openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Mark the initialized struct options arrays as both static and const.	guenther	2019-07-14	1	-2/+2
\| \| \| \| \| \|	This moves them from .data to .data.rel.ro ok deraadt@ inoguchi@
*	Fix BN_is_prime_* calls in openssl(1), the API returns -1 on error.	tb	2019-01-20	1	-4/+8
\| \| \| \| \| \| \|	Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd by David Benjamin. ok djm, jsing
*	Indent labels with a single space so that diff prototypes are more useful.	jsing	2018-02-07	1	-2/+2
\|
*	Exit if a pledge call fails in non-interactive mode.	doug	2015-10-17	1	-2/+4
\| \| \| \|	ok semarie@
*	Initial support for pledges in openssl(1) commands.	doug	2015-10-10	1	-1/+6
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands. We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command. This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options. deraadt@ and beck@ are roughly fine with this approach.
*	Fix the openssl(1) prime command: When checking a decimal number for	lteo	2015-09-12	1	-3/+2
\| \| \| \| \| \| \| \| \|	primality, do not unnecessarily convert the original decimal number to hex in the output. Hex numbers explicitly specified with -hex remain unchanged. ok beck@ deraadt@ jsing@ miod@
*	Remove all duplicate prototypes for *_main functions (these are already	jsing	2015-08-22	1	-3/+1
\| \| \| \| \| \| \| \| \|	provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char *argv instead of char argv[] (the former is used elsewhere). ok deraadt@ doug@
*	Enable building with -DOPENSSL_NO_DEPRECATED.	doug	2015-02-11	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
*	Implement more thorough error checks:	lteo	2015-01-13	1	-12/+38
\| \| \| \| \| \| \| \| \| \| \| \|	- Check the return value of every relevant function call. - If BIO_new() returns NULL instead of a valid BIO, do not attempt to blindly use the NULL value as a BIO throughout the rest of the code. - Ensure that bio_out is freed by BIO_free_all() at the end of all error paths. ok doug@
*	Provide a mechanism for option parsing to return the number of arguments	jsing	2014-12-28	1	-2/+2
\| \| \| \| \|	that it has consumed. This allows for the handling of multiple unnamed arguments, including lists of filenames.
*	prefer C99 array initialization syntax.	bcook	2014-10-13	1	-2/+2
\| \| \| \| \| \| \| \|	use C99 array initialization syntax for strict C compilers. from kinichiro, found building with HP/UX compiler ok deraadt@, guenther@
*	Convert openssl(1) prime to the new options/usage handling.	jsing	2014-08-27	1	-60/+81
\|
*	Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not	jsing	2014-08-26	1	-0/+147
	a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl. ok deraadt@ miod@