summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/usr.bin/openssl/asn1pars.c10
-rw-r--r--src/usr.bin/openssl/ca.c10
-rw-r--r--src/usr.bin/openssl/certhash.c10
-rw-r--r--src/usr.bin/openssl/ciphers.c10
-rw-r--r--src/usr.bin/openssl/cms.c10
-rw-r--r--src/usr.bin/openssl/crl.c10
-rw-r--r--src/usr.bin/openssl/crl2p7.c10
-rw-r--r--src/usr.bin/openssl/dgst.c10
-rw-r--r--src/usr.bin/openssl/dh.c10
-rw-r--r--src/usr.bin/openssl/dhparam.c10
-rw-r--r--src/usr.bin/openssl/dsa.c10
-rw-r--r--src/usr.bin/openssl/dsaparam.c10
-rw-r--r--src/usr.bin/openssl/ec.c10
-rw-r--r--src/usr.bin/openssl/ecparam.c10
-rw-r--r--src/usr.bin/openssl/enc.c10
-rw-r--r--src/usr.bin/openssl/errstr.c10
-rw-r--r--src/usr.bin/openssl/gendh.c10
-rw-r--r--src/usr.bin/openssl/gendsa.c10
-rw-r--r--src/usr.bin/openssl/genpkey.c10
-rw-r--r--src/usr.bin/openssl/genrsa.c10
-rw-r--r--src/usr.bin/openssl/nseq.c10
-rw-r--r--src/usr.bin/openssl/ocsp.c10
-rw-r--r--src/usr.bin/openssl/openssl.c157
-rw-r--r--src/usr.bin/openssl/passwd.c10
-rw-r--r--src/usr.bin/openssl/pkcs12.c10
-rw-r--r--src/usr.bin/openssl/pkcs7.c10
-rw-r--r--src/usr.bin/openssl/pkcs8.c10
-rw-r--r--src/usr.bin/openssl/pkey.c10
-rw-r--r--src/usr.bin/openssl/pkeyparam.c10
-rw-r--r--src/usr.bin/openssl/pkeyutl.c10
-rw-r--r--src/usr.bin/openssl/prime.c10
-rw-r--r--src/usr.bin/openssl/rand.c10
-rw-r--r--src/usr.bin/openssl/req.c10
-rw-r--r--src/usr.bin/openssl/rsa.c10
-rw-r--r--src/usr.bin/openssl/rsautl.c10
-rw-r--r--src/usr.bin/openssl/s_client.c10
-rw-r--r--src/usr.bin/openssl/s_server.c10
-rw-r--r--src/usr.bin/openssl/s_time.c10
-rw-r--r--src/usr.bin/openssl/sess_id.c10
-rw-r--r--src/usr.bin/openssl/smime.c10
-rw-r--r--src/usr.bin/openssl/speed.c10
-rw-r--r--src/usr.bin/openssl/spkac.c10
-rw-r--r--src/usr.bin/openssl/ts.c10
-rw-r--r--src/usr.bin/openssl/verify.c10
-rw-r--r--src/usr.bin/openssl/version.c10
-rw-r--r--src/usr.bin/openssl/x509.c10
46 files changed, 231 insertions, 376 deletions
diff --git a/src/usr.bin/openssl/asn1pars.c b/src/usr.bin/openssl/asn1pars.c
index 38d12f61fc..6f7fa18512 100644
--- a/src/usr.bin/openssl/asn1pars.c
+++ b/src/usr.bin/openssl/asn1pars.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: asn1pars.c,v 1.11 2022/01/12 22:55:51 tb Exp $ */ 1/* $OpenBSD: asn1pars.c,v 1.12 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -247,11 +247,9 @@ asn1parse_main(int argc, char **argv)
247 BUF_MEM *buf = NULL; 247 BUF_MEM *buf = NULL;
248 ASN1_TYPE *at = NULL; 248 ASN1_TYPE *at = NULL;
249 249
250 if (single_execution) { 250 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
251 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 251 perror("pledge");
252 perror("pledge"); 252 exit(1);
253 exit(1);
254 }
255 } 253 }
256 254
257 memset(&asn1pars_config, 0, sizeof(asn1pars_config)); 255 memset(&asn1pars_config, 0, sizeof(asn1pars_config));
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index bbc5403e3c..e13354f4af 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ca.c,v 1.53 2022/02/03 17:44:04 tb Exp $ */ 1/* $OpenBSD: ca.c,v 1.54 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -685,11 +685,9 @@ ca_main(int argc, char **argv)
685 char *tofree = NULL; 685 char *tofree = NULL;
686 DB_ATTR db_attr; 686 DB_ATTR db_attr;
687 687
688 if (single_execution) { 688 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
689 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 689 perror("pledge");
690 perror("pledge"); 690 exit(1);
691 exit(1);
692 }
693 } 691 }
694 692
695 memset(&ca_config, 0, sizeof(ca_config)); 693 memset(&ca_config, 0, sizeof(ca_config));
diff --git a/src/usr.bin/openssl/certhash.c b/src/usr.bin/openssl/certhash.c
index a4417a2b26..785f1216ad 100644
--- a/src/usr.bin/openssl/certhash.c
+++ b/src/usr.bin/openssl/certhash.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: certhash.c,v 1.19 2021/10/23 08:13:48 tb Exp $ */ 1/* $OpenBSD: certhash.c,v 1.20 2022/11/11 17:07:38 joshua Exp $ */
2/* 2/*
3 * Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -653,11 +653,9 @@ certhash_main(int argc, char **argv)
653 int argsused; 653 int argsused;
654 int i, cwdfd, ret = 0; 654 int i, cwdfd, ret = 0;
655 655
656 if (single_execution) { 656 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
657 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 657 perror("pledge");
658 perror("pledge"); 658 exit(1);
659 exit(1);
660 }
661 } 659 }
662 660
663 memset(&certhash_config, 0, sizeof(certhash_config)); 661 memset(&certhash_config, 0, sizeof(certhash_config));
diff --git a/src/usr.bin/openssl/ciphers.c b/src/usr.bin/openssl/ciphers.c
index 583db1167b..eb63a35890 100644
--- a/src/usr.bin/openssl/ciphers.c
+++ b/src/usr.bin/openssl/ciphers.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ciphers.c,v 1.15 2022/07/19 20:15:19 tb Exp $ */ 1/* $OpenBSD: ciphers.c,v 1.16 2022/11/11 17:07:38 joshua Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -114,11 +114,9 @@ ciphers_main(int argc, char **argv)
114 int i, rv = 0; 114 int i, rv = 0;
115 char *desc; 115 char *desc;
116 116
117 if (single_execution) { 117 if (pledge("stdio rpath", NULL) == -1) {
118 if (pledge("stdio rpath", NULL) == -1) { 118 perror("pledge");
119 perror("pledge"); 119 exit(1);
120 exit(1);
121 }
122 } 120 }
123 121
124 memset(&ciphers_config, 0, sizeof(ciphers_config)); 122 memset(&ciphers_config, 0, sizeof(ciphers_config));
diff --git a/src/usr.bin/openssl/cms.c b/src/usr.bin/openssl/cms.c
index a3004e8af3..e3f4aaf3a8 100644
--- a/src/usr.bin/openssl/cms.c
+++ b/src/usr.bin/openssl/cms.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms.c,v 1.30 2022/03/23 15:16:59 tb Exp $ */ 1/* $OpenBSD: cms.c,v 1.31 2022/11/11 17:07:38 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -1165,11 +1165,9 @@ cms_main(int argc, char **argv)
1165 char *passin = NULL; 1165 char *passin = NULL;
1166 unsigned char *pwri_tmp = NULL; 1166 unsigned char *pwri_tmp = NULL;
1167 1167
1168 if (single_execution) { 1168 if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
