summaryrefslogtreecommitdiff
path: root/src/usr.bin (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove explicit NULL checks before *_free() calls.jsing2019-11-041-21/+14
|
* Hook openssl(1) cms back up.jsing2019-11-043-4/+8
|
* Currently we need to include pem.h before cms.h...jsing2019-11-041-2/+3
|
* Remove engine argument from load_cert() calls.jsing2019-11-041-8/+8
| | | | This was cleaned up after cms went to the attic.
* Bring openssl(1) cms back from the attic.jsing2019-11-041-0/+1142
|
* Service names are still resolved with -nkn2019-10-241-4/+4
| | | | | | | | | Just like pfctl(8)'s -N, this flag only avoid DNS; "nc -vz ::1 socks" still works. Fix documentation by copying pfctl's wording. OK deraadt
* Print IP address in verbose modejob2019-10-241-12/+34
| | | | OK kn@
* Revert previous, which works for -N case but causes regress failuresbeck2019-10-231-18/+1
| | | | | | | for tls, since the socket is shut down without calling tls_close(). Since nc appears to have a problem with this in other shutdown() cases I am simply going to bake a new diff for this. noticed by bluhm@.
* Fix -N flag to actually shut down the (entire) socket when the inputbeck2019-10-171-1/+18
| | | | | | | | | | | | | goes away. This allows for using nc in cases where the network server will no longer expect anything after eof, instead of hanging waiting for more input from our end. Additionaly, shut down if tls is in use if either side of the socket goes away, since we higher level TLS operations (tls_read and write) will require the socket to be both readable and writable as we can get TLS_WANT_POLLIN or TLS_WANT_POLLOUT on either operation. deraadt@ buying it. found by sthen@
* Avoid a path traversal bug in s_server on Windows.bcook2019-10-041-3/+3
| | | | | | | | openssl s_server has an arbitrary read vulnerability on Windows when run with the -WWW or -HTTP options, due to an incomplete path check logic. Thanks to Jobert Abma for reporting. ok tb@
* the formatting for the mini synopses in this page did not render welljmc2019-10-041-115/+179
| | | | | | | on html or groff. the solution, to replace the non-standard .nr macros with a hang list, was provided by ingo - thanks! ok schwarze
* Remove unnecessary NULL check before free function in openssl(1) dgstinoguchi2019-08-301-11/+6
|
* Wrap lines over 80 cols and put space before goto label in openssl(1) dgstinoguchi2019-08-301-20/+30
|
* Simplify checking and more readable descriptions in openssl(1) dgstinoguchi2019-08-301-8/+8
| | | | suggested from jsing@
* Convert openssl(1) dgst to the newer style of option handlinginoguchi2019-08-301-99/+216
| | | | | | | | Adapt openssl(1) dgst command to new option handling. Added dgst_options struct and option handlers, and replaced for-if-strcmp handling with options_parse(). ok bcook@ jsing@
* added /* no filesystem visibility */ above unveil("/", "") since "" is too easymestre2019-08-081-1/+2
| | | | | | to misread. as per suggestion by and OK deraadt@
* Remove -port option from s_server since it is same as -acceptinoguchi2019-08-051-4/+3
| | | | ok schwarze@
* Make proxy auth work with http 1.1 speaking webservers.benno2019-07-291-2/+3
| | | | | Diff from Alexander Koeppe format_c -AT- online -DOT- de, thanks. ok deraadt@
* Moving variables into struct in openssl(1) dgstinoguchi2019-07-291-86/+99
| | | | | | | | First step to adapt openssl(1) dgst command to new option handling. There is no functional changes by this diff, and just moving variables into dgst_config struct. ok bcook@
* Code clean up openssl(1) pkcs12inoguchi2019-07-261-61/+86
| | | | | | - Add a space before 'export_end:' - Remove space after '*' - Wrap lines by 80 columns
* Remove unnecessary NULL checks before free in openssl(1) pkcs12inoguchi2019-07-261-14/+7
| | | | ok bcook@ tb@
* remove superfluous commentbcook2019-07-251-2/+1
|
* zero tmpkeyiv buffer after use when encryptingbcook2019-07-251-2/+4
| | | | from Steven Roberts
* Capitalize cipher name and mode in help message as sync with pkcs12inoguchi2019-07-242-20/+20
|
* Convert openssl(1) pkcs12 to the newer style of option handlinginoguchi2019-07-241-214/+409
| | | | | | | | Adapt openssl(1) pkcs12 command to new option handling. Added pkcs12_options struct, and replaced for-if-strcmp handling with options_parse(). ok and comments jsing@
* Moving variables into struct in openssl(1) pkcs12inoguchi2019-07-231-125/+136
| | | | | | | | | First step to adapt openssl(1) pkcs12 command to new option handling. There is no functional changes by this diff, and just moving variables into pkcs12_config struct. I still keep long lines more than 80 for this review to minimize diffs. ok jsing@ tb@
* Fix long line by wrapping with 80 charsinoguchi2019-07-161-6/+9
|
* Move option handlers up to option definition struct in gendsa.cinoguchi2019-07-161-53/+50
| | | | | As we did in other openssl sub command, move up option handlers above option definition struct. No functional changes and just move up and remove prototype.
