openbsd/src/usr.bin/openssl, branch OPENBSD_7

openbsd/src/usr.bin/openssl, branch OPENBSD_7_8 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_8 2025-07-27T14:46:20+00:00 openssl certhash: add digest param to certhash_directory 2025-07-27T14:46:20+00:00 joshua 2025-07-27T14:46:20+00:00 urn:sha1:8219b8128b462a346c845af56428e15357a85683 This will allow us to call certhash_directory with other digests as required to implement the openssl rehash command, which uses SHA1 or MD5. ok jsing tb KNF for variations of get_cipher_by_name() 2025-06-07T08:33:58+00:00 tb 2025-06-07T08:33:58+00:00 urn:sha1:adb6a70429b1c400ee9464123d7a5f10313c1b36 openssl.1: update defaults for cms and smime 2025-06-07T08:29:20+00:00 tb 2025-06-07T08:29:20+00:00 urn:sha1:2887fe2db6d5d0a3b8ef8c237553ca8d87ddb4c3 openssl smime: switch default encryption from 40-bit RC2 to AES-256 2025-06-07T08:28:49+00:00 tb 2025-06-07T08:28:49+00:00 urn:sha1:f4e001853a4b534cbf79a6d7af6e77ffc8924280 The old default is still available with rc2-40. https://github.com/pyca/cryptography/issues/12949 https://github.com/libressl/portable/issues/1168 ok kenjiro openssl cms: switch default encryption from triple DES to AES-256 2025-06-07T08:24:15+00:00 tb 2025-06-07T08:24:15+00:00 urn:sha1:7b72154048126b0b3275f1155241bc13837e03c5 The old default is still available with "des3" https://github.com/pyca/cryptography/issues/12949 https://github.com/libressl/portable/issues/1168 ok kenjiro openssl speed: clean up time_f 2025-05-25T05:05:30+00:00 joshua 2025-05-25T05:05:30+00:00 urn:sha1:aada760c0a63cc97f8def7686fe6d76d3a3cc4d9 Rename Time_F to time_f and tidy up implementation and usage. time_f still uses app_timer_{user,real}, which I will clean up in a future commit. ok jsing openssl speed: remove whirlpool 2025-05-25T04:54:41+00:00 joshua 2025-05-25T04:54:41+00:00 urn:sha1:9c476c7a531ca0620e1274e88ba48ca60110fc7a whirlpool was previously removed from libcrypto, and OPENSSL_NO_WHIRLPOOL will always be defined. Remove whirlpool support from the openssl speed command entirely. ok jsing tb openssl pkcs8: zap an outdated lie 2025-05-24T12:52:01+00:00 tb 2025-05-24T12:52:01+00:00 urn:sha1:e630d309e376da94d4e31e40c5025ab66b44d4bc openssl speed: remove MAX_BLOCK_SIZE define 2025-05-24T09:25:38+00:00 joshua 2025-05-24T09:25:38+00:00 urn:sha1:c7f2c21ddefc09226ad3033249e6aeeb83079e40 ok jsing openssl speed: move key{16,24,32} above speed_main 2025-05-24T08:04:21+00:00 joshua 2025-05-24T08:04:21+00:00 urn:sha1:c79519e24a879a3244fe6bde5c867545e8e730b2 Also, reuse the same keys for Camellia instead of having duplicates. ok jsing tb