1169 if (pledge("stdio rpath wpath cpath tty", NULL) == -1) { 1169 perror("pledge");
1170 perror("pledge"); 1170 exit(1);
1171 exit(1);
1172 }
1173 } 1171 }
1174 1172
1175 memset(&cms_config, 0, sizeof(cms_config)); 1173 memset(&cms_config, 0, sizeof(cms_config));
diff --git a/src/usr.bin/openssl/crl.c b/src/usr.bin/openssl/crl.c
index 031360854c..6b7bc5b72e 100644
--- a/src/usr.bin/openssl/crl.c
+++ b/src/usr.bin/openssl/crl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: crl.c,v 1.15 2021/10/31 16:47:27 tb Exp $ */ 1/* $OpenBSD: crl.c,v 1.16 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -230,11 +230,9 @@ crl_main(int argc, char **argv)
230 const EVP_MD *digest; 230 const EVP_MD *digest;
231 char *digest_name = NULL; 231 char *digest_name = NULL;
232 232
233 if (single_execution) { 233 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
234 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 234 perror("pledge");
235 perror("pledge"); 235 exit(1);
236 exit(1);
237 }
238 } 236 }
239 237
240 if (bio_out == NULL) { 238 if (bio_out == NULL) {
diff --git a/src/usr.bin/openssl/crl2p7.c b/src/usr.bin/openssl/crl2p7.c
index 8e5bf6a436..0b0eae2a99 100644
--- a/src/usr.bin/openssl/crl2p7.c
+++ b/src/usr.bin/openssl/crl2p7.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: crl2p7.c,v 1.9 2019/07/14 03:30:45 guenther Exp $ */ 1/* $OpenBSD: crl2p7.c,v 1.10 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -169,11 +169,9 @@ crl2pkcs7_main(int argc, char **argv)
169 STACK_OF(X509) *cert_stack = NULL; 169 STACK_OF(X509) *cert_stack = NULL;
170 int ret = 1; 170 int ret = 1;
171 171
172 if (single_execution) { 172 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
173 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 173 perror("pledge");
174 perror("pledge"); 174 exit(1);
175 exit(1);
176 }
177 } 175 }
178 176
179 memset(&crl2p7_config, 0, sizeof(crl2p7_config)); 177 memset(&crl2p7_config, 0, sizeof(crl2p7_config));
diff --git a/src/usr.bin/openssl/dgst.c b/src/usr.bin/openssl/dgst.c
index 689591cd22..d29bc6f98c 100644
--- a/src/usr.bin/openssl/dgst.c
+++ b/src/usr.bin/openssl/dgst.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dgst.c,v 1.19 2022/01/14 09:28:07 tb Exp $ */ 1/* $OpenBSD: dgst.c,v 1.20 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -338,11 +338,9 @@ dgst_main(int argc, char **argv)
338 int siglen = 0; 338 int siglen = 0;
339 char *passin = NULL; 339 char *passin = NULL;
340 340
341 if (single_execution) { 341 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
342 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 342 perror("pledge");
343 perror("pledge"); 343 exit(1);
344 exit(1);
345 }
346 } 344 }
347 345
348 if ((buf = malloc(BUFSIZE)) == NULL) { 346 if ((buf = malloc(BUFSIZE)) == NULL) {
diff --git a/src/usr.bin/openssl/dh.c b/src/usr.bin/openssl/dh.c
index c2c5d689e1..200233c0f2 100644
--- a/src/usr.bin/openssl/dh.c
+++ b/src/usr.bin/openssl/dh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.c,v 1.13 2022/01/14 09:21:54 tb Exp $ */ 1/* $OpenBSD: dh.c,v 1.14 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -158,11 +158,9 @@ dh_main(int argc, char **argv)
158 BIO *in = NULL, *out = NULL; 158 BIO *in = NULL, *out = NULL;
159 int ret = 1; 159 int ret = 1;
160 160
161 if (single_execution) { 161 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
162 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 162 perror("pledge");
163 perror("pledge"); 163 exit(1);
164 exit(1);
165 }
166 } 164 }
167 165
168 memset(&dh_config, 0, sizeof(dh_config)); 166 memset(&dh_config, 0, sizeof(dh_config));
diff --git a/src/usr.bin/openssl/dhparam.c b/src/usr.bin/openssl/dhparam.c
index da9075f5be..8c4cc198c6 100644
--- a/src/usr.bin/openssl/dhparam.c
+++ b/src/usr.bin/openssl/dhparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dhparam.c,v 1.14 2022/01/14 09:22:50 tb Exp $ */ 1/* $OpenBSD: dhparam.c,v 1.15 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -244,11 +244,9 @@ dhparam_main(int argc, char **argv)
244 int ret = 1; 244 int ret = 1;
245 int i; 245 int i;
246 246
247 if (single_execution) { 247 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
248 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 248 perror("pledge");
249 perror("pledge"); 249 exit(1);
250 exit(1);
251 }
252 } 250 }
253 251
254 memset(&dhparam_config, 0, sizeof(dhparam_config)); 252 memset(&dhparam_config, 0, sizeof(dhparam_config));
diff --git a/src/usr.bin/openssl/dsa.c b/src/usr.bin/openssl/dsa.c
index df45cd6ebe..0a3772dff7 100644
--- a/src/usr.bin/openssl/dsa.c
+++ b/src/usr.bin/openssl/dsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa.c,v 1.16 2022/01/14 09:23:42 tb Exp $ */ 1/* $OpenBSD: dsa.c,v 1.17 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -236,11 +236,9 @@ dsa_main(int argc, char **argv)
236 BIO *in = NULL, *out = NULL; 236 BIO *in = NULL, *out = NULL;
237 char *passin = NULL, *passout = NULL; 237 char *passin = NULL, *passout = NULL;
238 238
239 if (single_execution) { 239 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
240 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 240 perror("pledge");
241 perror("pledge"); 241 exit(1);
242 exit(1);
243 }
244 } 242 }
245 243
246 memset(&dsa_config, 0, sizeof(dsa_config)); 244 memset(&dsa_config, 0, sizeof(dsa_config));
diff --git a/src/usr.bin/openssl/dsaparam.c b/src/usr.bin/openssl/dsaparam.c
index 33bde035aa..892ae72ba1 100644
--- a/src/usr.bin/openssl/dsaparam.c
+++ b/src/usr.bin/openssl/dsaparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsaparam.c,v 1.13 2022/01/14 09:24:20 tb Exp $ */ 1/* $OpenBSD: dsaparam.c,v 1.14 2022/11/11 17:07:38 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -169,11 +169,9 @@ dsaparam_main(int argc, char **argv)
169 int numbits = -1; 169 int numbits = -1;
170 char *strbits = NULL; 170 char *strbits = NULL;
171 171
172 if (single_execution) { 172 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
173 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 173 perror("pledge");
