summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Sort.jsing2019-04-011-3/+3
|
* Make the openssl(1) enc -iter flag actually work.jsing2019-04-011-2/+2
| | | | Diff from Steven Roberts <sroberts at fenderq dot com> - thanks!
* Add the SM4 block cipher from the Chinese standard GB/T 32907-2016.tb2019-03-171-1/+8
| | | | | Patch from Daniel Wyatt ok inoguchi, jsing
* Convert openssl(1) pkeyutl to the newer style of option handling.inoguchi2019-02-171-198/+278
| | | | ok jsing@ tb@
* Fix weird wrap showing cipher list in interactive modeinoguchi2019-02-096-13/+23
| | | | ok jsing@ tb@
* Summarize the 4 same name functions and move it to apps.cinoguchi2019-02-097-72/+26
| | | | ok tb@ jsing@
* Add islower check to show_ciphers in pkey.c and rsa.c.inoguchi2019-02-052-2/+10
| | | | | suggested by jsing@ ok tb@
* Convert openssl(1) pkey to the newer style of option handling.inoguchi2019-02-051-96/+171
| | | | ok jsing@
* Document missing command line options for the rsautl command.tb2019-02-042-9/+16
| | | | ok jsing, "looks good!" jmc
* zap spaces before tabstb2019-02-031-5/+5
|
* Convert openssl(1) rsautl to the newer style of option handling.jsing2019-02-031-121/+196
| | | | ok beck@ inoguchi@ tb@
* Remove SSLv23 padding mode from rsautl's usage (left behind in a removaltb2019-01-291-2/+1
| | | | | | from code and manual in 2017). Reported by KEINOS in github issue #101.
* spelling;jmc2019-01-281-3/+3
|
* Fix BN_is_prime_* calls in openssl(1), the API returns -1 on error.tb2019-01-201-4/+8
| | | | | | | Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd by David Benjamin. ok djm, jsing
* change the default digest used byjsg2019-01-192-4/+4
| | | | | | | | openssl x509 -fingerprint openssl crl -fingerprint from sha1 to sha256 ok jsing@
* switch the default algorithm for the dgst command from MD5 to SHA256naddy2019-01-182-6/+6
| | | | ok deraadt@
* Add -iter and -pbkdf2 to the usage synopsis.naddy2019-01-181-15/+17
| | | | | | Reorder option descriptions so -iter and -pbkdf2 show up alphabetically. Add missing argument name for -iter. ok jmc@
* tweak previous;jmc2019-01-181-7/+7
|
* Add the -iter and -pbkdf2 argumenst to encbeck2019-01-181-2/+11
|
* Change the default digest type to sha256, and add support forbeck2019-01-181-5/+44
| | | | | pbkdf2 with OpenSSL compatible flags ok jsing@
* Keep usage in sync with logic if OPENSSL_NO_DES is set.tobias2018-12-091-1/+3
| | | | ok jmc@, jsing@
* didn't found -> didn't find.tb2018-11-141-2/+2
| | | | From Edgar Pettijohn III
* Add sm3 to the 'openssl dgst' command.tb2018-11-111-1/+5
| | | | ok beck inoguchi
* Add automatic threading initialization for libcrypto.bcook2018-11-111-53/+1
| | | | | | | | | | | | | | This implements automatic thread support initialization in libcrypto. This does not remove any functions from the ABI, but does turn them into no-ops. Stub implementations of pthread_mutex_(init|lock|unlock) are provided for ramdisks. This does not implement the new OpenSSL 1.1 thread API internally, keeping the original CRYTPO_lock / CRYPTO_add_lock functions for library locking. For -portable, crypto_lock.c can be reimplemented with OS-specific primitives as needed. ok beck@, tb@, looks sane guenther@
* Unbreak following elliptic curves to supported groups rename.jsing2018-11-061-3/+3
| | | | Reported by Katherine <luigi30 at gmail dot com> on tech@
* Make the documentation of -conv_form match reality. It defaultstb2018-11-011-6/+6
| | | | | | to uncompressed rather than compressed. From Jacqueline Jolicoeur
* Move tally mark printing out of the main benchmark loop; ok tb@cheloha2018-09-171-14/+21
|
* Drop SSLv2, SSLv3 support.cheloha2018-08-281-6/+2
| | | | | | | No need to check for SSLv2/3 sessions when printing the tally mark. Also do SSLv23_client_method -> TLS_client_method. ok jsing@
* Check for SSL_write(3) error.cheloha2018-08-281-3/+4
| | | | | | | | | | jsing@ notes that this is not a complete solution, as we don't account for retries or partial writes, but that this is a step in a right direction. May want to revisit this later to provide a complete solution. ok jsing@
* update usage for pkcs8;jmc2018-08-241-10/+9
