summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* remove NULL-check before free()mmcc2015-12-231-3/+2
|
* s_server also needs DNS; reported by tb@jca2015-12-011-2/+2
|
* Undo previous, pledge("dns") was already present. The problem was in s_server.jca2015-12-012-4/+4
|
* pledge dns so openssl can use dns.. noticed and fix by todd@beck2015-12-012-4/+4
| | | | ok jcs@ deraadt@ theo@
* In pledge(), put "dns" right after "inet".jca2015-11-212-4/+4
|
* Unbreak s_client, which should be allowed by pledge(2) to do DNS requests.jca2015-11-212-4/+4
| | | | From todd@
* do not need sys/param.hderaadt2015-11-201-1/+0
|
* mutli -> multimiod2015-11-142-4/+4
|
* Exit if a pledge call fails in non-interactive mode.doug2015-10-1745-89/+179
| | | | ok semarie@
* add "tty" for several subcommands of opensslsemarie2015-10-1724-48/+48
| | | | | | | | | | | it is needed in order to let libssl UI_* function plays with echo on/off when asking for password on terminal. passwd subcommand needs additionnal "wpath cpath" in order to let it calls fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC). problem reported by several with and ok doug@
* Implement real "flock" request and add it to userland programs thatmillert2015-10-161-2/+2
| | | | use pledge and file locking. OK deraadt@
* Initial support for pledges in openssl(1) commands.doug2015-10-1047-46/+281
| | | | | | | | | | | | | | | | openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands. We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command. This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options. deraadt@ and beck@ are roughly fine with this approach.
* normalize the ordering of tame requests (particularily, "rpath wpath cpath",deraadt2015-10-101-2/+2
| | | | | | | which i have put in that order). this is not important, but helps look for outliers which might be strange. it hints that "ioctl" should be reassessed in a few places, to see if "tty" is better; that "unix" may be used in some places where "route" could now work.
* Change all tame callers to namechange to pledge(2).deraadt2015-10-091-3/+3
|
* tame "stdio inet rpath cpath wpath proc" seems to be sufficient forderaadt2015-10-071-1/+7
| | | | | all the wading in here. "proc" is for the speed command, which fork()'s. ok doug
* these do not use ioctl.hderaadt2015-10-062-4/+2
|
* BIO_get_fd() could return fd 0; fix error condition. Found atderaadt2015-10-031-2/+2
| | | | | http://marc.info/?l=openssl-dev&m=144374015404899&w=2 ok doug
* avoid sys/param.h, by using PATH_MAXderaadt2015-10-021-1/+1
|
* Another s/M_ASN1_INTEGER_free/ASN1_INTEGER_free/.jsing2015-10-011-2/+2
| | | | Found the hard way by Mark Patruck.
* add a missing NULL checkbcook2015-09-211-1/+5
| | | | noted by Bill Parker (dogbert2) on github
* add a couple of missing NULL checksbcook2015-09-211-3/+3
| | | | noted by Bill Parker (dogbert2) on github
* remove vestigial bits of sha-0 and md2 from openssl(1)bcook2015-09-215-23/+17
| | | | | | | | Noted by kinichiro on github. We probably need a better way to indicate the list of message digests that are allowed, as the current ones are nowhere near exhaustive (sigh - guenther@) OK guenther@ jmc@
* Pack the algorithm numbers, to avoid printing a useless (null) 0 0 0 0miod2015-09-201-34/+34
| | | | line in the summary.
* Temporarily revive MD4 for MS CHAP support.doug2015-09-145-16/+49
|
* Remove MD4 support from LibreSSL.doug2015-09-135-48/+15
| | | | | | | | MD4 should have been removed a long time ago. Also, RFC 6150 moved it to historic in 2011. Rides the major crank from removing SHA-0. Discussed with many including beck@, millert@, djm@, sthen@ ok jsing@, input + ok bcook@
* nc(1) seems worth an Xr in SEE ALSO now;jmc2015-09-131-1/+2
|
* Factor out setup_up / destroy_ui functions.bcook2015-09-134-58/+58
| | | | | | | | | This pulls out and renames setup_ui/destroy_ui so we have something that can be replaced as-needed, moving the the console setup code for Windows to app_win.c in -portable, instead of needing a local patch to enable binary console mode ui_read/write are also simplified.
