[openssl] master update
dev at ddvo.net
dev at ddvo.net
Tue May 18 11:03:46 UTC 2021
The branch master has been updated
via 78c44e4f819721eb80ad95fddc360a34f9e93118 (commit)
via 4a14ae9dc885076028cc4ec69af07b9d99fe9044 (commit)
via 8a28134104b6e13e596b51225112afccaba4d000 (commit)
via f2431fe7df58d1b7f709f5065a2be3a2c01661f9 (commit)
from 80a4ac5783b1cea66983330c65df11611236869e (commit)
- Log -----------------------------------------------------------------
commit 78c44e4f819721eb80ad95fddc360a34f9e93118
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Mon May 17 11:38:01 2021 +0200
DOC: Fix nits found by improved find-doc-nits -c
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)
commit 4a14ae9dc885076028cc4ec69af07b9d99fe9044
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Mon May 17 08:48:55 2021 +0200
ci.yml: Add cmd-nits to the doc-nits CI run
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)
commit 8a28134104b6e13e596b51225112afccaba4d000
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Mon May 17 08:31:50 2021 +0200
openssl-dsa.pod.in: Fix glitch: pvk-string -> pvk-strong
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)
commit f2431fe7df58d1b7f709f5065a2be3a2c01661f9
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Sun May 16 19:03:50 2021 +0200
find-doc-nits: Make -c option (cmd-nits) independent of app build and execution
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)
-----------------------------------------------------------------------
Summary of changes:
.github/workflows/ci.yml | 4 +--
Configurations/unix-Makefile.tmpl | 2 +-
apps/{asn1pars.c => asn1parse.c} | 0
apps/build.info | 2 +-
apps/{crl2p7.c => crl2pkcs7.c} | 0
apps/list.c | 4 +--
doc/man1/openssl-cms.pod.in | 8 +++++
doc/man1/openssl-dsa.pod.in | 17 ++++++++-
doc/man1/openssl-list.pod.in | 15 ++++++++
doc/man1/openssl-rsa.pod.in | 15 ++++++++
doc/man1/openssl.pod | 14 ++++----
util/find-doc-nits | 74 ++++++++++++++++++++++++---------------
12 files changed, 112 insertions(+), 43 deletions(-)
rename apps/{asn1pars.c => asn1parse.c} (100%)
rename apps/{crl2p7.c => crl2pkcs7.c} (100%)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 46a096cb75..71750aec7a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -37,8 +37,8 @@ jobs:
run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
- name: make build_generated
run: make -s build_generated
- - name: make doc-nits
- run: make doc-nits
+ - name: make doc-nits cmd-nits
+ run: make doc-nits cmd-nits
# This checks that we use ANSI C language syntax and semantics.
# We are not as strict with libraries, but rather adapt to what's
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index a80e78e86f..f729416d1d 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1066,7 +1066,7 @@ generate_buildinfo: generate_doc_buildinfo
