summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjoshua <>2022-11-11 17:07:39 +0000
committerjoshua <>2022-11-11 17:07:39 +0000
commitf8749b129444d560b9e645a68ec7b045800243ed (patch)
tree34334d4d84a0e642e816557dc806adc84e7a2f27 /src
parentc3cccf93ef7724489b269171de95147b247b7799 (diff)
downloadopenbsd-f8749b129444d560b9e645a68ec7b045800243ed.tar.gz
openbsd-f8749b129444d560b9e645a68ec7b045800243ed.tar.bz2
openbsd-f8749b129444d560b9e645a68ec7b045800243ed.zip
Remove the legacy interactive mode from openssl(1).
This removes the legacy interactive mode from openssl(1) since it is rarely used, complicates the code, and has also been removed from OpenSSL in version 3.x.x. ok tb@ jsing@
Diffstat (limited to 'src')
-rw-r--r--src/usr.bin/openssl/asn1pars.c10
-rw-r--r--src/usr.bin/openssl/ca.c10
-rw-r--r--src/usr.bin/openssl/certhash.c10
-rw-r--r--src/usr.bin/openssl/ciphers.c10
-rw-r--r--src/usr.bin/openssl/cms.c10
-rw-r--r--src/usr.bin/openssl/crl.c10
-rw-r--r--src/usr.bin/openssl/crl2p7.c10
-rw-r--r--src/usr.bin/openssl/dgst.c10
-rw-r--r--src/usr.bin/openssl/dh.c10
-rw-r--r--src/usr.bin/openssl/dhparam.c10
-rw-r--r--src/usr.bin/openssl/dsa.c10
-rw-r--r--src/usr.bin/openssl/dsaparam.c10
-rw-r--r--src/usr.bin/openssl/ec.c10
-rw-r--r--src/usr.bin/openssl/ecparam.c10
-rw-r--r--src/usr.bin/openssl/enc.c10
-rw-r--r--src/usr.bin/openssl/errstr.c10
-rw-r--r--src/usr.bin/openssl/gendh.c10
-rw-r--r--src/usr.bin/openssl/gendsa.c10
-rw-r--r--src/usr.bin/openssl/genpkey.c10
-rw-r--r--src/usr.bin/openssl/genrsa.c10
-rw-r--r--src/usr.bin/openssl/nseq.c10
-rw-r--r--src/usr.bin/openssl/ocsp.c10
-rw-r--r--src/usr.bin/openssl/openssl.c157
-rw-r--r--src/usr.bin/openssl/passwd.c10
-rw-r--r--src/usr.bin/openssl/pkcs12.c10
-rw-r--r--src/usr.bin/openssl/pkcs7.c10
-rw-r--r--src/usr.bin/openssl/pkcs8.c10
-rw-r--r--src/usr.bin/openssl/pkey.c10
-rw-r--r--src/usr.bin/openssl/pkeyparam.c10
-rw-r--r--src/usr.bin/openssl/pkeyutl.c10
-rw-r--r--src/usr.bin/openssl/prime.c10
-rw-r--r--src/usr.bin/openssl/rand.c10
-rw-r--r--src/usr.bin/openssl/req.c10
-rw-r--r--src/usr.bin/openssl/rsa.c10
-rw-r--r--src/usr.bin/openssl/rsautl.c10
-rw-r--r--src/usr.bin/openssl/s_client.c10
-rw-r--r--src/usr.bin/openssl/s_server.c10
-rw-r--r--src/usr.bin/openssl/s_time.c10
-rw-r--r--src/usr.bin/openssl/sess_id.c10
-rw-r--r--src/usr.bin/openssl/smime.c10
-rw-r--r--src/usr.bin/openssl/speed.c10
-rw-r--r--src/usr.bin/openssl/spkac.c10
-rw-r--r--src/usr.bin/openssl/ts.c10
-rw-r--r--src/usr.bin/openssl/verify.c10
-rw-r--r--src/usr.bin/openssl/version.c10
-rw-r--r--src/usr.bin/openssl/x509.c10
46 files changed, 231 insertions, 376 deletions
diff --git a/src/usr.bin/openssl/asn1pars.c b/src/usr.bin/openssl/asn1pars.c
index 38d12f61fc..6f7fa18512 100644
--- a/src/usr.bin/openssl/asn1pars.c
+++ b/src/usr.bin/openssl/asn1pars.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: asn1pars.c,v 1.11 2022/01/12 22:55:51 tb Exp $ */ 1/* $OpenBSD: asn1pars.c,v 1.12 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -247,11 +247,9 @@ asn1parse_main(int argc, char **argv)
247 BUF_MEM *buf = NULL; 247 BUF_MEM *buf = NULL;
248 ASN1_TYPE *at = NULL; 248 ASN1_TYPE *at = NULL;
249 249
250 if (single_execution) { 250 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
251 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 251 perror("pledge");
252 perror("pledge"); 252 exit(1);
253 exit(1);
254 }
255 } 253 }
256 254
257 memset(&asn1pars_config, 0, sizeof(asn1pars_config)); 255 memset(&asn1pars_config, 0, sizeof(asn1pars_config));
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index bbc5403e3c..e13354f4af 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ca.c,v 1.53 2022/02/03 17:44:04 tb Exp $ */ 1/* $OpenBSD: ca.c,v 1.54 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -685,11 +685,9 @@ ca_main(int argc, char **argv)
685 char *tofree = NULL; 685 char *tofree = NULL;
686 DB_ATTR db_attr; 686 DB_ATTR db_attr;
687 687
688 if (single_execution) { 688 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
689 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 689 perror("pledge");
690 perror("pledge"); 690 exit(1);
691 exit(1);
692 }
693 } 691 }
694 692
695 memset(&ca_config, 0, sizeof(ca_config)); 693 memset(&ca_config, 0, sizeof(ca_config));
diff --git a/src/usr.bin/openssl/certhash.c b/src/usr.bin/openssl/certhash.c
index a4417a2b26..785f1216ad 100644
--- a/src/usr.bin/openssl/certhash.c
+++ b/src/usr.bin/openssl/certhash.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: certhash.c,v 1.19 2021/10/23 08:13:48 tb Exp $ */ 1/* $OpenBSD: certhash.c,v 1.20 2022/11/11 17:07:38 joshua Exp $ */
2/* 2/*
3 * Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -653,11 +653,9 @@ certhash_main(int argc, char **argv)
653 int argsused; 653 int argsused;
654 int i, cwdfd, ret = 0; 654 int i, cwdfd, ret = 0;
655 655
656 if (single_execution) { 656 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
657 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 657 perror("pledge");
658 perror("pledge"); 658 exit(1);
659 exit(1);
660 }
661 } 659 }
662 660
663 memset(&certhash_config, 0, sizeof(certhash_config)); 661 memset(&certhash_config, 0, sizeof(certhash_config));
diff --git a/src/usr.bin/openssl/ciphers.c b/src/usr.bin/openssl/ciphers.c
index 583db1167b..eb63a35890 100644
--- a/src/usr.bin/openssl/ciphers.c
+++ b/src/usr.bin/openssl/ciphers.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ciphers.c,v 1.15 2022/07/19 20:15:19 tb Exp $ */ 1/* $OpenBSD: ciphers.c,v 1.16 2022/11/11 17:07:38 joshua Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -114,11 +114,9 @@ ciphers_main(int argc, char **argv)
114 int i, rv = 0; 114 int i, rv = 0;
115 char *desc; 115 char *desc;
116 116
117 if (single_execution) { 117 if (pledge("stdio rpath", NULL) == -1) {
118 if (pledge("stdio rpath", NULL) == -1) { 118 perror("pledge");
119 perror("pledge"); 119 exit(1);
120 exit(1);
121 }
122 } 120 }
123 121
124 memset(&ciphers_config, 0, sizeof(ciphers_config)); 122 memset(&ciphers_config, 0, sizeof(ciphers_config));
diff --git a/src/usr.bin/openssl/cms.c b/src/usr.bin/openssl/cms.c
