summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Restore the per-file license for cms.h.jsing2019-08-101-5/+49
| | | | | This reverts the removal from OpenSSL 21dcbebc6e35419f1842f39a125374ea1ba45693.
* Provide cms.h.jsing2019-08-101-0/+515
| | | | | This is OpenSSL 1.1.1 cms.h and cmserr.h combined, essentially reverting OpenSSL 52df25cf2e656146cb3b206d8220124f0417d03f.
* Add $OpenBSD$ tags.jsing2019-08-1015-0/+15
|
* Restore the original per-file licenses for CMS.jsing2019-08-1014-70/+686
| | | | These were removed in OpenSSL b1322259d93cf6b6286f9febcd468b6a9f577d91.
* Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.jsing2019-08-1015-0/+6172
| | | | | | | | | | | | | | | | Cryptographic Message Syntax (CMS) is a standard for cryptographically protecting messages, as defined in RFC 5652. It is derived from PKCS #7 version 1.5 and utilises various ASN.1 structures, making it complex and fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have been built on top of it, which means it is necessary to support CMS, in order to support RPKI. This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still under the original OpenSSL license. Further work will occur in tree. Requested by and discussed with many. ok deraadt@ tb@
* added /* no filesystem visibility */ above unveil("/", "") since "" is too easymestre2019-08-081-1/+2
| | | | | | to misread. as per suggestion by and OK deraadt@
* Remove -port option from s_server since it is same as -acceptinoguchi2019-08-051-4/+3
| | | | ok schwarze@
* correct mispellings of EACCES; from Kris Katterjohnlibressl-v3.0.0deraadt2019-07-291-3/+3
|
* Make proxy auth work with http 1.1 speaking webservers.benno2019-07-291-2/+3
| | | | | Diff from Alexander Koeppe format_c -AT- online -DOT- de, thanks. ok deraadt@
* Moving variables into struct in openssl(1) dgstinoguchi2019-07-291-86/+99
| | | | | | | | First step to adapt openssl(1) dgst command to new option handling. There is no functional changes by this diff, and just moving variables into dgst_config struct. ok bcook@
* Code clean up openssl(1) pkcs12inoguchi2019-07-261-61/+86
| | | | | | - Add a space before 'export_end:' - Remove space after '*' - Wrap lines by 80 columns
* Remove unnecessary NULL checks before free in openssl(1) pkcs12inoguchi2019-07-261-14/+7
| | | | ok bcook@ tb@
* remove superfluous commentbcook2019-07-251-2/+1
|
* zero tmpkeyiv buffer after use when encryptingbcook2019-07-251-2/+4
| | | | from Steven Roberts
* Capitalize cipher name and mode in help message as sync with pkcs12inoguchi2019-07-242-20/+20
|
* Convert openssl(1) pkcs12 to the newer style of option handlinginoguchi2019-07-241-214/+409
| | | | | | | | Adapt openssl(1) pkcs12 command to new option handling. Added pkcs12_options struct, and replaced for-if-strcmp handling with options_parse(). ok and comments jsing@
* Moving variables into struct in openssl(1) pkcs12inoguchi2019-07-231-125/+136
| | | | | | | | | First step to adapt openssl(1) pkcs12 command to new option handling. There is no functional changes by this diff, and just moving variables into pkcs12_config struct. I still keep long lines more than 80 for this review to minimize diffs. ok jsing@ tb@
* Update appstest.shinoguchi2019-07-171-6/+4
| | | | | - Add -modulus for dsa sub command - Remove -nextprotoneg
* Fix long line by wrapping with 80 charsinoguchi2019-07-161-6/+9
|
* Move option handlers up to option definition struct in gendsa.cinoguchi2019-07-161-53/+50
| | | | | As we did in other openssl sub command, move up option handlers above option definition struct. No functional changes and just move up and remove prototype.
* Fix typo and -keyform argument in openssl(1) manualinoguchi2019-07-161-6/+8
| | | | | | - s/outputed/outputted/ - s/trused/trusted/ - add der as argument and describe pem is the default
* Mark the initialized struct options arrays as both static and const.guenther2019-07-1434-71/+71
| | | | | | This moves them from .data to .data.rel.ro ok deraadt@ inoguchi@
* explain the acronym "CRT"; suggested by tb@schwarze2019-07-132-6/+8
|
* Fix manual openssl(1) s_serverinoguchi2019-07-121-18/+94
| | | | | | | | | | | | | | | | | | | - Add undocumented options below. -alpn, -cert2, -certform, -dcertform, -dkeyform, -dpass, -dtls1, -key2, -keyform, -keymatexport, -keymatexportlen, -mtu, -named_curve, -no_cache, -no_ecdhe, -no_ticket, -pass, -port, -servername, -servername_fatal, -status, -status_timeout, -status_url, -status_verbose, -timeout, -tlsextdebug, -use_srtp, -verify_return_error - Remove -hack, -psk and -psk_hint since not exist in source code. I didn't add these 5 options since these were no-op. -chain, -legacy_renegotiation, -nextprotoneg, -no_comp, -no_ssl2 This option was removed from manual in the past. -no_ssl3 ok and suggestions from jmc@
* Using pthread_atfork instead of __register_atfork with uClibc on noMMUinoguchi2019-07-111-2/+2
| | | | | | | | uClibc on noMMU doesn't provide __register_atfork(). Reported by redbirdtek on Github issue. https://github.com/libressl-portable/portable/issues/538 ok bcook@
* Fix manual openssl(1) s_clientinoguchi2019-07-111-14/+80
