#
1.18 |
|
23-Jul-2023 |
tb |
sprinkle some void between () in function definitions
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.17 |
|
06-Mar-2023 |
tb |
Rename struct ${app}_config to plain cfg
All the structs are static and we need to reach into them many times. Having a shorter name is more concise and results in less visual clutter. It also avoids many overlong lines and we will be able to get rid of some unfortunate line wrapping down the road.
Discussed with jsing
|
#
1.16 |
|
05-Mar-2023 |
tb |
openssl: make all config structs static
These are per-app, so per-file. Most of them already are static, adjust the rest of them.
|
#
1.15 |
|
11-Nov-2022 |
joshua |
Remove the legacy interactive mode from openssl(1).
This removes the legacy interactive mode from openssl(1) since it is rarely used, complicates the code, and has also been removed from OpenSSL in version 3.x.x.
ok tb@ jsing@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.14 |
|
14-Jan-2022 |
tb |
Enable openssl pkey -{,pub}check and pkeyparam -check
|
#
1.13 |
|
10-Jan-2022 |
tb |
Implement openssl pkey -{,pub}check and pkeyparam -check
These expose EVP_PKEY_{,public_,param_}check() to the command line. They are currently noops and will be enabled in the upcoming bump.
ok inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.12 |
|
14-Jul-2019 |
guenther |
Mark the initialized struct options arrays as both static and const. This moves them from .data to .data.rel.ro
ok deraadt@ inoguchi@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.11 |
|
07-Feb-2018 |
jsing |
Indent labels with a single space so that diff prototypes are more useful.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.10 |
|
20-Jan-2017 |
deraadt |
rearrange pledge promises into the canonical order; easier to eyeball
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.9 |
|
17-Oct-2015 |
doug |
Exit if a pledge call fails in non-interactive mode.
ok semarie@
|
#
1.8 |
|
10-Oct-2015 |
doug |
Initial support for pledges in openssl(1) commands.
openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands.
We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
|
#
1.7 |
|
11-Sep-2015 |
bcook |
Remove engine command and parameters from openssl(1).
We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all.
ok jsing@
|
#
1.6 |
|
22-Aug-2015 |
jsing |
Remove all duplicate prototypes for *_main functions (these are already provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere).
ok deraadt@ doug@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.5 |
|
11-Apr-2015 |
jsing |
Put back a goto end that was unintentionally removed.
Spotted by doug@
|
#
1.4 |
|
11-Apr-2015 |
jsing |
Convert openssl(1) pkeyparam to new option handling.
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.3 |
|
28-Aug-2014 |
jsing |
OpenSSL_add_all_algorithms() is called from openssl_startup() - it does not need to also be called from some of the applications.
|
#
1.2 |
|
28-Aug-2014 |
jsing |
openssl_setup() calls SSL_load_error_strings(), which happens to call ERR_load_crypto_strings() - as such, we do not need to call the same function from most of the applications.
|
#
1.1 |
|
26-Aug-2014 |
jsing |
Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl.
ok deraadt@ miod@
|
#
1.17 |
|
06-Mar-2023 |
tb |
Rename struct ${app}_config to plain cfg
All the structs are static and we need to reach into them many times. Having a shorter name is more concise and results in less visual clutter. It also avoids many overlong lines and we will be able to get rid of some unfortunate line wrapping down the road.
Discussed with jsing
|
#
1.16 |
|
05-Mar-2023 |
tb |
openssl: make all config structs static
These are per-app, so per-file. Most of them already are static, adjust the rest of them.
|
#
1.15 |
|
11-Nov-2022 |
joshua |
Remove the legacy interactive mode from openssl(1).
This removes the legacy interactive mode from openssl(1) since it is rarely used, complicates the code, and has also been removed from OpenSSL in version 3.x.x.
ok tb@ jsing@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.14 |
|
14-Jan-2022 |
tb |
Enable openssl pkey -{,pub}check and pkeyparam -check
|
#
1.13 |
|
10-Jan-2022 |
tb |
Implement openssl pkey -{,pub}check and pkeyparam -check
These expose EVP_PKEY_{,public_,param_}check() to the command line. They are currently noops and will be enabled in the upcoming bump.
ok inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.12 |
|
14-Jul-2019 |
guenther |
Mark the initialized struct options arrays as both static and const. This moves them from .data to .data.rel.ro
ok deraadt@ inoguchi@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.11 |
|
07-Feb-2018 |
jsing |
Indent labels with a single space so that diff prototypes are more useful.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.10 |
|
20-Jan-2017 |
deraadt |
rearrange pledge promises into the canonical order; easier to eyeball
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.9 |
|
17-Oct-2015 |
doug |
Exit if a pledge call fails in non-interactive mode.
ok semarie@
|
#
1.8 |
|
10-Oct-2015 |
doug |
Initial support for pledges in openssl(1) commands.
openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands.
