remove prototypes with no matching function and externs with no var
partly checked by millert@

remove extern with no matching var; ok tb@

remove prototypes with no matching function; ok tb@

remove unused args_st struct
ok tb@

remove chopup_args() unused since apps.c rev 1.31
ok tb@

Drop policy printing from openssl

Nothing really uses the policy tree. It's desgined with built-in DoS
capabilities directly from the RFC. It will be removed from the attack
surface and replaced with something equivalent that doesn't grow
exponentially with the depth.

This removes the only reason the policy tree itself ever leaked out of
the library.

ok jsing

Implement openssl pkey -{,pub}check and pkeyparam -check

These expose EVP_PKEY_{,public_,param_}check() to the command line.
They are currently noops and will be enabled in the upcoming bump.

ok inoguchi jsing

openssl(1): drop support for netscape certificates and server gated keys.

ok inoguchi jsing

typo in comment

Add DB_TYPE_SUSP

Remove workarounds for SSL_is_dtls()

Reminded by inoguchi jsing

Fix duplicate SSL_is_dtls in libssl and apps.c

Currently, SSL_is_dtls exists in both libssl and apps.c,
and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet.
This causes portable build broke with openssl(1) and optionstest.
To solve this temporarily, rename SSL_is_dtls by apps.h.
This temporary renaming will be removed when the SSL_is_dtls() is exposed.

ok jsing@

Add option type OPTION_ORDER

To handle incremental order value, added new option type OPTION_ORDER.
openssl(1) x509 requires this option handling, since,
- -CA and -signkey require to set both filename and incremental 'num'.
- -dates requires to set two variables in a row, startdate and enddate.
and this couldn't be solved by OPTION_FLAG_ORD.

ok tb@ and "I'd move forward with your current plan." from jsing@

Add option type OPTION_UL_VALUE_OR

ok tb@

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Summarize the 4 same name functions and move it to apps.c

ok tb@ jsing@

openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET

Much more apt than the current operation names.

Names suggested by jca@ ages ago.

ok jca, jsing

Seperate real and user timer interfaces

Use more descriptive names, and make it clearer that real and user
timers work on different static storage. The end goal is to be able to
reuse those timer functions, instead of inlining other timer
implementations subject to clock jumps.

Discussed with Scott Cheloha

Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_t
prodding & ok jsing

Fix 32-bit time handling, using time_t and make it work on systems
where that is long long.
ok beck guenther

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Factor out setup_up / destroy_ui functions.

This pulls out and renames setup_ui/destroy_ui so we have something that
can be replaced as-needed, moving the the console setup code for Windows
to app_win.c in -portable, instead of needing a local patch to enable binary
console mode

ui_read/write are also simplified.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Add OPTION_ARG_LONG for handling of options with a long type.

ok doug@

Provide option types for binary AND, binary OR and silently discarding an
option.

Provide an option type that allows for a callback function to consume an
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.

Provide a mechanism for option parsing to return the number of arguments
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.

Provide two different function pointers for option function callbacks. This
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.

unifdef OPENSSL_NO_NEXTPROTONEG

More OPENSSL_NO_TLSEXT clean up.

Move the callback function pointer outside the opt union so that the option
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.

Add option handling with a callback function for argument processing.

Add option handling for ordered flags.

Add option handling for input/output formats.

Add an option type that handles argument to integer conversion.

Implement table-driven option parsing that allows an application to
specify what its valid options are and where it wants them to be stored.
This also allows for usage to be generated, almost for free, ensuring
that the options and usage are automatically kept in sync.

This will allow for a single option parsing implementation, rather than the
current one-hand-rolled-option-parsing-and-random-usage-implementation per
application.

As a starting point, port the openssl(1) rand application to the new option
parsing and usage (along with associated code clean up).

With input from doug@.

ok bcook@ doug@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

remove extern with no matching var; ok tb@

remove prototypes with no matching function; ok tb@

remove unused args_st struct
ok tb@

remove chopup_args() unused since apps.c rev 1.31
ok tb@

Drop policy printing from openssl

Nothing really uses the policy tree. It's desgined with built-in DoS
capabilities directly from the RFC. It will be removed from the attack
surface and replaced with something equivalent that doesn't grow
exponentially with the depth.

This removes the only reason the policy tree itself ever leaked out of
the library.

ok jsing

Implement openssl pkey -{,pub}check and pkeyparam -check

These expose EVP_PKEY_{,public_,param_}check() to the command line.
They are currently noops and will be enabled in the upcoming bump.

ok inoguchi jsing

openssl(1): drop support for netscape certificates and server gated keys.

ok inoguchi jsing

typo in comment

Add DB_TYPE_SUSP

Remove workarounds for SSL_is_dtls()

Reminded by inoguchi jsing

Fix duplicate SSL_is_dtls in libssl and apps.c

Currently, SSL_is_dtls exists in both libssl and apps.c,
and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet.
This causes portable build broke with openssl(1) and optionstest.
To solve this temporarily, rename SSL_is_dtls by apps.h.
This temporary renaming will be removed when the SSL_is_dtls() is exposed.

ok jsing@

Add option type OPTION_ORDER

To handle incremental order value, added new option type OPTION_ORDER.
openssl(1) x509 requires this option handling, since,
- -CA and -signkey require to set both filename and incremental 'num'.
- -dates requires to set two variables in a row, startdate and enddate.
and this couldn't be solved by OPTION_FLAG_ORD.

ok tb@ and "I'd move forward with your current plan." from jsing@

Add option type OPTION_UL_VALUE_OR

ok tb@

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Summarize the 4 same name functions and move it to apps.c

ok tb@ jsing@

openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET

Much more apt than the current operation names.

