[openssl] master update

beldmit at gmail.com beldmit at gmail.com
Sat Oct 5 07:19:40 UTC 2019


The branch master has been updated
       via  38546024bba338c61a71212f9ede4c4f2af3edb7 (commit)
      from  74997e7eedd094b40183f0643c5744e77fbd393f (commit)


- Log -----------------------------------------------------------------
commit 38546024bba338c61a71212f9ede4c4f2af3edb7
Author: Rich Salz <rsalz at akamai.com>
Date:   Mon Sep 23 14:54:42 2019 -0400

    Add missing help text for some options
    
    Fixes: #9952
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/9989)

-----------------------------------------------------------------------

Summary of changes:
 apps/cms.c | 62 ++++++++++++++++++++++++++++++++++++++++----------------------
 1 file changed, 40 insertions(+), 22 deletions(-)

diff --git a/apps/cms.c b/apps/cms.c
index 9c9f01d3ee..0e0df5e052 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -104,20 +104,29 @@ const OPTIONS cms_options[] = {
     {"resign", OPT_RESIGN, '-', "Resign a signed message"},
     {"cades", OPT_CADES, '-', "Include signer certificate digest"},
     {"verify", OPT_VERIFY, '-', "Verify signed message"},
-    {"verify_retcode", OPT_VERIFY_RETCODE, '-'},
-    {"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
+    {"verify_retcode", OPT_VERIFY_RETCODE, '-',
+        "Exit non-zero on verification failure"},
+    {"verify_receipt", OPT_VERIFY_RECEIPT, '<',
+        "Verify receipts; exit if receipt signatures do not verify"},
     {"cmsout", OPT_CMSOUT, '-', "Output CMS structure"},
-    {"data_out", OPT_DATA_OUT, '-'},
-    {"data_create", OPT_DATA_CREATE, '-'},
-    {"digest_verify", OPT_DIGEST_VERIFY, '-'},
-    {"digest_create", OPT_DIGEST_CREATE, '-'},
-    {"compress", OPT_COMPRESS, '-'},
-    {"uncompress", OPT_UNCOMPRESS, '-'},
-    {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-'},
-    {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-'},
-    {"debug_decrypt", OPT_DEBUG_DECRYPT, '-'},
+    {"data_out", OPT_DATA_OUT, '-', "Copy CMS \"Data\" object to output"},
+    {"data_create", OPT_DATA_CREATE, '-', "Create a CMS \"Data\" object"},
+    {"digest_verify", OPT_DIGEST_VERIFY, '-',
+        "Verify a CMS \"DigestedData\" object and output it"},
+    {"digest_create", OPT_DIGEST_CREATE, '-',
+        "Create a CMS \"DigestedData\" object"},
+    {"compress", OPT_COMPRESS, '-', "Create a CMS \"CompressedData\" object"},
+    {"uncompress", OPT_UNCOMPRESS, '-', "Uncompress a CMS \"CompressedData\" object"},
+    {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-',
+        "Decrypt CMS \"EncryptedData\" object using symmetric key"},
+    {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-',
+        "Create CMS \"EncryptedData\" object using symmetric key"},
+    {"debug_decrypt", OPT_DEBUG_DECRYPT, '-',
+        "Disable MMA protection and return an error if no recipient found"
+        " (see documentation)"},
     {"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
-    {"asciicrlf", OPT_ASCIICRLF, '-'},
+    {"asciicrlf", OPT_ASCIICRLF, '-',
+        "Perform CRLF canonicalisation when signing"},
     {"nointern", OPT_NOINTERN, '-',
      "Don't search certificates in message for signer"},
     {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
@@ -129,16 +138,20 @@ const OPTIONS cms_options[] = {
     {"binary", OPT_BINARY, '-', "Don't translate message to text"},
     {"keyid", OPT_KEYID, '-', "Use subject key identifier"},
     {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
-    {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'},
-    {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'},
+    {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-',
+        "Do not verify signed content signatures"},
+    {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-',
+        "Do not verify signed attribute signatures"},
     {"stream", OPT_INDEF, '-', "Enable CMS streaming"},
     {"indef", OPT_INDEF, '-', "Same as -stream"},
     {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
     {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" },
     {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"},
     {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
-    {"receipt_request_all", OPT_RR_ALL, '-'},
-    {"receipt_request_first", OPT_RR_FIRST, '-'},
+    {"receipt_request_all", OPT_RR_ALL, '-',
+        "When signing, create a receipt request for all recipients"},
+    {"receipt_request_first", OPT_RR_FIRST, '-',
+        "When signing, create a receipt request for first recipient"},
     {"rctform", OPT_RCTFORM, 'F', "Receipt file format"},
     {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
     {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
@@ -151,10 +164,13 @@ const OPTIONS cms_options[] = {
      "Supply or override content for detached signature"},
     {"print", OPT_PRINT, '-',
      "For the -cmsout operation print out all fields of the CMS structure"},
-    {"secretkey", OPT_SECRETKEY, 's'},
-    {"secretkeyid", OPT_SECRETKEYID, 's'},
-    {"pwri_password", OPT_PWRI_PASSWORD, 's'},
-    {"econtent_type", OPT_ECONTENT_TYPE, 's'},
+    {"secretkey", OPT_SECRETKEY, 's',
+        "Use specified hex-encoded key to decrypt/encrypt recipients or content"},
+    {"secretkeyid", OPT_SECRETKEYID, 's',
+        "Identity of the -secretkey for CMS \"KEKRecipientInfo\" object"},
+    {"pwri_password", OPT_PWRI_PASSWORD, 's',
+        "Specific password for recipient"},
+    {"econtent_type", OPT_ECONTENT_TYPE, 's', "OID for external content"},
     {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
     {"to", OPT_TO, 's', "To address"},
     {"from", OPT_FROM, 's', "From address"},
@@ -167,8 +183,10 @@ const OPTIONS cms_options[] = {
      "Input private key (if not signer or recipient)"},
     {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
     {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
-    {"receipt_request_from", OPT_RR_FROM, 's'},
-    {"receipt_request_to", OPT_RR_TO, 's'},
+    {"receipt_request_from", OPT_RR_FROM, 's',
+        "Create signed receipt request with specified email address"},
+    {"receipt_request_to", OPT_RR_TO, 's',
+        "Create signed receipt targeted to specified address"},
     {"", OPT_CIPHER, '-', "Any supported cipher"},
     OPT_R_OPTIONS,
     OPT_V_OPTIONS,


More information about the openssl-commits mailing list