
  • [D] crypto/err/openssl.txt
]]>
Fix error code collision Hugo Landau <hlandau@openssl.org> Tue, 30 Jan 2024 08:02:39 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=07e66f3c3d758619d8594e51afea80d7d23908db https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=07e66f3c3d758619d8594e51afea80d7d23908db Fix error code collision Fix error code collision Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23360)
  • [D] crypto/err/openssl.txt
]]>
QUIC: Add new error codes for tuning API Hugo Landau <hlandau@openssl.org> Mon, 22 Jan 2024 13:14:53 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e203d1b542eba8dd7ae53b3def2abf8482acc4d8 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e203d1b542eba8dd7ae53b3def2abf8482acc4d8 QUIC: Add new error codes for tuning API QUIC: Add new error codes for tuning API Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23360)
  • [D] crypto/err/openssl.txt
]]>
QUIC APL: Implement optimised FIN API Hugo Landau <hlandau@openssl.org> Fri, 19 Jan 2024 14:52:44 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=113be15a5ee9aa79a70098e27071c46175cbbb18 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=113be15a5ee9aa79a70098e27071c46175cbbb18 QUIC APL: Implement optimised FIN API QUIC APL: Implement optimised FIN API Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23343)
  • [D] crypto/err/openssl.txt
]]>
Fix reason value collision for CMP_R_UNEXPECTED_SENDER Tomas Mraz <tomas@openssl.org> Wed, 17 Jan 2024 16:25:35 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c930ee52a4b0853fa42f0ca5942e59a68c6bca80 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c930ee52a4b0853fa42f0ca5942e59a68c6bca80 Fix reason value collision for CMP_R_UNEXPECTED_SENDER Fix reason value collision for CMP_R_UNEXPECTED_SENDER Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23323)
  • [D] crypto/err/openssl.txt
]]>
ossl_cmp_msg_check_update(): improve diagnostics of checking expected sender name Dr. David von Oheimb <David.von.Oheimb@siemens.com> Wed, 4 Jan 2023 12:45:57 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f21409fadf0e50130023656acc3ab72f8f72ff64 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f21409fadf0e50130023656acc3ab72f8f72ff64 ossl_cmp_msg_check_update(): improve diagnostics of checking expected sender name ossl_cmp_msg_check_update(): improve diagnostics of checking expected sender name Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19948)
  • [D] crypto/err/openssl.txt
]]>
crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery Dr. David von Oheimb <David.von.Oheimb@siemens.com> Fri, 28 Apr 2023 11:45:21 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bedffe1731e8c587d3d854e05535175863447dc3 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bedffe1731e8c587d3d854e05535175863447dc3 crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20727)
  • [D] crypto/err/openssl.txt
]]>
Detect and prevent recursive config parsing Neil Horman <nhorman@openssl.org> Thu, 30 Nov 2023 19:28:09 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=682fd21afb5428b5716e62eaefb09a7419f9cfd7 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=682fd21afb5428b5716e62eaefb09a7419f9cfd7 Detect and prevent recursive config parsing Detect and prevent recursive config parsing If a malformed config file is provided such as the following: openssl_conf = openssl_init [openssl_init] providers = provider_sect [provider_sect] = provider_sect The config parsing library will crash overflowing the stack, as it recursively parses the same provider_sect ad nauseum. Prevent this by maintaing a list of visited nodes as we recurse through referenced sections, and erroring out in the event we visit any given section node more than once. Note, adding the test for this revealed that our diagnostic code inadvertently pops recorded errors off the error stack because provider_conf_load returns success even in the event that a configuration parse failed. The call path to provider_conf_load has been updated in this commit to address that shortcoming, allowing recorded errors to be visibile to calling applications. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22898)
  • [D] crypto/err/openssl.txt
]]>