174 perror("pledge"); 174 exit(1);
175 exit(1);
176 }
177 } 175 }
178 176
179 memset(&dsaparam_config, 0, sizeof(dsaparam_config)); 177 memset(&dsaparam_config, 0, sizeof(dsaparam_config));
diff --git a/src/usr.bin/openssl/ec.c b/src/usr.bin/openssl/ec.c
index 3aa9b0c2c5..3dace88d6f 100644
--- a/src/usr.bin/openssl/ec.c
+++ b/src/usr.bin/openssl/ec.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec.c,v 1.14 2019/07/14 03:30:45 guenther Exp $ */ 1/* $OpenBSD: ec.c,v 1.15 2022/11/11 17:07:38 joshua Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -267,11 +267,9 @@ ec_main(int argc, char **argv)
267 BIO *in = NULL, *out = NULL; 267 BIO *in = NULL, *out = NULL;
268 char *passin = NULL, *passout = NULL; 268 char *passin = NULL, *passout = NULL;
269 269
270 if (single_execution) { 270 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
271 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 271 perror("pledge");
272 perror("pledge"); 272 exit(1);
273 exit(1);
274 }
275 } 273 }
276 274
277 memset(&ec_config, 0, sizeof(ec_config)); 275 memset(&ec_config, 0, sizeof(ec_config));
diff --git a/src/usr.bin/openssl/ecparam.c b/src/usr.bin/openssl/ecparam.c
index 01974a7f46..52ccc491fc 100644
--- a/src/usr.bin/openssl/ecparam.c
+++ b/src/usr.bin/openssl/ecparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecparam.c,v 1.21 2021/05/10 20:58:32 tb Exp $ */ 1/* $OpenBSD: ecparam.c,v 1.22 2022/11/11 17:07:38 joshua Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -259,11 +259,9 @@ ecparam_main(int argc, char **argv)
259 BIO *in = NULL, *out = NULL; 259 BIO *in = NULL, *out = NULL;
260 int i, ret = 1; 260 int i, ret = 1;
261 261
262 if (single_execution) { 262 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
263 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 263 perror("pledge");
264 perror("pledge"); 264 exit(1);
265 exit(1);
266 }
267 } 265 }
268 266
269 memset(&ecparam_config, 0, sizeof(ecparam_config)); 267 memset(&ecparam_config, 0, sizeof(ecparam_config));
diff --git a/src/usr.bin/openssl/enc.c b/src/usr.bin/openssl/enc.c
index 7955d9b940..5a07113f7c 100644
--- a/src/usr.bin/openssl/enc.c
+++ b/src/usr.bin/openssl/enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: enc.c,v 1.24 2021/12/07 20:13:15 tb Exp $ */ 1/* $OpenBSD: enc.c,v 1.25 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -344,11 +344,9 @@ enc_main(int argc, char **argv)
344 char pname[PROG_NAME_SIZE + 1]; 344 char pname[PROG_NAME_SIZE + 1];
345 int i; 345 int i;
346 346
347 if (single_execution) { 347 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
348 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 348 perror("pledge");
349 perror("pledge"); 349 exit(1);
350 exit(1);
351 }
352 } 350 }
353 351
354 memset(&enc_config, 0, sizeof(enc_config)); 352 memset(&enc_config, 0, sizeof(enc_config));
diff --git a/src/usr.bin/openssl/errstr.c b/src/usr.bin/openssl/errstr.c
index bb6bfc785f..4d7ba02def 100644
--- a/src/usr.bin/openssl/errstr.c
+++ b/src/usr.bin/openssl/errstr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: errstr.c,v 1.7 2019/07/14 03:30:45 guenther Exp $ */ 1/* $OpenBSD: errstr.c,v 1.8 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -98,11 +98,9 @@ errstr_main(int argc, char **argv)
98 char buf[256]; 98 char buf[256];
99 int ret = 0; 99 int ret = 0;
100 100
101 if (single_execution) { 101 if (pledge("stdio rpath", NULL) == -1) {
102 if (pledge("stdio rpath", NULL) == -1) { 102 perror("pledge");
103 perror("pledge"); 103 exit(1);
104 exit(1);
105 }
106 } 104 }
107 105
108 memset(&errstr_config, 0, sizeof(errstr_config)); 106 memset(&errstr_config, 0, sizeof(errstr_config));
diff --git a/src/usr.bin/openssl/gendh.c b/src/usr.bin/openssl/gendh.c
index c6564e047b..b4e4f29111 100644
--- a/src/usr.bin/openssl/gendh.c
+++ b/src/usr.bin/openssl/gendh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gendh.c,v 1.12 2021/11/20 18:10:48 tb Exp $ */ 1/* $OpenBSD: gendh.c,v 1.13 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -134,11 +134,9 @@ gendh_main(int argc, char **argv)
134 BIO *out = NULL; 134 BIO *out = NULL;
135 char *strbits = NULL; 135 char *strbits = NULL;
136 136
137 if (single_execution) { 137 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
138 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 138 perror("pledge");
139 perror("pledge"); 139 exit(1);
140 exit(1);
141 }
142 } 140 }
143 141
144 if ((cb = BN_GENCB_new()) == NULL) { 142 if ((cb = BN_GENCB_new()) == NULL) {
diff --git a/src/usr.bin/openssl/gendsa.c b/src/usr.bin/openssl/gendsa.c
index 6d69957e85..fa83ea2c67 100644
--- a/src/usr.bin/openssl/gendsa.c
+++ b/src/usr.bin/openssl/gendsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gendsa.c,v 1.15 2022/01/14 09:25:00 tb Exp $ */ 1/* $OpenBSD: gendsa.c,v 1.16 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -229,11 +229,9 @@ gendsa_main(int argc, char **argv)
229 char *passout = NULL; 229 char *passout = NULL;
230 BIO *out = NULL, *in = NULL; 230 BIO *out = NULL, *in = NULL;
231 231
232 if (single_execution) { 232 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
233 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 233 perror("pledge");
234 perror("pledge"); 234 exit(1);
235 exit(1);
236 }
237 } 235 }
238 236
239 memset(&gendsa_config, 0, sizeof(gendsa_config)); 237 memset(&gendsa_config, 0, sizeof(gendsa_config));
diff --git a/src/usr.bin/openssl/genpkey.c b/src/usr.bin/openssl/genpkey.c
index e2b46b7796..61b24af330 100644
--- a/src/usr.bin/openssl/genpkey.c
+++ b/src/usr.bin/openssl/genpkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: genpkey.c,v 1.13 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: genpkey.c,v 1.14 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006 3 * project 2006
4 */ 4 */
@@ -224,11 +224,9 @@ genpkey_main(int argc, char **argv)
224 char *pass = NULL; 224 char *pass = NULL;
225 int ret = 1, rv; 225 int ret = 1, rv;
226 226
227 if (single_execution) { 227 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
