2
0
mirror of https://github.com/openssl/openssl.git synced 2025-01-12 13:36:28 +08:00
Commit Graph

41 Commits

Author SHA1 Message Date
Matt Caswell
da1c088f59 Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
2023-09-07 09:59:15 +01:00
Dr. Matthias St. Pierre
ca857d7332 apps/opt: refactor input format parsing
- split OPT_FMT_PEMDER flag into OPT_FMT_PEM and OPT_FMT_DER
- add OPT_FMT_B64 option (`-inform b64`)

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)
2023-06-09 09:47:34 +02:00
Dr. David von Oheimb
323c47532e APPS/{storeutl,gendsa}: give error on extra arguments, improve doc
Point out that options must be given before the final file/URI arg.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20156)
2023-02-02 08:58:10 +01:00
Benny Baumann
aac6ae3774 Avoid unchecked string concatenation
To avoid the issue of overflowing the buffer start while
building up the help string prefix this rewrite of the
string building logic does multiple smaller writes to
opt_printf_stderr. While this is slower it completely
avoids the buffer overflow issue and does not place
any (unchecked) length constraints on the name of passed
options. Instead such long options are gracefully
wrapped onto the next line.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12265)
2022-05-23 10:07:09 +10:00
Benny Baumann
0d1a0ed63d Avoid potential OOB if width > sizeof(start)
This can't currently happen due to sizeof(start) being way larger than MAX_OPT_HELP_WIDTH,
but wasn't checked for previously. With this patch there still remains one (static) OOB,
when the length of the option name and the valtype2param string for that argument overflow
the buffer in opt_print. This is kinda unlikely, unless someone intentionally crafts a
long option name, in which case this would become some trivial stack buffer overrun with
possibility to overwrite pointer to the OPTIONS structure (a long o->name is critical here).

I sincerely hope we trust our built-in documentation to not exploit ourselves.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12265)
2022-05-23 10:07:09 +10:00
Matt Caswell
fecb3aae22 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
2022-05-03 13:34:51 +01:00
Dr. David von Oheimb
2c2724476e APPS: Add check for multiple 'unknown' options
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)
2022-01-11 12:45:33 +01:00
Pauli
f0fc3c10d0 fix Coverity 1494649: dead code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17230)
2021-12-10 09:47:09 +11:00
Dr. David von Oheimb
d9f073575f APPS: Improve diagnostics on missing/extra args and unknown cipher/digest
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16450)
2021-12-07 15:26:40 +01:00
Pauli
09b430cd87 app: add library context and propq arguments to opt_md() and opt_cipher()
Also avoid calling EVP_get_XXXbyname() if legacy paths aren't allowed.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
2021-07-12 09:13:41 +10:00
Richard Levitte
2086818a31 APPS: Make fallback opt_[u]intmax() implementations based on long
Also ensure that opt_intmax() and opt_uintmax() does the right thing
if sizeof([u]intmax_t) is smaller than sizeof(ossl_[u]intmax_t).

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15825)
2021-06-22 19:50:04 +10:00
Pauli
fa8ff9e4e8 apps: limit get_cipher() to not return AEAD or XTS ciphers
Add a get_cipher_any() function to access these in addition to more normal ciphers

Fixes 

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)
2021-06-16 18:32:30 +10:00
Pauli
3334e039cf add libctx and property query to fetch functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
2021-06-15 18:26:47 +10:00
Dr. David von Oheimb
56c4f6fe72 APPS: Allow duplicate entries in options list, marking them OPT_DUP
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15126)
2021-05-20 16:31:22 +02:00
Dr. David von Oheimb
601fe8e0d7 APPS: Allow non-option parameters appear anywhere in list, marking them OPT_PARAM
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15126)
2021-05-20 16:31:22 +02:00
Dr. David von Oheimb
284076982d APPS: Slightly extend and improve documentation of the opt_ API
Also remove redundant opt_name() and make names of opt_{i,u}ntmax() consistent.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15111)
2021-05-05 20:48:20 +02:00
Rich Salz
f4407385f5 APPS: Document the core of the opt_ API
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14995)
2021-05-01 13:11:49 +02:00
Tomas Mraz
eaf8a40d97 Prefer fetch over legacy get_digestby/get_cipherby
Fixes 