doc-nits: build_generated_pods
$(PERL) $(SRCDIR)/util/find-doc-nits -n -l -e
-cmd-nits: build_generated apps/openssl build_generated_pods
+cmd-nits: build_generated_pods
$(PERL) $(SRCDIR)/util/find-doc-nits -c
# This uses "mdl", the markdownlint application, which is written in ruby.
diff --git a/apps/asn1pars.c b/apps/asn1parse.c
similarity index 100%
rename from apps/asn1pars.c
rename to apps/asn1parse.c
diff --git a/apps/build.info b/apps/build.info
index cba9803c65..b2ecdf2e3a 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -12,7 +12,7 @@ ENDIF
# Source for the 'openssl' program
$OPENSSLSRC=\
openssl.c progs.c \
- asn1pars.c ca.c ciphers.c crl.c crl2p7.c dgst.c \
+ asn1parse.c ca.c ciphers.c crl.c crl2pkcs7.c dgst.c \
enc.c errstr.c \
genpkey.c kdf.c mac.c nseq.c passwd.c pkcs7.c \
pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c \
diff --git a/apps/crl2p7.c b/apps/crl2pkcs7.c
similarity index 100%
rename from apps/crl2p7.c
rename to apps/crl2pkcs7.c
diff --git a/apps/list.c b/apps/list.c
index bf7c9b1049..37e363ebd1 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -1470,7 +1470,7 @@ const OPTIONS list_options[] = {
{"kdf-algorithms", OPT_KDF_ALGORITHMS, '-',
"List of key derivation and pseudo random function algorithms"},
{"random-instances", OPT_RANDOM_INSTANCES, '-',
- "List the primary, pubic and private random number generator details"},
+ "List the primary, public and private random number generator details"},
{"random-generators", OPT_RANDOM_GENERATORS, '-',
"List of random number generators"},
{"mac-algorithms", OPT_MAC_ALGORITHMS, '-',
@@ -1490,7 +1490,7 @@ const OPTIONS list_options[] = {
"List of key encapsulation mechanism algorithms" },
{"signature-algorithms", OPT_SIGNATURE_ALGORITHMS, '-',
"List of signature algorithms" },
- { "asymcipher-algorithms", OPT_ASYM_CIPHER_ALGORITHMS, '-',
+ {"asymcipher-algorithms", OPT_ASYM_CIPHER_ALGORITHMS, '-',
"List of asymmetric cipher algorithms" },
{"public-key-algorithms", OPT_PK_ALGORITHMS, '-',
"List of public key algorithms"},
diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in
index 0ec906cbc1..5263a5d5be 100644
--- a/doc/man1/openssl-cms.pod.in
+++ b/doc/man1/openssl-cms.pod.in
@@ -48,6 +48,10 @@ B<openssl> B<cms>
[B<-md> I<digest>]
[B<-I<cipher>>]
[B<-wrap> I<cipher>]
+[B<-aes128-wrap>]
+[B<-aes192-wrap>]
+[B<-aes256-wrap>]
+[B<-des3-wrap>]
[B<-nointern>]
[B<-noverify>]
[B<-nocerts>]
@@ -322,6 +326,10 @@ Cipher algorithm to use for key wrap when encrypting the message using Key
Agreement for key transport. The algorithm specified should be suitable for key
wrap.
+=item B<-aes128-wrap>, B<-aes192-wrap>, B<-aes256-wrap>, B<-des3-wrap>
+
+Use AES128, AES192, AES256, or 3DES-EDE, respectively, to wrap key.
+
=item B<-nointern>
When verifying a message normally certificates (if any) included in
diff --git a/doc/man1/openssl-dsa.pod.in b/doc/man1/openssl-dsa.pod.in
index 68ce5f319c..494cfe8635 100644
--- a/doc/man1/openssl-dsa.pod.in
+++ b/doc/man1/openssl-dsa.pod.in
@@ -36,9 +36,12 @@ B<openssl> B<dsa>
[B<-modulus>]
[B<-pubin>]
[B<-pubout>]
+[B<-pvk-strong>]
+[B<-pvk-weak>]
+[B<-pvk-none>]
{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
-=for openssl ifdef pvk-string pvk-weak pvk-none engine
+=for openssl ifdef pvk-strong pvk-weak pvk-none engine
=head1 DESCRIPTION
@@ -123,6 +126,18 @@ By default, a private key is output. With this option a public
key will be output instead. This option is automatically set if the input is
a public key.
+=item B<-pvk-strong>
+
+Enable 'Strong' PVK encoding level (default).
+
+=item B<-pvk-weak>
+
+Enable 'Weak' PVK encoding level.
+
+=item B<-pvk-none>
+
+Don't enforce PVK encoding.
+
{- $OpenSSL::safe::opt_engine_item -}
{- $OpenSSL::safe::opt_provider_item -}
diff --git a/doc/man1/openssl-list.pod.in b/doc/man1/openssl-list.pod.in
index 74389dca23..2b05fa74d4 100644
--- a/doc/man1/openssl-list.pod.in
+++ b/doc/man1/openssl-list.pod.in
@@ -13,12 +13,14 @@ B<openssl list>
[B<-select> I<name>]
[B<-1>]
[B<-commands>]
+[B<-standard-commands>]
[B<-digest-algorithms>]
{- output_off() if $disabled{"deprecated-3.0"}; ""
-}[B<-digest-commands>]
{- output_on() if $disabled{"deprecated-3.0"}; ""
-}[B<-kdf-algorithms>]
[B<-mac-algorithms>]
+[B<-random-instances>]
[B<-random-generators>]
[B<-cipher-algorithms>]
{- output_off() if $disabled{"deprecated-3.0"}; ""
@@ -38,6 +40,7 @@ B<openssl list>
-}[B<-engines>]
{- output_on() if $disabled{"deprecated-3.0"}; ""
-}[B<-disabled>]
+[B<-missing-help>]
[B<-objects>]
[B<-options> I<command>]
{- $OpenSSL::safe::opt_provider_synopsis -}
@@ -73,6 +76,10 @@ If used, this option must be given first.