228 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 228 perror("pledge");
229 perror("pledge"); 229 exit(1);
230 exit(1);
231 }
232 } 230 }
233 231
234 memset(&genpkey_config, 0, sizeof(genpkey_config)); 232 memset(&genpkey_config, 0, sizeof(genpkey_config));
diff --git a/src/usr.bin/openssl/genrsa.c b/src/usr.bin/openssl/genrsa.c
index 647b691e7f..e1628a682e 100644
--- a/src/usr.bin/openssl/genrsa.c
+++ b/src/usr.bin/openssl/genrsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: genrsa.c,v 1.20 2022/10/04 15:31:02 espie Exp $ */ 1/* $OpenBSD: genrsa.c,v 1.21 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -280,11 +280,9 @@ genrsa_main(int argc, char **argv)
280 RSA *rsa = NULL; 280 RSA *rsa = NULL;
281 char *rsa_e_hex = NULL, *rsa_e_dec = NULL; 281 char *rsa_e_hex = NULL, *rsa_e_dec = NULL;
282 282
283 if (single_execution) { 283 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
284 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 284 perror("pledge");
285 perror("pledge"); 285 exit(1);
286 exit(1);
287 }
288 } 286 }
289 287
290 if ((bn = BN_new()) == NULL) 288 if ((bn = BN_new()) == NULL)
diff --git a/src/usr.bin/openssl/nseq.c b/src/usr.bin/openssl/nseq.c
index 516bde34d2..7be116e67b 100644
--- a/src/usr.bin/openssl/nseq.c
+++ b/src/usr.bin/openssl/nseq.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: nseq.c,v 1.9 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: nseq.c,v 1.10 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -109,11 +109,9 @@ nseq_main(int argc, char **argv)
109 NETSCAPE_CERT_SEQUENCE *seq = NULL; 109 NETSCAPE_CERT_SEQUENCE *seq = NULL;
110 int i, ret = 1; 110 int i, ret = 1;
111 111
112 if (single_execution) { 112 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
113 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 113 perror("pledge");
114 perror("pledge"); 114 exit(1);
115 exit(1);
116 }
117 } 115 }
118 116
119 memset(&nseq_config, 0, sizeof(nseq_config)); 117 memset(&nseq_config, 0, sizeof(nseq_config));
diff --git a/src/usr.bin/openssl/ocsp.c b/src/usr.bin/openssl/ocsp.c
index f954d9697b..026bd49b0a 100644
--- a/src/usr.bin/openssl/ocsp.c
+++ b/src/usr.bin/openssl/ocsp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ocsp.c,v 1.21 2020/10/13 18:25:35 tb Exp $ */ 1/* $OpenBSD: ocsp.c,v 1.22 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -750,11 +750,9 @@ ocsp_main(int argc, char **argv)
750 X509 *rca_cert = NULL; 750 X509 *rca_cert = NULL;
751 CA_DB *rdb = NULL; 751 CA_DB *rdb = NULL;
752 752
753 if (single_execution) { 753 if (pledge("stdio cpath wpath rpath inet dns tty", NULL) == -1) {
754 if (pledge("stdio cpath wpath rpath inet dns tty", NULL) == -1) { 754 perror("pledge");
755 perror("pledge"); 755 exit(1);
756 exit(1);
757 }
758 } 756 }
759 757
760 memset(&ocsp_config, 0, sizeof(ocsp_config)); 758 memset(&ocsp_config, 0, sizeof(ocsp_config));
diff --git a/src/usr.bin/openssl/openssl.c b/src/usr.bin/openssl/openssl.c
index 42b9b91b7a..e931b7a33e 100644
--- a/src/usr.bin/openssl/openssl.c
+++ b/src/usr.bin/openssl/openssl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: openssl.c,v 1.30 2019/11/04 15:25:54 jsing Exp $ */ 1/* $OpenBSD: openssl.c,v 1.31 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -137,8 +137,6 @@
137#define FUNC_TYPE_MD_ALG 5 137#define FUNC_TYPE_MD_ALG 5
138#define FUNC_TYPE_CIPHER_ALG 6 138#define FUNC_TYPE_CIPHER_ALG 6
139 139
140int single_execution = 0;
141
142typedef struct { 140typedef struct {
143 int type; 141 int type;
144 const char *name; 142 const char *name;
@@ -349,6 +347,7 @@ static void openssl_shutdown(void);
349 347
350static LHASH_OF(FUNCTION) *prog_init(void); 348static LHASH_OF(FUNCTION) *prog_init(void);
351static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]); 349static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]);
350static void print_help(void);
352static void list_pkey(BIO * out); 351static void list_pkey(BIO * out);
353static void list_cipher(BIO * out); 352static void list_cipher(BIO * out);
354static void list_md(BIO * out); 353static void list_md(BIO * out);
@@ -385,13 +384,8 @@ int
385main(int argc, char **argv) 384main(int argc, char **argv)
386{ 385{
387 ARGS arg; 386 ARGS arg;
388#define PROG_NAME_SIZE 39
389 char pname[PROG_NAME_SIZE + 1];
390 FUNCTION f, *fp;
391 const char *prompt;
392 char buf[1024];
393 char *to_free = NULL; 387 char *to_free = NULL;
394 int n, i, ret = 0; 388 int i, ret = 0;
395 char *p; 389 char *p;
396 LHASH_OF(FUNCTION) * prog = NULL; 390 LHASH_OF(FUNCTION) * prog = NULL;
397 long errline; 391 long errline;
@@ -453,74 +447,21 @@ main(int argc, char **argv)
453 447
454 prog = prog_init(); 448 prog = prog_init();
455 449
456 /* first check the program name */
457 program_name(argv[0], pname, sizeof pname);
458
459 f.name = pname;
460 fp = lh_FUNCTION_retrieve(prog, &f);
461 if (fp != NULL) {
462 argv[0] = pname;
463
464 single_execution = 1;
465 ret = fp->func(argc, argv);
466 goto end;
467 }
468 /* 450 /*
469 * ok, now check that there are not arguments, if there are, run with 451 * ok, now check that there are not arguments, if there are, run with
470 * them, shifting the ssleay off the front 452 * them, shifting the executable name off the front
471 */ 453 */
472 if (argc != 1) { 454 argc--;
473 argc--; 455 argv++;
474 argv++; 456
475 457 if (argc < 1) {
476 single_execution = 1; 458 print_help();
477 ret = do_cmd(prog, argc, argv);
478 if (ret < 0)
479 ret = 0;
480 goto end; 459 goto end;
481 } 460 }
482 /* ok, lets enter the old 'OpenSSL>' mode */
483 461
484 for (;;) { 462 ret = do_cmd(prog, argc, argv);
463 if (ret < 0)
485 ret = 0; 464 ret = 0;
486 p = buf;
487 n = sizeof buf;
488 i = 0;
489 for (;;) {
490 p[0] = '\0';
491 if (i++)
492 prompt = ">";
493 else
494 prompt = "OpenSSL> ";
495 fputs(prompt, stdout);
496 fflush(stdout);
497 if (!fgets(p, n, stdin))
498 goto end;
499 if (p[0] == '\0')
500 goto end;
501 i = strlen(p);
502 if (i <= 1)
503 break;