index a3004e8af3..e3f4aaf3a8 100644
--- a/src/usr.bin/openssl/cms.c
+++ b/src/usr.bin/openssl/cms.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms.c,v 1.30 2022/03/23 15:16:59 tb Exp $ */ 1/* $OpenBSD: cms.c,v 1.31 2022/11/11 17:07:38 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -1165,11 +1165,9 @@ cms_main(int argc, char **argv)
1165 char *passin = NULL; 1165 char *passin = NULL;
1166 unsigned char *pwri_tmp = NULL; 1166 unsigned char *pwri_tmp = NULL;
1167 1167
1168 if (single_execution) { 1168 if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
1169 if (pledge("stdio rpath wpath cpath tty", NULL) == -1) { 1169 perror("pledge");
1170 perror("pledge"); 1170 exit(1);
1171 exit(1);
1172 }
1173 } 1171 }
1174 1172
1175 memset(&cms_config, 0, sizeof(cms_config)); 1173 memset(&cms_config, 0, sizeof(cms_config));
diff --git a/src/usr.bin/openssl/crl.c b/src/usr.bin/openssl/crl.c
index 031360854c..6b7bc5b72e 100644
--- a/src/usr.bin/openssl/crl.c
+++ b/src/usr.bin/openssl/crl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: crl.c,v 1.15 2021/10/31 16:47:27 tb Exp $ */ 1/* $OpenBSD: crl.c,v 1.16 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -230,11 +230,9 @@ crl_main(int argc, char **argv)
230 const EVP_MD *digest; 230 const EVP_MD *digest;
231 char *digest_name = NULL; 231 char *digest_name = NULL;
232 232
233 if (single_execution) { 233 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
234 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 234 perror("pledge");
235 perror("pledge"); 235 exit(1);
236 exit(1);
237 }
238 } 236 }
239 237
240 if (bio_out == NULL) { 238 if (bio_out == NULL) {
diff --git a/src/usr.bin/openssl/crl2p7.c b/src/usr.bin/openssl/crl2p7.c
index 8e5bf6a436..0b0eae2a99 100644
--- a/src/usr.bin/openssl/crl2p7.c
+++ b/src/usr.bin/openssl/crl2p7.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: crl2p7.c,v 1.9 2019/07/14 03:30:45 guenther Exp $ */ 1/* $OpenBSD: crl2p7.c,v 1.10 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -169,11 +169,9 @@ crl2pkcs7_main(int argc, char **argv)
169 STACK_OF(X509) *cert_stack = NULL; 169 STACK_OF(X509) *cert_stack = NULL;
170 int ret = 1; 170 int ret = 1;
171 171
172 if (single_execution) { 172 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
173 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 173 perror("pledge");
174 perror("pledge"); 174 exit(1);
175 exit(1);
176 }
177 } 175 }
178 176
179 memset(&crl2p7_config, 0, sizeof(crl2p7_config)); 177 memset(&crl2p7_config, 0, sizeof(crl2p7_config));
diff --git a/src/usr.bin/openssl/dgst.c b/src/usr.bin/openssl/dgst.c
index 689591cd22..d29bc6f98c 100644
--- a/src/usr.bin/openssl/dgst.c
+++ b/src/usr.bin/openssl/dgst.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dgst.c,v 1.19 2022/01/14 09:28:07 tb Exp $ */ 1/* $OpenBSD: dgst.c,v 1.20 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -338,11 +338,9 @@ dgst_main(int argc, char **argv)
338 int siglen = 0; 338 int siglen = 0;
339 char *passin = NULL; 339 char *passin = NULL;
340 340
341 if (single_execution) { 341 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
342 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 342 perror("pledge");
343 perror("pledge"); 343 exit(1);
344 exit(1);
345 }
346 } 344 }
347 345
348 if ((buf = malloc(BUFSIZE)) == NULL) { 346 if ((buf = malloc(BUFSIZE)) == NULL) {
diff --git a/src/usr.bin/openssl/dh.c b/src/usr.bin/openssl/dh.c
index c2c5d689e1..200233c0f2 100644
--- a/src/usr.bin/openssl/dh.c
+++ b/src/usr.bin/openssl/dh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.c,v 1.13 2022/01/14 09:21:54 tb Exp $ */ 1/* $OpenBSD: dh.c,v 1.14 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -158,11 +158,9 @@ dh_main(int argc, char **argv)
158 BIO *in = NULL, *out = NULL; 158 BIO *in = NULL, *out = NULL;
159 int ret = 1; 159 int ret = 1;
160 160
161 if (single_execution) { 161 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
162 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 162 perror("pledge");
163 perror("pledge"); 163 exit(1);
164 exit(1);
165 }
166 } 164 }
167 165
168 memset(&dh_config, 0, sizeof(dh_config)); 166 memset(&dh_config, 0, sizeof(dh_config));
diff --git a/src/usr.bin/openssl/dhparam.c b/src/usr.bin/openssl/dhparam.c
index da9075f5be..8c4cc198c6 100644
--- a/src/usr.bin/openssl/dhparam.c
+++ b/src/usr.bin/openssl/dhparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dhparam.c,v 1.14 2022/01/14 09:22:50 tb Exp $ */ 1/* $OpenBSD: dhparam.c,v 1.15 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -244,11 +244,9 @@ dhparam_main(int argc, char **argv)
244 int ret = 1; 244 int ret = 1;
245 int i; 245 int i;
246 246
247 if (single_execution) { 247 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
248 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 248 perror("pledge");
249 perror("pledge"); 249 exit(1);
250 exit(1);
251 }
252 } 250 }
253 251
254 memset(&dhparam_config, 0, sizeof(dhparam_config)); 252 memset(&dhparam_config, 0, sizeof(dhparam_config));
diff --git a/src/usr.bin/openssl/dsa.c b/src/usr.bin/openssl/dsa.c
index df45cd6ebe..0a3772dff7 100644
--- a/src/usr.bin/openssl/dsa.c
+++ b/src/usr.bin/openssl/dsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa.c,v 1.16 2022/01/14 09:23:42 tb Exp $ */ 1/* $OpenBSD: dsa.c,v 1.17 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -236,11 +236,9 @@ dsa_main(int argc, char **argv)
236 BIO *in = NULL, *out = NULL; 236 BIO *in = NULL, *out = NULL;
237 char *passin = NULL, *passout = NULL; 237 char *passin = NULL, *passout = NULL;
238 238
239 if (single_execution) { 239 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
240 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 240 perror("pledge");
241 perror("pledge"); 241 exit(1);
242 exit(1);
243 }
244 } 242 }
245 243
246 memset(&dsa_config, 0, sizeof(dsa_config)); 244 memset(&dsa_config, 0, sizeof(dsa_config));
diff --git a/src/usr.bin/openssl/dsaparam.c b/src/usr.bin/openssl/dsaparam.c
index 33bde035aa..892ae72ba1 100644
--- a/src/usr.bin/openssl/dsaparam.c
