openssl/crypto
Alexandr Nedvedicky 7f8aba2f44 Limit the number of http headers when receiving the http response
Change introduces a default limit on HTTP headers we expect to receive
from server to 256. If limit is exceeded http client library indicates
HTTP_R_RESPONSE_TOO_MANY_HDRLINES error. Application can use
OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() to change default.
Setting limit to 0 implies no limit (current behavior).

Fixes #22264

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23781)
2024-03-12 19:35:41 +01:00
..
aes Fix a few incorrect paths in some build.info files 2024-02-02 14:12:49 +01:00
aria
asn1 Add appropriate lower bound checks for GeneralizedTime and UTCTime 2024-02-25 09:17:41 +01:00
async
bf
bio Fix BIO_get_new_index() to return an error when it is exhausted. 2024-03-11 11:34:25 +00:00
bn Avoid an infinite loop in BN_GF2m_mod_inv 2023-12-12 16:08:59 +00:00
buffer
camellia
cast Copyright year updates 2023-09-07 09:59:15 +01:00
chacha chachap10-ppc.pl: Fix truncated relocation 2024-02-22 13:11:24 +01:00
cmac Add appropriate NULL checks in EVP_CIPHER api 2024-01-25 08:27:53 -05:00
cmp crypto/cmp: add OSSL_CMP_MSG_get0_certreq_publickey(); fix coding style nit 2024-03-06 08:49:28 +01:00
cms Add appropriate NULL checks in EVP_CIPHER api 2024-01-25 08:27:53 -05:00
comp Copyright year updates 2023-09-07 09:59:15 +01:00
conf Add exemplar use case for rcu locks 2024-02-01 08:33:25 -05:00
crmf Copyright year updates 2023-09-07 09:59:15 +01:00
ct
des Copyright year updates 2023-09-07 09:59:15 +01:00
dh Fix typos 2024-01-23 14:31:03 +00:00
dsa Fix typos 2024-01-23 14:31:03 +00:00
dso replace strstr() with strchr() for single characters 2024-01-25 16:39:09 +01:00
ec OpenSSL License is applied for some source files, change to Apache 2 2024-02-19 10:06:04 +01:00
encode_decode Check for NULL cleanup function before using it in encoder_process 2024-02-16 08:34:11 -05:00
engine Revert "Improved detection of engine-provided private "classic" keys" 2024-01-31 18:40:13 +01:00
err Limit the number of http headers when receiving the http response 2024-03-12 19:35:41 +01:00
ess
evp Fix new typos found by codespell 2024-02-14 09:36:11 +01:00
ffc DH_check_pub_key() should not fail when setting result code 2023-10-11 16:22:27 +02:00
hmac
hpke OpenSSL License is applied for some source files, change to Apache 2 2024-02-19 10:06:04 +01:00
http Limit the number of http headers when receiving the http response 2024-03-12 19:35:41 +01:00
idea
kdf
lhash Introduce hash thunking functions to do proper casting 2024-01-17 10:47:04 -05:00
md2
md4
md5 md5: add assembly implementation for loongarch64 2023-12-27 10:15:29 +01:00
mdc2
modes aes_platform.h, gcm128.c: fix Darwin PowerPC macro to include ppc64 2024-01-12 19:33:33 +01:00
objects Fix arithmetic expression overflow 2024-01-15 10:49:25 +01:00
ocsp Copyright year updates 2023-09-07 09:59:15 +01:00
pem Copyright year updates 2023-09-28 14:23:29 +01:00
perlasm x86_64-xlate.pl: Fix build with icx and nvc compilers 2023-11-24 17:21:39 +01:00
pkcs7 PKCS7: Remove one of the duplicate checks 2024-03-11 15:19:15 +01:00
pkcs12 Add NULL checks where ContentInfo data can be NULL 2024-01-25 15:27:43 +00:00
poly1305 poly1305_ieee754.c: fix PowerPC macros 2024-01-15 10:45:07 +01:00
property Fixed Visual Studio 2008 compiler errors 2024-02-16 16:34:29 +01:00
rand internal/common.h: rename macro (un)likely to ossl_(un)likely 2023-11-03 21:08:22 +01:00
rc2 Copyright year updates 2023-09-07 09:59:15 +01:00
rc4 Copyright year updates 2023-09-07 09:59:15 +01:00
rc5 Copyright year updates 2023-09-07 09:59:15 +01:00
ripemd
rsa Limit the execution time of RSA public key check 2024-01-15 10:54:34 +01:00
seed
sha Fix a few incorrect paths in some build.info files 2024-02-02 14:12:49 +01:00
siphash
sm2 Optimize the implementation of ec_field_size() 2024-01-31 10:27:51 +00:00
sm3 riscv: Support sm3 on platforms with vlen >= 128. 2023-10-26 15:55:50 +01:00
sm4 Fix sm4-xts aarch64 assembly implementation bug 2024-02-08 09:55:11 +01:00
srp Copyright year updates 2023-09-28 14:23:29 +01:00
stack Make OPENSSL_sk_push return only 0 or 1 2024-01-04 14:51:48 +01:00
store Copyright year updates 2023-09-28 14:23:29 +01:00
