Rename struct ${app}_config to plain cfg

All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.

Discussed with jsing

Remove the legacy interactive mode from openssl(1).

This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.

ok tb@ jsing@

Convert openssl(1) dh.c to opaque DH

ok inoguchi jsing

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Indent labels with a single space so that diff prototypes are more useful.

Remove guards around *_free() calls since these functions handle NULL.

rearrange pledge promises into the canonical order; easier to eyeball

Exit if a pledge call fails in non-interactive mode.

ok semarie@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Convert openssl(1) dh to the new option handling.

ok jsing@

Delete commented out code from openssl(1) apps.

From OpenSSL commits:

6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90

ok miod@, jsing@

openssl_setup() calls SSL_load_error_strings(), which happens to call
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Remove the legacy interactive mode from openssl(1).

This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.

ok tb@ jsing@

Convert openssl(1) dh.c to opaque DH

ok inoguchi jsing

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Indent labels with a single space so that diff prototypes are more useful.

Remove guards around *_free() calls since these functions handle NULL.

rearrange pledge promises into the canonical order; easier to eyeball

Exit if a pledge call fails in non-interactive mode.

ok semarie@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Convert openssl(1) dh to the new option handling.

ok jsing@

Delete commented out code from openssl(1) apps.

From OpenSSL commits:

6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90

ok miod@, jsing@

openssl_setup() calls SSL_load_error_strings(), which happens to call
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Convert openssl(1) dh.c to opaque DH

ok inoguchi jsing

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Indent labels with a single space so that diff prototypes are more useful.

Remove guards around *_free() calls since these functions handle NULL.

rearrange pledge promises into the canonical order; easier to eyeball

Exit if a pledge call fails in non-interactive mode.

ok semarie@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Convert openssl(1) dh to the new option handling.

ok jsing@

Delete commented out code from openssl(1) apps.

From OpenSSL commits:

6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90

ok miod@, jsing@

openssl_setup() calls SSL_load_error_strings(), which happens to call
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Mark the initialized struct options arrays as both static and const.
This moves them from .data to .data.rel.ro

ok deraadt@ inoguchi@

Indent labels with a single space so that diff prototypes are more useful.

Remove guards around *_free() calls since these functions handle NULL.

rearrange pledge promises into the canonical order; easier to eyeball

Exit if a pledge call fails in non-interactive mode.

ok semarie@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Convert openssl(1) dh to the new option handling.

ok jsing@

Delete commented out code from openssl(1) apps.

From OpenSSL commits:

6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90

ok miod@, jsing@

openssl_setup() calls SSL_load_error_strings(), which happens to call
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

Indent labels with a single space so that diff prototypes are more useful.

Remove guards around *_free() calls since these functions handle NULL.

rearrange pledge promises into the canonical order; easier to eyeball

Exit if a pledge call fails in non-interactive mode.

ok semarie@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Convert openssl(1) dh to the new option handling.

ok jsing@

Delete commented out code from openssl(1) apps.

From OpenSSL commits:

6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90

ok miod@, jsing@

openssl_setup() calls SSL_load_error_strings(), which happens to call
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

rearrange pledge promises into the canonical order; easier to eyeball

Exit if a pledge call fails in non-interactive mode.

ok semarie@

Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Remove all duplicate prototypes for *_main functions (these are already
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).

ok deraadt@ doug@

Convert openssl(1) dh to the new option handling.

ok jsing@

Delete commented out code from openssl(1) apps.

From OpenSSL commits:

6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90

ok miod@, jsing@

openssl_setup() calls SSL_load_error_strings(), which happens to call
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@