summaryrefslogtreecommitdiff
path: root/src/usr.bin (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Avoid a path traversal bug in s_server on Windows.bcook2019-10-041-3/+3
| | | | | | | | openssl s_server has an arbitrary read vulnerability on Windows when run with the -WWW or -HTTP options, due to an incomplete path check logic. Thanks to Jobert Abma for reporting. ok tb@
* the formatting for the mini synopses in this page did not render welljmc2019-10-041-115/+179
| | | | | | | on html or groff. the solution, to replace the non-standard .nr macros with a hang list, was provided by ingo - thanks! ok schwarze
* Remove unnecessary NULL check before free function in openssl(1) dgstinoguchi2019-08-301-11/+6
|
* Wrap lines over 80 cols and put space before goto label in openssl(1) dgstinoguchi2019-08-301-20/+30
|
* Simplify checking and more readable descriptions in openssl(1) dgstinoguchi2019-08-301-8/+8
| | | | suggested from jsing@
* Convert openssl(1) dgst to the newer style of option handlinginoguchi2019-08-301-99/+216
| | | | | | | | Adapt openssl(1) dgst command to new option handling. Added dgst_options struct and option handlers, and replaced for-if-strcmp handling with options_parse(). ok bcook@ jsing@
* added /* no filesystem visibility */ above unveil("/", "") since "" is too easymestre2019-08-081-1/+2
| | | | | | to misread. as per suggestion by and OK deraadt@
* Remove -port option from s_server since it is same as -acceptinoguchi2019-08-051-4/+3
| | | | ok schwarze@
* Make proxy auth work with http 1.1 speaking webservers.benno2019-07-291-2/+3
| | | | | Diff from Alexander Koeppe format_c -AT- online -DOT- de, thanks. ok deraadt@
* Moving variables into struct in openssl(1) dgstinoguchi2019-07-291-86/+99
| | | | | | | | First step to adapt openssl(1) dgst command to new option handling. There is no functional changes by this diff, and just moving variables into dgst_config struct. ok bcook@
* Code clean up openssl(1) pkcs12inoguchi2019-07-261-61/+86
| | | | | | - Add a space before 'export_end:' - Remove space after '*' - Wrap lines by 80 columns
* Remove unnecessary NULL checks before free in openssl(1) pkcs12inoguchi2019-07-261-14/+7
| | | | ok bcook@ tb@
* remove superfluous commentbcook2019-07-251-2/+1
|
* zero tmpkeyiv buffer after use when encryptingbcook2019-07-251-2/+4
| | | | from Steven Roberts
* Capitalize cipher name and mode in help message as sync with pkcs12inoguchi2019-07-242-20/+20
|
* Convert openssl(1) pkcs12 to the newer style of option handlinginoguchi2019-07-241-214/+409
| | | | | | | | Adapt openssl(1) pkcs12 command to new option handling. Added pkcs12_options struct, and replaced for-if-strcmp handling with options_parse(). ok and comments jsing@
* Moving variables into struct in openssl(1) pkcs12inoguchi2019-07-231-125/+136
| | | | | | | | | First step to adapt openssl(1) pkcs12 command to new option handling. There is no functional changes by this diff, and just moving variables into pkcs12_config struct. I still keep long lines more than 80 for this review to minimize diffs. ok jsing@ tb@
* Fix long line by wrapping with 80 charsinoguchi2019-07-161-6/+9
|
* Move option handlers up to option definition struct in gendsa.cinoguchi2019-07-161-53/+50
| | | | | As we did in other openssl sub command, move up option handlers above option definition struct. No functional changes and just move up and remove prototype.
* Fix typo and -keyform argument in openssl(1) manualinoguchi2019-07-161-6/+8
| | | | | | - s/outputed/outputted/ - s/trused/trusted/ - add der as argument and describe pem is the default
* Mark the initialized struct options arrays as both static and const.guenther2019-07-1434-71/+71
| | | | | | This moves them from .data to .data.rel.ro ok deraadt@ inoguchi@
* Fix manual openssl(1) s_serverinoguchi2019-07-121-18/+94
| | | | | | | | | | | | | | | | | | | - Add undocumented options below. -alpn, -cert2, -certform, -dcertform, -dkeyform, -dpass, -dtls1, -key2, -keyform, -keymatexport, -keymatexportlen, -mtu, -named_curve, -no_cache, -no_ecdhe, -no_ticket, -pass, -port, -servername, -servername_fatal, -status, -status_timeout, -status_url, -status_verbose, -timeout, -tlsextdebug, -use_srtp, -verify_return_error - Remove -hack, -psk and -psk_hint since not exist in source code. I didn't add these 5 options since these were no-op. -chain, -legacy_renegotiation, -nextprotoneg, -no_comp, -no_ssl2 This option was removed from manual in the past. -no_ssl3 ok and suggestions from jmc@
* Fix manual openssl(1) s_clientinoguchi2019-07-111-14/+80
