#
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
|
#
a753547e |
| 15-Jul-2024 |
Neil Horman |
Fix coverity-1604665 Coverity issued an error in the opt_uintmax code, detecting a potential overflow on a cast to ossl_intmax_t Looks like it was just a typo, casting m from ui
Fix coverity-1604665 Coverity issued an error in the opt_uintmax code, detecting a potential overflow on a cast to ossl_intmax_t Looks like it was just a typo, casting m from uintmax_t to ossl_intmax_t Fix it by correcting the cast to be ossl_uintmax_t, as would be expected Theres also some conditionals that seem like they should be removed, but I'll save that for later, as there may be some corner cases in which ossl_uintmax_t isn't equal in size to uintmax_t..maybe. Fixes openssl/private#567 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24897)
show more ...
|
#
d6688e45 |
| 03-Dec-2023 |
Bernd Edlinger |
Fix a possible memleak in opt_verify The ASN1_OBJECT otmp was leaked if X509_VERIFY_PARAM_add0_policy fails. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom
Fix a possible memleak in opt_verify The ASN1_OBJECT otmp was leaked if X509_VERIFY_PARAM_add0_policy fails. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22922)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
#
ca857d73 |
| 26-Sep-2018 |
Dr. Matthias St. Pierre |
apps/opt: refactor input format parsing - split OPT_FMT_PEMDER flag into OPT_FMT_PEM and OPT_FMT_DER - add OPT_FMT_B64 option (`-inform b64`) Reviewed-by: Dmitry Belyavskiy <bel
apps/opt: refactor input format parsing - split OPT_FMT_PEMDER flag into OPT_FMT_PEM and OPT_FMT_DER - add OPT_FMT_B64 option (`-inform b64`) Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7320)
show more ...
|
#
323c4753 |
| 27-Jan-2023 |
Dr. David von Oheimb |
APPS/{storeutl,gendsa}: give error on extra arguments, improve doc Point out that options must be given before the final file/URI arg. Reviewed-by: Paul Dale <pauli@openssl.org>
APPS/{storeutl,gendsa}: give error on extra arguments, improve doc Point out that options must be given before the final file/URI arg. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20156)
show more ...
|
#
aac6ae37 |
| 24-Jun-2020 |
Benny Baumann |
Avoid unchecked string concatenation To avoid the issue of overflowing the buffer start while building up the help string prefix this rewrite of the string building logic does multip
Avoid unchecked string concatenation To avoid the issue of overflowing the buffer start while building up the help string prefix this rewrite of the string building logic does multiple smaller writes to opt_printf_stderr. While this is slower it completely avoids the buffer overflow issue and does not place any (unchecked) length constraints on the name of passed options. Instead such long options are gracefully wrapped onto the next line. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12265)
show more ...
|
#
0d1a0ed6 |
| 24-Jun-2020 |
Benny Baumann |
Avoid potential OOB if width > sizeof(start) This can't currently happen due to sizeof(start) being way larger than MAX_OPT_HELP_WIDTH, but wasn't checked for previously. With this patch
Avoid potential OOB if width > sizeof(start) This can't currently happen due to sizeof(start) being way larger than MAX_OPT_HELP_WIDTH, but wasn't checked for previously. With this patch there still remains one (static) OOB, when the length of the option name and the valtype2param string for that argument overflow the buffer in opt_print. This is kinda unlikely, unless someone intentionally crafts a long option name, in which case this would become some trivial stack buffer overrun with possibility to overwrite pointer to the OPTIONS structure (a long o->name is critical here). I sincerely hope we trust our built-in documentation to not exploit ourselves. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12265)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
2c272447 |
| 24-Aug-2021 |
Dr. David von Oheimb |
APPS: Add check for multiple 'unknown' options Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16416)
|
#
f0fc3c10 |
| 08-Dec-2021 |
Pauli |
fix Coverity 1494649: dead code Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17230)
|
#
d9f07357 |
| 27-Aug-2021 |
Dr. David von Oheimb |
APPS: Improve diagnostics on missing/extra args and unknown cipher/digest Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16450)
|
#
09b430cd |
| 08-Jul-2021 |
Pauli |
app: add library context and propq arguments to opt_md() and opt_cipher() Also avoid calling EVP_get_XXXbyname() if legacy paths aren't allowed. Reviewed-by: Tomas Mraz <tomas@opens
app: add library context and propq arguments to opt_md() and opt_cipher() Also avoid calling EVP_get_XXXbyname() if legacy paths aren't allowed. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16022)
show more ...
|
#
2086818a |
| 18-Jun-2021 |
Richard Levitte |
APPS: Make fallback opt_[u]intmax() implementations based on long Also ensure that opt_intmax() and opt_uintmax() does the right thing if sizeof([u]intmax_t) is smaller than sizeof(ossl_
APPS: Make fallback opt_[u]intmax() implementations based on long Also ensure that opt_intmax() and opt_uintmax() does the right thing if sizeof([u]intmax_t) is smaller than sizeof(ossl_[u]intmax_t). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15825)
show more ...
|
#
fa8ff9e4 |
| 15-Jun-2021 |
Pauli |
apps: limit get_cipher() to not return AEAD or XTS ciphers Add a get_cipher_any() function to access these in addition to more normal ciphers Fixes #7720 Reviewed-by: Tomas
apps: limit get_cipher() to not return AEAD or XTS ciphers Add a get_cipher_any() function to access these in addition to more normal ciphers Fixes #7720 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15747)
show more ...
|
#
3334e039 |
| 10-Jun-2021 |
Pauli |
add libctx and property query to fetch functions Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
|
#
56c4f6fe |
| 12-Apr-2021 |
Dr. David von Oheimb |
APPS: Allow duplicate entries in options list, marking them OPT_DUP Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15126)
|
#
601fe8e0 |
| 03-Apr-2021 |
Dr. David von Oheimb |
APPS: Allow non-option parameters appear anywhere in list, marking them OPT_PARAM Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15126)
|
#
28407698 |
| 01-May-2021 |
Dr. David von Oheimb |
APPS: Slightly extend and improve documentation of the opt_ API Also remove redundant opt_name() and make names of opt_{i,u}ntmax() consistent. Reviewed-by: Tomas Mraz <tomas@openss
APPS: Slightly extend and improve documentation of the opt_ API Also remove redundant opt_name() and make names of opt_{i,u}ntmax() consistent. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15111)
show more ...
|
#
f4407385 |
| 01-May-2021 |
Rich Salz |
APPS: Document the core of the opt_ API Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/opens
APPS: Document the core of the opt_ API Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/14995)
show more ...
|
#
eaf8a40d |
| 26-Apr-2021 |
Tomas Mraz |
Prefer fetch over legacy get_digestby/get_cipherby Fixes #14198 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15028)
|
#
d830526c |
| 21-Apr-2021 |
Dr. David von Oheimb |
APPS: Improve diagnostics for string options and options expecting int >= 0 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14970)
|
#
1ae33400 |
| 21-Apr-2021 |
Dr. David von Oheimb |
APPS: Prevent ASAN hickup on idempotent strncpy() in opt_progname() Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14970)
|
#
a78c7c0b |
| 16-Apr-2021 |
Rich Salz |
Flip ordering back Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14219)
|
#
99adfa45 |
| 15-Apr-2021 |
Rich Salz |
Fetch before get-by-name This causes tests to break. Pushing it to help others debug. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit
Fetch before get-by-name This causes tests to break. Pushing it to help others debug. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14219)
show more ...
|