504 if (p[i - 2] != '\\')
505 break;
506 i -= 2;
507 p += i;
508 n -= i;
509 }
510 if (!chopup_args(&arg, buf, &argc, &argv))
511 break;
512
513 ret = do_cmd(prog, argc, argv);
514 if (ret < 0) {
515 ret = 0;
516 goto end;
517 }
518 if (ret != 0)
519 BIO_printf(bio_err, "error in %s\n", argv[0]);
520 (void) BIO_flush(bio_err);
521 }
522 BIO_printf(bio_err, "bad exit\n");
523 ret = 1;
524 465
525 end: 466 end:
526 free(to_free); 467 free(to_free);
@@ -554,7 +495,7 @@ static int
554do_cmd(LHASH_OF(FUNCTION) * prog, int argc, char *argv[]) 495do_cmd(LHASH_OF(FUNCTION) * prog, int argc, char *argv[])
555{ 496{
556 FUNCTION f, *fp; 497 FUNCTION f, *fp;
557 int i, ret = 1, tp, nl; 498 int ret = 1;
558 499
559 if ((argc <= 0) || (argv[0] == NULL)) { 500 if ((argc <= 0) || (argv[0] == NULL)) {
560 ret = 0; 501 ret = 0;
@@ -585,12 +526,6 @@ do_cmd(LHASH_OF(FUNCTION) * prog, int argc, char *argv[])
585 BIO_printf(bio_stdout, "%s\n", argv[0] + 3); 526 BIO_printf(bio_stdout, "%s\n", argv[0] + 3);
586 BIO_free_all(bio_stdout); 527 BIO_free_all(bio_stdout);
587 goto end; 528 goto end;
588 } else if ((strcmp(argv[0], "quit") == 0) ||
589 (strcmp(argv[0], "q") == 0) ||
590 (strcmp(argv[0], "exit") == 0) ||
591 (strcmp(argv[0], "bye") == 0)) {
592 ret = -1;
593 goto end;
594 } else if ((strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0) || 529 } else if ((strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0) ||
595 (strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0) || 530 (strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
596 (strcmp(argv[0], LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) || 531 (strcmp(argv[0], LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) ||
@@ -633,44 +568,54 @@ do_cmd(LHASH_OF(FUNCTION) * prog, int argc, char *argv[])
633 BIO_printf(bio_err, 568 BIO_printf(bio_err,
634 "openssl:Error: '%s' is an invalid command.\n", 569 "openssl:Error: '%s' is an invalid command.\n",
635 argv[0]); 570 argv[0]);
636 BIO_printf(bio_err, "\nStandard commands"); 571 print_help();
637 i = 0; 572 ret = 0;
638 tp = 0; 573 }
639 for (fp = functions; fp->name != NULL; fp++) { 574 end:
640 nl = 0; 575 return (ret);
576}
577
578static void
579print_help(void)
580{
581 FUNCTION *fp;
582 int i = 0;
583 int tp = 0;
584 int nl;
585
586 BIO_printf(bio_err, "\nStandard commands");
587 for (fp = functions; fp->name != NULL; fp++) {
588 nl = 0;
641#ifdef OPENSSL_NO_CAMELLIA 589#ifdef OPENSSL_NO_CAMELLIA
642 if (((i++) % 5) == 0) 590 if (((i++) % 5) == 0)
643#else 591#else
644 if (((i++) % 4) == 0) 592 if (((i++) % 4) == 0)
645#endif 593#endif
646 { 594 {
595 BIO_printf(bio_err, "\n");
596 nl = 1;
597 }
598 if (fp->type != tp) {
599 tp = fp->type;
600 if (!nl)
647 BIO_printf(bio_err, "\n"); 601 BIO_printf(bio_err, "\n");
648 nl = 1; 602 if (tp == FUNC_TYPE_MD) {
649 } 603 i = 1;
650 if (fp->type != tp) { 604 BIO_printf(bio_err,
651 tp = fp->type; 605 "\nMessage Digest commands (see the `dgst' command for more details)\n");
652 if (!nl) 606 } else if (tp == FUNC_TYPE_CIPHER) {
653 BIO_printf(bio_err, "\n"); 607 i = 1;
654 if (tp == FUNC_TYPE_MD) { 608 BIO_printf(bio_err, "\nCipher commands (see the `enc' command for more details)\n");
655 i = 1;
656 BIO_printf(bio_err,
657 "\nMessage Digest commands (see the `dgst' command for more details)\n");
658 } else if (tp == FUNC_TYPE_CIPHER) {
659 i = 1;
660 BIO_printf(bio_err, "\nCipher commands (see the `enc' command for more details)\n");
661 }
662 } 609 }
610 }
663#ifdef OPENSSL_NO_CAMELLIA 611#ifdef OPENSSL_NO_CAMELLIA
664 BIO_printf(bio_err, "%-15s", fp->name); 612 BIO_printf(bio_err, "%-15s", fp->name);
665#else 613#else
666 BIO_printf(bio_err, "%-18s", fp->name); 614 BIO_printf(bio_err, "%-18s", fp->name);
667#endif 615#endif
668 }
669 BIO_printf(bio_err, "\n\n");
670 ret = 0;
671 } 616 }
672 end: 617
673 return (ret); 618 BIO_printf(bio_err, "\n\n");
674} 619}
675 620
676static int 621static int
diff --git a/src/usr.bin/openssl/passwd.c b/src/usr.bin/openssl/passwd.c
index 11b43d653a..f05751f165 100644
--- a/src/usr.bin/openssl/passwd.c
+++ b/src/usr.bin/openssl/passwd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: passwd.c,v 1.12 2021/12/12 20:40:25 tb Exp $ */ 1/* $OpenBSD: passwd.c,v 1.13 2022/11/11 17:07:39 joshua Exp $ */
2 2
3#if defined OPENSSL_NO_MD5 3#if defined OPENSSL_NO_MD5
4#define NO_MD5CRYPT_1 4#define NO_MD5CRYPT_1
@@ -145,11 +145,9 @@ passwd_main(int argc, char **argv)
145 int argsused; 145 int argsused;
146 int ret = 1; 146 int ret = 1;
147 147
148 if (single_execution) { 148 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
149 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 149 perror("pledge");
150 perror("pledge"); 150 exit(1);
151 exit(1);
152 }
153 } 151 }
154 152
155 memset(&passwd_config, 0, sizeof(passwd_config)); 153 memset(&passwd_config, 0, sizeof(passwd_config));
diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c
index fb8a1f0ea4..6e671e9275 100644
--- a/src/usr.bin/openssl/pkcs12.c
+++ b/src/usr.bin/openssl/pkcs12.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs12.c,v 1.23 2022/09/14 16:31:36 tb Exp $ */ 1/* $OpenBSD: pkcs12.c,v 1.24 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -536,11 +536,9 @@ pkcs12_main(int argc, char **argv)
536 char *cpass = NULL, *mpass = NULL; 536 char *cpass = NULL, *mpass = NULL;
537 char *passin = NULL, *passout = NULL; 537 char *passin = NULL, *passout = NULL;
538 538
539 if (single_execution) { 539 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
540 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 540 perror("pledge");
541 perror("pledge"); 541 exit(1);
542 exit(1);
543 }
544 } 542 }
545 543
546 memset(&pkcs12_config, 0, sizeof(pkcs12_config)); 544 memset(&pkcs12_config, 0, sizeof(pkcs12_config));
diff --git a/src/usr.bin/openssl/pkcs7.c b/src/usr.bin/openssl/pkcs7.c
index 4c184911c9..4f0c529424 100644
--- a/src/usr.bin/openssl/pkcs7.c
