| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When pointing openssl asn1parse -strparse at DER octets 01 01, it crashes:
$ printf '<\x01\x01>' | openssl asn1parse -inform der -strparse 1
Refuse to parse BOOLEAN types instead, which avoids a crash in hensonian
/* hmm... this is a little evil, but it works */ code.
Found while poking at CMS timestamps to understand one of job's diffs.
with/ok jsing
|
| |
|
|
| |
Drop extra parentheses, unwrap some lines, compare pointers against NULL.
|
| |
|
|
|
|
|
|
|
| |
All the structs are static and we need to reach into them many times.
Having a shorter name is more concise and results in less visual clutter.
It also avoids many overlong lines and we will be able to get rid of some
unfortunate line wrapping down the road.
Discussed with jsing
|
| |
|
|
|
| |
These are per-app, so per-file. Most of them already are static, adjust
the rest of them.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Do not display such ciphers in the usage display and error out if
they are given. As pointed out by Pauli Dale, the current situation
is confusing.
Fixes GH issues #786 and #819
ok jsing
|
| |
|
|
|
|
|
| |
Before do_sign_init(), the ctx is always allocated by EVP_MD_CTX_new()
aka calloc(). There is no point in doing EVP_MD_CTX_init(), aka bzero().
ok jsing
|
| |
|
|
|
|
|
| |
Remedy a case of twitching eyes caused by seeing "Doing ... rsa's for 10s".
If this breaks someone's script, so be it.
ok jsing sthen
|
| |
|
|
|
|
|
|
| |
When printing certificates or CRLs, check signed and signedAndEnveloped
before dereferencing them. Prevents crash on inspecting malformed PKCS7
files.
ok jsing
|
| | |
|
| |
|
|
| |
ok tb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A few programs used the plural in their synopsis which doesn't read as
clear as the obvious triple-dot notation.
mdoc(7) .Ar defaults to "file ..." if no arguments are given and consistent
use of 'arg ...' matches that behaviour.
Cleanup a few markups of the same argument so the text keeps reading
naturally; omit unhelpful parts like 'if optional arguments are given,
they are passed along' for tools like time(1) and timeout(1) that obviously
execute commands with whatever arguments where given -- just like doas(1)
which doesn't mention arguments in its DESCRIPTION in the first place.
For expr(1) the difference between 'expressions' and 'expression ...' is
crucial, as arguments must be passed as individual words.
Feedback millert jmc schwarze deraadt
OK jmc
|
| |
|
|
|
|
|
| |
In udp mode, nc would always print that the connected succeeded
independently of whether that was actually the case. Don't do that.
idea/ok mpf
|
| |
|
|
|
|
|
|
| |
The connection test writes four X to the socket, which corrupts data
that we may want to pipe into nc. So don't do that if stdin is not a
tty but still do it in scan mode, this is needed according to chris.
based on a diff by and ok mpf
|
| |
|
|
| |
ok mpf as part of a larger diff
|
| |
|
|
| |
Avoids repeated use of ternary operator on globals.
|
| |
|
|
|
|
|
| |
This simply moves a chunk of code in this spaghetti mess into its own
function with minimal changes.
idea from a diff by mpf
|
| |
|
|
|
|
|
|
|
| |
This cleans up the code that handles command execution for openssl(1),
displays the help message when 'openssl help' is executed, and exits
with code 1 when an invalid command is executed, matching the behaviour
of OpenSSL version 1.1+ and above.
ok tb@
|
| |
|
|
|
|
|
|
| |
This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.
ok tb@ jsing@
|
| |
|
|
|
|
| |
for rsa and friends.
okay tb@
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
| |
because these inspire devotion to cargo cult in developers.
Cleanup suggested by kn@.
|
| |
|
|
| |
CID 184043
|
| |
|
|
|
|
|
|
|
|
| |
Use EVP_PKEY_get0_EC_KEY() instead of the get1 version to avoid an
EVP_PKEY_free(). Check return values: if either EVP_PKEY_get0_EC_KEY()
or EC_KEY_get0_group() fail, a NULL dereference occurs.
CID 43289
ok jsing
|
| |
|
|
| |
CID 25421
|
| |
|
|
| |
until the next bump exposes new symbols that we can use.
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Instead of only using the default client method, allow selecting a
specific protocol version and display the supported ciphers accordingly.
This removes the noop status of -tls1 and adds -tls1_{1,2,3} as in
other commands.
ok jsing
|
| |
|
|
|
|
| |
output. The option wasn't documented in the manpage.
pointed out by jsing
|
| |
|
|
|
|
|
|
|
| |
Apparently, TLSv1_client_method() is used for historical reasons.
This behavior is no longer helpful if we want to know what ciphers
a TLS connection could use. This could change again after further
investigation of what the behavior should be...
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
| |
With this option, the command only shows the ciphers supported by the
SSL method.
ok beck jsing
|
| |
|
|
| |
support. Identified by Wilmer van der Gaast, ok millert@
|
| | |
|
| |
|
|
| |
comment from tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
Move up md_ctx and add EVP_MD_CTX_free under the 'err:' label.
CID 149810
comment and ok jsing@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Apply new option handling to openssl(1) ts, and there is no functional
changes here.
usage strings are comes from manual page.
comments and ok jsing@
|
| |
|
|
|
|
|
| |
Two missing initializations in the new option handling cause a
segfault when -nodetach or -noindef is passed to openssl cms.
ok inoguchi jsing miod
|
| |
|
|
| |
ok gnezdo@ miod@ jmc@
|
