| Commit message (Collapse) | Author | Files | Lines |
|---|
|
ok schwarze@
|
|
|
|
Diff from Alexander Koeppe format_c -AT- online -DOT- de, thanks.
ok deraadt@
|
|
First step to adapt openssl(1) dgst command to new option handling.
There is no functional changes by this diff, and just moving variables
into dgst_config struct.
ok bcook@
|
|
- Add a space before 'export_end:'
- Remove space after '*'
- Wrap lines by 80 columns
|
|
ok bcook@ tb@
|
|
|
|
from Steven Roberts
|
|
|
|
Adapt openssl(1) pkcs12 command to new option handling.
Added pkcs12_options struct, and replaced for-if-strcmp handling with
options_parse().
ok and comments jsing@
|
|
First step to adapt openssl(1) pkcs12 command to new option handling.
There is no functional changes by this diff, and just moving variables into
pkcs12_config struct.
I still keep long lines more than 80 for this review to minimize diffs.
ok jsing@ tb@
|
|
- Add -modulus for dsa sub command
- Remove -nextprotoneg
|
|
|
|
As we did in other openssl sub command, move up option handlers above option
definition struct. No functional changes and just move up and remove prototype.
|
|
- s/outputed/outputted/
- s/trused/trusted/
- add der as argument and describe pem is the default
|
|
This moves them from .data to .data.rel.ro
ok deraadt@ inoguchi@
|
|
|
|
- Add undocumented options below.
-alpn, -cert2, -certform, -dcertform, -dkeyform, -dpass, -dtls1, -key2,
-keyform, -keymatexport, -keymatexportlen, -mtu, -named_curve, -no_cache,
-no_ecdhe, -no_ticket, -pass, -port, -servername, -servername_fatal,
-status, -status_timeout, -status_url, -status_verbose, -timeout,
-tlsextdebug, -use_srtp, -verify_return_error
- Remove -hack, -psk and -psk_hint since not exist in source code.
I didn't add these 5 options since these were no-op.
-chain, -legacy_renegotiation, -nextprotoneg, -no_comp, -no_ssl2
This option was removed from manual in the past.
-no_ssl3
ok and suggestions from jmc@
|
|
uClibc on noMMU doesn't provide __register_atfork().
Reported by redbirdtek on Github issue.
https://github.com/libressl-portable/portable/issues/538
ok bcook@
|
|
- Add undocumented options below.
-alpn, -certform, -dtls1, -host, -keyform, -keymatexport, -keymatexportlen,
-legacy_server_connect, -mtu, -no_ign_eof, -no_legacy_server_connect, -pass
-port, -serverpref, -sess_in, -sess_out, -status, -timeout, -use_srtp,
-verify_return_error
- Remove -psk and -psk_identity since not exist in source code.
I didn't add these 4 options since these were no-op.
-nextprotoneg, -legacy_renegotiation, -no_comp, -no_ssl2
This option was removed from manual in the past.
-no_ssl3
ok jmc@
|
|
ok bcook@ jsing@
|
|
Move the documentation for tls_error() down so that both the special return
values for tls_{handshake,read,write,close}() directly follow the standard
return values for the same functions.
Prompted by deraadt@.
ok deraadt@ schwarze@
|
|
Add missing -camellia*/-idea description to genrsa section.
ok jmc@
|
|
ok tb@ jsing@
|
|
- dsa : add missing -pvk-none, -pvk-strong and -pvk-weak
add pvk format to -inform and -outform
- ocsp : add missing -header, -ignore_err, -no_explicit and -timeout
- rsa : add missing -pvk-none, -pvk-strong and -pvk-weak
add missing -RSAPublicKey_in and -RSAPublicKey_out
add pvk format to -inform and -outform
- smime : add missing -nosmimecap
- add pvk description at common format part
ok jmc@
|
|
- Replace EVP_CIPHER_CTX_init with EVP_CIPHER_CTX_new and handle return value
- Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_free
- Change two 'return -1;' to 'goto err;' for avoiding leak
- Remove the case if enclevel == 0
- Change enclevel checking to make more consistent
- Change all goto label to 'err' and insert space before goto label
ok and advise from tb@
|
|
- Return the valid pointer in i2b_PVK()
- Use EVP_Decrypt* instead of EVP_Encrypt*
- Fix error handling after BIO_write() in i2b_PVK_bio()
ok tb@
|
|
- For pkcs12, add -camellia*/-idea, -LMK and -password
- For req, add -multivalue-rdn, -pkeyopt and -sigopt
- For verify, add -CRLfile and -trusted, and down -check_ss_sig description
- For x509, add -next_serial and -sigopt
- Remove the escape in -multivalue-rdn from ca section
ok jmc@
|
|
- For ec, add -param_out description
- For enc, add -v usage and description
- For pkcs7, add -print usage and description
ok jmc@
|
|
ok guenther jmc
|
|
- Add undocumented option -r
ok jmc@
|
|
requiring it (sftp-server).
Remove the /exists///// behaviour from here. The /nonexistant
behaviour remains in the kernel and needs to be shot next.
There may be ports fallout, but we doubt it.
ok beck djm
|
|
- Add undocumented options -crlnumber, -hash_old, -nameopt and -verify
ok jmc@
|
|
- Add undocumented options -crlsec and -sigopt
- Sync argument name between usage and options description
ok jmc@
|
|
|
|
hardware crypto features are available.
"no objections" kettenis@
|
|
|
|
have a different calling convention than the standard function...as seen
in kdump output.
ok deraadt@ schwarze@
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
code was inspecting the pointer (which is, sadly, undefined on error, because
the current specification of asprintf is crazy sloppy)
|
|
ok millert nicm tb, etc
|
|
on error, so checking for -1 only is potentially non-portable.
Also mention that the C89 standard does not require errno to be set.
OK deraadt@ millert@
|
|
|
|
|
|
|
|
|
|
|
|
TLS_WANT_POLLIN, -1, or 0. After handling the first two, check for -1
rather than vaguely "< 0".
ok jsing
|
|
-1 to mark failure, not arbitrary values < 0. I believe manual pages
should follow the described contract precisely and accurately.
|
|
- Move local variables in genrsa_main() to struct genrsa_config
- Leave long lines more than 80, still
ok bcook@
|
