| #
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
|
| #
a753547e |
| 15-Jul-2024 |
Neil Horman |
Fix coverity-1604665
Coverity issued an error in the opt_uintmax code, detecting a potential
overflow on a cast to ossl_intmax_t
Looks like it was just a typo, casting m from ui
Fix coverity-1604665
Coverity issued an error in the opt_uintmax code, detecting a potential
overflow on a cast to ossl_intmax_t
Looks like it was just a typo, casting m from uintmax_t to ossl_intmax_t
Fix it by correcting the cast to be ossl_uintmax_t, as would be expected
Theres also some conditionals that seem like they should be removed, but
I'll save that for later, as there may be some corner cases in which
ossl_uintmax_t isn't equal in size to uintmax_t..maybe.
Fixes openssl/private#567
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24897)
show more ...
|
| #
d6688e45 |
| 03-Dec-2023 |
Bernd Edlinger |
Fix a possible memleak in opt_verify
The ASN1_OBJECT otmp was leaked if X509_VERIFY_PARAM_add0_policy fails.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom
Fix a possible memleak in opt_verify
The ASN1_OBJECT otmp was leaked if X509_VERIFY_PARAM_add0_policy fails.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22922)
show more ...
|
| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
| #
ca857d73 |
| 26-Sep-2018 |
Dr. Matthias St. Pierre |
apps/opt: refactor input format parsing
- split OPT_FMT_PEMDER flag into OPT_FMT_PEM and OPT_FMT_DER
- add OPT_FMT_B64 option (`-inform b64`)
Reviewed-by: Dmitry Belyavskiy <bel
apps/opt: refactor input format parsing
- split OPT_FMT_PEMDER flag into OPT_FMT_PEM and OPT_FMT_DER
- add OPT_FMT_B64 option (`-inform b64`)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)
show more ...
|
| #
323c4753 |
| 27-Jan-2023 |
Dr. David von Oheimb |
APPS/{storeutl,gendsa}: give error on extra arguments, improve doc
Point out that options must be given before the final file/URI arg.
Reviewed-by: Paul Dale <pauli@openssl.org>
APPS/{storeutl,gendsa}: give error on extra arguments, improve doc
Point out that options must be given before the final file/URI arg.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20156)
show more ...
|
| #
aac6ae37 |
| 24-Jun-2020 |
Benny Baumann |
Avoid unchecked string concatenation
To avoid the issue of overflowing the buffer start while
building up the help string prefix this rewrite of the
string building logic does multip
Avoid unchecked string concatenation
To avoid the issue of overflowing the buffer start while
building up the help string prefix this rewrite of the
string building logic does multiple smaller writes to
opt_printf_stderr. While this is slower it completely
avoids the buffer overflow issue and does not place
any (unchecked) length constraints on the name of passed
options. Instead such long options are gracefully
wrapped onto the next line.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12265)
show more ...
|
| #
0d1a0ed6 |
| 24-Jun-2020 |
Benny Baumann |
Avoid potential OOB if width > sizeof(start)
This can't currently happen due to sizeof(start) being way larger than MAX_OPT_HELP_WIDTH,
but wasn't checked for previously. With this patch
Avoid potential OOB if width > sizeof(start)
This can't currently happen due to sizeof(start) being way larger than MAX_OPT_HELP_WIDTH,
but wasn't checked for previously. With this patch there still remains one (static) OOB,
when the length of the option name and the valtype2param string for that argument overflow
the buffer in opt_print. This is kinda unlikely, unless someone intentionally crafts a
long option name, in which case this would become some trivial stack buffer overrun with
possibility to overwrite pointer to the OPTIONS structure (a long o->name is critical here).