Display a list of standard commands.
+=item B<-standard-commands>
+
+List of standard commands.
+
=item B<-digest-commands>
This option is deprecated. Use B<digest-algorithms> instead.
@@ -97,6 +104,10 @@ displayed.
In verbose mode, the algorithms provided by a provider will get additional
information on what parameters each implementation supports.
+=item B<-random-instances>
+
+List the primary, public and private random number generator details.
+
=item B<-random-generators>
Display a list of random number generators.
@@ -171,6 +182,10 @@ Display a list of loaded engines.
Display a list of disabled features, those that were compiled out
of the installation.
+=item B<-missing-help>
+
+List missing detailed help strings.
+
=item B<-objects>
Display a list of built in objects, i.e. OIDs with names. They're listed in the
diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in
index fab6408f14..286766e72f 100644
--- a/doc/man1/openssl-rsa.pod.in
+++ b/doc/man1/openssl-rsa.pod.in
@@ -40,6 +40,9 @@ B<openssl> B<rsa>
[B<-pubout>]
[B<-RSAPublicKey_in>]
[B<-RSAPublicKey_out>]
+[B<-pvk-strong>]
+[B<-pvk-weak>]
+[B<-pvk-none>]
{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
=for openssl ifdef pvk-strong pvk-weak pvk-none engine
@@ -133,6 +136,18 @@ the input is a public key.
Like B<-pubin> and B<-pubout> except B<RSAPublicKey> format is used instead.
+=item B<-pvk-strong>
+
+Enable 'Strong' PVK encoding level (default).
+
+=item B<-pvk-weak>
+
+Enable 'Weak' PVK encoding level.
+
+=item B<-pvk-none>
+
+Don't enforce PVK encoding.
+
{- $OpenSSL::safe::opt_engine_item -}
{- $OpenSSL::safe::opt_provider_item -}
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index 78b98ab7a6..3b47ae9729 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -13,13 +13,13 @@ I<command>
B<openssl>
B<list>
-B<-standard-commands> |
-B<-digest-commands> |
-B<-cipher-commands> |
-B<-cipher-algorithms> |
-B<-digest-algorithms> |
-B<-mac-algorithms> |
-B<-public-key-algorithms>
+B<standard-commands> |
+B<digest-commands> |
+B<cipher-commands> |
+B<cipher-algorithms> |
+B<digest-algorithms> |
+B<mac-algorithms> |
+B<public-key-algorithms>
B<openssl> B<no->I<XXX> [ I<options> ]
diff --git a/util/find-doc-nits b/util/find-doc-nits
index a5ea78706d..f4cc771e5a 100755
--- a/util/find-doc-nits
+++ b/util/find-doc-nits
@@ -28,9 +28,6 @@ use configdata;
# Set to 1 for debug output
my $debug = 0;
-# Where to find openssl command
-my $openssl = "./util/opensslwrap.sh";
-
# Options.
our($opt_d);
our($opt_e);
@@ -1029,21 +1026,40 @@ my %skips = (
'digest' => 1,
);
+my %genopts; # generic options parsed from apps/include/opt.h
+
# Check the flags of a command and see if everything is in the manpage
sub checkflags {
my $cmd = shift;
my $doc = shift;
- my %cmdopts;
+ my @cmdopts;
my %docopts;
my %localskips;
- # Get the list of options in the command.
- open CFH, "$openssl list --options $cmd|"
- or die "Can list options for $cmd, $!";
+ # Get the list of options in the command source file.