CMP lib and app: add optional certProfile request message header and respective ... Dr. David von Oheimb <David.von.Oheimb@siemens.com> Tue, 13 Jun 2023 19:56:57 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c6577ba9f5eb348476a53d822a4db6af0d36d36 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c6577ba9f5eb348476a53d822a4db6af0d36d36 CMP lib and app: add optional certProfile request message header and respective ... CMP lib and app: add optional certProfile request message header and respective -profile option Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21281)
  • [D] crypto/err/openssl.txt
]]>
Make DH_check_pub_key() and DH_generate_key() safer yet Richard Levitte <levitte@openssl.org> Fri, 20 Oct 2023 07:18:19 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ec061bf8ff2add8050599058557178c03295bcc0 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ec061bf8ff2add8050599058557178c03295bcc0 Make DH_check_pub_key() and DH_generate_key() safer yet Make DH_check_pub_key() and DH_generate_key() safer yet We already check for an excessively large P in DH_generate_key(), but not in DH_check_pub_key(), and none of them check for an excessively large Q. This change adds all the missing excessive size checks of P and Q. It's to be noted that behaviours surrounding excessively sized P and Q differ. DH_check() raises an error on the excessively sized P, but only sets a flag for the excessively sized Q. This behaviour is mimicked in DH_check_pub_key(). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22453)
  • [D] crypto/err/openssl.txt
]]>
EVP_PKEY_get_{bits,security_bits,size}(): add missing error queue entry on failure Dr. David von Oheimb <dev@ddvo.net> Fri, 20 Oct 2023 18:51:17 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ae643b32f91affe61dd411a58b76c8a44cbd7f50 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ae643b32f91affe61dd411a58b76c8a44cbd7f50 EVP_PKEY_get_{bits,security_bits,size}(): add missing error queue entry on failure EVP_PKEY_get_{bits,security_bits,size}(): add missing error queue entry on failure Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22459)
  • [D] crypto/err/openssl.txt
]]>
CMS_add1_signer(): add missing ERR_raise() calls Dr. David von Oheimb <dev@ddvo.net> Fri, 13 Oct 2023 20:12:22 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=72a99ef665b26fa207c0eee6e7e4842d1e42752c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=72a99ef665b26fa207c0eee6e7e4842d1e42752c CMS_add1_signer(): add missing ERR_raise() calls CMS_add1_signer(): add missing ERR_raise() calls Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22390)
  • [D] crypto/err/openssl.txt
]]>
rand: add extra error code Pauli <pauli@openssl.org> Mon, 25 Sep 2023 04:25:58 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a9483b8aa00753a2a9665273c0e376f3c1d36e65 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a9483b8aa00753a2a9665273c0e376f3c1d36e65 rand: add extra error code rand: add extra error code Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21964)
  • [D] crypto/err/openssl.txt
]]>
make update Hugo Landau <hlandau@openssl.org> Thu, 24 Aug 2023 07:11:13 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ade3baa6629b152185383605fb14d7b09483b409 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ade3baa6629b152185383605fb14d7b09483b409 make update make update Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21815)
  • [D] crypto/err/openssl.txt
]]>
QUIC APL: Implement backpressure on stream creation Hugo Landau <hlandau@openssl.org> Tue, 22 Aug 2023 15:59:57 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96fe5e5f964d44dfff8667fb3c0111a25be58c87 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96fe5e5f964d44dfff8667fb3c0111a25be58c87 QUIC APL: Implement backpressure on stream creation QUIC APL: Implement backpressure on stream creation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21815)
  • [D] crypto/err/openssl.txt
]]>
QUIC APL: Fix stream backpressure conditions to use non-I/O errors Hugo Landau <hlandau@openssl.org> Thu, 24 Aug 2023 10:28:17 +0000 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a5f58b2cf0d7b2fa0451603a88c3976c657dae9 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a5f58b2cf0d7b2fa0451603a88c3976c657dae9 QUIC APL: Fix stream backpressure conditions to use non-I/O errors QUIC APL: Fix stream backpressure conditions to use non-I/O errors Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21811)
  • [D] crypto/err/openssl.txt
]]>