Names suggested by jca@ ages ago.

ok jca, jsing

Seperate real and user timer interfaces

Use more descriptive names, and make it clearer that real and user
timers work on different static storage. The end goal is to be able to
reuse those timer functions, instead of inlining other timer
implementations subject to clock jumps.

Discussed with Scott Cheloha

Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_t
prodding & ok jsing

Fix 32-bit time handling, using time_t and make it work on systems
where that is long long.
ok beck guenther

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Factor out setup_up / destroy_ui functions.

This pulls out and renames setup_ui/destroy_ui so we have something that
can be replaced as-needed, moving the the console setup code for Windows
to app_win.c in -portable, instead of needing a local patch to enable binary
console mode

ui_read/write are also simplified.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Add OPTION_ARG_LONG for handling of options with a long type.

ok doug@

Provide option types for binary AND, binary OR and silently discarding an
option.

Provide an option type that allows for a callback function to consume an
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.

Provide a mechanism for option parsing to return the number of arguments
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.

Provide two different function pointers for option function callbacks. This
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.

unifdef OPENSSL_NO_NEXTPROTONEG

More OPENSSL_NO_TLSEXT clean up.

Move the callback function pointer outside the opt union so that the option
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.

Add option handling with a callback function for argument processing.

Add option handling for ordered flags.

Add option handling for input/output formats.

Add an option type that handles argument to integer conversion.

Implement table-driven option parsing that allows an application to
specify what its valid options are and where it wants them to be stored.
This also allows for usage to be generated, almost for free, ensuring
that the options and usage are automatically kept in sync.

This will allow for a single option parsing implementation, rather than the
current one-hand-rolled-option-parsing-and-random-usage-implementation per
application.

As a starting point, port the openssl(1) rand application to the new option
parsing and usage (along with associated code clean up).

With input from doug@.

ok bcook@ doug@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

remove unused args_st struct
ok tb@

remove chopup_args() unused since apps.c rev 1.31
ok tb@

Drop policy printing from openssl

Nothing really uses the policy tree. It's desgined with built-in DoS
capabilities directly from the RFC. It will be removed from the attack
surface and replaced with something equivalent that doesn't grow
exponentially with the depth.

This removes the only reason the policy tree itself ever leaked out of
the library.

ok jsing

Implement openssl pkey -{,pub}check and pkeyparam -check

These expose EVP_PKEY_{,public_,param_}check() to the command line.
They are currently noops and will be enabled in the upcoming bump.

ok inoguchi jsing

openssl(1): drop support for netscape certificates and server gated keys.

ok inoguchi jsing

typo in comment

Add DB_TYPE_SUSP

Remove workarounds for SSL_is_dtls()

Reminded by inoguchi jsing

Fix duplicate SSL_is_dtls in libssl and apps.c

Currently, SSL_is_dtls exists in both libssl and apps.c,
and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet.
This causes portable build broke with openssl(1) and optionstest.
To solve this temporarily, rename SSL_is_dtls by apps.h.
This temporary renaming will be removed when the SSL_is_dtls() is exposed.

ok jsing@

Add option type OPTION_ORDER

To handle incremental order value, added new option type OPTION_ORDER.
openssl(1) x509 requires this option handling, since,
- -CA and -signkey require to set both filename and incremental 'num'.
- -dates requires to set two variables in a row, startdate and enddate.
and this couldn't be solved by OPTION_FLAG_ORD.

ok tb@ and "I'd move forward with your current plan." from jsing@

Add option type OPTION_UL_VALUE_OR

ok tb@

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Summarize the 4 same name functions and move it to apps.c

ok tb@ jsing@

openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET

Much more apt than the current operation names.

Names suggested by jca@ ages ago.

ok jca, jsing

Seperate real and user timer interfaces

Use more descriptive names, and make it clearer that real and user
timers work on different static storage. The end goal is to be able to
reuse those timer functions, instead of inlining other timer
implementations subject to clock jumps.

Discussed with Scott Cheloha

Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_t
prodding & ok jsing

Fix 32-bit time handling, using time_t and make it work on systems
where that is long long.
ok beck guenther

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Factor out setup_up / destroy_ui functions.

This pulls out and renames setup_ui/destroy_ui so we have something that
can be replaced as-needed, moving the the console setup code for Windows
to app_win.c in -portable, instead of needing a local patch to enable binary
console mode

ui_read/write are also simplified.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Add OPTION_ARG_LONG for handling of options with a long type.

ok doug@

Provide option types for binary AND, binary OR and silently discarding an
option.