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15028)
2021-04-28 09:38:31 +02:00
Dr. David von Oheimb
d830526c71 APPS: Improve diagnostics for string options and options expecting int >= 0
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14970)
2021-04-24 18:54:32 +02:00
Dr. David von Oheimb
1ae33400bf APPS: Prevent ASAN hickup on idempotent strncpy() in opt_progname()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14970)
2021-04-24 18:54:32 +02:00
Rich Salz
a78c7c0bfe Flip ordering back
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14219)
2021-04-20 10:12:29 +02:00
Rich Salz
99adfa455c Fetch before get-by-name
This causes tests to break.  Pushing it to help others debug.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14219)
2021-04-20 10:12:29 +02:00
Rich Salz
606a417fb2 Fetch and free cipher and md's
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14219)
2021-04-20 10:12:29 +02:00
Dr. David von Oheimb
f56c9c7c94 APPS and TEST: Make sure prog name is set for usage output
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14841)
2021-04-14 16:51:11 +02:00
Jon Spillett
05f41859dd Switch to BIO_snprintf to avoid missing symbol problems on Windows
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14063)
2021-02-05 18:03:40 +10:00
Richard Levitte
4333b89f50 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
2021-01-28 13:54:57 +01:00
Shane Lontis
5b5eea4b60 Deprecate EC_KEY + Update ec apps to use EVP_PKEY
Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:22:14 +01:00
Dr. David von Oheimb
855c68163b apps/lib/opt.c: Fix error message on unknown option/digest
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
2021-01-13 11:53:15 +01:00
Dr. David von Oheimb
678cae0295 APPS: Print help also on -h and --h; print high-level help when no cmd given
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13799)
2021-01-11 19:39:49 +01:00
Dr. David von Oheimb
3372039252 APPS: Fix confusion between program and app/command name used in diagnostic/help output
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13799)
2021-01-11 19:39:49 +01:00
Shane Lontis
9a62ccbe8a Fix fipsinstall module path
If a path is specified with the -module option it will use this path to load the library when the provider is activated,
instead of also having to set the environment variable OPENSSL_MODULES.

Added a platform specific opt_path_end() function that uses existing functionality used by opt_progname().

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12761)
2020-09-11 03:50:09 +10:00
Dr. David von Oheimb
f009e37c76 Extend error output of apps/opt_format() to all error cases
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
2020-06-13 15:13:21 +02:00
Dr. David von Oheimb
2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
2020-06-13 15:13:21 +02:00
David von Oheimb
51c833ac2d Improve feedback on wrong format with new print_format_error() in apps/lib/opt.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/4940)
2020-04-24 18:00:24 +02:00
Matt Caswell
33388b44b6 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
2020-04-23 13:55:52 +01:00
Rich Salz
e0e68f9e34 Tweak option error messages
Better messages for unknown option, unknown cipher, unknown digest.

Fixes 

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10774)
2020-01-11 00:21:29 +01:00
Rich Salz
92de469fbd Document command parameters.
Add documentation for all commands that have parameters.
Fix a couple of minor doc and programming bugs, too.

Fixes 

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10371)
2019-11-20 09:49:52 +01:00
Rich Salz
5388f9862d Add "sections" to -help output
Remove "Valid options" label, since all commands have sections (and
[almost] always the first one is "General options").
Have "list --options" ignore section headers
Reformat ts's additional help

Add output section

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9953)
2019-11-08 06:08:30 +10:00
Richard Levitte
fd3397fc47 Add -CAstore and similar to all openssl commands that have -CApath
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
2019-11-03 18:38:23 +01:00
Jon Spillett
4ed838915b Add option grouping capability to apps
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9920)
2019-09-19 21:14:21 +10:00
Richard Levitte
2ad75c6c13 Move libapps.a source to apps/lib
This makes it clearer what's what.  The 'openssl' application and its
sub-commands remain in apps/

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9723)
2019-09-04 17:26:07 +02:00