* Fix typo and -keyform argument in openssl(1) manualinoguchi2019-07-161-6/+8
| | | | | | - s/outputed/outputted/ - s/trused/trusted/ - add der as argument and describe pem is the default
* Mark the initialized struct options arrays as both static and const.guenther2019-07-1434-71/+71
| | | | | | This moves them from .data to .data.rel.ro ok deraadt@ inoguchi@
* Fix manual openssl(1) s_serverinoguchi2019-07-121-18/+94
| | | | | | | | | | | | | | | | | | | - Add undocumented options below. -alpn, -cert2, -certform, -dcertform, -dkeyform, -dpass, -dtls1, -key2, -keyform, -keymatexport, -keymatexportlen, -mtu, -named_curve, -no_cache, -no_ecdhe, -no_ticket, -pass, -port, -servername, -servername_fatal, -status, -status_timeout, -status_url, -status_verbose, -timeout, -tlsextdebug, -use_srtp, -verify_return_error - Remove -hack, -psk and -psk_hint since not exist in source code. I didn't add these 5 options since these were no-op. -chain, -legacy_renegotiation, -nextprotoneg, -no_comp, -no_ssl2 This option was removed from manual in the past. -no_ssl3 ok and suggestions from jmc@
* Fix manual openssl(1) s_clientinoguchi2019-07-111-14/+80
| | | | | | | | | | | | | | | | | | - Add undocumented options below. -alpn, -certform, -dtls1, -host, -keyform, -keymatexport, -keymatexportlen, -legacy_server_connect, -mtu, -no_ign_eof, -no_legacy_server_connect, -pass -port, -serverpref, -sess_in, -sess_out, -status, -timeout, -use_srtp, -verify_return_error - Remove -psk and -psk_identity since not exist in source code. I didn't add these 4 options since these were no-op. -nextprotoneg, -legacy_renegotiation, -no_comp, -no_ssl2 This option was removed from manual in the past. -no_ssl3 ok jmc@
* Add missing option openssl dsa -modulusinoguchi2019-07-101-2/+8
| | | | ok bcook@ jsing@
* Fix manual openssl(1) genrsainoguchi2019-07-091-6/+14
| | | | | | Add missing -camellia*/-idea description to genrsa section. ok jmc@
* Convert openssl(1) genrsa to the newer style of option handlinginoguchi2019-07-091-70/+183
| | | | ok tb@ jsing@
* Fix manual openssl(1) dsa, ocsp, rsa and smimeinoguchi2019-07-081-12/+56
| | | | | | | | | | | | | - dsa : add missing -pvk-none, -pvk-strong and -pvk-weak add pvk format to -inform and -outform - ocsp : add missing -header, -ignore_err, -no_explicit and -timeout - rsa : add missing -pvk-none, -pvk-strong and -pvk-weak add missing -RSAPublicKey_in and -RSAPublicKey_out add pvk format to -inform and -outform - smime : add missing -nosmimecap - add pvk description at common format part ok jmc@
* Fix manual openssl(1) pkcs12, req, verify and x509inoguchi2019-07-071-13/+76
| | | | | | | | | | - For pkcs12, add -camellia*/-idea, -LMK and -password - For req, add -multivalue-rdn, -pkeyopt and -sigopt - For verify, add -CRLfile and -trusted, and down -check_ss_sig description - For x509, add -next_serial and -sigopt - Remove the escape in -multivalue-rdn from ca section ok jmc@
* Fix manual openssl(1) ec, enc and pkcs7inoguchi2019-07-051-2/+9
| | | | | | | | - For ec, add -param_out description - For enc, add -v usage and description - For pkcs7, add -print usage and description ok jmc@
* Fix manual openssl(1) dgstinoguchi2019-07-051-3/+5
| | | | | | - Add undocumented option -r ok jmc@
* Fix manual openssl(1) crlinoguchi2019-07-041-1/+13
| | | | | | - Add undocumented options -crlnumber, -hash_old, -nameopt and -verify ok jmc@
* Fix manual openssl(1) cainoguchi2019-07-041-8/+15
| | | | | | | - Add undocumented options -crlsec and -sigopt - Sync argument name between usage and options description ok jmc@
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-035-18/+18
|
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-285-39/+39
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Some asprintf() calls were checked < 0, rather than the precise == -1.deraadt2019-06-271-3/+3
| | | | ok millert nicm tb, etc
* Move variables into struct in openssl(1) genrsainoguchi2019-06-191-25/+33
| | | | | | | - Move local variables in genrsa_main() to struct genrsa_config - Leave long lines more than 80, still ok bcook@
* tidy up the formatting of gendsa synopsis a little;jmc2019-06-071-5/+3
|
* Convert openssl(1) gendsa to the newer style of option handlinginoguchi2019-06-072-84/+178
| | | | | | | | - Adapt openssl(1) gendsa command to new option handling. - Add lacking ciphers and passout description in openssl.1 manpage. - Describe paramfile as argument in openssl.1 manpage. ok bcook@
* Sort.jsing2019-04-011-3/+3
|
* Make the openssl(1) enc -iter flag actually work.jsing2019-04-011-2/+2
| | | | Diff from Steven Roberts <sroberts at fenderq dot com> - thanks!
* Add the SM4 block cipher from the Chinese standard GB/T 32907-2016.tb2019-03-171-1/+8
| | | | | Patch from Daniel Wyatt ok inoguchi, jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-11 05:48:05 +0000