| | | | ok tb
* The broken pkcs8 formats generated by openssl pkcs -{embed,nooct,nsdb}tb2018-08-241-22/+2
| | | | | | are no longer supported. Remove their documentation. ok jsing
* Stop handling broken PKCS#8 formats in openssl(1).tb2018-08-241-52/+2
| | | | ok jsing
* Use a monotonic clock for the benchmark timeout.cheloha2018-08-221-24/+9
| | | | | | | | While here, we don't need the app_timer_* wrapper function, it only obfuscates things, so delete it. Also while here, totalTime only needs to be assigned once. ok tb@
* Merge duplicate benchmark() GET/SSL_shutdown blocks into doConnection().cheloha2018-08-211-41/+25
| | | | | | | | | | | | We need to then remove the shadow i from the GET block. While there, move retval's declaration to the beginning of the function. As doConnection() now executes the body of the benchmark's test, rename it to "run_test". Shadow variable spotted by tb@. ok tb@
* Don't leak a strdup()'ed string on error in do_accept().tb2018-08-191-1/+3
| | | | | | CID #154702. input & ok inoguchi, ok mestre on first version
* Plug SSL object leaks in doConnection().cheloha2018-08-181-32/+22
| | | | | | | | | | | | | Move SSL_new/SSL_free up into benchmark() to restrict the responsibility for the SSL object to a single scope. Make doConnection() return an int, openssl-style. Some miscellaneous cleanup, too. Discussed with tb, jsing, and jca. Basic idea from jsing, lots of patch input from tb. ok deraadt on an earlier version ok tb jsing
* Revert previous, which was wrong as noted by schwarze. Also revert a hunktb2018-08-161-4/+7
| | | | | | from r1.45 and thereby avoid a use-after-free spotted by schwarze. ok schwarze
* Remove unused variable.rob2018-08-161-5/+3
| | | | From Nan at chinadtrace dot org. Thanks!
* Don't fail by default in the -new case; ok tb jcacheloha2018-08-141-19/+12
|
* Refactor the nearly identical benchmark loops into a single loop.cheloha2018-08-111-139/+108
| | | | | | | | | | Move all of the benchmark code -- loop initialization, the loops, and the report printing -- into a new function, benchmark(). Eliminates lots of duplicate code. Regressions to 1.20 caught by tb@ and inoguchi@. Tweaked by tb@. ok tb@, jsing@
* openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GETcheloha2018-07-134-15/+15
| | | | | | | | Much more apt than the current operation names. Names suggested by jca@ ages ago. ok jca, jsing
* The cookie in the cookie verify callback needs to be const.tb2018-04-252-4/+5
| | | | ok jsing (as part of a larger diff)
* Delete the description of the argument of the "ciphers" commandschwarze2018-04-101-145/+13
| | | | | | | | | because it was (1) woefully incomplete, (2) partially outdated and wrong, (3) in parts imprecisely worded and hard to understand, (4) excessively technical for a section 1 manual, (5) of excessive size for this particular page, (6) and didn't belong here in the first place because it essentially tried to document a C API - SSL_CTX_set_cipher_list(3), which is now documented, so point to it.
* Improve description of openssl(1) ciphers.schwarze2018-03-311-9/+5
| | | | | | * Remove -tls1 option which has no effect. * For -V, sort the fields in the order they are printed, and do not talk about key size restrictions, nothing like that is printed.
* Updates to the description of "openssl ca" from OpenSSL.schwarze2018-03-301-23/+82
| | | | | Some options were missing, some were in the wrong section (CRL-related or not), and there were some minor errors, typos, and omissions.
* checked the content against the current version of OpenSSL openssl.pod;schwarze2018-03-301-5/+5
| | | | | resulting fixes: markup of "command" below SYNOPSIS and links to the config file formats below SEE ALSO
* organizationUnitName -> organizationalUnitName;jmc2018-03-221-3/+3
| | | | from matt schwartz
* ca start/enddates require all 4 yyyy from 2050 on; first twojmc2018-02-281-6/+6
| | | | | | are otherwise optional diff from holger mikolon, tweaked a bit by me
* document s_client -groups;jmc2018-02-181-2/+5
|
* typo in output string; from edgar pettijohnjmc2018-02-111-2/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 04:22:46 +0000