#
f7c26a86 |
| 29-Jul-2023 |
tb <tb@openbsd.org> |
Drop unused conf, pem, and x509 headers, add unistd for pledge
|
#
a785ae5d |
| 11-Jun-2023 |
tb <tb@openbsd.org> |
openssl enc: drop a few parens and unwrap a few lines
No binary change on amd64
|
#
35f962d3 |
| 11-Jun-2023 |
tb <tb@openbsd.org> |
openssl enc: small style fixup after ZLIB unifdef
|
#
d1c9819c |
| 11-Jun-2023 |
tb <tb@openbsd.org> |
Unifdef ZLIB
This is very dead code: the openssl app was never compiled with -DZLIB after January 1, 2015.
|
#
e7718ada |
| 06-Mar-2023 |
tb <tb@openbsd.org> |
Rename struct ${app}_config to plain cfg
All the structs are static and we need to reach into them many times. Having a shorter name is more concise and results in less visual clutter. It also avoid
Rename struct ${app}_config to plain cfg
All the structs are static and we need to reach into them many times. Having a shorter name is more concise and results in less visual clutter. It also avoids many overlong lines and we will be able to get rid of some unfortunate line wrapping down the road.
Discussed with jsing
show more ...
|
#
6bdbc113 |
| 04-Mar-2023 |
tb <tb@openbsd.org> |
openssl enc doesn't really support AEAD ciphers and XTS mode
Do not display such ciphers in the usage display and error out if they are given. As pointed out by Pauli Dale, the current situation is
openssl enc doesn't really support AEAD ciphers and XTS mode
Do not display such ciphers in the usage display and error out if they are given. As pointed out by Pauli Dale, the current situation is confusing.
Fixes GH issues #786 and #819
ok jsing
show more ...
|
#
46f4e7fa |
| 11-Nov-2022 |
joshua <joshua@openbsd.org> |
Remove the legacy interactive mode from openssl(1).
This removes the legacy interactive mode from openssl(1) since it is rarely used, complicates the code, and has also been removed from OpenSSL in
Remove the legacy interactive mode from openssl(1).
This removes the legacy interactive mode from openssl(1) since it is rarely used, complicates the code, and has also been removed from OpenSSL in version 3.x.x.
ok tb@ jsing@
show more ...
|
#
75580eac |
| 07-Dec-2021 |
tb <tb@openbsd.org> |
Simple conversion to opaque EVP_CIPHER.
|
#
632daac0 |
| 25-Jul-2019 |
bcook <bcook@openbsd.org> |
remove superfluous comment
|
#
972737a6 |
| 25-Jul-2019 |
bcook <bcook@openbsd.org> |
zero tmpkeyiv buffer after use when encrypting
from Steven Roberts
|
#
ea149709 |
| 14-Jul-2019 |
guenther <guenther@openbsd.org> |
Mark the initialized struct options arrays as both static and const. This moves them from .data to .data.rel.ro
ok deraadt@ inoguchi@
|
#
e8e42339 |
| 01-Apr-2019 |
jsing <jsing@openbsd.org> |
Sort.
|
#
ce0472c5 |
| 01-Apr-2019 |
jsing <jsing@openbsd.org> |
Make the openssl(1) enc -iter flag actually work.
Diff from Steven Roberts <sroberts at fenderq dot com> - thanks!
|
#
6685372a |
| 09-Feb-2019 |
inoguchi <inoguchi@openbsd.org> |
Fix weird wrap showing cipher list in interactive mode
ok jsing@ tb@
|
#
4071f800 |
| 09-Feb-2019 |
inoguchi <inoguchi@openbsd.org> |
Summarize the 4 same name functions and move it to apps.c
ok tb@ jsing@
|
#
3f94473b |
| 18-Jan-2019 |
naddy <naddy@openbsd.org> |
Add -iter and -pbkdf2 to the usage synopsis. Reorder option descriptions so -iter and -pbkdf2 show up alphabetically. Add missing argument name for -iter. ok jmc@
|
#
d45026d1 |
| 18-Jan-2019 |
beck <beck@openbsd.org> |
Change the default digest type to sha256, and add support for pbkdf2 with OpenSSL compatible flags ok jsing@
|
#
1020b5f1 |
| 07-Feb-2018 |
jsing <jsing@openbsd.org> |
Indent labels with a single space so that diff prototypes are more useful.
|
#
4fe8ecdd |
| 07-Feb-2018 |
jsing <jsing@openbsd.org> |
Remove guards around *_free() calls since these functions handle NULL.
|
#
51811ead |
| 20-Jan-2017 |
deraadt <deraadt@openbsd.org> |
rearrange pledge promises into the canonical order; easier to eyeball
|
#
cd3126d6 |
| 07-Apr-2016 |
jmc <jmc@openbsd.org> |
hexidecimal->hexadecimal; from mmcc ok beck
|
#
e370f0ee |
| 17-Oct-2015 |
doug <doug@openbsd.org> |
Exit if a pledge call fails in non-interactive mode.
ok semarie@
|
#
41f935bf |
| 17-Oct-2015 |
semarie <semarie@openbsd.org> |
add "tty" for several subcommands of openssl
it is needed in order to let libssl UI_* function plays with echo on/off when asking for password on terminal.
passwd subcommand needs additionnal "wpat
add "tty" for several subcommands of openssl
it is needed in order to let libssl UI_* function plays with echo on/off when asking for password on terminal.
passwd subcommand needs additionnal "wpath cpath" in order to let it calls fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).
problem reported by several with and ok doug@
show more ...
|
#
9bc487ad |
| 10-Oct-2015 |
doug <doug@openbsd.org> |
Initial support for pledges in openssl(1) commands.
openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session
Initial support for pledges in openssl(1) commands.
openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands.
We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
show more ...
|
#
5284dfea |
| 11-Sep-2015 |
bcook <bcook@openbsd.org> |
Remove engine command and parameters from openssl(1).
We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all.
ok jsing@
|