[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Mon Feb 8 04:15:39 UTC 2016
The branch master has been updated
via a173a7ee3f51af71c27490247f9a65ff03553e2c (commit)
from 99978d51d6ba1ae8e36c1f82e98e9b2052131948 (commit)
- Log -----------------------------------------------------------------
commit a173a7ee3f51af71c27490247f9a65ff03553e2c
Author: Rich Salz <rsalz at openssl.org>
Date: Sun Feb 7 23:14:12 2016 -0500
more doc fixes
dgst: using digest instead of specific digest commands
the digest list specified in man dgst may be inaccurate, hence using
digest and referring to the list in digest-commands
'sha' as a digest name is no longer supported
dgst,pkeyutl cmds help cleanup
- In dgst, pkeyutl cmds, some options help was missing.
- fixed a minor typo in openssl.pod, that fixes make install.
- digest-commands was showing ‘sha’, which is not a supported digest
anymore.
Signed-off-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/dgst.c | 13 ++++++++-----
apps/pkeyutl.c | 17 +++++++++--------
apps/progs.h | 1 -
apps/progs.pl | 2 +-
doc/apps/dgst.pod | 33 +++++++++++++++++++++++----------
doc/apps/openssl.pod | 2 +-
doc/apps/pkeyutl.pod | 34 ++++++++++++++++++++++++----------
7 files changed, 66 insertions(+), 36 deletions(-)
diff --git a/apps/dgst.c b/apps/dgst.c
index 5d25c58..7fa5351 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -91,9 +91,10 @@ OPTIONS dgst_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"c", OPT_C, '-', "Print the digest with separating colons"},
{"r", OPT_R, '-', "Print the digest in coreutils format"},
- {"rand", OPT_RAND, 's'},
+ {"rand", OPT_RAND, 's',
+ "Use file(s) containing random data to seed RNG or an EGD sock"},
{"out", OPT_OUT, '>', "Output to filename rather than stdout"},
- {"passin", OPT_PASSIN, 's'},
+ {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"sign", OPT_SIGN, '<', "Sign digest using private key in file"},
{"verify", OPT_VERIFY, '<',
"Verify a signature using public key in file"},
@@ -104,8 +105,9 @@ OPTIONS dgst_options[] = {
{"hex", OPT_HEX, '-', "Print as hex dump"},
{"binary", OPT_BINARY, '-', "Print in binary form"},
{"d", OPT_DEBUG, '-', "Print debug info"},
- {"debug", OPT_DEBUG, '-'},
- {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-'},
+ {"debug", OPT_DEBUG, '-', "Print debug info"},
+ {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-',
+ "Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
{"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
{"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
@@ -113,7 +115,8 @@ OPTIONS dgst_options[] = {
{"", OPT_DIGEST, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
- {"engine_impl", OPT_ENGINE_IMPL, '-'},
+ {"engine_impl", OPT_ENGINE_IMPL, '-',
+ "Also use engine given by -engine for digest operations"},
#endif
{NULL}
};
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 8704fd9..5a2827b 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -89,22 +89,22 @@ typedef enum OPTION_choice {
OPTIONS pkeyutl_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
- {"in", OPT_IN, '<', "Input file"},
- {"out", OPT_OUT, '>', "Output file"},
+ {"in", OPT_IN, '<', "Input file - default stdin"},
+ {"out", OPT_OUT, '>', "Output file - default stdout"},
{"pubin", OPT_PUBIN, '-', "Input is a public key"},
{"certin", OPT_CERTIN, '-', "Input is a cert with a public key"},
{"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"},
{"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
- {"sign", OPT_SIGN, '-', "Sign with private key"},
+ {"sign", OPT_SIGN, '-', "Sign input data with private key"},
{"verify", OPT_VERIFY, '-', "Verify with public key"},
{"verifyrecover", OPT_VERIFYRECOVER, '-',
"Verify with public key, recover original data"},
- {"rev", OPT_REV, '-', "Reverse the input buffer"},
- {"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
- {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
+ {"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
+ {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},
+ {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
{"derive", OPT_DERIVE, '-', "Derive shared secret"},
{"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
- {"inkey", OPT_INKEY, 's', "Input key"},
+ {"inkey", OPT_INKEY, 's', "Input private key file"},
{"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"},
{"passin", OPT_PASSIN, 's', "Pass phrase source"},
{"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"},
@@ -112,7 +112,8 @@ OPTIONS pkeyutl_options[] = {
{"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
- {"engine_impl", OPT_ENGINE_IMPL, '-', "Also use engine given by -engine for crypto operations"},
+ {"engine_impl", OPT_ENGINE_IMPL, '-',
+ "Also use engine given by -engine for crypto operations"},
#endif
{NULL}
};
diff --git a/apps/progs.h b/apps/progs.h
index f3eaf2a..86d9ab8 100644
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -214,7 +214,6 @@ static FUNCTION functions[] = {
#ifndef OPENSSL_NO_MD_GHOST94
{ FT_md, "md_ghost94", dgst_main},
#endif
- { FT_md, "sha", dgst_main},
{ FT_md, "sha1", dgst_main},
{ FT_md, "sha224", dgst_main},
{ FT_md, "sha256", dgst_main},
diff --git a/apps/progs.pl b/apps/progs.pl
index 4ffa1f1..40053a7 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -72,7 +72,7 @@ foreach (@ARGV) {
foreach (
"md2", "md4", "md5",
"md_ghost94",
- "sha", "sha1", "sha224", "sha256", "sha384", "sha512",
+ "sha1", "sha224", "sha256", "sha384", "sha512",
"mdc2", "rmd160"
) {
printf "#ifndef OPENSSL_NO_".uc($_)."\n" if ! /sha/;
diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod
index 25794c1..1c595dc 100644
--- a/doc/apps/dgst.pod
+++ b/doc/apps/dgst.pod
@@ -6,9 +6,9 @@ dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5 - mes
=head1 SYNOPSIS
-B<openssl> B<dgst>
+B<openssl> B<dgst>
[B<-help>]
-[B<-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md4|-md5>]
+[B<-I<digest>>]
[B<-c>]
[B<-d>]
[B<-hex>]
@@ -23,6 +23,8 @@ B<openssl> B<dgst>
[B<-signature filename>]
[B<-hmac key>]
[B<-fips-fingerprint>]
+[B<-engine id>]
+[B<-engine_impl>]
[B<file...>]
B<openssl>
@@ -38,8 +40,8 @@ signatures using message digests.