Provide an option type that allows for a callback function to consume an
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.

Provide a mechanism for option parsing to return the number of arguments
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.

Provide two different function pointers for option function callbacks. This
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.

unifdef OPENSSL_NO_NEXTPROTONEG

More OPENSSL_NO_TLSEXT clean up.

Move the callback function pointer outside the opt union so that the option
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.

Add option handling with a callback function for argument processing.

Add option handling for ordered flags.

Add option handling for input/output formats.

Add an option type that handles argument to integer conversion.

Implement table-driven option parsing that allows an application to
specify what its valid options are and where it wants them to be stored.
This also allows for usage to be generated, almost for free, ensuring
that the options and usage are automatically kept in sync.

This will allow for a single option parsing implementation, rather than the
current one-hand-rolled-option-parsing-and-random-usage-implementation per
application.

As a starting point, port the openssl(1) rand application to the new option
parsing and usage (along with associated code clean up).

With input from doug@.

ok bcook@ doug@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Drop policy printing from openssl

Nothing really uses the policy tree. It's desgined with built-in DoS
capabilities directly from the RFC. It will be removed from the attack
surface and replaced with something equivalent that doesn't grow
exponentially with the depth.

This removes the only reason the policy tree itself ever leaked out of
the library.

ok jsing

Implement openssl pkey -{,pub}check and pkeyparam -check

These expose EVP_PKEY_{,public_,param_}check() to the command line.
They are currently noops and will be enabled in the upcoming bump.

ok inoguchi jsing

openssl(1): drop support for netscape certificates and server gated keys.

ok inoguchi jsing

typo in comment

Add DB_TYPE_SUSP

Remove workarounds for SSL_is_dtls()

Reminded by inoguchi jsing

Fix duplicate SSL_is_dtls in libssl and apps.c

Currently, SSL_is_dtls exists in both libssl and apps.c,
and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet.
This causes portable build broke with openssl(1) and optionstest.
To solve this temporarily, rename SSL_is_dtls by apps.h.
This temporary renaming will be removed when the SSL_is_dtls() is exposed.

ok jsing@

Add option type OPTION_ORDER

To handle incremental order value, added new option type OPTION_ORDER.
openssl(1) x509 requires this option handling, since,
- -CA and -signkey require to set both filename and incremental 'num'.
- -dates requires to set two variables in a row, startdate and enddate.
and this couldn't be solved by OPTION_FLAG_ORD.

ok tb@ and "I'd move forward with your current plan." from jsing@

Add option type OPTION_UL_VALUE_OR

ok tb@

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Summarize the 4 same name functions and move it to apps.c

ok tb@ jsing@

openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET

Much more apt than the current operation names.

Names suggested by jca@ ages ago.

ok jca, jsing

Seperate real and user timer interfaces

Use more descriptive names, and make it clearer that real and user
timers work on different static storage. The end goal is to be able to
reuse those timer functions, instead of inlining other timer
implementations subject to clock jumps.

Discussed with Scott Cheloha

Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_t
prodding & ok jsing

Fix 32-bit time handling, using time_t and make it work on systems
where that is long long.
ok beck guenther

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Factor out setup_up / destroy_ui functions.

This pulls out and renames setup_ui/destroy_ui so we have something that
can be replaced as-needed, moving the the console setup code for Windows
to app_win.c in -portable, instead of needing a local patch to enable binary
console mode

ui_read/write are also simplified.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Add OPTION_ARG_LONG for handling of options with a long type.

ok doug@

Provide option types for binary AND, binary OR and silently discarding an
option.

Provide an option type that allows for a callback function to consume an
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.

Provide a mechanism for option parsing to return the number of arguments
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.

Provide two different function pointers for option function callbacks. This
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.

unifdef OPENSSL_NO_NEXTPROTONEG

More OPENSSL_NO_TLSEXT clean up.

Move the callback function pointer outside the opt union so that the option
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.

Add option handling with a callback function for argument processing.

Add option handling for ordered flags.

Add option handling for input/output formats.

Add an option type that handles argument to integer conversion.

Implement table-driven option parsing that allows an application to
specify what its valid options are and where it wants them to be stored.
This also allows for usage to be generated, almost for free, ensuring
that the options and usage are automatically kept in sync.

This will allow for a single option parsing implementation, rather than the
current one-hand-rolled-option-parsing-and-random-usage-implementation per
application.

As a starting point, port the openssl(1) rand application to the new option
parsing and usage (along with associated code clean up).

