summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/enc.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Drop unused conf, pem, and x509 headers, add unistd for pledgetb2023-07-291-4/+2
|
* openssl enc: drop a few parens and unwrap a few linestb2023-06-111-20/+14
| | | | No binary change on amd64
* openssl enc: small style fixup after ZLIB unifdeftb2023-06-111-4/+2
|
* Unifdef ZLIBtb2023-06-111-39/+1
| | | | | This is very dead code: the openssl app was never compiled with -DZLIB after January 1, 2015.
* Rename struct ${app}_config to plain cfgtb2023-03-061-116/+116
| | | | | | | | | All the structs are static and we need to reach into them many times. Having a shorter name is more concise and results in less visual clutter. It also avoids many overlong lines and we will be able to get rid of some unfortunate line wrapping down the road. Discussed with jsing
* openssl enc doesn't really support AEAD ciphers and XTS modetb2023-03-041-2/+30
| | | | | | | | | | Do not display such ciphers in the usage display and error out if they are given. As pointed out by Pauli Dale, the current situation is confusing. Fixes GH issues #786 and #819 ok jsing
* Remove the legacy interactive mode from openssl(1).joshua2022-11-111-6/+4
| | | | | | | | This removes the legacy interactive mode from openssl(1) since it is rarely used, complicates the code, and has also been removed from OpenSSL in version 3.x.x. ok tb@ jsing@
* Simple conversion to opaque EVP_CIPHER.tb2021-12-071-5/+9
|
* remove superfluous commentbcook2019-07-251-2/+1
|
* zero tmpkeyiv buffer after use when encryptingbcook2019-07-251-2/+4
| | | | from Steven Roberts
* Mark the initialized struct options arrays as both static and const.guenther2019-07-141-2/+2
| | | | | | This moves them from .data to .data.rel.ro ok deraadt@ inoguchi@
* Sort.jsing2019-04-011-3/+3
|
* Make the openssl(1) enc -iter flag actually work.jsing2019-04-011-2/+2
| | | | Diff from Steven Roberts <sroberts at fenderq dot com> - thanks!
* Fix weird wrap showing cipher list in interactive modeinoguchi2019-02-091-2/+4
| | | | ok jsing@ tb@
* Summarize the 4 same name functions and move it to apps.cinoguchi2019-02-091-14/+2
| | | | ok tb@ jsing@
* Add -iter and -pbkdf2 to the usage synopsis.naddy2019-01-181-15/+17
| | | | | | Reorder option descriptions so -iter and -pbkdf2 show up alphabetically. Add missing argument name for -iter. ok jmc@
* Change the default digest type to sha256, and add support forbeck2019-01-181-5/+44
| | | | | pbkdf2 with OpenSSL compatible flags ok jsing@
* Indent labels with a single space so that diff prototypes are more useful.jsing2018-02-071-2/+2
|
* Remove guards around *_free() calls since these functions handle NULL.jsing2018-02-071-3/+2
|
* rearrange pledge promises into the canonical order; easier to eyeballderaadt2017-01-201-2/+2
|
* hexidecimal->hexadecimal; from mmccjmc2016-04-071-4/+4
| | | | ok beck
* Exit if a pledge call fails in non-interactive mode.doug2015-10-171-2/+4
| | | | ok semarie@
* add "tty" for several subcommands of opensslsemarie2015-10-171-2/+2
| | | | | | | | | | | it is needed in order to let libssl UI_* function plays with echo on/off when asking for password on terminal. passwd subcommand needs additionnal "wpath cpath" in order to let it calls fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC). problem reported by several with and ok doug@
* Initial support for pledges in openssl(1) commands.doug2015-10-101-1/+6
| | | | | | | | | | | | | | | | openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands. We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command. This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options. deraadt@ and beck@ are roughly fine with this approach.
* Remove engine command and parameters from openssl(1).bcook2015-09-111-18/+2
| | | | | | | We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all. ok jsing@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-101-3/+3
|
* Remove all duplicate prototypes for *_main functions (these are alreadyjsing2015-08-221-3/+1
| | | | | | | | | provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere). ok deraadt@ doug@
* Convert the openssl(1) enc command to the new option parsing and usage.jsing2015-01-011-250/+382
| | | | With input from doug@
* Use arc4random_buf() instead of RAND(_pseudo)?_bytes().jsing2014-10-221-4/+4
| | | | ok bcook@
* Enable -Wshadow in openssl(1) and fix a few shadow warnings.doug2014-09-011-4/+4
| | | | ok jsing@
* Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is notjsing2014-08-261-0/+649
a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl. ok deraadt@ miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 00:20:12 +0000