thread Copyright year updates 2023-09-07 09:59:15 +01:00
ts Copyright year updates 2023-09-07 09:59:15 +01:00
txt_db Copyright year updates 2023-09-07 09:59:15 +01:00
ui Copyright year updates 2023-09-07 09:59:15 +01:00
whrlpool Copyright year updates 2023-09-07 09:59:15 +01:00
x509 Fix a memory leak on successful load of CRL 2024-03-07 11:03:31 +01:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h Apply the AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100 2024-02-22 16:07:02 +01:00
armcap.c Apply the AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100 2024-02-22 16:07:02 +01:00
armv4cpuid.pl Copyright year updates 2023-09-07 09:59:15 +01:00
asn1_dsa.c
bsearch.c
build.info Do not include sparse_array.o in libssl 2023-09-22 20:42:48 +02:00
c64xpluscpuid.pl
context.c Copyright year updates 2023-09-07 09:59:15 +01:00
core_algorithm.c
core_fetch.c
core_namemap.c Copyright year updates 2023-09-07 09:59:15 +01:00
cpt_err.c
cpuid.c Copyright year updates 2023-09-28 14:23:29 +01:00
cryptlib.c Copyright year updates 2023-09-07 09:59:15 +01:00
ctype.c Copyright year updates 2023-09-07 09:59:15 +01:00
cversion.c
der_writer.c
deterministic_nonce.c Copyright year updates 2023-09-07 09:59:15 +01:00
dllmain.c
ebcdic.c
ex_data.c Fix error handling in CRYPTO_get_ex_new_index 2023-09-21 14:43:08 +02:00
getenv.c
ia64cpuid.S
info.c Copyright year updates 2023-09-07 09:59:15 +01:00
init.c Add atexit configuration option to using atexit() in libcrypto at build-time. 2024-02-01 20:26:42 -05:00
initthread.c crypto/initthread.c: fix misspelled OSSL_provider_init() in comment 2023-10-26 15:45:41 +01:00
loongarch64cpuid.pl LoongArch64 assembly pack: Really implement OPENSSL_rdtsc 2023-12-19 18:34:34 +01:00
loongarch_arch.h Copyright year updates 2023-09-07 09:59:15 +01:00
loongarchcap.c Copyright year updates 2023-09-07 09:59:15 +01:00
LPdir_nyi.c
LPdir_unix.c Copyright year updates 2023-09-07 09:59:15 +01:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c Add locking to CRYPTO_secure_used 2023-12-01 09:03:04 -05:00
mem.c Windows: use srand() instead of srandom() 2023-10-13 15:04:42 +02:00
mips_arch.h
o_dir.c
o_fopen.c
o_init.c
o_str.c Fix off by one issue in buf2hexstr_sep() 2024-03-01 10:50:01 +01:00
o_time.c
packet.c Copyright year updates 2023-09-07 09:59:15 +01:00
param_build_set.c ossl_param_build_set_multi_key_bn(): Do not set NULL BIGNUMs 2023-10-18 18:07:13 +02:00
param_build.c params: drop INT_MAX checks 2023-12-29 10:21:10 +01:00
params_dup.c
params_from_text.c Have OSSL_PARAM_allocate_from_text() fail on odd number of hex digits 2024-01-25 16:36:55 +01:00
params_idx.c.in
params.c Check appropriate OSSL_PARAM_get_* functions for NULL 2024-01-09 16:56:55 +01:00
pariscid.pl
passphrase.c
ppccap.c
ppccpuid.pl
provider_child.c Copyright year updates 2023-09-07 09:59:15 +01:00
provider_conf.c Fix remaining provider config settings to be decisive in value 2023-12-27 09:32:48 +01:00
provider_core.c After initializing a provider, check if its output dispatch table is NULL 2023-12-04 15:12:34 +01:00
provider_local.h
provider_predefined.c
provider.c Copyright year updates 2023-09-07 09:59:15 +01:00
punycode.c Copyright year updates 2023-09-07 09:59:15 +01:00
quic_vlint.c
rcu_internal.h RCU lock implementation 2024-02-01 08:33:25 -05:00
README-sparse_array.md
riscv32cpuid.pl
riscv64cpuid.pl riscv: Add basic vector extension support 2023-10-26 15:55:49 +01:00
riscvcap.c riscv: Add basic vector extension support 2023-10-26 15:55:49 +01:00
s390x_arch.h Copyright year updates 2023-09-07 09:59:15 +01:00
s390xcap.c Copyright year updates 2023-09-07 09:59:15 +01:00
s390xcpuid.pl
self_test_core.c
sleep.c Copyright year updates 2023-09-07 09:59:15 +01:00
sparccpuid.S
sparcv9cap.c
sparse_array.c
threads_lib.c
threads_none.c RCU lock implementation 2024-02-01 08:33:25 -05:00
threads_pthread.c Fix the grammar as suggsted in the review 2024-02-14 09:36:11 +01:00
threads_win.c RCU lock implementation 2024-02-01 08:33:25 -05:00
time.c Copyright year updates 2023-09-07 09:59:15 +01:00
trace.c "foo * bar" should be "foo *bar" 2023-09-11 10:15:30 +02:00
uid.c Copyright year updates 2023-09-07 09:59:15 +01:00
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl