[openssl] OpenSSL_1_1_1-stable update

matthias.st.pierre at ncp-e.com matthias.st.pierre at ncp-e.com
Tue Oct 22 21:30:36 UTC 2019


The branch OpenSSL_1_1_1-stable has been updated
       via  c22987ce97c9ab8e5abb83388771208ac716cf22 (commit)
      from  24c23e1f3cd807dbf7e6a057dc01b435703d05b4 (commit)


- Log -----------------------------------------------------------------
commit c22987ce97c9ab8e5abb83388771208ac716cf22
Author: agnosticdev <agnosticdev at gmail.com>
Date:   Mon Sep 16 07:09:01 2019 -0500

    Update dgst.c to show a list of message digests
    
    Fixes #9893
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/10219)

-----------------------------------------------------------------------

Summary of changes:
 apps/dgst.c       | 46 +++++++++++++++++++++++++++++++++++++++++++++-
 apps/enc.c        |  3 ++-
 doc/man1/dgst.pod |  5 +++++
 doc/man1/enc.pod  |  9 ++++++++-
 4 files changed, 60 insertions(+), 3 deletions(-)

diff --git a/apps/dgst.c b/apps/dgst.c
index 9223133eb2..82b8d02cee 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -19,6 +19,7 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/hmac.h>
+#include <ctype.h>
 
 #undef BUFSIZE
 #define BUFSIZE 1024*8
@@ -27,9 +28,15 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
           EVP_PKEY *key, unsigned char *sigin, int siglen,
           const char *sig_name, const char *md_name,
           const char *file);
+static void show_digests(const OBJ_NAME *name, void *bio_);
+
+struct doall_dgst_digests {
+    BIO *bio;
+    int n;
+};
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_LIST,
     OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
     OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
     OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
@@ -43,6 +50,7 @@ const OPTIONS dgst_options[] = {
     {OPT_HELP_STR, 1, '-',
         "  file... files to digest (default is stdin)\n"},
     {"help", OPT_HELP, '-', "Display this summary"},
+    {"list", OPT_LIST, '-', "List digests"},
     {"c", OPT_C, '-', "Print the digest with separating colons"},
     {"r", OPT_R, '-', "Print the digest in coreutils format"},
     {"out", OPT_OUT, '>', "Output to filename rather than stdout"},
@@ -91,6 +99,7 @@ int dgst_main(int argc, char **argv)
     int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
     unsigned char *buf = NULL, *sigbuf = NULL;
     int engine_impl = 0;
+    struct doall_dgst_digests dec;
 
     prog = opt_progname(argv[0]);
     buf = app_malloc(BUFSIZE, "I/O buffer");
@@ -108,6 +117,15 @@ int dgst_main(int argc, char **argv)
             opt_help(dgst_options);
             ret = 0;
             goto end;
+        case OPT_LIST:
+            BIO_printf(bio_out, "Supported digests:\n");
+            dec.bio = bio_out;
+            dec.n = 0;
+            OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH,
+                                   show_digests, &dec);
+            BIO_printf(bio_out, "\n");
+            ret = 0;
+            goto end;
         case OPT_C:
             separator = 1;
             break;
@@ -413,6 +431,32 @@ int dgst_main(int argc, char **argv)
     return ret;
 }
 
+static void show_digests(const OBJ_NAME *name, void *arg)
+{
+    struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg;
+    const EVP_MD *md = NULL;
+
+    /* Filter out signed digests (a.k.a signature algorithms) */
+    if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL)
+        return;
+
+    if (!islower((unsigned char)*name->name))
+        return;
+
+    /* Filter out message digests that we cannot use */
+    md = EVP_get_digestbyname(name->name);
+    if (md == NULL)
+        return;
+
+    BIO_printf(dec->bio, "-%-25s", name->name);
+    if (++dec->n == 3) {
+        BIO_printf(dec->bio, "\n");
+        dec->n = 0;
+    } else {
+        BIO_printf(dec->bio, " ");
+    }
+}
+
 /*
  * The newline_escape_filename function performs newline escaping for any
  * filename that contains a newline.  This function also takes a pointer
diff --git a/apps/enc.c b/apps/enc.c
index d1772f3eb9..ddf51e0dba 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -50,7 +50,8 @@ typedef enum OPTION_choice {
 
 const OPTIONS enc_options[] = {
     {"help", OPT_HELP, '-', "Display this summary"},
-    {"ciphers", OPT_LIST, '-', "List ciphers"},
+    {"list", OPT_LIST, '-', "List ciphers"},
+    {"ciphers", OPT_LIST, '-', "Alias for -list"},
     {"in", OPT_IN, '<', "Input file"},
     {"out", OPT_OUT, '>', "Output file"},
     {"pass", OPT_PASS, 's', "Passphrase source"},
diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod
index 6d48523c99..ea2c4e3e15 100644
--- a/doc/man1/dgst.pod
+++ b/doc/man1/dgst.pod
@@ -12,6 +12,7 @@ B<openssl dgst>
 [B<-help>]
 [B<-c>]
 [B<-d>]
+[B<-list>]
 [B<-hex>]
 [B<-binary>]
 [B<-r>]
@@ -67,6 +68,10 @@ B<hex> format output is used.
 
 Print out BIO debugging information.
 
+=item B<-list>
+
+Prints out a list of supported message digests.
+
 =item B<-hex>
 
 Digest is to be output as a hex dump. This is the default case for a "normal"
diff --git a/doc/man1/enc.pod b/doc/man1/enc.pod
index a3e0b03b20..6f20ac1fc7 100644
--- a/doc/man1/enc.pod
+++ b/doc/man1/enc.pod
@@ -9,6 +9,7 @@ enc - symmetric cipher routines
 
 B<openssl enc -I<cipher>>
 [B<-help>]
+[B<-list>]
 [B<-ciphers>]
 [B<-in filename>]
 [B<-out filename>]
@@ -56,10 +57,14 @@ either by itself or in addition to the encryption or decryption.
 
 Print out a usage message.
 
-=item B<-ciphers>
+=item B<-list>
 
 List all supported ciphers.
 
+=item B<-ciphers>
+
+Alias of -list to display all supported ciphers.
+
 =item B<-in filename>
 
 The input filename, standard input by default.
@@ -419,6 +424,8 @@ certain parameters. So if, for example, you want to use RC2 with a
 
 The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
 
+The B<-list> option was added in OpenSSL 1.1.1e.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.


More information about the openssl-commits mailing list