| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
The competition whether the code or the standard it implements is worse
is still ongoing, and still has two strong competitors...
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Documentation on what the Microsoft-specific local machine keyset and the
cryptographic service provider are actually good for is hard to find. For
some reason (perhaps one million and two arguments for PKCS12_create() was
considered two too many) these hang off the EVP_PKEY in the attributes
member, which serves no other purpose.
Every use of EVP_PKEY (of which there are far too many) pays extra memory
taxes for this fringe use case. This complication is not worth it.
ok miod
|
| | |
|
| |
|
|
|
|
|
|
|
| |
We can call ASN1_item_unpack() which will end up stuffing the same
arguments into ASN1_item_d2i() as d2i_PBEPARAM(). This eliminates
the last struct access into X509_ALGOR outside libcrypto in the base
tree.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.
Discussed with jsing
|
| |
|
|
|
|
|
|
| |
This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.
ok tb@ jsing@
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
until the next bump exposes new symbols that we can use.
|
| |
|
|
| |
comment from tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
structs in X509.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
get_cert_chain() needs some error checking. return X509_V_ errors
instead of trying to overload the NULL and then whine in a comment that
this won't really work.
Fix a bug that printed only the first attribute by factoring out the
thing that did the actual printing.
Sprinkle a few changes to accessors here and there.
This is loosely based on what OpenSSL did with some simplifications by
jsing.
ok beck jsing
|
| |
|
|
|
|
| |
- Add a space before 'export_end:'
- Remove space after '*'
- Wrap lines by 80 columns
|
| |
|
|
| |
ok bcook@ tb@
|
| |
|
|
|
|
|
|
| |
Adapt openssl(1) pkcs12 command to new option handling.
Added pkcs12_options struct, and replaced for-if-strcmp handling with
options_parse().
ok and comments jsing@
|
| |
|
|
|
|
|
|
|
| |
First step to adapt openssl(1) pkcs12 command to new option handling.
There is no functional changes by this diff, and just moving variables into
pkcs12_config struct.
I still keep long lines more than 80 for this review to minimize diffs.
ok jsing@ tb@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok semarie@
|
| |
|
|
|
|
|
|
|
|
|
| |
it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.
passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).
problem reported by several
with and ok doug@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.
We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
|
| |
|
|
|
|
|
| |
We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.
ok jsing@
|
| |
|
|
|
|
|
|
|
| |
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).
ok deraadt@ doug@
|
| |
|
|
|
| |
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.
|
|
|
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.
ok deraadt@ miod@
|