With input from doug@.

ok bcook@ doug@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Implement openssl pkey -{,pub}check and pkeyparam -check

These expose EVP_PKEY_{,public_,param_}check() to the command line.
They are currently noops and will be enabled in the upcoming bump.

ok inoguchi jsing

openssl(1): drop support for netscape certificates and server gated keys.

ok inoguchi jsing

typo in comment

Add DB_TYPE_SUSP

Remove workarounds for SSL_is_dtls()

Reminded by inoguchi jsing

Fix duplicate SSL_is_dtls in libssl and apps.c

Currently, SSL_is_dtls exists in both libssl and apps.c,
and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet.
This causes portable build broke with openssl(1) and optionstest.
To solve this temporarily, rename SSL_is_dtls by apps.h.
This temporary renaming will be removed when the SSL_is_dtls() is exposed.

ok jsing@

Add option type OPTION_ORDER

To handle incremental order value, added new option type OPTION_ORDER.
openssl(1) x509 requires this option handling, since,
- -CA and -signkey require to set both filename and incremental 'num'.
- -dates requires to set two variables in a row, startdate and enddate.
and this couldn't be solved by OPTION_FLAG_ORD.

ok tb@ and "I'd move forward with your current plan." from jsing@

Add option type OPTION_UL_VALUE_OR

ok tb@

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Summarize the 4 same name functions and move it to apps.c

ok tb@ jsing@

openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET

Much more apt than the current operation names.

Names suggested by jca@ ages ago.

ok jca, jsing

Seperate real and user timer interfaces

Use more descriptive names, and make it clearer that real and user
timers work on different static storage. The end goal is to be able to
reuse those timer functions, instead of inlining other timer
implementations subject to clock jumps.

Discussed with Scott Cheloha

Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_t
prodding & ok jsing

Fix 32-bit time handling, using time_t and make it work on systems
where that is long long.
ok beck guenther

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Factor out setup_up / destroy_ui functions.

This pulls out and renames setup_ui/destroy_ui so we have something that
can be replaced as-needed, moving the the console setup code for Windows
to app_win.c in -portable, instead of needing a local patch to enable binary
console mode

ui_read/write are also simplified.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Add OPTION_ARG_LONG for handling of options with a long type.

ok doug@

Provide option types for binary AND, binary OR and silently discarding an
option.

Provide an option type that allows for a callback function to consume an
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.

Provide a mechanism for option parsing to return the number of arguments
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.

Provide two different function pointers for option function callbacks. This
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.

unifdef OPENSSL_NO_NEXTPROTONEG

More OPENSSL_NO_TLSEXT clean up.

Move the callback function pointer outside the opt union so that the option
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.

Add option handling with a callback function for argument processing.

Add option handling for ordered flags.

Add option handling for input/output formats.

Add an option type that handles argument to integer conversion.

Implement table-driven option parsing that allows an application to
specify what its valid options are and where it wants them to be stored.
This also allows for usage to be generated, almost for free, ensuring
that the options and usage are automatically kept in sync.

This will allow for a single option parsing implementation, rather than the
current one-hand-rolled-option-parsing-and-random-usage-implementation per
application.

As a starting point, port the openssl(1) rand application to the new option
parsing and usage (along with associated code clean up).

With input from doug@.

ok bcook@ doug@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

openssl(1): drop support for netscape certificates and server gated keys.

ok inoguchi jsing

typo in comment

Add DB_TYPE_SUSP

Remove workarounds for SSL_is_dtls()

Reminded by inoguchi jsing

Fix duplicate SSL_is_dtls in libssl and apps.c

Currently, SSL_is_dtls exists in both libssl and apps.c,
and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet.
This causes portable build broke with openssl(1) and optionstest.
To solve this temporarily, rename SSL_is_dtls by apps.h.
This temporary renaming will be removed when the SSL_is_dtls() is exposed.

ok jsing@

Add option type OPTION_ORDER

To handle incremental order value, added new option type OPTION_ORDER.
openssl(1) x509 requires this option handling, since,
- -CA and -signkey require to set both filename and incremental 'num'.
- -dates requires to set two variables in a row, startdate and enddate.
and this couldn't be solved by OPTION_FLAG_ORD.

ok tb@ and "I'd move forward with your current plan." from jsing@

Add option type OPTION_UL_VALUE_OR

ok tb@

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Summarize the 4 same name functions and move it to apps.c

ok tb@ jsing@

openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET

Much more apt than the current operation names.

Names suggested by jca@ ages ago.

ok jca, jsing

Seperate real and user timer interfaces

Use more descriptive names, and make it clearer that real and user
timers work on different static storage. The end goal is to be able to
reuse those timer functions, instead of inlining other timer
implementations subject to clock jumps.

Discussed with Scott Cheloha

Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_t
prodding & ok jsing

Fix 32-bit time handling, using time_t and make it work on systems
where that is long long.
ok beck guenther

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Factor out setup_up / destroy_ui functions.

This pulls out and renames setup_ui/destroy_ui so we have something that
can be replaced as-needed, moving the the console setup code for Windows
to app_win.c in -portable, instead of needing a local patch to enable binary
console mode

ui_read/write are also simplified.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Add OPTION_ARG_LONG for handling of options with a long type.

ok doug@

Provide option types for binary AND, binary OR and silently discarding an
option.

Provide an option type that allows for a callback function to consume an
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.

Provide a mechanism for option parsing to return the number of arguments
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.

Provide two different function pointers for option function callbacks. This
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.

unifdef OPENSSL_NO_NEXTPROTONEG

More OPENSSL_NO_TLSEXT clean up.