+++ b/src/usr.bin/openssl/dsaparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsaparam.c,v 1.13 2022/01/14 09:24:20 tb Exp $ */ 1/* $OpenBSD: dsaparam.c,v 1.14 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -169,11 +169,9 @@ dsaparam_main(int argc, char **argv)
169 int numbits = -1; 169 int numbits = -1;
170 char *strbits = NULL; 170 char *strbits = NULL;
171 171
172 if (single_execution) { 172 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
173 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 173 perror("pledge");
174 perror("pledge"); 174 exit(1);
175 exit(1);
176 }
177 } 175 }
178 176
179 memset(&dsaparam_config, 0, sizeof(dsaparam_config)); 177 memset(&dsaparam_config, 0, sizeof(dsaparam_config));
diff --git a/src/usr.bin/openssl/ec.c b/src/usr.bin/openssl/ec.c
index 3aa9b0c2c5..3dace88d6f 100644
--- a/src/usr.bin/openssl/ec.c
+++ b/src/usr.bin/openssl/ec.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec.c,v 1.14 2019/07/14 03:30:45 guenther Exp $ */ 1/* $OpenBSD: ec.c,v 1.15 2022/11/11 17:07:38 joshua Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -267,11 +267,9 @@ ec_main(int argc, char **argv)
267 BIO *in = NULL, *out = NULL; 267 BIO *in = NULL, *out = NULL;
268 char *passin = NULL, *passout = NULL; 268 char *passin = NULL, *passout = NULL;
269 269
270 if (single_execution) { 270 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
271 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 271 perror("pledge");
272 perror("pledge"); 272 exit(1);
273 exit(1);
274 }
275 } 273 }
276 274
277 memset(&ec_config, 0, sizeof(ec_config)); 275 memset(&ec_config, 0, sizeof(ec_config));
diff --git a/src/usr.bin/openssl/ecparam.c b/src/usr.bin/openssl/ecparam.c
index 01974a7f46..52ccc491fc 100644
--- a/src/usr.bin/openssl/ecparam.c
+++ b/src/usr.bin/openssl/ecparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecparam.c,v 1.21 2021/05/10 20:58:32 tb Exp $ */ 1/* $OpenBSD: ecparam.c,v 1.22 2022/11/11 17:07:38 joshua Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -259,11 +259,9 @@ ecparam_main(int argc, char **argv)
259 BIO *in = NULL, *out = NULL; 259 BIO *in = NULL, *out = NULL;
260 int i, ret = 1; 260 int i, ret = 1;
261 261
262 if (single_execution) { 262 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
263 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 263 perror("pledge");
264 perror("pledge"); 264 exit(1);
265 exit(1);
266 }
267 } 265 }
268 266
269 memset(&ecparam_config, 0, sizeof(ecparam_config)); 267 memset(&ecparam_config, 0, sizeof(ecparam_config));
diff --git a/src/usr.bin/openssl/enc.c b/src/usr.bin/openssl/enc.c
index 7955d9b940..5a07113f7c 100644
--- a/src/usr.bin/openssl/enc.c
+++ b/src/usr.bin/openssl/enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: enc.c,v 1.24 2021/12/07 20:13:15 tb Exp $ */ 1/* $OpenBSD: enc.c,v 1.25 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -344,11 +344,9 @@ enc_main(int argc, char **argv)
344 char pname[PROG_NAME_SIZE + 1]; 344 char pname[PROG_NAME_SIZE + 1];
345 int i; 345 int i;
346 346
347 if (single_execution) { 347 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
348 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 348 perror("pledge");
349 perror("pledge"); 349 exit(1);
350 exit(1);
351 }
352 } 350 }
353 351
354 memset(&enc_config, 0, sizeof(enc_config)); 352 memset(&enc_config, 0, sizeof(enc_config));
diff --git a/src/usr.bin/openssl/errstr.c b/src/usr.bin/openssl/errstr.c
index bb6bfc785f..4d7ba02def 100644
--- a/src/usr.bin/openssl/errstr.c
+++ b/src/usr.bin/openssl/errstr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: errstr.c,v 1.7 2019/07/14 03:30:45 guenther Exp $ */ 1/* $OpenBSD: errstr.c,v 1.8 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -98,11 +98,9 @@ errstr_main(int argc, char **argv)
98 char buf[256]; 98 char buf[256];
99 int ret = 0; 99 int ret = 0;
100 100
101 if (single_execution) { 101 if (pledge("stdio rpath", NULL) == -1) {
102 if (pledge("stdio rpath", NULL) == -1) { 102 perror("pledge");
103 perror("pledge"); 103 exit(1);
104 exit(1);
105 }
106 } 104 }
107 105
108 memset(&errstr_config, 0, sizeof(errstr_config)); 106 memset(&errstr_config, 0, sizeof(errstr_config));
diff --git a/src/usr.bin/openssl/gendh.c b/src/usr.bin/openssl/gendh.c
index c6564e047b..b4e4f29111 100644
--- a/src/usr.bin/openssl/gendh.c
+++ b/src/usr.bin/openssl/gendh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gendh.c,v 1.12 2021/11/20 18:10:48 tb Exp $ */ 1/* $OpenBSD: gendh.c,v 1.13 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -134,11 +134,9 @@ gendh_main(int argc, char **argv)
134 BIO *out = NULL; 134 BIO *out = NULL;
135 char *strbits = NULL; 135 char *strbits = NULL;
136 136
137 if (single_execution) { 137 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
138 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 138 perror("pledge");
139 perror("pledge"); 139 exit(1);
140 exit(1);
141 }
142 } 140 }
143 141
144 if ((cb = BN_GENCB_new()) == NULL) { 142 if ((cb = BN_GENCB_new()) == NULL) {
diff --git a/src/usr.bin/openssl/gendsa.c b/src/usr.bin/openssl/gendsa.c
index 6d69957e85..fa83ea2c67 100644
--- a/src/usr.bin/openssl/gendsa.c
+++ b/src/usr.bin/openssl/gendsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gendsa.c,v 1.15 2022/01/14 09:25:00 tb Exp $ */ 1/* $OpenBSD: gendsa.c,v 1.16 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -229,11 +229,9 @@ gendsa_main(int argc, char **argv)
229 char *passout = NULL; 229 char *passout = NULL;
230 BIO *out = NULL, *in = NULL; 230 BIO *out = NULL, *in = NULL;
231 231
232 if (single_execution) { 232 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
233 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 233 perror("pledge");
234 perror("pledge"); 234 exit(1);
235 exit(1);
236 }
237 } 235 }
238 236
239 memset(&gendsa_config, 0, sizeof(gendsa_config)); 237 memset(&gendsa_config, 0, sizeof(gendsa_config));
diff --git a/src/usr.bin/openssl/genpkey.c b/src/usr.bin/openssl/genpkey.c
index e2b46b7796..61b24af330 100644
--- a/src/usr.bin/openssl/genpkey.c