+++ b/src/usr.bin/openssl/pkcs7.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs7.c,v 1.11 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: pkcs7.c,v 1.12 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -154,11 +154,9 @@ pkcs7_main(int argc, char **argv)
154 int ret = 1; 154 int ret = 1;
155 int i; 155 int i;
156 156
157 if (single_execution) { 157 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
158 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 158 perror("pledge");
159 perror("pledge"); 159 exit(1);
160 exit(1);
161 }
162 } 160 }
163 161
164 memset(&pkcs7_config, 0, sizeof(pkcs7_config)); 162 memset(&pkcs7_config, 0, sizeof(pkcs7_config));
diff --git a/src/usr.bin/openssl/pkcs8.c b/src/usr.bin/openssl/pkcs8.c
index 0629b20c37..ea12230006 100644
--- a/src/usr.bin/openssl/pkcs8.c
+++ b/src/usr.bin/openssl/pkcs8.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs8.c,v 1.14 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: pkcs8.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999-2004. 3 * project 1999-2004.
4 */ 4 */
@@ -203,11 +203,9 @@ pkcs8_main(int argc, char **argv)
203 char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; 203 char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
204 int ret = 1; 204 int ret = 1;
205 205
206 if (single_execution) { 206 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
207 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 207 perror("pledge");
208 perror("pledge"); 208 exit(1);
209 exit(1);
210 }
211 } 209 }
212 210
213 memset(&pkcs8_config, 0, sizeof(pkcs8_config)); 211 memset(&pkcs8_config, 0, sizeof(pkcs8_config));
diff --git a/src/usr.bin/openssl/pkey.c b/src/usr.bin/openssl/pkey.c
index dcddd976b4..2d9b69f5c3 100644
--- a/src/usr.bin/openssl/pkey.c
+++ b/src/usr.bin/openssl/pkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkey.c,v 1.17 2022/01/14 10:17:30 tb Exp $ */ 1/* $OpenBSD: pkey.c,v 1.18 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006 3 * project 2006
4 */ 4 */
@@ -221,11 +221,9 @@ pkey_main(int argc, char **argv)
221 char *passin = NULL, *passout = NULL; 221 char *passin = NULL, *passout = NULL;
222 int ret = 1; 222 int ret = 1;
223 223
224 if (single_execution) { 224 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
225 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 225 perror("pledge");
226 perror("pledge"); 226 exit(1);
227 exit(1);
228 }
229 } 227 }
230 228
231 memset(&pkey_config, 0, sizeof(pkey_config)); 229 memset(&pkey_config, 0, sizeof(pkey_config));
diff --git a/src/usr.bin/openssl/pkeyparam.c b/src/usr.bin/openssl/pkeyparam.c
index 924c39eddb..9c519e31a6 100644
--- a/src/usr.bin/openssl/pkeyparam.c
+++ b/src/usr.bin/openssl/pkeyparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkeyparam.c,v 1.14 2022/01/14 10:17:30 tb Exp $ */ 1/* $OpenBSD: pkeyparam.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006 3 * project 2006
4 */ 4 */
@@ -125,11 +125,9 @@ pkeyparam_main(int argc, char **argv)
125 EVP_PKEY *pkey = NULL; 125 EVP_PKEY *pkey = NULL;
126 int ret = 1; 126 int ret = 1;
127 127
128 if (single_execution) { 128 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
129 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 129 perror("pledge");
130 perror("pledge"); 130 exit(1);
131 exit(1);
132 }
133 } 131 }
134 132
135 memset(&pkeyparam_config, 0, sizeof(pkeyparam_config)); 133 memset(&pkeyparam_config, 0, sizeof(pkeyparam_config));
diff --git a/src/usr.bin/openssl/pkeyutl.c b/src/usr.bin/openssl/pkeyutl.c
index 09a1a9755f..d92aa161fb 100644
--- a/src/usr.bin/openssl/pkeyutl.c
+++ b/src/usr.bin/openssl/pkeyutl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkeyutl.c,v 1.16 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: pkeyutl.c,v 1.17 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -263,11 +263,9 @@ pkeyutl_main(int argc, char **argv)
263 263
264 int ret = 1, rv = -1; 264 int ret = 1, rv = -1;
265 265
266 if (single_execution) { 266 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
267 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 267 perror("pledge");
268 perror("pledge"); 268 exit(1);
269 exit(1);
270 }
271 } 269 }
272 270
273 memset(&pkeyutl_config, 0, sizeof(pkeyutl_config)); 271 memset(&pkeyutl_config, 0, sizeof(pkeyutl_config));
diff --git a/src/usr.bin/openssl/prime.c b/src/usr.bin/openssl/prime.c
index ee0c342980..d27b234e61 100644
--- a/src/usr.bin/openssl/prime.c
+++ b/src/usr.bin/openssl/prime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: prime.c,v 1.13 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: prime.c,v 1.14 2022/11/11 17:07:39 joshua Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -118,11 +118,9 @@ prime_main(int argc, char **argv)
118 char *s; 118 char *s;
119 int is_prime, ret = 1; 119 int is_prime, ret = 1;
120 120
121 if (single_execution) { 121 if (pledge("stdio rpath", NULL) == -1) {
122 if (pledge("stdio rpath", NULL) == -1) { 122 perror("pledge");
123 perror("pledge"); 123 exit(1);
124 exit(1);
125 }
126 } 124 }
127 125
128 memset(&prime_config, 0, sizeof(prime_config)); 126 memset(&prime_config, 0, sizeof(prime_config));
diff --git a/src/usr.bin/openssl/rand.c b/src/usr.bin/openssl/rand.c
index fb639e3bc5..6e67cf28e7 100644
--- a/src/usr.bin/openssl/rand.c
+++ b/src/usr.bin/openssl/rand.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rand.c,v 1.14 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: rand.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -109,11 +109,9 @@ rand_main(int argc, char **argv)
109 int i, r; 109 int i, r;
110 BIO *out = NULL; 110 BIO *out = NULL;
111 111
112 if (single_execution) { 112 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
113 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 113 perror("pledge");
114 perror("pledge"); 114 exit(1);
115 exit(1);
116 }
117 } 115 }
118 116
119 memset(&rand_config, 0, sizeof(rand_config)); 117 memset(&rand_config, 0, sizeof(rand_config));
diff --git a/src/usr.bin/openssl/req.c b/src/usr.bin/openssl/req.c
index 6d74ca0e36..abf1c53e1f 100644
--- a/src/usr.bin/openssl/req.c