Move the callback function pointer outside the opt union so that the option
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.

Add option handling with a callback function for argument processing.

Add option handling for ordered flags.

Add option handling for input/output formats.

Add an option type that handles argument to integer conversion.

Implement table-driven option parsing that allows an application to
specify what its valid options are and where it wants them to be stored.
This also allows for usage to be generated, almost for free, ensuring
that the options and usage are automatically kept in sync.

This will allow for a single option parsing implementation, rather than the
current one-hand-rolled-option-parsing-and-random-usage-implementation per
application.

As a starting point, port the openssl(1) rand application to the new option
parsing and usage (along with associated code clean up).

With input from doug@.

ok bcook@ doug@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

typo in comment

Add DB_TYPE_SUSP

Remove workarounds for SSL_is_dtls()

Reminded by inoguchi jsing

Fix duplicate SSL_is_dtls in libssl and apps.c

Currently, SSL_is_dtls exists in both libssl and apps.c,
and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet.
This causes portable build broke with openssl(1) and optionstest.
To solve this temporarily, rename SSL_is_dtls by apps.h.
This temporary renaming will be removed when the SSL_is_dtls() is exposed.

ok jsing@

Add option type OPTION_ORDER

To handle incremental order value, added new option type OPTION_ORDER.
openssl(1) x509 requires this option handling, since,
- -CA and -signkey require to set both filename and incremental 'num'.
- -dates requires to set two variables in a row, startdate and enddate.
and this couldn't be solved by OPTION_FLAG_ORD.

ok tb@ and "I'd move forward with your current plan." from jsing@

Add option type OPTION_UL_VALUE_OR

ok tb@

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Summarize the 4 same name functions and move it to apps.c

ok tb@ jsing@

openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET

Much more apt than the current operation names.

Names suggested by jca@ ages ago.

ok jca, jsing

Seperate real and user timer interfaces

Use more descriptive names, and make it clearer that real and user
timers work on different static storage. The end goal is to be able to
reuse those timer functions, instead of inlining other timer
implementations subject to clock jumps.

Discussed with Scott Cheloha

Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_t
prodding & ok jsing

Fix 32-bit time handling, using time_t and make it work on systems
where that is long long.
ok beck guenther

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Factor out setup_up / destroy_ui functions.

This pulls out and renames setup_ui/destroy_ui so we have something that
can be replaced as-needed, moving the the console setup code for Windows
to app_win.c in -portable, instead of needing a local patch to enable binary
console mode

ui_read/write are also simplified.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Add OPTION_ARG_LONG for handling of options with a long type.

ok doug@

Provide option types for binary AND, binary OR and silently discarding an
option.

Provide an option type that allows for a callback function to consume an
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.

Provide a mechanism for option parsing to return the number of arguments
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.

Provide two different function pointers for option function callbacks. This
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.

unifdef OPENSSL_NO_NEXTPROTONEG

More OPENSSL_NO_TLSEXT clean up.

Move the callback function pointer outside the opt union so that the option
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.

Add option handling with a callback function for argument processing.

Add option handling for ordered flags.

Add option handling for input/output formats.

Add an option type that handles argument to integer conversion.

Implement table-driven option parsing that allows an application to
specify what its valid options are and where it wants them to be stored.
This also allows for usage to be generated, almost for free, ensuring
that the options and usage are automatically kept in sync.

This will allow for a single option parsing implementation, rather than the
current one-hand-rolled-option-parsing-and-random-usage-implementation per
application.

As a starting point, port the openssl(1) rand application to the new option
parsing and usage (along with associated code clean up).

With input from doug@.

ok bcook@ doug@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Add DB_TYPE_SUSP

Remove workarounds for SSL_is_dtls()

Reminded by inoguchi jsing

Fix duplicate SSL_is_dtls in libssl and apps.c

Currently, SSL_is_dtls exists in both libssl and apps.c,
and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet.
This causes portable build broke with openssl(1) and optionstest.
To solve this temporarily, rename SSL_is_dtls by apps.h.
This temporary renaming will be removed when the SSL_is_dtls() is exposed.

ok jsing@

Add option type OPTION_ORDER

To handle incremental order value, added new option type OPTION_ORDER.
openssl(1) x509 requires this option handling, since,
- -CA and -signkey require to set both filename and incremental 'num'.
- -dates requires to set two variables in a row, startdate and enddate.
and this couldn't be solved by OPTION_FLAG_ORD.

ok tb@ and "I'd move forward with your current plan." from jsing@

Add option type OPTION_UL_VALUE_OR

ok tb@

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Summarize the 4 same name functions and move it to apps.c

ok tb@ jsing@

openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET

Much more apt than the current operation names.

Names suggested by jca@ ages ago.

ok jca, jsing

Seperate real and user timer interfaces

Use more descriptive names, and make it clearer that real and user
timers work on different static storage. The end goal is to be able to
reuse those timer functions, instead of inlining other timer
implementations subject to clock jumps.

