summaryrefslogtreecommitdiff
path: root/usr.bin/openssl
AgeCommit message (Collapse)Author
2019-04-01Sort.Joel Sing
2019-04-01Make the openssl(1) enc -iter flag actually work.Joel Sing
Diff from Steven Roberts <sroberts at fenderq dot com> - thanks!
2019-03-17Add the SM4 block cipher from the Chinese standard GB/T 32907-2016.Theo Buehler
Patch from Daniel Wyatt ok inoguchi, jsing
2019-02-17Convert openssl(1) pkeyutl to the newer style of option handling.Kinichiro Inoguchi
ok jsing@ tb@
2019-02-09Fix weird wrap showing cipher list in interactive modeKinichiro Inoguchi
ok jsing@ tb@
2019-02-09Summarize the 4 same name functions and move it to apps.cKinichiro Inoguchi
ok tb@ jsing@
2019-02-05Add islower check to show_ciphers in pkey.c and rsa.c.Kinichiro Inoguchi
suggested by jsing@ ok tb@
2019-02-05Convert openssl(1) pkey to the newer style of option handling.Kinichiro Inoguchi
ok jsing@
2019-02-04Document missing command line options for the rsautl command.Theo Buehler
ok jsing, "looks good!" jmc
2019-02-03zap spaces before tabsTheo Buehler
2019-02-03Convert openssl(1) rsautl to the newer style of option handling.Joel Sing
ok beck@ inoguchi@ tb@
2019-01-29Remove SSLv23 padding mode from rsautl's usage (left behind in a removalTheo Buehler
from code and manual in 2017). Reported by KEINOS in github issue #101.
2019-01-28spelling;Jason McIntyre
2019-01-20Fix BN_is_prime_* calls in openssl(1), the API returns -1 on error.Theo Buehler
Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd by David Benjamin. ok djm, jsing
2019-01-19change the default digest used byJonathan Gray
openssl x509 -fingerprint openssl crl -fingerprint from sha1 to sha256 ok jsing@
2019-01-18switch the default algorithm for the dgst command from MD5 to SHA256Christian Weisgerber
ok deraadt@
2019-01-18Add -iter and -pbkdf2 to the usage synopsis.Christian Weisgerber
Reorder option descriptions so -iter and -pbkdf2 show up alphabetically. Add missing argument name for -iter. ok jmc@
2019-01-18tweak previous;Jason McIntyre
2019-01-18Add the -iter and -pbkdf2 argumenst to encBob Beck
2019-01-18Change the default digest type to sha256, and add support forBob Beck
pbkdf2 with OpenSSL compatible flags ok jsing@
2018-12-09Keep usage in sync with logic if OPENSSL_NO_DES is set.Tobias Stoeckmann
ok jmc@, jsing@
2018-11-14didn't found -> didn't find.Theo Buehler
From Edgar Pettijohn III
2018-11-11Add sm3 to the 'openssl dgst' command.Theo Buehler
ok beck inoguchi
2018-11-11Add automatic threading initialization for libcrypto.Brent Cook
This implements automatic thread support initialization in libcrypto. This does not remove any functions from the ABI, but does turn them into no-ops. Stub implementations of pthread_mutex_(init|lock|unlock) are provided for ramdisks. This does not implement the new OpenSSL 1.1 thread API internally, keeping the original CRYTPO_lock / CRYPTO_add_lock functions for library locking. For -portable, crypto_lock.c can be reimplemented with OS-specific primitives as needed. ok beck@, tb@, looks sane guenther@
2018-11-06Unbreak following elliptic curves to supported groups rename.Joel Sing
Reported by Katherine <luigi30 at gmail dot com> on tech@
2018-11-01Make the documentation of -conv_form match reality. It defaultsTheo Buehler
to uncompressed rather than compressed. From Jacqueline Jolicoeur
2018-09-17Move tally mark printing out of the main benchmark loop; ok tb@cheloha
2018-08-28Drop SSLv2, SSLv3 support.cheloha
No need to check for SSLv2/3 sessions when printing the tally mark. Also do SSLv23_client_method -> TLS_client_method. ok jsing@
2018-08-28Check for SSL_write(3) error.cheloha
jsing@ notes that this is not a complete solution, as we don't account for retries or partial writes, but that this is a step in a right direction. May want to revisit this later to provide a complete solution. ok jsing@