+++ b/src/usr.bin/openssl/req.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: req.c,v 1.23 2022/02/03 17:44:04 tb Exp $ */ 1/* $OpenBSD: req.c,v 1.24 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -563,11 +563,9 @@ req_main(int argc, char **argv)
563 const EVP_MD *md_alg = NULL; 563 const EVP_MD *md_alg = NULL;
564 char *p; 564 char *p;
565 565
566 if (single_execution) { 566 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
567 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 567 perror("pledge");
568 perror("pledge"); 568 exit(1);
569 exit(1);
570 }
571 } 569 }
572 570
573 memset(&req_config, 0, sizeof(req_config)); 571 memset(&req_config, 0, sizeof(req_config));
diff --git a/src/usr.bin/openssl/rsa.c b/src/usr.bin/openssl/rsa.c
index acc05ee0a4..bdd263ce7c 100644
--- a/src/usr.bin/openssl/rsa.c
+++ b/src/usr.bin/openssl/rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa.c,v 1.16 2022/01/14 09:26:41 tb Exp $ */ 1/* $OpenBSD: rsa.c,v 1.17 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -255,11 +255,9 @@ rsa_main(int argc, char **argv)
255 BIO *out = NULL; 255 BIO *out = NULL;
256 char *passin = NULL, *passout = NULL; 256 char *passin = NULL, *passout = NULL;
257 257
258 if (single_execution) { 258 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
259 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 259 perror("pledge");
260 perror("pledge"); 260 exit(1);
261 exit(1);
262 }
263 } 261 }
264 262
265 memset(&rsa_config, 0, sizeof(rsa_config)); 263 memset(&rsa_config, 0, sizeof(rsa_config));
diff --git a/src/usr.bin/openssl/rsautl.c b/src/usr.bin/openssl/rsautl.c
index 06d7a81ae0..c3af915635 100644
--- a/src/usr.bin/openssl/rsautl.c
+++ b/src/usr.bin/openssl/rsautl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsautl.c,v 1.18 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: rsautl.c,v 1.19 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -244,11 +244,9 @@ rsautl_main(int argc, char **argv)
244 int keysize; 244 int keysize;
245 int ret = 1; 245 int ret = 1;
246 246
247 if (single_execution) { 247 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
248 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 248 perror("pledge");
249 perror("pledge"); 249 exit(1);
250 exit(1);
251 }
252 } 250 }
253 251
254 memset(&rsautl_config, 0, sizeof(rsautl_config)); 252 memset(&rsautl_config, 0, sizeof(rsautl_config));
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index 15ebb0c0a7..41f6502325 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_client.c,v 1.58 2022/02/03 17:44:04 tb Exp $ */ 1/* $OpenBSD: s_client.c,v 1.59 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -923,11 +923,9 @@ s_client_main(int argc, char **argv)
923 struct sockaddr_storage peer; 923 struct sockaddr_storage peer;
924 int peerlen = sizeof(peer); 924 int peerlen = sizeof(peer);
925 925
926 if (single_execution) { 926 if (pledge("stdio cpath wpath rpath inet dns tty", NULL) == -1) {
927 if (pledge("stdio cpath wpath rpath inet dns tty", NULL) == -1) { 927 perror("pledge");
928 perror("pledge"); 928 exit(1);
929 exit(1);
930 }
931 } 929 }
932 930
933 memset(&s_client_config, 0, sizeof(s_client_config)); 931 memset(&s_client_config, 0, sizeof(s_client_config));
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index 9b06856ac9..adf98451ec 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_server.c,v 1.54 2021/12/06 11:06:58 tb Exp $ */ 1/* $OpenBSD: s_server.c,v 1.55 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1081,11 +1081,9 @@ s_server_main(int argc, char *argv[])
1081 X509 *s_cert2 = NULL; 1081 X509 *s_cert2 = NULL;
1082 tlsextalpnctx alpn_ctx = { NULL, 0 }; 1082 tlsextalpnctx alpn_ctx = { NULL, 0 };
1083 1083
1084 if (single_execution) { 1084 if (pledge("stdio rpath inet dns tty", NULL) == -1) {
1085 if (pledge("stdio rpath inet dns tty", NULL) == -1) { 1085 perror("pledge");
1086 perror("pledge"); 1086 exit(1);
1087 exit(1);
1088 }
1089 } 1087 }
1090 1088
1091 memset(&s_server_config, 0, sizeof(s_server_config)); 1089 memset(&s_server_config, 0, sizeof(s_server_config));
diff --git a/src/usr.bin/openssl/s_time.c b/src/usr.bin/openssl/s_time.c
index 92fdb59aa0..7e3cee8425 100644
--- a/src/usr.bin/openssl/s_time.c
+++ b/src/usr.bin/openssl/s_time.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_time.c,v 1.35 2022/08/31 12:29:08 tb Exp $ */ 1/* $OpenBSD: s_time.c,v 1.36 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -236,11 +236,9 @@ s_time_main(int argc, char **argv)
236{ 236{
237 int ret = 1; 237 int ret = 1;
238 238
239 if (single_execution) { 239 if (pledge("stdio rpath inet dns", NULL) == -1) {
240 if (pledge("stdio rpath inet dns", NULL) == -1) { 240 perror("pledge");
241 perror("pledge"); 241 exit(1);
242 exit(1);
243 }
244 } 242 }
245 243
246 s_time_meth = TLS_client_method(); 244 s_time_meth = TLS_client_method();
diff --git a/src/usr.bin/openssl/sess_id.c b/src/usr.bin/openssl/sess_id.c
index d8a2bf272f..4533cf15ca 100644
--- a/src/usr.bin/openssl/sess_id.c
+++ b/src/usr.bin/openssl/sess_id.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sess_id.c,v 1.10 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: sess_id.c,v 1.11 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -158,11 +158,9 @@ sess_id_main(int argc, char **argv)
158 int ret = 1, i; 158 int ret = 1, i;
159 BIO *out = NULL; 159 BIO *out = NULL;
160 160
161 if (single_execution) { 161 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
162 if (pledge("stdio cpath wpath rpath", NULL) == -1) { 162 perror("pledge");
163 perror("pledge"); 163 exit(1);
164 exit(1);
165 }
166 } 164 }
167 165
168 memset(&sess_id_config, 0, sizeof(sess_id_config)); 166 memset(&sess_id_config, 0, sizeof(sess_id_config));
diff --git a/src/usr.bin/openssl/smime.c b/src/usr.bin/openssl/smime.c
index 2503177f0f..37375c1600 100644
--- a/src/usr.bin/openssl/smime.c