+++ b/src/usr.bin/openssl/genpkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: genpkey.c,v 1.13 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: genpkey.c,v 1.14 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006 3 * project 2006
4 */ 4 */
@@ -224,11 +224,9 @@ genpkey_main(int argc, char **argv)
224 char *pass = NULL; 224 char *pass = NULL;
225 int ret = 1, rv; 225 int ret = 1, rv;
226 226
227 if (single_execution) { 227 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
228 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 228 perror("pledge");
229 perror("pledge"); 229 exit(1);
230 exit(1);
231 }
232 } 230 }
233 231
234 memset(&genpkey_config, 0, sizeof(genpkey_config)); 232 memset(&genpkey_config, 0, sizeof(genpkey_config));
diff --git a/src/usr.bin/openssl/genrsa.c b/src/usr.bin/openssl/genrsa.c
index 647b691e7f..e1628a682e 100644
--- a/src/usr.bin/openssl/genrsa.c
+++ b/src/usr.bin/openssl/genrsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: genrsa.c,v 1.20 2022/10/04 15:31:02 espie Exp $ */ 1/* $OpenBSD: genrsa.c,v 1.21 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -280,11 +280,9 @@ genrsa_main(int argc, char **argv)
280 RSA *rsa = NULL; 280 RSA *rsa = NULL;
281 char *rsa_e_hex = NULL, *rsa_e_dec = NULL; 281 char *rsa_e_hex = NULL, *rsa_e_dec = NULL;
282 282
283 if (single_execution) { 283 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
284 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 284 perror("pledge");
285 perror("pledge"); 285 exit(1);
286 exit(1);
287 }
288 } 286 }
289 287
290 if ((bn = BN_new()) == NULL) 288 if ((bn = BN_new()) == NULL)
diff --git a/src/usr.bin/openssl/nseq.c b/src/usr.bin/openssl/nseq.c
index 516bde34d2..7be116e67b 100644
--- a/src/usr.bin/openssl/nseq.c
+++ b/src/usr.bin/openssl/nseq.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: nseq.c,v 1.9 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: nseq.c,v 1.10 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -109,11 +109,9 @@ nseq_main(int argc, char **argv)
109 NETSCAPE_CERT_SEQUENCE *seq = NULL; 109 NETSCAPE_CERT_SEQUENCE *seq = NULL;
110 int i, ret = 1; 110 int i, ret = 1;
111 111
112 if (single_execution) { 112 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
113 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 113 perror("pledge");
114 perror("pledge"); 114 exit(1);
115 exit(1);
116 }
117 } 115 }
118 116
119 memset(&nseq_config, 0, sizeof(nseq_config)); 117 memset(&nseq_config, 0, sizeof(nseq_config));
diff --git a/src/usr.bin/openssl/ocsp.c b/src/usr.bin/openssl/ocsp.c
index f954d9697b..026bd49b0a 100644
--- a/src/usr.bin/openssl/ocsp.c
+++ b/src/usr.bin/openssl/ocsp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ocsp.c,v 1.21 2020/10/13 18:25:35 tb Exp $ */ 1/* $OpenBSD: ocsp.c,v 1.22 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -750,11 +750,9 @@ ocsp_main(int argc, char **argv)
750 X509 *rca_cert = NULL; 750 X509 *rca_cert = NULL;
751 CA_DB *rdb = NULL; 751 CA_DB *rdb = NULL;
752 752
753 if (single_execution) { 753 if (pledge("stdio cpath wpath rpath inet dns tty", NULL) == -1) {
754 if (pledge("stdio cpath wpath rpath inet dns tty", NULL) == -1) { 754 perror("pledge");
755 perror("pledge"); 755 exit(1);
756 exit(1);
757 }
758 } 756 }
759 757
760 memset(&ocsp_config, 0, sizeof(ocsp_config)); 758 memset(&ocsp_config, 0, sizeof(ocsp_config));
diff --git a/src/usr.bin/openssl/openssl.c b/src/usr.bin/openssl/openssl.c
index 42b9b91b7a..e931b7a33e 100644
--- a/src/usr.bin/openssl/openssl.c
+++ b/src/usr.bin/openssl/openssl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: openssl.c,v 1.30 2019/11/04 15:25:54 jsing Exp $ */ 1/* $OpenBSD: openssl.c,v 1.31 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -137,8 +137,6 @@
137#define FUNC_TYPE_MD_ALG 5 137#define FUNC_TYPE_MD_ALG 5
138#define FUNC_TYPE_CIPHER_ALG 6 138#define FUNC_TYPE_CIPHER_ALG 6
139 139
140int single_execution = 0;
141
142typedef struct { 140typedef struct {
143 int type; 141 int type;
144 const char *name; 142 const char *name;
@@ -349,6 +347,7 @@ static void openssl_shutdown(void);
349 347
350static LHASH_OF(FUNCTION) *prog_init(void); 348static LHASH_OF(FUNCTION) *prog_init(void);
351static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]); 349static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]);
350static void print_help(void);
352static void list_pkey(BIO * out); 351static void list_pkey(BIO * out);
353static void list_cipher(BIO * out); 352static void list_cipher(BIO * out);
354static void list_md(BIO * out); 353static void list_md(BIO * out);
@@ -385,13 +384,8 @@ int
385main(int argc, char **argv) 384main(int argc, char **argv)
386{ 385{
387 ARGS arg; 386 ARGS arg;
388#define PROG_NAME_SIZE 39
389 char pname[PROG_NAME_SIZE + 1];
390 FUNCTION f, *fp;
391 const char *prompt;
392 char buf[1024];
393 char *to_free = NULL; 387 char *to_free = NULL;
394 int n, i, ret = 0; 388 int i, ret = 0;
395 char *p; 389 char *p;
396 LHASH_OF(FUNCTION) * prog = NULL; 390 LHASH_OF(FUNCTION) * prog = NULL;
397 long errline; 391 long errline;
@@ -453,74 +447,21 @@ main(int argc, char **argv)
453 447
454 prog = prog_init(); 448 prog = prog_init();
455 449
456 /* first check the program name */
457 program_name(argv[0], pname, sizeof pname);
458
459 f.name = pname;
460 fp = lh_FUNCTION_retrieve(prog, &f);
461 if (fp != NULL) {
462 argv[0] = pname;
463
464 single_execution = 1;
465 ret = fp->func(argc, argv);
466 goto end;
467 }
468 /* 450 /*
469 * ok, now check that there are not arguments, if there are, run with 451 * ok, now check that there are not arguments, if there are, run with
470 * them, shifting the ssleay off the front 452 * them, shifting the executable name off the front
471 */ 453 */
472 if (argc != 1) { 454 argc--;
473 argc--; 455 argv++;
474 argv++; 456
475 457 if (argc < 1) {
476 single_execution = 1; 458 print_help();
477 ret = do_cmd(prog, argc, argv);
478 if (ret < 0)
479 ret = 0;
480 goto end; 459 goto end;
481 } 460 }
482 /* ok, lets enter the old 'OpenSSL>' mode */
483 461
484 for (;;) { 462 ret = do_cmd(prog, argc, argv);