The generic name, B<dgst>, may be used with an option specifying the
algorithm to be used.
The default digest is I<sha256>.
-The digest name may also be used as the command name.
-To see the list of supported algorithms, use the <Ilist --digest-commands>
+A supported I<digest> name may also be used as the command name.
+To see the list of supported algorithms, use the I<list --digest-commands>
command.
=head1 OPTIONS
@@ -50,6 +52,11 @@ command.
Print out a usage message.
+=item B<-I<digest>>
+
+Specifies name of a supported digest to be used. To see the list of
+supported digests, use the command I<list --digest-commands>.
+
=item B<-c>
print out the digest in two digit groups separated by colons, only relevant if
@@ -86,12 +93,6 @@ digitally sign the digest using the private key in "filename".
Specifies the key format to sign digest with. The DER, PEM, P12,
and ENGINE formats are supported.
-=item B<-engine id>
-
-Use engine B<id> for operations (including private key storage).
-This engine is not used as source for digest algorithms, unless it is
-also specified in the configuration file.
-
=item B<-sigopt nm:v>
Pass options to the signature algorithm during sign or verify operations.
@@ -162,6 +163,18 @@ all others.
compute HMAC using a specific key
for certain OpenSSL-FIPS operations.
+=item B<-engine id>
+
+Use engine B<id> for operations (including private key storage).
+This engine is not used as source for digest algorithms, unless it is
+also specified in the configuration file or B<-engine_impl> is also
+specified.
+
+=item B<-engine_impl>
+
+When used with the B<-engine> option, it specifies to also use
+engine B<id> for digest operations.
+
=item B<file...>
file or files to digest. If no files are specified then standard input is
diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod
index f7a0d44..717550d 100644
--- a/doc/apps/openssl.pod
+++ b/doc/apps/openssl.pod
@@ -399,7 +399,7 @@ read the password from standard input.
L<asn1parse(1)>, L<ca(1)>, L<config(5)>,
L<crl(1)>, L<crl2pkcs7(1)>, L<dgst(1)>,
L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>,
-L<enc(1)>, L<engine(1), L<gendsa(1)>, L<genpkey(1)>,
+L<enc(1)>, L<engine(1)>, L<gendsa(1)>, L<genpkey(1)>,
L<genrsa(1)>, L<nseq(1)>, L<openssl(1)>,
L<passwd(1)>,
L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
diff --git a/doc/apps/pkeyutl.pod b/doc/apps/pkeyutl.pod
index bd2b6e3..a2da255 100644
--- a/doc/apps/pkeyutl.pod
+++ b/doc/apps/pkeyutl.pod
@@ -29,6 +29,7 @@ B<openssl> B<pkeyutl>
[B<-hexdump>]
[B<-asn1parse>]
[B<-engine id>]
+[B<-engine_impl>]
=head1 DESCRIPTION
@@ -53,13 +54,17 @@ if this option is not specified.
specifies the output filename to write to or standard output by
default.
+=item B<-sigfile file>
+
+Signature file, required for B<verify> operations only
+
=item B<-inkey file>
the input key file, by default it should be a private key.
=item B<-keyform PEM|DER|ENGINE>
-the key format PEM, DER or ENGINE.
+the key format PEM, DER or ENGINE. Default is PEM.
=item B<-passin arg>
@@ -73,15 +78,7 @@ the peer key file, used by key derivation (agreement) operations.
=item B<-peerform PEM|DER|ENGINE>
-the peer key format PEM, DER or ENGINE.
-
-=item B<-engine id>
-
-specifying an engine (by its unique B<id> string) will cause B<pkeyutl>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
+the peer key format PEM, DER or ENGINE. Default is PEM.
=item B<-pubin>
@@ -122,6 +119,10 @@ decrypt the input data using a private key.
derive a shared secret using the peer key.
+=item B<-pkeyopt opt:value>
+
+Public key options specified as opt:value. See NOTES below for more details.
+
=item B<-hexdump>
hex dump the output data.
@@ -131,6 +132,19 @@ hex dump the output data.
asn1parse the output data, this is useful when combined with the
B<-verifyrecover> option when an ASN1 structure is signed.
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<pkeyutl>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<-engine_impl>
+
+When used with the B<-engine> option, it specifies to also use
+engine B<id> for crypto operations.
+
+
=back
=head1 NOTES
More information about the openssl-commits
mailing list