* document extra algorithms available with openssl speed commandbcook2015-09-131-1/+4
| | | | ok jmc@
* tweak STANDARDS;jmc2015-09-131-3/+3
|
* Nuke SSLEAY_CONF -- a backwards compatibility environment variable thatlteo2015-09-124-14/+5
| | | | | | | | | | has been superseded by OPENSSL_CONF and discouraged from use for almost 16 years. "Definately ok" jsing@ "burn it" deraadt@ "Kill it with fire" miod@ "KILL IT WITH FIRE!!! BURN!!!!" beck@
* Add openssl(1) speed support for AEAD algorithms.bcook2015-09-121-17/+96
| | | | | | | This adds aes-128-gcm aes-256-gcm chacha20-poly1305 from Adam Langley's original patch for OpenSSL ok beck@ jsing@
* Fix the openssl(1) prime command: When checking a decimal number forlteo2015-09-121-3/+2
| | | | | | | | | primality, do not unnecessarily convert the original decimal number to hex in the output. Hex numbers explicitly specified with -hex remain unchanged. ok beck@ deraadt@ jsing@ miod@
* unifdef -DOPENSSL_NO_RC5jsing2015-09-112-42/+2
|
* kill evil commentbeck2015-09-111-3/+1
| | | | ok deraadt@
* fix unchecked mallocs - coverity 130454 and 130455beck2015-09-111-6/+15
| | | | ok jsing@
* "Shutdown" should be "Shut down" in the usage for s_time's -no_shutdownlteo2015-09-111-2/+2
| | | | flag. Pointed out by jmc@'s commit to the openssl(1) man page.
* Remove engine command and parameters from openssl(1).bcook2015-09-1140-1726/+184
| | | | | | | We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all. ok jsing@
* remove stupid castsderaadt2015-09-111-4/+4
|
* shutdown (n.) -> shut down (v.);jmc2015-09-111-2/+2
|
* Change the default behavior of the s_time command so that it willlteo2015-09-111-2/+7
| | | | | | | | | | | | | | | | perform a proper shutdown by sending a "close notify" alert to the server. This allows s_time to benchmark a full TLS connection more accurately. Introduce a new flag called -no_shutdown to make s_time adopt the previous behavior (i.e. shut down the connection without notifying the server) so that comparisons can still be made with OpenSSL's version. The idea of using a flag (which replaces a #define) was suggested by bcook@. Thanks to millert@ and miod@ as well for their feedback on an earlier diff which resulted in this change. ok bcook@ beck@
* *** empty log message ***lteo2015-09-111-19/+24
|
* Nuke references to DTLS1_BAD_VER and unbreak the tree.jsing2015-09-101-5/+2
|
* Remove call to CRYPTO_malloc_init(), which does nothing.jsing2015-09-101-2/+1
|
* Correct spelling of OPENSSL_cleanse.jsing2015-09-106-17/+17
|
* Fix shadowed verify_error in s_server by removing the unused global.bcook2015-09-104-10/+8
| | | | | | 's_time -verify 1' will now actually verify the peer certificate. ok beck@
* Remove SOCKET_PROTOCOL, a redundant define that was only used once.lteo2015-09-101-4/+2
| | | | | | No binary change. ok millert@ miod@
* Remove unused defines. No binary change.lteo2015-09-102-9/+2
| | | | ok deraadt@ miod@
* Remove all duplicate prototypes for *_main functions (these are alreadyjsing2015-08-2242-185/+102
| | | | | | | | | provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere). ok deraadt@ doug@
* bring prototypes into scope, requires movement of a large global objectderaadt2015-08-198-202/+208
| | | | | out of .h file ok jsing
* Improve openssl s_client -starttls xmpp support.landry2015-08-112-7/+28
| | | | | | | | | From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest - add a -xmpphost option to specify the xmpp virtual host - fix an infinite loop when the vhost isnt what the server expects - fix communication with openfire & prosody servers with tweaks & ok bcook@ doug@ manpage bits jmc@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-24 21:28:06 +0000