We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
|
#
1.7 |
|
11-Sep-2015 |
bcook |
Remove engine command and parameters from openssl(1).
We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all.
ok jsing@
|
#
1.6 |
|
22-Aug-2015 |
jsing |
Remove all duplicate prototypes for *_main functions (these are already provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere).
ok deraadt@ doug@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.5 |
|
11-Apr-2015 |
jsing |
Put back a goto end that was unintentionally removed.
Spotted by doug@
|
#
1.4 |
|
11-Apr-2015 |
jsing |
Convert openssl(1) pkeyparam to new option handling.
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.3 |
|
28-Aug-2014 |
jsing |
OpenSSL_add_all_algorithms() is called from openssl_startup() - it does not need to also be called from some of the applications.
|
#
1.2 |
|
28-Aug-2014 |
jsing |
openssl_setup() calls SSL_load_error_strings(), which happens to call ERR_load_crypto_strings() - as such, we do not need to call the same function from most of the applications.
|
#
1.1 |
|
26-Aug-2014 |
jsing |
Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl.
ok deraadt@ miod@
|
#
1.15 |
|
11-Nov-2022 |
joshua |
Remove the legacy interactive mode from openssl(1).
This removes the legacy interactive mode from openssl(1) since it is rarely used, complicates the code, and has also been removed from OpenSSL in version 3.x.x.
ok tb@ jsing@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.14 |
|
14-Jan-2022 |
tb |
Enable openssl pkey -{,pub}check and pkeyparam -check
|
#
1.13 |
|
10-Jan-2022 |
tb |
Implement openssl pkey -{,pub}check and pkeyparam -check
These expose EVP_PKEY_{,public_,param_}check() to the command line. They are currently noops and will be enabled in the upcoming bump.
ok inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.12 |
|
14-Jul-2019 |
guenther |
Mark the initialized struct options arrays as both static and const. This moves them from .data to .data.rel.ro
ok deraadt@ inoguchi@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.11 |
|
07-Feb-2018 |
jsing |
Indent labels with a single space so that diff prototypes are more useful.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.10 |
|
20-Jan-2017 |
deraadt |
rearrange pledge promises into the canonical order; easier to eyeball
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.9 |
|
17-Oct-2015 |
doug |
Exit if a pledge call fails in non-interactive mode.
ok semarie@
|
#
1.8 |
|
10-Oct-2015 |
doug |
Initial support for pledges in openssl(1) commands.
openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands.
We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
|
#
1.7 |
|
11-Sep-2015 |
bcook |
Remove engine command and parameters from openssl(1).
We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all.
ok jsing@
|
#
1.6 |
|
22-Aug-2015 |
jsing |
Remove all duplicate prototypes for *_main functions (these are already provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere).
ok deraadt@ doug@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.5 |
|
11-Apr-2015 |
jsing |
Put back a goto end that was unintentionally removed.
Spotted by doug@
|
#
1.4 |
|
11-Apr-2015 |
jsing |
Convert openssl(1) pkeyparam to new option handling.
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.3 |
|
28-Aug-2014 |
jsing |
OpenSSL_add_all_algorithms() is called from openssl_startup() - it does not need to also be called from some of the applications.
|
#
1.2 |
|
28-Aug-2014 |
jsing |
openssl_setup() calls SSL_load_error_strings(), which happens to call ERR_load_crypto_strings() - as such, we do not need to call the same function from most of the applications.
|
#
1.1 |
|
26-Aug-2014 |
jsing |
Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl.
ok deraadt@ miod@
|
#
1.14 |
|
14-Jan-2022 |
tb |
Enable openssl pkey -{,pub}check and pkeyparam -check
|
#
1.13 |
|
10-Jan-2022 |
tb |
Implement openssl pkey -{,pub}check and pkeyparam -check
These expose EVP_PKEY_{,public_,param_}check() to the command line. They are currently noops and will be enabled in the upcoming bump.
