| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
CID 492603
|
| |
|
|
|
|
|
| |
After a few things in libcrypto were adjusted, this diff makes issuing
certificate requests with Ed25519 work.
ok beck
|
| |
|
|
|
|
|
|
|
| |
All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.
Discussed with jsing
|
| |
|
|
|
| |
These are per-app, so per-file. Most of them already are static, adjust
the rest of them.
|
| |
|
|
|
|
|
| |
Before do_sign_init(), the ctx is always allocated by EVP_MD_CTX_new()
aka calloc(). There is no point in doing EVP_MD_CTX_init(), aka bzero().
ok jsing
|
| |
|
|
|
|
|
|
| |
This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.
ok tb@ jsing@
|
| |
|
|
|
|
| |
the code. Also add error checking where possible.
ok jsing
|
| |
|
|
| |
ok inoguchi
|
| |
|
|
|
|
| |
encoders many moons ago. OpenSSL removed it in 2015.
ok beck jsing
|
| | |
|
| |
|
|
|
|
| |
With input from inoguchi@
ok beck@ inoguchi@
|
| |
|
|
|
|
|
| |
- Check NCONF_new() return value
- Remove unnecessary 'i'
comments from jsing@
|
| |
|
|
|
|
| |
First step of adding -addext option to openssl(1) req from OpenSSL 1.1.1d.
ok jsing@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok semarie@
|
| |
|
|
|
|
|
|
|
|
|
| |
it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.
passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).
problem reported by several
with and ok doug@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.
We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
|
| | |
|
| |
|
|
|
|
|
|
| |
MD4 should have been removed a long time ago. Also, RFC 6150 moved it to
historic in 2011. Rides the major crank from removing SHA-0.
Discussed with many including beck@, millert@, djm@, sthen@
ok jsing@, input + ok bcook@
|
| |
|
|
|
|
|
| |
We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.
ok jsing@
|
| |
|
|
|
|
|
|
|
| |
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).
ok deraadt@ doug@
|
| |
|
|
| |
ok deraadt@ jsing@ miod@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
keys by default (instead of SHA1/3DES) and update documentation to match.
Another way to do this is s/NID_sha1/NID_sha256/ in src/crypto/rsa/rsa_ameth.c
("case ASN1_PKEY_CTRL_DEFAULT_MD_NID") but going with the more targetted method
above that only affects "openssl req" for now.
Help/OK jsing@. OKs on earlier diffs changing openssl.cnf from phessler@ aja@
|
| |
|
|
|
| |
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.
|
|
|
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.
ok deraadt@ miod@
|
