mirror of https://github.com/openssl/openssl.git synced 2025-02-11 14:22:43 +08:00

History

Neil Horman 682fd21afb Detect and prevent recursive config parsing If a malformed config file is provided such as the following: openssl_conf = openssl_init [openssl_init] providers = provider_sect [provider_sect] = provider_sect The config parsing library will crash overflowing the stack, as it recursively parses the same provider_sect ad nauseum. Prevent this by maintaing a list of visited nodes as we recurse through referenced sections, and erroring out in the event we visit any given section node more than once. Note, adding the test for this revealed that our diagnostic code inadvertently pops recorded errors off the error stack because provider_conf_load returns success even in the event that a configuration parse failed. The call path to provider_conf_load has been updated in this commit to address that shortcoming, allowing recorded errors to be visibile to calling applications. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22898)		2023-12-21 13:38:31 -05:00
..
build.info	QUIC err handling: Save and restore error state	2023-07-07 15:13:29 +02:00
err_all_legacy.c
err_all.c	Copyright year updates	2023-09-07 09:59:15 +01:00
err_blocks.c
err_local.h	Copyright year updates	2023-09-07 09:59:15 +01:00
err_mark.c	ERR: Add ERR_pop()	2023-12-21 08:12:06 +00:00
err_prn.c
err_save.c	Ensure that the ERR_STATE is left in a consistent state	2023-10-23 10:08:12 +01:00
err.c	Ensure that the ERR_STATE is left in a consistent state	2023-10-23 10:08:12 +01:00
openssl.ec	Write SSL_R alerts to error state to keep updated strings	2023-01-05 19:48:01 +01:00
openssl.txt	Detect and prevent recursive config parsing	2023-12-21 13:38:31 -05:00
README.md	crypto/err: expand on error code generation	2022-12-12 11:38:37 +01:00

README.md

Adding new libraries

When adding a new sub-library to OpenSSL, assign it a library number ERR_LIB_XXX, define a macro XXXerr() (both in err.h), add its name to ERR_str_libraries[] (in crypto/err/err.c), and add ERR_load_XXX_strings() to the ERR_load_crypto_strings() function (in crypto/err/err_all.c). Finally, add an entry:

L      XXX     xxx.h   xxx_err.c

to crypto/err/openssl.ec, and add xxx_err.c to the Makefile. Running make errors will then generate a file xxx_err.c, and add all error codes used in the library to xxx.h.

Additionally the library include file must have a certain form. Typically it will initially look like this:

#ifndef HEADER_XXX_H
#define HEADER_XXX_H

#ifdef __cplusplus
extern "C" {
#endif

/* Include files */

#include <openssl/bio.h>
#include <openssl/x509.h>

/* Macros, structures and function prototypes */


/* BEGIN ERROR CODES */

The BEGIN ERROR CODES sequence is used by the error code generation script as the point to place new error codes, any text after this point will be overwritten when make errors is run. The closing #endif etc will be automatically added by the script.

The generated C error code file xxx_err.c will load the header files stdio.h, openssl/err.h and openssl/xxx.h so the header file must load any additional header files containing any definitions it uses.

Adding new error codes

Instead of manually adding error codes into crypto/err/openssl.txt, it is recommended to leverage make update for error code generation. The target will process relevant sources and generate error codes for any used error codes.

If an error code is added manually into crypto/err/openssl.txt, subsequent make update has no effect.