Discussed with Scott Cheloha

Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_t
prodding & ok jsing

Fix 32-bit time handling, using time_t and make it work on systems
where that is long long.
ok beck guenther

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Factor out setup_up / destroy_ui functions.

This pulls out and renames setup_ui/destroy_ui so we have something that
can be replaced as-needed, moving the the console setup code for Windows
to app_win.c in -portable, instead of needing a local patch to enable binary
console mode

ui_read/write are also simplified.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Add OPTION_ARG_LONG for handling of options with a long type.

ok doug@

Provide option types for binary AND, binary OR and silently discarding an
option.

Provide an option type that allows for a callback function to consume an
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.

Provide a mechanism for option parsing to return the number of arguments
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.

Provide two different function pointers for option function callbacks. This
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.

unifdef OPENSSL_NO_NEXTPROTONEG

More OPENSSL_NO_TLSEXT clean up.

Move the callback function pointer outside the opt union so that the option
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.

Add option handling with a callback function for argument processing.

Add option handling for ordered flags.

Add option handling for input/output formats.

Add an option type that handles argument to integer conversion.

Implement table-driven option parsing that allows an application to
specify what its valid options are and where it wants them to be stored.
This also allows for usage to be generated, almost for free, ensuring
that the options and usage are automatically kept in sync.

This will allow for a single option parsing implementation, rather than the
current one-hand-rolled-option-parsing-and-random-usage-implementation per
application.

As a starting point, port the openssl(1) rand application to the new option
parsing and usage (along with associated code clean up).

With input from doug@.

ok bcook@ doug@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Remove workarounds for SSL_is_dtls()

Reminded by inoguchi jsing

Fix duplicate SSL_is_dtls in libssl and apps.c

Currently, SSL_is_dtls exists in both libssl and apps.c,
and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet.
This causes portable build broke with openssl(1) and optionstest.
To solve this temporarily, rename SSL_is_dtls by apps.h.
This temporary renaming will be removed when the SSL_is_dtls() is exposed.

ok jsing@

Add option type OPTION_ORDER

To handle incremental order value, added new option type OPTION_ORDER.
openssl(1) x509 requires this option handling, since,
- -CA and -signkey require to set both filename and incremental 'num'.
- -dates requires to set two variables in a row, startdate and enddate.
and this couldn't be solved by OPTION_FLAG_ORD.

ok tb@ and "I'd move forward with your current plan." from jsing@

Add option type OPTION_UL_VALUE_OR

ok tb@

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Summarize the 4 same name functions and move it to apps.c

ok tb@ jsing@

openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET

Much more apt than the current operation names.

Names suggested by jca@ ages ago.

ok jca, jsing

Seperate real and user timer interfaces

Use more descriptive names, and make it clearer that real and user
timers work on different static storage. The end goal is to be able to
reuse those timer functions, instead of inlining other timer
implementations subject to clock jumps.

Discussed with Scott Cheloha

Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_t
prodding & ok jsing

Fix 32-bit time handling, using time_t and make it work on systems
where that is long long.
ok beck guenther

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Factor out setup_up / destroy_ui functions.

This pulls out and renames setup_ui/destroy_ui so we have something that
can be replaced as-needed, moving the the console setup code for Windows
to app_win.c in -portable, instead of needing a local patch to enable binary
console mode

ui_read/write are also simplified.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Add OPTION_ARG_LONG for handling of options with a long type.

ok doug@

Provide option types for binary AND, binary OR and silently discarding an
option.

Provide an option type that allows for a callback function to consume an
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.

Provide a mechanism for option parsing to return the number of arguments
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.

Provide two different function pointers for option function callbacks. This
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.

unifdef OPENSSL_NO_NEXTPROTONEG

More OPENSSL_NO_TLSEXT clean up.

Move the callback function pointer outside the opt union so that the option
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.

Add option handling with a callback function for argument processing.

Add option handling for ordered flags.

Add option handling for input/output formats.

Add an option type that handles argument to integer conversion.

Implement table-driven option parsing that allows an application to
specify what its valid options are and where it wants them to be stored.
This also allows for usage to be generated, almost for free, ensuring
that the options and usage are automatically kept in sync.

This will allow for a single option parsing implementation, rather than the
current one-hand-rolled-option-parsing-and-random-usage-implementation per
application.

As a starting point, port the openssl(1) rand application to the new option
parsing and usage (along with associated code clean up).

With input from doug@.

ok bcook@ doug@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Fix duplicate SSL_is_dtls in libssl and apps.c

Currently, SSL_is_dtls exists in both libssl and apps.c,
and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet.
This causes portable build broke with openssl(1) and optionstest.
To solve this temporarily, rename SSL_is_dtls by apps.h.
This temporary renaming will be removed when the SSL_is_dtls() is exposed.

ok jsing@

Add option type OPTION_ORDER

To handle incremental order value, added new option type OPTION_ORDER.
openssl(1) x509 requires this option handling, since,
- -CA and -signkey require to set both filename and incremental 'num'.
- -dates requires to set two variables in a row, startdate and enddate.
and this couldn't be solved by OPTION_FLAG_ORD.

ok tb@ and "I'd move forward with your current plan." from jsing@

Add option type OPTION_UL_VALUE_OR

ok tb@

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Summarize the 4 same name functions and move it to apps.c

ok tb@ jsing@

openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET

Much more apt than the current operation names.