463 if (ret < 0)
485 ret = 0; 464 ret = 0;
486 p = buf;
487 n = sizeof buf;
488 i = 0;
489 for (;;) {
490 p[0] = '\0';
491 if (i++)
492 prompt = ">";
493 else
494 prompt = "OpenSSL> ";
495 fputs(prompt, stdout);
496 fflush(stdout);
497 if (!fgets(p, n, stdin))
498 goto end;
499 if (p[0] == '\0')
500 goto end;
501 i = strlen(p);
502 if (i <= 1)
503 break;
504 if (p[i - 2] != '\\')
505 break;
506 i -= 2;
507 p += i;
508 n -= i;
509 }
510 if (!chopup_args(&arg, buf, &argc, &argv))
511 break;
512
513 ret = do_cmd(prog, argc, argv);
514 if (ret < 0) {
515 ret = 0;
516 goto end;
517 }
518 if (ret != 0)
519 BIO_printf(bio_err, "error in %s\n", argv[0]);
520 (void) BIO_flush(bio_err);
521 }
522 BIO_printf(bio_err, "bad exit\n");
523 ret = 1;
524 465
525 end: 466 end:
526 free(to_free); 467 free(to_free);
@@ -554,7 +495,7 @@ static int
554do_cmd(LHASH_OF(FUNCTION) * prog, int argc, char *argv[]) 495do_cmd(LHASH_OF(FUNCTION) * prog, int argc, char *argv[])
555{ 496{
556 FUNCTION f, *fp; 497 FUNCTION f, *fp;
557 int i, ret = 1, tp, nl; 498 int ret = 1;
558 499
559 if ((argc <= 0) || (argv[0] == NULL)) { 500 if ((argc <= 0) || (argv[0] == NULL)) {
560 ret = 0; 501 ret = 0;
@@ -585,12 +526,6 @@ do_cmd(LHASH_OF(FUNCTION) * prog, int argc, char *argv[])
585 BIO_printf(bio_stdout, "%s\n", argv[0] + 3); 526 BIO_printf(bio_stdout, "%s\n", argv[0] + 3);
586 BIO_free_all(bio_stdout); 527 BIO_free_all(bio_stdout);
587 goto end; 528 goto end;
588 } else if ((strcmp(argv[0], "quit") == 0) ||
589 (strcmp(argv[0], "q") == 0) ||
590 (strcmp(argv[0], "exit") == 0) ||
591 (strcmp(argv[0], "bye") == 0)) {
592 ret = -1;
593 goto end;
594 } else if ((strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0) || 529 } else if ((strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0) ||
595 (strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0) || 530 (strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
596 (strcmp(argv[0], LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) || 531 (strcmp(argv[0], LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) ||
@@ -633,44 +568,54 @@ do_cmd(LHASH_OF(FUNCTION) * prog, int argc, char *argv[])
633 BIO_printf(bio_err, 568 BIO_printf(bio_err,
634 "openssl:Error: '%s' is an invalid command.\n", 569 "openssl:Error: '%s' is an invalid command.\n",
635 argv[0]); 570 argv[0]);
636 BIO_printf(bio_err, "\nStandard commands"); 571 print_help();
637 i = 0; 572 ret = 0;
638 tp = 0; 573 }
639 for (fp = functions; fp->name != NULL; fp++) { 574 end:
640 nl = 0; 575 return (ret);
576}
577
578static void
579print_help(void)
580{
581 FUNCTION *fp;
582 int i = 0;
583 int tp = 0;
584 int nl;
585
586 BIO_printf(bio_err, "\nStandard commands");
587 for (fp = functions; fp->name != NULL; fp++) {
588 nl = 0;
641#ifdef OPENSSL_NO_CAMELLIA 589#ifdef OPENSSL_NO_CAMELLIA
642 if (((i++) % 5) == 0) 590 if (((i++) % 5) == 0)
643#else 591#else
644 if (((i++) % 4) == 0) 592 if (((i++) % 4) == 0)
645#endif 593#endif
646 { 594 {
595 BIO_printf(bio_err, "\n");
596 nl = 1;
597 }
598 if (fp->type != tp) {
599 tp = fp->type;
600 if (!nl)
647 BIO_printf(bio_err, "\n"); 601 BIO_printf(bio_err, "\n");
648 nl = 1; 602 if (tp == FUNC_TYPE_MD) {
649 } 603 i = 1;
650 if (fp->type != tp) { 604 BIO_printf(bio_err,
651 tp = fp->type; 605 "\nMessage Digest commands (see the `dgst' command for more details)\n");
652 if (!nl) 606 } else if (tp == FUNC_TYPE_CIPHER) {
653 BIO_printf(bio_err, "\n"); 607 i = 1;
654 if (tp == FUNC_TYPE_MD) { 608 BIO_printf(bio_err, "\nCipher commands (see the `enc' command for more details)\n");
655 i = 1;
656 BIO_printf(bio_err,
657 "\nMessage Digest commands (see the `dgst' command for more details)\n");
658 } else if (tp == FUNC_TYPE_CIPHER) {
659 i = 1;
660 BIO_printf(bio_err, "\nCipher commands (see the `enc' command for more details)\n");
661 }
662 } 609 }
610 }
663#ifdef OPENSSL_NO_CAMELLIA 611#ifdef OPENSSL_NO_CAMELLIA
664 BIO_printf(bio_err, "%-15s", fp->name); 612 BIO_printf(bio_err, "%-15s", fp->name);
665#else 613#else
666 BIO_printf(bio_err, "%-18s", fp->name); 614 BIO_printf(bio_err, "%-18s", fp->name);
667#endif 615#endif
668 }
669 BIO_printf(bio_err, "\n\n");
670 ret = 0;
671 } 616 }
672 end: 617
673 return (ret); 618 BIO_printf(bio_err, "\n\n");
674} 619}
675 620
676static int 621static int
diff --git a/src/usr.bin/openssl/passwd.c b/src/usr.bin/openssl/passwd.c
index 11b43d653a..f05751f165 100644
--- a/src/usr.bin/openssl/passwd.c
+++ b/src/usr.bin/openssl/passwd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: passwd.c,v 1.12 2021/12/12 20:40:25 tb Exp $ */ 1/* $OpenBSD: passwd.c,v 1.13 2022/11/11 17:07:39 joshua Exp $ */
2 2
3#if defined OPENSSL_NO_MD5 3#if defined OPENSSL_NO_MD5
4#define NO_MD5CRYPT_1 4#define NO_MD5CRYPT_1
@@ -145,11 +145,9 @@ passwd_main(int argc, char **argv)
145 int argsused; 145 int argsused;
146 int ret = 1; 146 int ret = 1;
147 147
148 if (single_execution) { 148 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
149 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 149 perror("pledge");
150 perror("pledge"); 150 exit(1);
151 exit(1);
152 }
153 } 151 }
154 152
155 memset(&passwd_config, 0, sizeof(passwd_config)); 153 memset(&passwd_config, 0, sizeof(passwd_config));
diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c
index fb8a1f0ea4..6e671e9275 100644
--- a/src/usr.bin/openssl/pkcs12.c
+++ b/src/usr.bin/openssl/pkcs12.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs12.c,v 1.23 2022/09/14 16:31:36 tb Exp $ */ 1/* $OpenBSD: pkcs12.c,v 1.24 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -536,11 +536,9 @@ pkcs12_main(int argc, char **argv)
536 char *cpass = NULL, *mpass = NULL; 536 char *cpass = NULL, *mpass = NULL;
537 char *passin = NULL, *passout = NULL; 537 char *passin = NULL, *passout = NULL;
538 538
539 if (single_execution) { 539 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
540 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 540 perror("pledge");
541 perror("pledge"); 541 exit(1);
542 exit(1);
543 }
544 } 542 }
545 543