+++ b/src/usr.bin/openssl/smime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: smime.c,v 1.17 2022/01/16 07:12:28 inoguchi Exp $ */ 1/* $OpenBSD: smime.c,v 1.18 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -722,11 +722,9 @@ smime_main(int argc, char **argv)
722 int badarg = 0; 722 int badarg = 0;
723 char *passin = NULL; 723 char *passin = NULL;
724 724
725 if (single_execution) { 725 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
726 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 726 perror("pledge");
727 perror("pledge"); 727 exit(1);
728 exit(1);
729 }
730 } 728 }
731 729
732 memset(&smime_config, 0, sizeof(smime_config)); 730 memset(&smime_config, 0, sizeof(smime_config));
diff --git a/src/usr.bin/openssl/speed.c b/src/usr.bin/openssl/speed.c
index f3e9fdc076..1db42ca4f5 100644
--- a/src/usr.bin/openssl/speed.c
+++ b/src/usr.bin/openssl/speed.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: speed.c,v 1.28 2022/01/14 09:27:30 tb Exp $ */ 1/* $OpenBSD: speed.c,v 1.29 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -469,11 +469,9 @@ speed_main(int argc, char **argv)
469 int multi = 0; 469 int multi = 0;
470 const char *errstr = NULL; 470 const char *errstr = NULL;
471 471
472 if (single_execution) { 472 if (pledge("stdio proc", NULL) == -1) {
473 if (pledge("stdio proc", NULL) == -1) { 473 perror("pledge");
474 perror("pledge"); 474 exit(1);
475 exit(1);
476 }
477 } 475 }
478 476
479 usertime = -1; 477 usertime = -1;
diff --git a/src/usr.bin/openssl/spkac.c b/src/usr.bin/openssl/spkac.c
index 7fd8523c01..3a45d5d4bc 100644
--- a/src/usr.bin/openssl/spkac.c
+++ b/src/usr.bin/openssl/spkac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: spkac.c,v 1.11 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: spkac.c,v 1.12 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. Based on an original idea by Massimiliano Pala 3 * project 1999. Based on an original idea by Massimiliano Pala
4 * (madwolf@openca.org). 4 * (madwolf@openca.org).
@@ -181,11 +181,9 @@ spkac_main(int argc, char **argv)
181 NETSCAPE_SPKI *spki = NULL; 181 NETSCAPE_SPKI *spki = NULL;
182 EVP_PKEY *pkey = NULL; 182 EVP_PKEY *pkey = NULL;
183 183
184 if (single_execution) { 184 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
185 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 185 perror("pledge");
186 perror("pledge"); 186 exit(1);
187 exit(1);
188 }
189 } 187 }
190 188
191 memset(&spkac_config, 0, sizeof(spkac_config)); 189 memset(&spkac_config, 0, sizeof(spkac_config));
diff --git a/src/usr.bin/openssl/ts.c b/src/usr.bin/openssl/ts.c
index 24301b69a5..05387de130 100644
--- a/src/usr.bin/openssl/ts.c
+++ b/src/usr.bin/openssl/ts.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts.c,v 1.24 2022/09/11 18:08:17 tb Exp $ */ 1/* $OpenBSD: ts.c,v 1.25 2022/11/11 17:07:39 joshua Exp $ */
2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL 2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3 * project 2002. 3 * project 2002.
4 */ 4 */
@@ -377,11 +377,9 @@ ts_main(int argc, char **argv)
377 CONF *conf = NULL; 377 CONF *conf = NULL;
378 char *password = NULL; /* Password itself. */ 378 char *password = NULL; /* Password itself. */
379 379
380 if (single_execution) { 380 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
381 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 381 perror("pledge");
382 perror("pledge"); 382 exit(1);
383 exit(1);
384 }
385 } 383 }
386 384
387 memset(&ts_config, 0, sizeof(ts_config)); 385 memset(&ts_config, 0, sizeof(ts_config));
diff --git a/src/usr.bin/openssl/verify.c b/src/usr.bin/openssl/verify.c
index dd321761d3..b42dd2f243 100644
--- a/src/usr.bin/openssl/verify.c
+++ b/src/usr.bin/openssl/verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: verify.c,v 1.14 2021/02/15 17:57:58 jsing Exp $ */ 1/* $OpenBSD: verify.c,v 1.15 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -268,11 +268,9 @@ verify_main(int argc, char **argv)
268 int argsused; 268 int argsused;
269 int ret = 1; 269 int ret = 1;
270 270
271 if (single_execution) { 271 if (pledge("stdio rpath", NULL) == -1) {
272 if (pledge("stdio rpath", NULL) == -1) { 272 perror("pledge");
273 perror("pledge"); 273 exit(1);
274 exit(1);
275 }
276 } 274 }
277 275
278 memset(&verify_config, 0, sizeof(verify_config)); 276 memset(&verify_config, 0, sizeof(verify_config));
diff --git a/src/usr.bin/openssl/version.c b/src/usr.bin/openssl/version.c
index 374e0d0c4a..038774ad0c 100644
--- a/src/usr.bin/openssl/version.c
+++ b/src/usr.bin/openssl/version.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: version.c,v 1.9 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: version.c,v 1.10 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -213,11 +213,9 @@ version_usage(void)
213int 213int
214version_main(int argc, char **argv) 214version_main(int argc, char **argv)
215{ 215{
216 if (single_execution) { 216 if (pledge("stdio", NULL) == -1) {
217 if (pledge("stdio", NULL) == -1) { 217 perror("pledge");
218 perror("pledge"); 218 exit(1);
219 exit(1);
220 }
221 } 219 }
222 220
223 memset(&version_config, 0, sizeof(version_config)); 221 memset(&version_config, 0, sizeof(version_config));
diff --git a/src/usr.bin/openssl/x509.c b/src/usr.bin/openssl/x509.c
index c777ee9b74..e1c69c6798 100644
--- a/src/usr.bin/openssl/x509.c
+++ b/src/usr.bin/openssl/x509.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509.c,v 1.29 2021/12/12 20:34:04 tb Exp $ */ 1/* $OpenBSD: x509.c,v 1.30 2022/11/11 17:07:39 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -735,11 +735,9 @@ x509_main(int argc, char **argv)
735 CONF *extconf = NULL; 735 CONF *extconf = NULL;
736 char *passin = NULL; 736 char *passin = NULL;
737 737
738 if (single_execution) { 738 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
739 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 739 perror("pledge");
740 perror("pledge"); 740 exit(1);
741 exit(1);
742 }
743 } 741 }
744 742
745 memset(&x509_config, 0, sizeof(x509_config)); 743 memset(&x509_config, 0, sizeof(x509_config));
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-13 06:09:36 +0000