ok inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.12 |
|
14-Jul-2019 |
guenther |
Mark the initialized struct options arrays as both static and const. This moves them from .data to .data.rel.ro
ok deraadt@ inoguchi@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.11 |
|
07-Feb-2018 |
jsing |
Indent labels with a single space so that diff prototypes are more useful.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.10 |
|
20-Jan-2017 |
deraadt |
rearrange pledge promises into the canonical order; easier to eyeball
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.9 |
|
17-Oct-2015 |
doug |
Exit if a pledge call fails in non-interactive mode.
ok semarie@
|
#
1.8 |
|
10-Oct-2015 |
doug |
Initial support for pledges in openssl(1) commands.
openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands.
We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
|
#
1.7 |
|
11-Sep-2015 |
bcook |
Remove engine command and parameters from openssl(1).
We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all.
ok jsing@
|
#
1.6 |
|
22-Aug-2015 |
jsing |
Remove all duplicate prototypes for *_main functions (these are already provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere).
ok deraadt@ doug@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.5 |
|
11-Apr-2015 |
jsing |
Put back a goto end that was unintentionally removed.
Spotted by doug@
|
#
1.4 |
|
11-Apr-2015 |
jsing |
Convert openssl(1) pkeyparam to new option handling.
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.3 |
|
28-Aug-2014 |
jsing |
OpenSSL_add_all_algorithms() is called from openssl_startup() - it does not need to also be called from some of the applications.
|
#
1.2 |
|
28-Aug-2014 |
jsing |
openssl_setup() calls SSL_load_error_strings(), which happens to call ERR_load_crypto_strings() - as such, we do not need to call the same function from most of the applications.
|
#
1.1 |
|
26-Aug-2014 |
jsing |
Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl.
ok deraadt@ miod@
|
#
1.13 |
|
10-Jan-2022 |
tb |
Implement openssl pkey -{,pub}check and pkeyparam -check
These expose EVP_PKEY_{,public_,param_}check() to the command line. They are currently noops and will be enabled in the upcoming bump.
ok inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.12 |
|
14-Jul-2019 |
guenther |
Mark the initialized struct options arrays as both static and const. This moves them from .data to .data.rel.ro
ok deraadt@ inoguchi@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.11 |
|
07-Feb-2018 |
jsing |
Indent labels with a single space so that diff prototypes are more useful.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.10 |
|
20-Jan-2017 |
deraadt |
rearrange pledge promises into the canonical order; easier to eyeball
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.9 |
|
17-Oct-2015 |
doug |
Exit if a pledge call fails in non-interactive mode.
ok semarie@
|
#
1.8 |
|
10-Oct-2015 |
doug |
Initial support for pledges in openssl(1) commands.
openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands.
We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
|
#
1.7 |
|
11-Sep-2015 |
bcook |
Remove engine command and parameters from openssl(1).
We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all.
ok jsing@
|
#
1.6 |
|
22-Aug-2015 |
jsing |
Remove all duplicate prototypes for *_main functions (these are already provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere).
ok deraadt@ doug@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.5 |
|
11-Apr-2015 |
jsing |
Put back a goto end that was unintentionally removed.
Spotted by doug@
|
#
1.4 |
|
11-Apr-2015 |
jsing |
Convert openssl(1) pkeyparam to new option handling.
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.3 |
|
28-Aug-2014 |
jsing |
OpenSSL_add_all_algorithms() is called from openssl_startup() - it does not need to also be called from some of the applications.
|
#
1.2 |
|
28-Aug-2014 |
jsing |
openssl_setup() calls SSL_load_error_strings(), which happens to call ERR_load_crypto_strings() - as such, we do not need to call the same function from most of the applications.
|
#
1.1 |
|
26-Aug-2014 |
jsing |
Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl.
ok deraadt@ miod@
|
#
1.12 |
|
14-Jul-2019 |
guenther |
Mark the initialized struct options arrays as both static and const. This moves them from .data to .data.rel.ro
ok deraadt@ inoguchi@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.11 |
|
07-Feb-2018 |
jsing |
Indent labels with a single space so that diff prototypes are more useful.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.10 |
|
20-Jan-2017 |
deraadt |
rearrange pledge promises into the canonical order; easier to eyeball
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.9 |
|
17-Oct-2015 |
doug |
Exit if a pledge call fails in non-interactive mode.
ok semarie@
|
#
1.8 |
|
10-Oct-2015 |
doug |
Initial support for pledges in openssl(1) commands.
openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands.