546 memset(&pkcs12_config, 0, sizeof(pkcs12_config)); 544 memset(&pkcs12_config, 0, sizeof(pkcs12_config));
diff --git a/src/usr.bin/openssl/pkcs7.c b/src/usr.bin/openssl/pkcs7.c
index 4c184911c9..4f0c529424 100644
--- a/src/usr.bin/openssl/pkcs7.c
+++ b/src/usr.bin/openssl/pkcs7.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs7.c,v 1.11 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: pkcs7.c,v 1.12 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -154,11 +154,9 @@ pkcs7_main(int argc, char **argv)
154 int ret = 1; 154 int ret = 1;
155 int i; 155 int i;
156 156
157 if (single_execution) { 157 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
158 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 158 perror("pledge");
159 perror("pledge"); 159 exit(1);
160 exit(1);
161 }
162 } 160 }
163 161
164 memset(&pkcs7_config, 0, sizeof(pkcs7_config)); 162 memset(&pkcs7_config, 0, sizeof(pkcs7_config));
diff --git a/src/usr.bin/openssl/pkcs8.c b/src/usr.bin/openssl/pkcs8.c
index 0629b20c37..ea12230006 100644
--- a/src/usr.bin/openssl/pkcs8.c
+++ b/src/usr.bin/openssl/pkcs8.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs8.c,v 1.14 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: pkcs8.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999-2004. 3 * project 1999-2004.
4 */ 4 */
@@ -203,11 +203,9 @@ pkcs8_main(int argc, char **argv)
203 char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; 203 char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
204 int ret = 1; 204 int ret = 1;
205 205
206 if (single_execution) { 206 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
207 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 207 perror("pledge");
208 perror("pledge"); 208 exit(1);
209 exit(1);
210 }
211 } 209 }
212 210
213 memset(&pkcs8_config, 0, sizeof(pkcs8_config)); 211 memset(&pkcs8_config, 0, sizeof(pkcs8_config));
diff --git a/src/usr.bin/openssl/pkey.c b/src/usr.bin/openssl/pkey.c
index dcddd976b4..2d9b69f5c3 100644
--- a/src/usr.bin/openssl/pkey.c
+++ b/src/usr.bin/openssl/pkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkey.c,v 1.17 2022/01/14 10:17:30 tb Exp $ */ 1/* $OpenBSD: pkey.c,v 1.18 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006 3 * project 2006
4 */ 4 */
@@ -221,11 +221,9 @@ pkey_main(int argc, char **argv)
221 char *passin = NULL, *passout = NULL; 221 char *passin = NULL, *passout = NULL;
222 int ret = 1; 222 int ret = 1;
223 223
224 if (single_execution) { 224 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
225 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 225 perror("pledge");
226 perror("pledge"); 226 exit(1);
227 exit(1);
228 }
229 } 227 }
230 228
231 memset(&pkey_config, 0, sizeof(pkey_config)); 229 memset(&pkey_config, 0, sizeof(pkey_config));
diff --git a/src/usr.bin/openssl/pkeyparam.c b/src/usr.bin/openssl/pkeyparam.c
index 924c39eddb..9c519e31a6 100644
--- a/src/usr.bin/openssl/pkeyparam.c
+++ b/src/usr.bin/openssl/pkeyparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkeyparam.c,v 1.14 2022/01/14 10:17:30 tb Exp $ */ 1/* $OpenBSD: pkeyparam.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006 3 * project 2006
4 */ 4 */
@@ -125,11 +125,9 @@ pkeyparam_main(int argc, char **argv)
125 EVP_PKEY *pkey = NULL; 125 EVP_PKEY *pkey = NULL;
126 int ret = 1; 126 int ret = 1;
127 127
128 if (single_execution) { 128 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
129 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 129 perror("pledge");
130 perror("pledge"); 130 exit(1);
131 exit(1);
132 }
133 } 131 }
134 132
135 memset(&pkeyparam_config, 0, sizeof(pkeyparam_config)); 133 memset(&pkeyparam_config, 0, sizeof(pkeyparam_config));
diff --git a/src/usr.bin/openssl/pkeyutl.c b/src/usr.bin/openssl/pkeyutl.c
index 09a1a9755f..d92aa161fb 100644
--- a/src/usr.bin/openssl/pkeyutl.c
+++ b/src/usr.bin/openssl/pkeyutl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkeyutl.c,v 1.16 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: pkeyutl.c,v 1.17 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -263,11 +263,9 @@ pkeyutl_main(int argc, char **argv)
263 263
264 int ret = 1, rv = -1; 264 int ret = 1, rv = -1;
265 265
266 if (single_execution) { 266 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
267 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 267 perror("pledge");
268 perror("pledge"); 268 exit(1);
269 exit(1);
270 }
271 } 269 }
272 270
273 memset(&pkeyutl_config, 0, sizeof(pkeyutl_config)); 271 memset(&pkeyutl_config, 0, sizeof(pkeyutl_config));
diff --git a/src/usr.bin/openssl/prime.c b/src/usr.bin/openssl/prime.c
index ee0c342980..d27b234e61 100644
--- a/src/usr.bin/openssl/prime.c
+++ b/src/usr.bin/openssl/prime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: prime.c,v 1.13 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: prime.c,v 1.14 2022/11/11 17:07:39 joshua Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -118,11 +118,9 @@ prime_main(int argc, char **argv)
118 char *s; 118 char *s;
119 int is_prime, ret = 1; 119 int is_prime, ret = 1;
120 120
121 if (single_execution) { 121 if (pledge("stdio rpath", NULL) == -1) {
122 if (pledge("stdio rpath", NULL) == -1) { 122 perror("pledge");
123 perror("pledge"); 123 exit(1);
124 exit(1);
125 }
126 } 124 }
127 125
128 memset(&prime_config, 0, sizeof(prime_config)); 126 memset(&prime_config, 0, sizeof(prime_config));
diff --git a/src/usr.bin/openssl/rand.c b/src/usr.bin/openssl/rand.c
index fb639e3bc5..6e67cf28e7 100644
--- a/src/usr.bin/openssl/rand.c
+++ b/src/usr.bin/openssl/rand.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rand.c,v 1.14 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: rand.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -109,11 +109,9 @@ rand_main(int argc, char **argv)
109 int i, r; 109 int i, r;
110 BIO *out = NULL; 110 BIO *out = NULL;
111 111
112 if (single_execution) { 112 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
113 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 113 perror("pledge");
114 perror("pledge"); 114 exit(1);
115 exit(1);
116 }
117 } 115 }
118 116
