[openssl] master update
dev at ddvo.net
dev at ddvo.net
Wed Apr 14 15:03:39 UTC 2021
The branch master has been updated
via aed03a12096cbcce30a133c179336072fdad64d1 (commit)
via 3206e41c0eb8ba952cae93786a2477228a951f34 (commit)
via 9518f8957ae5a156e55117c511996ee1775612a2 (commit)
from f56c9c7c942cd82595bb47808c732048141dc72d (commit)
- Log -----------------------------------------------------------------
commit aed03a12096cbcce30a133c179336072fdad64d1
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Sat Apr 3 12:19:10 2021 +0200
apps/cmp: Add generic random state options, e.g., for nonce generation
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14842)
commit 3206e41c0eb8ba952cae93786a2477228a951f34
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Sat Apr 3 13:08:16 2021 +0200
openssl-cmp.pod.in: Fix missing provider options description
Also correct layout of engines description
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14842)
commit 9518f8957ae5a156e55117c511996ee1775612a2
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Sat Apr 3 11:29:54 2021 +0200
cmp_util.c: Fix OSSL_CMP_log_open() in case OPENSSL_NO_TRACE
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14842)
-----------------------------------------------------------------------
Summary of changes:
apps/cmp.c | 27 ++++++++++++++++++---------
crypto/cmp/cmp_util.c | 8 ++++++--
doc/man1/openssl-cmp.pod.in | 24 ++++++++++++++++++++++--
3 files changed, 46 insertions(+), 13 deletions(-)
diff --git a/apps/cmp.c b/apps/cmp.c
index 53996a7cc8..7cc8988b13 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -222,6 +222,7 @@ typedef enum OPTION_choice {
OPT_ENGINE,
#endif
OPT_PROV_ENUM,
+ OPT_R_ENUM,
OPT_TLS_USED, OPT_TLS_CERT, OPT_TLS_KEY,
OPT_TLS_KEYPASS,
@@ -412,6 +413,7 @@ const OPTIONS cmp_options[] = {
"Engines may also be defined in OpenSSL config file engine section."},
#endif
OPT_PROV_OPTIONS,
+ OPT_R_OPTIONS,
OPT_SECTION("TLS connection"),
{"tls_used", OPT_TLS_USED, '-',
@@ -2058,8 +2060,6 @@ static int read_config(void)
long num = 0;
char *txt = NULL;
const OPTIONS *opt;
- int provider_option;
- int verification_option;
int start = OPT_VERBOSITY;
/*
* starting with offset OPT_VERBOSITY because OPT_CONFIG and OPT_SECTION
@@ -2075,19 +2075,23 @@ static int read_config(void)
n_options--;
OPENSSL_assert(OSSL_NELEM(cmp_vars) == n_options
+ OPT_PROV__FIRST + 1 - OPT_PROV__LAST
+ + OPT_R__FIRST + 1 - OPT_R__LAST
+ OPT_V__FIRST + 1 - OPT_V__LAST);
for (i = start - OPT_HELP, opt = &cmp_options[start];
opt->name; i++, opt++) {
- if (!strcmp(opt->name, OPT_SECTION_STR)
- || !strcmp(opt->name, OPT_MORE_STR)) {
+ int provider_option = (OPT_PROV__FIRST <= opt->retval
+ && opt->retval < OPT_PROV__LAST);
+ int rand_state_option = (OPT_R__FIRST <= opt->retval
+ && opt->retval < OPT_R__LAST);
+ int verification_option = (OPT_V__FIRST <= opt->retval
+ && opt->retval < OPT_V__LAST);
+
+ if (strcmp(opt->name, OPT_SECTION_STR) == 0
+ || strcmp(opt->name, OPT_MORE_STR) == 0) {
i--;
continue;
}
- provider_option = (OPT_PROV__FIRST <= opt->retval
- && opt->retval < OPT_PROV__LAST);
- verification_option = (OPT_V__FIRST <= opt->retval
- && opt->retval < OPT_V__LAST);
- if (provider_option || verification_option)
+ if (provider_option || rand_state_option || verification_option)
i--;
switch (opt->valtype) {
case '-':
@@ -2099,6 +2103,7 @@ static int read_config(void)
}
break;
case 's':
+ case '>':
case 'M':
txt = conf_get_string(conf, opt_section, opt->name);
if (txt == NULL) {
@@ -2415,6 +2420,10 @@ static int get_opts(int argc, char **argv)
if (!opt_provider(o))
goto opthelp;
break;
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto opthelp;
+ break;
case OPT_BATCH:
opt_batch = 1;
diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c
index eef297d50b..56f2b0eeb8 100644
--- a/crypto/cmp/cmp_util.c
+++ b/crypto/cmp/cmp_util.c
@@ -22,15 +22,19 @@
int OSSL_CMP_log_open(void) /* is designed to be idempotent */
{
-#ifndef OPENSSL_NO_STDIO
+#ifdef OPENSSL_NO_TRACE
+ return 1;
+#else
+# ifndef OPENSSL_NO_STDIO
BIO *bio = BIO_new_fp(stdout, BIO_NOCLOSE);
if (bio != NULL && OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_CMP, bio))
return 1;
BIO_free(bio);
-#endif
+# endif
ERR_raise(ERR_LIB_CMP, CMP_R_NO_STDIO);
return 0;
+#endif
}
void OSSL_CMP_log_close(void) /* is designed to be idempotent */
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index f449cb6630..be16c2e242 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -86,6 +86,10 @@ Credentials format options:
[B<-otherpass> I<arg>]
{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
+Random state options:
+
+{- $OpenSSL::safe::opt_r_synopsis -}
+
TLS connection options:
[B<-tls_used>]
@@ -743,8 +747,6 @@ L<openssl-passphrase-options(1)>.
{- $OpenSSL::safe::opt_engine_item -}
-=back
-
{- output_off() if $disabled{"deprecated-3.0"}; "" -}
As an alternative to using this combination:
@@ -759,6 +761,24 @@ This applies to all options specifying keys: B<-key>, B<-newkey>, and
B<-tls_key>.
{- output_on() if $disabled{"deprecated-3.0"}; "" -}
+=back
+
+=head2 Provider options
+
+=over 4
+
+{- $OpenSSL::safe::opt_provider_item -}
+
+=back
+
+=head2 Random state options
+
+=over 4
+
+{- $OpenSSL::safe::opt_r_item -}
+
+=back
+
=head2 TLS connection options
=over 4
More information about the openssl-commits
mailing list