| | | | | | | | | | | | | | | | | | - Add undocumented options below. -alpn, -certform, -dtls1, -host, -keyform, -keymatexport, -keymatexportlen, -legacy_server_connect, -mtu, -no_ign_eof, -no_legacy_server_connect, -pass -port, -serverpref, -sess_in, -sess_out, -status, -timeout, -use_srtp, -verify_return_error - Remove -psk and -psk_identity since not exist in source code. I didn't add these 4 options since these were no-op. -nextprotoneg, -legacy_renegotiation, -no_comp, -no_ssl2 This option was removed from manual in the past. -no_ssl3 ok jmc@
* Add missing option openssl dsa -modulusinoguchi2019-07-101-2/+8
| | | | ok bcook@ jsing@
* Group tls_{handshake,read,write,close}() return values documentation.jsing2019-07-091-21/+21
| | | | | | | | | | Move the documentation for tls_error() down so that both the special return values for tls_{handshake,read,write,close}() directly follow the standard return values for the same functions. Prompted by deraadt@. ok deraadt@ schwarze@
* Fix manual openssl(1) genrsainoguchi2019-07-091-6/+14
| | | | | | Add missing -camellia*/-idea description to genrsa section. ok jmc@
* Convert openssl(1) genrsa to the newer style of option handlinginoguchi2019-07-091-70/+183
| | | | ok tb@ jsing@
* Fix manual openssl(1) dsa, ocsp, rsa and smimeinoguchi2019-07-081-12/+56
| | | | | | | | | | | | | - dsa : add missing -pvk-none, -pvk-strong and -pvk-weak add pvk format to -inform and -outform - ocsp : add missing -header, -ignore_err, -no_explicit and -timeout - rsa : add missing -pvk-none, -pvk-strong and -pvk-weak add missing -RSAPublicKey_in and -RSAPublicKey_out add pvk format to -inform and -outform - smime : add missing -nosmimecap - add pvk description at common format part ok jmc@
* Clean up pvkfmt.cinoguchi2019-07-081-63/+66
| | | | | | | | | | | - Replace EVP_CIPHER_CTX_init with EVP_CIPHER_CTX_new and handle return value - Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_free - Change two 'return -1;' to 'goto err;' for avoiding leak - Remove the case if enclevel == 0 - Change enclevel checking to make more consistent - Change all goto label to 'err' and insert space before goto label ok and advise from tb@
* Fix pvk format processing in libcryptoinoguchi2019-07-071-11/+11
| | | | | | | | - Return the valid pointer in i2b_PVK() - Use EVP_Decrypt* instead of EVP_Encrypt* - Fix error handling after BIO_write() in i2b_PVK_bio() ok tb@
* Fix manual openssl(1) pkcs12, req, verify and x509inoguchi2019-07-071-13/+76
| | | | | | | | | | - For pkcs12, add -camellia*/-idea, -LMK and -password - For req, add -multivalue-rdn, -pkeyopt and -sigopt - For verify, add -CRLfile and -trusted, and down -check_ss_sig description - For x509, add -next_serial and -sigopt - Remove the escape in -multivalue-rdn from ca section ok jmc@
* Fix manual openssl(1) ec, enc and pkcs7inoguchi2019-07-051-2/+9
| | | | | | | | - For ec, add -param_out description - For enc, add -v usage and description - For pkcs7, add -print usage and description ok jmc@
* improve verb-tense for explaining the calling convention of __deraadt2019-07-051-3/+3
| | | | ok guenther jmc
* Fix manual openssl(1) dgstinoguchi2019-07-051-3/+5
| | | | | | - Add undocumented option -r ok jmc@
* The last consumer of pre-posix realpath behaviour has stoppedderaadt2019-07-051-34/+3
| | | | | | | | requiring it (sftp-server). Remove the /exists///// behaviour from here. The /nonexistant behaviour remains in the kernel and needs to be shot next. There may be ports fallout, but we doubt it. ok beck djm
* Fix manual openssl(1) crlinoguchi2019-07-041-1/+13
| | | | | | - Add undocumented options -crlnumber, -hash_old, -nameopt and -verify ok jmc@
* Fix manual openssl(1) cainoguchi2019-07-041-8/+15
| | | | | | | - Add undocumented options -crlsec and -sigopt - Sync argument name between usage and options description ok jmc@
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-038-25/+25
|
* Add cpuid support for arm64 so that we can recognize whichpatrick2019-07-023-3/+57
| | | | | | hardware crypto features are available. "no objections" kettenis@
* tweak previous; ok guentherjmc2019-06-301-5/+6
|
* Document that getcwd() and realpath() are built on system calls thatguenther2019-06-291-2/+16
| | | | | | | have a different calling convention than the standard function...as seen in kdump output. ok deraadt@ schwarze@
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-2810-56/+56
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* failed to detect asprintf() error by observing return of -1, instead thederaadt2019-06-281-6/+3
| | | | | code was inspecting the pointer (which is, sadly, undefined on error, because the current specification of asprintf is crazy sloppy)
* Some asprintf() calls were checked < 0, rather than the precise == -1.deraadt2019-06-271-3/+3
| | | | ok millert nicm tb, etc
* The C89 standard only requires that atexit(3) returns a non-zero valueschwarze2019-06-271-5/+12
| | | | | | on error, so checking for -1 only is potentially non-portable. Also mention that the C89 standard does not require errno to be set. OK deraadt@ millert@
* Add more option tests to req, ts, x509 and verify in appstest.shinoguchi2019-06-271-17/+42
|
* check for asprintf failing allocationderaadt2019-06-271-1/+4
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-29 10:32:10 +0000