We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
|
#
1.7 |
|
11-Sep-2015 |
bcook |
Remove engine command and parameters from openssl(1).
We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all.
ok jsing@
|
#
1.6 |
|
22-Aug-2015 |
jsing |
Remove all duplicate prototypes for *_main functions (these are already provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere).
ok deraadt@ doug@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.5 |
|
11-Apr-2015 |
jsing |
Put back a goto end that was unintentionally removed.
Spotted by doug@
|
#
1.4 |
|
11-Apr-2015 |
jsing |
Convert openssl(1) pkeyparam to new option handling.
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.3 |
|
28-Aug-2014 |
jsing |
OpenSSL_add_all_algorithms() is called from openssl_startup() - it does not need to also be called from some of the applications.
|
#
1.2 |
|
28-Aug-2014 |
jsing |
openssl_setup() calls SSL_load_error_strings(), which happens to call ERR_load_crypto_strings() - as such, we do not need to call the same function from most of the applications.
|
#
1.1 |
|
26-Aug-2014 |
jsing |
Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl.
ok deraadt@ miod@
|
#
1.11 |
|
07-Feb-2018 |
jsing |
Indent labels with a single space so that diff prototypes are more useful.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.10 |
|
20-Jan-2017 |
deraadt |
rearrange pledge promises into the canonical order; easier to eyeball
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.9 |
|
17-Oct-2015 |
doug |
Exit if a pledge call fails in non-interactive mode.
ok semarie@
|
#
1.8 |
|
10-Oct-2015 |
doug |
Initial support for pledges in openssl(1) commands.
openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands.
We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
|
#
1.7 |
|
11-Sep-2015 |
bcook |
Remove engine command and parameters from openssl(1).
We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all.
ok jsing@
|
#
1.6 |
|
22-Aug-2015 |
jsing |
Remove all duplicate prototypes for *_main functions (these are already provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere).
ok deraadt@ doug@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.5 |
|
11-Apr-2015 |
jsing |
Put back a goto end that was unintentionally removed.
Spotted by doug@
|
#
1.4 |
|
11-Apr-2015 |
jsing |
Convert openssl(1) pkeyparam to new option handling.
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.3 |
|
28-Aug-2014 |
jsing |
OpenSSL_add_all_algorithms() is called from openssl_startup() - it does not need to also be called from some of the applications.
|
#
1.2 |
|
28-Aug-2014 |
jsing |
openssl_setup() calls SSL_load_error_strings(), which happens to call ERR_load_crypto_strings() - as such, we do not need to call the same function from most of the applications.
|
#
1.1 |
|
26-Aug-2014 |
jsing |
Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl.
ok deraadt@ miod@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.10 |
|
20-Jan-2017 |
deraadt |
rearrange pledge promises into the canonical order; easier to eyeball
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.9 |
|
17-Oct-2015 |
doug |
Exit if a pledge call fails in non-interactive mode.
ok semarie@
|
#
1.8 |
|
10-Oct-2015 |
doug |
Initial support for pledges in openssl(1) commands.
openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands.
We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
|
#
1.7 |
|
11-Sep-2015 |
bcook |
Remove engine command and parameters from openssl(1).
We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all.
ok jsing@
|
#
1.6 |
|
22-Aug-2015 |
jsing |
Remove all duplicate prototypes for *_main functions (these are already provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere).
ok deraadt@ doug@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.5 |
|
11-Apr-2015 |
jsing |
Put back a goto end that was unintentionally removed.
Spotted by doug@
|
#
1.4 |
|
11-Apr-2015 |
jsing |
Convert openssl(1) pkeyparam to new option handling.
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.3 |
|
28-Aug-2014 |
jsing |
OpenSSL_add_all_algorithms() is called from openssl_startup() - it does not need to also be called from some of the applications.
|
#
1.2 |
|
28-Aug-2014 |
jsing |
openssl_setup() calls SSL_load_error_strings(), which happens to call ERR_load_crypto_strings() - as such, we do not need to call the same function from most of the applications.
|
#
1.1 |
|
26-Aug-2014 |
jsing |
Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl.
ok deraadt@ miod@
|