119 memset(&rand_config, 0, sizeof(rand_config)); 117 memset(&rand_config, 0, sizeof(rand_config));
diff --git a/src/usr.bin/openssl/req.c b/src/usr.bin/openssl/req.c
index 6d74ca0e36..abf1c53e1f 100644
--- a/src/usr.bin/openssl/req.c
+++ b/src/usr.bin/openssl/req.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: req.c,v 1.23 2022/02/03 17:44:04 tb Exp $ */ 1/* $OpenBSD: req.c,v 1.24 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -563,11 +563,9 @@ req_main(int argc, char **argv)
563 const EVP_MD *md_alg = NULL; 563 const EVP_MD *md_alg = NULL;
564 char *p; 564 char *p;
565 565
566 if (single_execution) { 566 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
567 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 567 perror("pledge");
568 perror("pledge"); 568 exit(1);
569 exit(1);
570 }
571 } 569 }
572 570
573 memset(&req_config, 0, sizeof(req_config)); 571 memset(&req_config, 0, sizeof(req_config));
diff --git a/src/usr.bin/openssl/rsa.c b/src/usr.bin/openssl/rsa.c
index acc05ee0a4..bdd263ce7c 100644
--- a/src/usr.bin/openssl/rsa.c
+++ b/src/usr.bin/openssl/rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa.c,v 1.16 2022/01/14 09:26:41 tb Exp $ */ 1/* $OpenBSD: rsa.c,v 1.17 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -255,11 +255,9 @@ rsa_main(int argc, char **argv)
255 BIO *out = NULL; 255 BIO *out = NULL;
256 char *passin = NULL, *passout = NULL; 256 char *passin = NULL, *passout = NULL;
257 257
258 if (single_execution) { 258 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
259 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 259 perror("pledge");
260 perror("pledge"); 260 exit(1);
261 exit(1);
262 }
263 } 261 }
264 262
265 memset(&rsa_config, 0, sizeof(rsa_config)); 263 memset(&rsa_config, 0, sizeof(rsa_config));
diff --git a/src/usr.bin/openssl/rsautl.c b/src/usr.bin/openssl/rsautl.c
index 06d7a81ae0..c3af915635 100644
--- a/src/usr.bin/openssl/rsautl.c
+++ b/src/usr.bin/openssl/rsautl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsautl.c,v 1.18 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: rsautl.c,v 1.19 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -244,11 +244,9 @@ rsautl_main(int argc, char **argv)
244 int keysize; 244 int keysize;
245 int ret = 1; 245 int ret = 1;
246 246
247 if (single_execution) { 247 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
248 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 248 perror("pledge");
249 perror("pledge"); 249 exit(1);
250 exit(1);
251 }
252 } 250 }
253 251
254 memset(&rsautl_config, 0, sizeof(rsautl_config)); 252 memset(&rsautl_config, 0, sizeof(rsautl_config));
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index 15ebb0c0a7..41f6502325 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_client.c,v 1.58 2022/02/03 17:44:04 tb Exp $ */ 1/* $OpenBSD: s_client.c,v 1.59 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -923,11 +923,9 @@ s_client_main(int argc, char **argv)
923 struct sockaddr_storage peer; 923 struct sockaddr_storage peer;
924 int peerlen = sizeof(peer); 924 int peerlen = sizeof(peer);
925 925
926 if (single_execution) { 926 if (pledge("stdio cpath wpath rpath inet dns tty", NULL) == -1) {
927 if (pledge("stdio cpath wpath rpath inet dns tty", NULL) == -1) { 927 perror("pledge");
928 perror("pledge"); 928 exit(1);
929 exit(1);
930 }
931 } 929 }
932 930
933 memset(&s_client_config, 0, sizeof(s_client_config)); 931 memset(&s_client_config, 0, sizeof(s_client_config));
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index 9b06856ac9..adf98451ec 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_server.c,v 1.54 2021/12/06 11:06:58 tb Exp $ */ 1/* $OpenBSD: s_server.c,v 1.55 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1081,11 +1081,9 @@ s_server_main(int argc, char *argv[])
1081 X509 *s_cert2 = NULL; 1081 X509 *s_cert2 = NULL;
1082 tlsextalpnctx alpn_ctx = { NULL, 0 }; 1082 tlsextalpnctx alpn_ctx = { NULL, 0 };
1083 1083
1084 if (single_execution) { 1084 if (pledge("stdio rpath inet dns tty", NULL) == -1) {
1085 if (pledge("stdio rpath inet dns tty", NULL) == -1) { 1085 perror("pledge");
1086 perror("pledge"); 1086 exit(1);
1087 exit(1);
1088 }
1089 } 1087 }
1090 1088
1091 memset(&s_server_config, 0, sizeof(s_server_config)); 1089 memset(&s_server_config, 0, sizeof(s_server_config));
diff --git a/src/usr.bin/openssl/s_time.c b/src/usr.bin/openssl/s_time.c
index 92fdb59aa0..7e3cee8425 100644
--- a/src/usr.bin/openssl/s_time.c
+++ b/src/usr.bin/openssl/s_time.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_time.c,v 1.35 2022/08/31 12:29:08 tb Exp $ */ 1/* $OpenBSD: s_time.c,v 1.36 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -236,11 +236,9 @@ s_time_main(int argc, char **argv)
236{ 236{
237 int ret = 1; 237 int ret = 1;
238 238
239 if (single_execution) { 239 if (pledge("stdio rpath inet dns", NULL) == -1) {
240 if (pledge("stdio rpath inet dns", NULL) == -1) { 240 perror("pledge");
241 perror("pledge"); 241 exit(1);
242 exit(1);
243 }
244 } 242 }
245 243
246 s_time_meth = TLS_client_method(); 244 s_time_meth = TLS_client_method();
diff --git a/src/usr.bin/openssl/sess_id.c b/src/usr.bin/openssl/sess_id.c
index d8a2bf272f..4533cf15ca 100644
--- a/src/usr.bin/openssl/sess_id.c
+++ b/src/usr.bin/openssl/sess_id.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sess_id.c,v 1.10 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: sess_id.c,v 1.11 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -158,11 +158,9 @@ sess_id_main(int argc, char **argv)
158 int ret = 1, i; 158 int ret = 1, i;
159 BIO *out = NULL; 159 BIO *out = NULL;
160 160
161 if (single_execution) { 161 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
162 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 162 perror("pledge");
163 perror("pledge"); 163 exit(1);
164 exit(1);
165 }
166 } 164 }
167 165
168 memset(&sess_id_config, 0, sizeof(sess_id_config)); 166 memset(&sess_id_config, 0, sizeof(sess_id_config));
diff --git a/src/usr.bin/openssl/smime.c b/src/usr.bin/openssl/smime.c
index 2503177f0f..37375c1600 100644
--- a/src/usr.bin/openssl/smime.c