Names suggested by jca@ ages ago.

ok jca, jsing

Seperate real and user timer interfaces

Use more descriptive names, and make it clearer that real and user
timers work on different static storage. The end goal is to be able to
reuse those timer functions, instead of inlining other timer
implementations subject to clock jumps.

Discussed with Scott Cheloha

Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_t
prodding & ok jsing

Fix 32-bit time handling, using time_t and make it work on systems
where that is long long.
ok beck guenther

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Factor out setup_up / destroy_ui functions.

This pulls out and renames setup_ui/destroy_ui so we have something that
can be replaced as-needed, moving the the console setup code for Windows
to app_win.c in -portable, instead of needing a local patch to enable binary
console mode

ui_read/write are also simplified.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Add OPTION_ARG_LONG for handling of options with a long type.

ok doug@

Provide option types for binary AND, binary OR and silently discarding an
option.

Provide an option type that allows for a callback function to consume an
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.

Provide a mechanism for option parsing to return the number of arguments
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.

Provide two different function pointers for option function callbacks. This
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.

unifdef OPENSSL_NO_NEXTPROTONEG

More OPENSSL_NO_TLSEXT clean up.

Move the callback function pointer outside the opt union so that the option
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.

Add option handling with a callback function for argument processing.

Add option handling for ordered flags.

Add option handling for input/output formats.

Add an option type that handles argument to integer conversion.

Implement table-driven option parsing that allows an application to
specify what its valid options are and where it wants them to be stored.
This also allows for usage to be generated, almost for free, ensuring
that the options and usage are automatically kept in sync.

This will allow for a single option parsing implementation, rather than the
current one-hand-rolled-option-parsing-and-random-usage-implementation per
application.

As a starting point, port the openssl(1) rand application to the new option
parsing and usage (along with associated code clean up).

With input from doug@.

ok bcook@ doug@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Add option type OPTION_ORDER

To handle incremental order value, added new option type OPTION_ORDER.
openssl(1) x509 requires this option handling, since,
- -CA and -signkey require to set both filename and incremental 'num'.
- -dates requires to set two variables in a row, startdate and enddate.
and this couldn't be solved by OPTION_FLAG_ORD.

ok tb@ and "I'd move forward with your current plan." from jsing@

Add option type OPTION_UL_VALUE_OR

ok tb@

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Summarize the 4 same name functions and move it to apps.c

ok tb@ jsing@

openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET

Much more apt than the current operation names.

Names suggested by jca@ ages ago.

ok jca, jsing

Seperate real and user timer interfaces

Use more descriptive names, and make it clearer that real and user
timers work on different static storage. The end goal is to be able to
reuse those timer functions, instead of inlining other timer
implementations subject to clock jumps.

Discussed with Scott Cheloha

Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_t
prodding & ok jsing

Fix 32-bit time handling, using time_t and make it work on systems
where that is long long.
ok beck guenther

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Factor out setup_up / destroy_ui functions.

This pulls out and renames setup_ui/destroy_ui so we have something that
can be replaced as-needed, moving the the console setup code for Windows
to app_win.c in -portable, instead of needing a local patch to enable binary
console mode

ui_read/write are also simplified.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Add OPTION_ARG_LONG for handling of options with a long type.

ok doug@

Provide option types for binary AND, binary OR and silently discarding an
option.

Provide an option type that allows for a callback function to consume an
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.

Provide a mechanism for option parsing to return the number of arguments
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.

Provide two different function pointers for option function callbacks. This
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.

unifdef OPENSSL_NO_NEXTPROTONEG

More OPENSSL_NO_TLSEXT clean up.

Move the callback function pointer outside the opt union so that the option
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.

Add option handling with a callback function for argument processing.

Add option handling for ordered flags.

Add option handling for input/output formats.

Add an option type that handles argument to integer conversion.

Implement table-driven option parsing that allows an application to
specify what its valid options are and where it wants them to be stored.
This also allows for usage to be generated, almost for free, ensuring
that the options and usage are automatically kept in sync.

This will allow for a single option parsing implementation, rather than the
current one-hand-rolled-option-parsing-and-random-usage-implementation per
application.

As a starting point, port the openssl(1) rand application to the new option
parsing and usage (along with associated code clean up).

With input from doug@.

ok bcook@ doug@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Add option type OPTION_UL_VALUE_OR

ok tb@

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Summarize the 4 same name functions and move it to apps.c

ok tb@ jsing@

openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET

Much more apt than the current operation names.

Names suggested by jca@ ages ago.

ok jca, jsing

Seperate real and user timer interfaces

Use more descriptive names, and make it clearer that real and user
timers work on different static storage. The end goal is to be able to
reuse those timer functions, instead of inlining other timer
implementations subject to clock jumps.