+ my $active = 0;
+ my $expect_helpstr = "";
+ open CFH, "apps/$cmd.c"
+ or die "Can't open apps/$cmd.c to list options for $cmd, $!";
while ( <CFH> ) {
chop;
- s/ .$//;
- $cmdopts{$_} = 1;
+ if ($active) {
+ last if m/^\s*};/;
+ if ($expect_helpstr ne "") {
+ next if m/^\s*#\s*if/;
+ err("$cmd does not implement help for -$expect_helpstr") unless m/^\s*"/;
+ $expect_helpstr = "";
+ } elsif (m/\{\s*"([^"]+)"\s*,\s*OPT_[A-Z0-9_]+\s*,\s*('[-\/:<>cEfFlMnNpsuU]'|0)\s*,(.*)$/
+ && !($cmd eq "s_client" && $1 eq "wdebug")) {
+ push @cmdopts, $1;
+ $expect_helpstr = $1;
+ $expect_helpstr = "" if $3 =~ m/^\s*"/;
+ } elsif (m/[\s,](OPT_[A-Z]+_OPTIONS?)\s*(,|$)/) {
+ push @cmdopts, @{ $genopts{$1} };
+ }
+ } elsif (m/^const\s+OPTIONS\s*/) {
+ $active = 1;
+ }
}
close CFH;
@@ -1073,15 +1089,16 @@ sub checkflags {
close CFH;
# See what's in the command not the manpage.
- my @undocced = sort grep { !defined $docopts{$_} } keys %cmdopts;
+ my @undocced = sort grep { !defined $docopts{$_} } @cmdopts;
foreach ( @undocced ) {
- next if /-/; # Skip the -- end-of-flags marker
+ next if $cmd eq "openssl" && $_ eq "help";
err("$doc: undocumented option -$_");
}
# See what's in the command not the manpage.
- my @unimpl = sort grep { !defined $cmdopts{$_} } keys %docopts;
+ my @unimpl = sort grep { my $e = $_; !(grep /^\Q$e\E$/, @cmdopts) } keys %docopts;
foreach ( @unimpl ) {
+ next if $_ eq "-"; # Skip the -- end-of-flags marker
next if defined $skips{$_} || defined $localskips{$_};
err("$doc: $cmd does not implement -$_");
}
@@ -1097,18 +1114,27 @@ sub checkflags {
if ( $opt_c ) {
my @commands = ();
- # Get list of commands.
- open FH, "$openssl list -1 -commands|"
- or die "Can't list commands, $!";
- while ( <FH> ) {
+ # Get the lists of generic options.
+ my $active = "";
+ open OFH, "apps/include/opt.h"
+ or die "Can't open apps/include/opt.h to list generic options, $!";
+ while ( <OFH> ) {
chop;
- push @commands, $_;
+ push @{ $genopts{$active} }, $1 if $active ne "" && m/^\s+\{\s*"([^"]+)"\s*,\s*OPT_/;
+ $active = $1 if m/^\s*#\s*define\s+(OPT_[A-Z]+_OPTIONS?)\s*\\\s*$/;
+ $active = "" if m/^\s*$/;
}
- close FH;
+ close OFH;
+
+ # Get list of commands.
+ opendir(DIR, "apps");
+ @commands = grep(/\.c$/, readdir(DIR));
+ closedir(DIR);
# See if each has a manpage.
foreach my $cmd ( @commands ) {
- next if $cmd eq 'help' || $cmd eq 'exit';
+ $cmd =~ s/\.c$//;
+ next if $cmd eq 'progs' || $cmd eq 'cmp_mock_srv' || $cmd eq 'vms_decc_init';
my @doc = ( grep { basename($_) eq "openssl-$cmd.pod"
# For "tsget" and "CA.pl" pod pages
|| basename($_) eq "$cmd.pod" }
@@ -1123,16 +1149,6 @@ if ( $opt_c ) {
}
}
- # See what help is missing.
- open FH, "$openssl list --missing-help |"
- or die "Can't list missing help, $!";
- while ( <FH> ) {
- chop;
- my ($cmd, $flag) = split;
- err("$cmd has no help for -$flag");
- }
- close FH;
-
exit $status;
}
More information about the openssl-commits
mailing list