+++ b/src/usr.bin/openssl/smime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: smime.c,v 1.17 2022/01/16 07:12:28 inoguchi Exp $ */ 1/* $OpenBSD: smime.c,v 1.18 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -722,11 +722,9 @@ smime_main(int argc, char **argv)
722 int badarg = 0; 722 int badarg = 0;
723 char *passin = NULL; 723 char *passin = NULL;
724 724
725 if (single_execution) { 725 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
726 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 726 perror("pledge");
727 perror("pledge"); 727 exit(1);
728 exit(1);
729 }
730 } 728 }
731 729
732 memset(&smime_config, 0, sizeof(smime_config)); 730 memset(&smime_config, 0, sizeof(smime_config));
diff --git a/src/usr.bin/openssl/speed.c b/src/usr.bin/openssl/speed.c
index f3e9fdc076..1db42ca4f5 100644
--- a/src/usr.bin/openssl/speed.c
+++ b/src/usr.bin/openssl/speed.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: speed.c,v 1.28 2022/01/14 09:27:30 tb Exp $ */ 1/* $OpenBSD: speed.c,v 1.29 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -469,11 +469,9 @@ speed_main(int argc, char **argv)
469 int multi = 0; 469 int multi = 0;
470 const char *errstr = NULL; 470 const char *errstr = NULL;
471 471
472 if (single_execution) { 472 if (pledge("stdio proc", NULL) == -1) {
473 if (pledge("stdio proc", NULL) == -1) { 473 perror("pledge");
474 perror("pledge"); 474 exit(1);
475 exit(1);
476 }
477 } 475 }
478 476
479 usertime = -1; 477 usertime = -1;
diff --git a/src/usr.bin/openssl/spkac.c b/src/usr.bin/openssl/spkac.c
index 7fd8523c01..3a45d5d4bc 100644
--- a/src/usr.bin/openssl/spkac.c
+++ b/src/usr.bin/openssl/spkac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: spkac.c,v 1.11 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: spkac.c,v 1.12 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. Based on an original idea by Massimiliano Pala 3 * project 1999. Based on an original idea by Massimiliano Pala
4 * (madwolf@openca.org). 4 * (madwolf@openca.org).
@@ -181,11 +181,9 @@ spkac_main(int argc, char **argv)
181 NETSCAPE_SPKI *spki = NULL; 181 NETSCAPE_SPKI *spki = NULL;
182 EVP_PKEY *pkey = NULL; 182 EVP_PKEY *pkey = NULL;
183 183
184 if (single_execution) { 184 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
185 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 185 perror("pledge");
186 perror("pledge"); 186 exit(1);
187 exit(1);
188 }
189 } 187 }
190 188
191 memset(&spkac_config, 0, sizeof(spkac_config)); 189 memset(&spkac_config, 0, sizeof(spkac_config));
diff --git a/src/usr.bin/openssl/ts.c b/src/usr.bin/openssl/ts.c
index 24301b69a5..05387de130 100644
--- a/src/usr.bin/openssl/ts.c
+++ b/src/usr.bin/openssl/ts.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts.c,v 1.24 2022/09/11 18:08:17 tb Exp $ */ 1/* $OpenBSD: ts.c,v 1.25 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL 2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3 * project 2002. 3 * project 2002.
4 */ 4 */
@@ -377,11 +377,9 @@ ts_main(int argc, char **argv)
377 CONF *conf = NULL; 377 CONF *conf = NULL;
378 char *password = NULL; /* Password itself. */ 378 char *password = NULL; /* Password itself. */
379 379
380 if (single_execution) { 380 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
381 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 381 perror("pledge");
382 perror("pledge"); 382 exit(1);
383 exit(1);
384 }
385 } 383 }
386 384
387 memset(&ts_config, 0, sizeof(ts_config)); 385 memset(&ts_config, 0, sizeof(ts_config));
diff --git a/src/usr.bin/openssl/verify.c b/src/usr.bin/openssl/verify.c
index dd321761d3..b42dd2f243 100644
--- a/src/usr.bin/openssl/verify.c
+++ b/src/usr.bin/openssl/verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: verify.c,v 1.14 2021/02/15 17:57:58 jsing Exp $ */ 1/* $OpenBSD: verify.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -268,11 +268,9 @@ verify_main(int argc, char **argv)
268 int argsused; 268 int argsused;
269 int ret = 1; 269 int ret = 1;
270 270
271 if (single_execution) { 271 if (pledge("stdio rpath", NULL) == -1) {
272 if (pledge("stdio rpath", NULL) == -1) { 272 perror("pledge");
273 perror("pledge"); 273 exit(1);
274 exit(1);
275 }
276 } 274 }
277 275
278 memset(&verify_config, 0, sizeof(verify_config)); 276 memset(&verify_config, 0, sizeof(verify_config));
diff --git a/src/usr.bin/openssl/version.c b/src/usr.bin/openssl/version.c
index 374e0d0c4a..038774ad0c 100644
--- a/src/usr.bin/openssl/version.c
+++ b/src/usr.bin/openssl/version.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: version.c,v 1.9 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: version.c,v 1.10 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -213,11 +213,9 @@ version_usage(void)
213int 213int
214version_main(int argc, char **argv) 214version_main(int argc, char **argv)
215{ 215{
216 if (single_execution) { 216 if (pledge("stdio", NULL) == -1) {
217 if (pledge("stdio", NULL) == -1) { 217 perror("pledge");
218 perror("pledge"); 218 exit(1);
219 exit(1);
220 }
221 } 219 }
222 220
223 memset(&version_config, 0, sizeof(version_config)); 221 memset(&version_config, 0, sizeof(version_config));
diff --git a/src/usr.bin/openssl/x509.c b/src/usr.bin/openssl/x509.c
index c777ee9b74..e1c69c6798 100644
--- a/src/usr.bin/openssl/x509.c
+++ b/src/usr.bin/openssl/x509.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509.c,v 1.29 2021/12/12 20:34:04 tb Exp $ */ 1/* $OpenBSD: x509.c,v 1.30 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -735,11 +735,9 @@ x509_main(int argc, char **argv)
735 CONF *extconf = NULL; 735 CONF *extconf = NULL;
736 char *passin = NULL; 736 char *passin = NULL;
737 737
738 if (single_execution) { 738 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
739 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 739 perror("pledge");
740 perror("pledge"); 740 exit(1);
741 exit(1);
742 }
743 } 741 }
744 742
745 memset(&x509_config, 0, sizeof(x509_config)); 743 memset(&x509_config, 0, sizeof(x509_config));
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 12:43:35 +0000