2018-08-24update usage for pkcs8;Jason McIntyre
ok tb
2018-08-24The broken pkcs8 formats generated by openssl pkcs -{embed,nooct,nsdb}Theo Buehler
are no longer supported. Remove their documentation. ok jsing
2018-08-24Stop handling broken PKCS#8 formats in openssl(1).Theo Buehler
ok jsing
2018-08-22Use a monotonic clock for the benchmark timeout.cheloha
While here, we don't need the app_timer_* wrapper function, it only obfuscates things, so delete it. Also while here, totalTime only needs to be assigned once. ok tb@
2018-08-21Merge duplicate benchmark() GET/SSL_shutdown blocks into doConnection().cheloha
We need to then remove the shadow i from the GET block. While there, move retval's declaration to the beginning of the function. As doConnection() now executes the body of the benchmark's test, rename it to "run_test". Shadow variable spotted by tb@. ok tb@
2018-08-19Don't leak a strdup()'ed string on error in do_accept().Theo Buehler
CID #154702. input & ok inoguchi, ok mestre on first version
2018-08-18Plug SSL object leaks in doConnection().cheloha
Move SSL_new/SSL_free up into benchmark() to restrict the responsibility for the SSL object to a single scope. Make doConnection() return an int, openssl-style. Some miscellaneous cleanup, too. Discussed with tb, jsing, and jca. Basic idea from jsing, lots of patch input from tb. ok deraadt on an earlier version ok tb jsing
2018-08-16Revert previous, which was wrong as noted by schwarze. Also revert a hunkTheo Buehler
from r1.45 and thereby avoid a use-after-free spotted by schwarze. ok schwarze
2018-08-16Remove unused variable.rob
From Nan at chinadtrace dot org. Thanks!
2018-08-14Don't fail by default in the -new case; ok tb jcacheloha
2018-08-11Refactor the nearly identical benchmark loops into a single loop.cheloha
Move all of the benchmark code -- loop initialization, the loops, and the report printing -- into a new function, benchmark(). Eliminates lots of duplicate code. Regressions to 1.20 caught by tb@ and inoguchi@. Tweaked by tb@. ok tb@, jsing@
2018-07-13openssl app timers: TM_START -> TM_RESET, TM_STOP -> TM_GETcheloha
Much more apt than the current operation names. Names suggested by jca@ ages ago. ok jca, jsing
2018-04-25The cookie in the cookie verify callback needs to be const.Theo Buehler
ok jsing (as part of a larger diff)
2018-04-10Delete the description of the argument of the "ciphers" commandIngo Schwarze
because it was (1) woefully incomplete, (2) partially outdated and wrong, (3) in parts imprecisely worded and hard to understand, (4) excessively technical for a section 1 manual, (5) of excessive size for this particular page, (6) and didn't belong here in the first place because it essentially tried to document a C API - SSL_CTX_set_cipher_list(3), which is now documented, so point to it.
2018-03-31Improve description of openssl(1) ciphers.Ingo Schwarze
* Remove -tls1 option which has no effect. * For -V, sort the fields in the order they are printed, and do not talk about key size restrictions, nothing like that is printed.
2018-03-30Updates to the description of "openssl ca" from OpenSSL.Ingo Schwarze
Some options were missing, some were in the wrong section (CRL-related or not), and there were some minor errors, typos, and omissions.
2018-03-30checked the content against the current version of OpenSSL openssl.pod;Ingo Schwarze
resulting fixes: markup of "command" below SYNOPSIS and links to the config file formats below SEE ALSO
2018-03-22organizationUnitName -> organizationalUnitName;Jason McIntyre
from matt schwartz
2018-02-28ca start/enddates require all 4 yyyy from 2050 on; first twoJason McIntyre
are otherwise optional diff from holger mikolon, tweaked a bit by me
2018-02-18document s_client -groups;Jason McIntyre
2018-02-11typo in output string; from edgar pettijohnJason McIntyre
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-04 09:13:52 +0000