| | | | | | | | | | | | | | | | | | - Add undocumented options below. -alpn, -certform, -dtls1, -host, -keyform, -keymatexport, -keymatexportlen, -legacy_server_connect, -mtu, -no_ign_eof, -no_legacy_server_connect, -pass -port, -serverpref, -sess_in, -sess_out, -status, -timeout, -use_srtp, -verify_return_error - Remove -psk and -psk_identity since not exist in source code. I didn't add these 4 options since these were no-op. -nextprotoneg, -legacy_renegotiation, -no_comp, -no_ssl2 This option was removed from manual in the past. -no_ssl3 ok jmc@
* Add missing option openssl dsa -modulusinoguchi2019-07-101-2/+8
| | | | ok bcook@ jsing@
* Fix manual openssl(1) genrsainoguchi2019-07-091-6/+14
| | | | | | Add missing -camellia*/-idea description to genrsa section. ok jmc@
* Convert openssl(1) genrsa to the newer style of option handlinginoguchi2019-07-091-70/+183
| | | | ok tb@ jsing@
* Fix manual openssl(1) dsa, ocsp, rsa and smimeinoguchi2019-07-081-12/+56
| | | | | | | | | | | | | - dsa : add missing -pvk-none, -pvk-strong and -pvk-weak add pvk format to -inform and -outform - ocsp : add missing -header, -ignore_err, -no_explicit and -timeout - rsa : add missing -pvk-none, -pvk-strong and -pvk-weak add missing -RSAPublicKey_in and -RSAPublicKey_out add pvk format to -inform and -outform - smime : add missing -nosmimecap - add pvk description at common format part ok jmc@
* Fix manual openssl(1) pkcs12, req, verify and x509inoguchi2019-07-071-13/+76
| | | | | | | | | | - For pkcs12, add -camellia*/-idea, -LMK and -password - For req, add -multivalue-rdn, -pkeyopt and -sigopt - For verify, add -CRLfile and -trusted, and down -check_ss_sig description - For x509, add -next_serial and -sigopt - Remove the escape in -multivalue-rdn from ca section ok jmc@
* Fix manual openssl(1) ec, enc and pkcs7inoguchi2019-07-051-2/+9
| | | | | | | | - For ec, add -param_out description - For enc, add -v usage and description - For pkcs7, add -print usage and description ok jmc@
* Fix manual openssl(1) dgstinoguchi2019-07-051-3/+5
| | | | | | - Add undocumented option -r ok jmc@
* Fix manual openssl(1) crlinoguchi2019-07-041-1/+13
| | | | | | - Add undocumented options -crlnumber, -hash_old, -nameopt and -verify ok jmc@
* Fix manual openssl(1) cainoguchi2019-07-041-8/+15
| | | | | | | - Add undocumented options -crlsec and -sigopt - Sync argument name between usage and options description ok jmc@
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-035-18/+18
|
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-285-39/+39
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Some asprintf() calls were checked < 0, rather than the precise == -1.deraadt2019-06-271-3/+3
| | | | ok millert nicm tb, etc
* Move variables into struct in openssl(1) genrsainoguchi2019-06-191-25/+33
| | | | | | | - Move local variables in genrsa_main() to struct genrsa_config - Leave long lines more than 80, still ok bcook@
* tidy up the formatting of gendsa synopsis a little;jmc2019-06-071-5/+3
|
* Convert openssl(1) gendsa to the newer style of option handlinginoguchi2019-06-072-84/+178
| | | | | | | | - Adapt openssl(1) gendsa command to new option handling. - Add lacking ciphers and passout description in openssl.1 manpage. - Describe paramfile as argument in openssl.1 manpage. ok bcook@
* Sort.jsing2019-04-011-3/+3
|
* Make the openssl(1) enc -iter flag actually work.jsing2019-04-011-2/+2
| | | | Diff from Steven Roberts <sroberts at fenderq dot com> - thanks!
* Add the SM4 block cipher from the Chinese standard GB/T 32907-2016.tb2019-03-171-1/+8
| | | | | Patch from Daniel Wyatt ok inoguchi, jsing
* Correctly handle tls_read() and tls_write() failures.jsing2019-02-261-5/+9
| | | | | | | Otherwise a TLS error (for example the remote end sent a fatal alert) is silently ignored. ok bluhm@ tb@
* Convert openssl(1) pkeyutl to the newer style of option handling.inoguchi2019-02-171-198/+278
| | | | ok jsing@ tb@
* Fix weird wrap showing cipher list in interactive modeinoguchi2019-02-096-13/+23
| | | | ok jsing@ tb@
* Summarize the 4 same name functions and move it to apps.cinoguchi2019-02-097-72/+26
| | | | ok tb@ jsing@
* Add islower check to show_ciphers in pkey.c and rsa.c.inoguchi2019-02-052-2/+10
| | | | | suggested by jsing@ ok tb@
* Convert openssl(1) pkey to the newer style of option handling.inoguchi2019-02-051-96/+171
| | | | ok jsing@
* Document missing command line options for the rsautl command.tb2019-02-042-9/+16
| | | | ok jsing, "looks good!" jmc
* zap spaces before tabstb2019-02-031-5/+5
|
* Convert openssl(1) rsautl to the newer style of option handling.jsing2019-02-031-121/+196
| | | | ok beck@ inoguchi@ tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 12:58:43 +0000