I sincerely hope we trust our built-in documentation to not exploit ourselves.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12265)
show more ...
|
| #
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
| #
2c272447 |
| 24-Aug-2021 |
Dr. David von Oheimb |
APPS: Add check for multiple 'unknown' options
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)
|
| #
f0fc3c10 |
| 08-Dec-2021 |
Pauli |
fix Coverity 1494649: dead code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17230)
|
| #
d9f07357 |
| 27-Aug-2021 |
Dr. David von Oheimb |
APPS: Improve diagnostics on missing/extra args and unknown cipher/digest
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16450)
|
| #
09b430cd |
| 08-Jul-2021 |
Pauli |
app: add library context and propq arguments to opt_md() and opt_cipher()
Also avoid calling EVP_get_XXXbyname() if legacy paths aren't allowed.
Reviewed-by: Tomas Mraz <tomas@opens
app: add library context and propq arguments to opt_md() and opt_cipher()
Also avoid calling EVP_get_XXXbyname() if legacy paths aren't allowed.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
show more ...
|
| #
2086818a |
| 18-Jun-2021 |
Richard Levitte |
APPS: Make fallback opt_[u]intmax() implementations based on long
Also ensure that opt_intmax() and opt_uintmax() does the right thing
if sizeof([u]intmax_t) is smaller than sizeof(ossl_
APPS: Make fallback opt_[u]intmax() implementations based on long
Also ensure that opt_intmax() and opt_uintmax() does the right thing
if sizeof([u]intmax_t) is smaller than sizeof(ossl_[u]intmax_t).
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15825)
show more ...
|
| #
fa8ff9e4 |
| 15-Jun-2021 |
Pauli |
apps: limit get_cipher() to not return AEAD or XTS ciphers
Add a get_cipher_any() function to access these in addition to more normal ciphers
Fixes #7720
Reviewed-by: Tomas
apps: limit get_cipher() to not return AEAD or XTS ciphers
Add a get_cipher_any() function to access these in addition to more normal ciphers
Fixes #7720
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)
show more ...
|
| #
3334e039 |
| 10-Jun-2021 |
Pauli |
add libctx and property query to fetch functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
|
| #
56c4f6fe |
| 12-Apr-2021 |
Dr. David von Oheimb |
APPS: Allow duplicate entries in options list, marking them OPT_DUP
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15126)
|
| #
601fe8e0 |
| 03-Apr-2021 |
Dr. David von Oheimb |
APPS: Allow non-option parameters appear anywhere in list, marking them OPT_PARAM
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15126)
|
| #
28407698 |
| 01-May-2021 |
Dr. David von Oheimb |
APPS: Slightly extend and improve documentation of the opt_ API
Also remove redundant opt_name() and make names of opt_{i,u}ntmax() consistent.
Reviewed-by: Tomas Mraz <tomas@openss
APPS: Slightly extend and improve documentation of the opt_ API
Also remove redundant opt_name() and make names of opt_{i,u}ntmax() consistent.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15111)
show more ...
|
| #
f4407385 |
| 01-May-2021 |
Rich Salz |
APPS: Document the core of the opt_ API
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/opens
APPS: Document the core of the opt_ API
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14995)
show more ...
|
| #
eaf8a40d |
| 26-Apr-2021 |
Tomas Mraz |
Prefer fetch over legacy get_digestby/get_cipherby
Fixes #14198
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15028)
|
| #
d830526c |
| 21-Apr-2021 |
Dr. David von Oheimb |
APPS: Improve diagnostics for string options and options expecting int >= 0
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14970)
|
| #
1ae33400 |
| 21-Apr-2021 |
Dr. David von Oheimb |
APPS: Prevent ASAN hickup on idempotent strncpy() in opt_progname()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14970)
|
| #
a78c7c0b |
| 16-Apr-2021 |
Rich Salz |
Flip ordering back
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14219)
|
| #
99adfa45 |
| 15-Apr-2021 |
Rich Salz |
Fetch before get-by-name
This causes tests to break. Pushing it to help others debug.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit
Fetch before get-by-name
This causes tests to break. Pushing it to help others debug.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14219)
show more ...
|