Discussed with Scott Cheloha

Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_t
prodding & ok jsing

Fix 32-bit time handling, using time_t and make it work on systems
where that is long long.
ok beck guenther

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Factor out setup_up / destroy_ui functions.

This pulls out and renames setup_ui/destroy_ui so we have something that
can be replaced as-needed, moving the the console setup code for Windows
to app_win.c in -portable, instead of needing a local patch to enable binary
console mode

ui_read/write are also simplified.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Add OPTION_ARG_LONG for handling of options with a long type.

ok doug@

Provide option types for binary AND, binary OR and silently discarding an
option.

Provide an option type that allows for a callback function to consume an
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.

Provide a mechanism for option parsing to return the number of arguments
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.

Provide two different function pointers for option function callbacks. This
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.

unifdef OPENSSL_NO_NEXTPROTONEG

More OPENSSL_NO_TLSEXT clean up.

Move the callback function pointer outside the opt union so that the option
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.

Add option handling with a callback function for argument processing.

Add option handling for ordered flags.

Add option handling for input/output formats.

Add an option type that handles argument to integer conversion.

Implement table-driven option parsing that allows an application to
specify what its valid options are and where it wants them to be stored.
This also allows for usage to be generated, almost for free, ensuring
that the options and usage are automatically kept in sync.

This will allow for a single option parsing implementation, rather than the
current one-hand-rolled-option-parsing-and-random-usage-implementation per
application.

As a starting point, port the openssl(1) rand application to the new option
parsing and usage (along with associated code clean up).

With input from doug@.

ok bcook@ doug@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Summarize the 4 same name functions and move it to apps.c

ok tb@ jsing@

openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET

Much more apt than the current operation names.

Names suggested by jca@ ages ago.

ok jca, jsing

Seperate real and user timer interfaces

Use more descriptive names, and make it clearer that real and user
timers work on different static storage. The end goal is to be able to
reuse those timer functions, instead of inlining other timer
implementations subject to clock jumps.

Discussed with Scott Cheloha

Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_t
prodding & ok jsing

Fix 32-bit time handling, using time_t and make it work on systems
where that is long long.
ok beck guenther

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Factor out setup_up / destroy_ui functions.

This pulls out and renames setup_ui/destroy_ui so we have something that
can be replaced as-needed, moving the the console setup code for Windows
to app_win.c in -portable, instead of needing a local patch to enable binary
console mode

ui_read/write are also simplified.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Add OPTION_ARG_LONG for handling of options with a long type.

ok doug@

Provide option types for binary AND, binary OR and silently discarding an
option.

Provide an option type that allows for a callback function to consume an
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.

Provide a mechanism for option parsing to return the number of arguments
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.

Provide two different function pointers for option function callbacks. This
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.

unifdef OPENSSL_NO_NEXTPROTONEG

More OPENSSL_NO_TLSEXT clean up.

Move the callback function pointer outside the opt union so that the option
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.

Add option handling with a callback function for argument processing.

Add option handling for ordered flags.

Add option handling for input/output formats.

Add an option type that handles argument to integer conversion.

Implement table-driven option parsing that allows an application to
specify what its valid options are and where it wants them to be stored.
This also allows for usage to be generated, almost for free, ensuring
that the options and usage are automatically kept in sync.

This will allow for a single option parsing implementation, rather than the
current one-hand-rolled-option-parsing-and-random-usage-implementation per
application.

As a starting point, port the openssl(1) rand application to the new option
parsing and usage (along with associated code clean up).

With input from doug@.

ok bcook@ doug@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Summarize the 4 same name functions and move it to apps.c

ok tb@ jsing@

openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GET

Much more apt than the current operation names.

Names suggested by jca@ ages ago.

ok jca, jsing

Seperate real and user timer interfaces

Use more descriptive names, and make it clearer that real and user
timers work on different static storage. The end goal is to be able to
reuse those timer functions, instead of inlining other timer
implementations subject to clock jumps.

Discussed with Scott Cheloha

Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_t
prodding & ok jsing

Fix 32-bit time handling, using time_t and make it work on systems
where that is long long.
ok beck guenther

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Factor out setup_up / destroy_ui functions.

This pulls out and renames setup_ui/destroy_ui so we have something that
can be replaced as-needed, moving the the console setup code for Windows
to app_win.c in -portable, instead of needing a local patch to enable binary
console mode

ui_read/write are also simplified.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Add OPTION_ARG_LONG for handling of options with a long type.

ok doug@

Provide option types for binary AND, binary OR and silently discarding an
option.

Provide an option type that allows for a callback function to consume an
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.

Provide a mechanism for option parsing to return the number of arguments
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.

Provide two different function pointers for option function callbacks. This
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.

unifdef OPENSSL_NO_NEXTPROTONEG

More OPENSSL_NO_TLSEXT clean up.

Move the callback function pointer outside the opt union so that the option
values are useable by the function. Also provide an option type that calls
a function without consuming/passing an argument.

Add option handling with a callback function for argument processing.

Add option handling for ordered flags.

Add option handling for input/output formats.

Add an option type that handles argument to integer conversion.