[openssl] master update
tomas at openssl.org
tomas at openssl.org
Fri Jan 28 14:25:19 UTC 2022
The branch master has been updated
via a414fd6765bbc9bb0d630dbb4d780f44f825c8a2 (commit)
via 261b399fd7b1f4339e6d0fa3ee37b32b81d9d9e0 (commit)
from 4dd085c03a885580cc945f71187131ea7fb39b70 (commit)
- Log -----------------------------------------------------------------
commit a414fd6765bbc9bb0d630dbb4d780f44f825c8a2
Author: Philip Prindeville <philipp at redfish-solutions.com>
Date: Tue Dec 21 20:44:07 2021 -0700
Add -verbose/-queit flags to dhparam
Allow dhparam to run quietly in scripts, etc.
For other commands that took a -verbose flag already, also support -quiet.
For genpkey which only supported -quiet, add the -verbose flag.
Signed-off-by: Philip Prindeville <philipp at redfish-solutions.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17336)
commit 261b399fd7b1f4339e6d0fa3ee37b32b81d9d9e0
Author: Philip Prindeville <philipp at redfish-solutions.com>
Date: Tue Jan 25 20:42:18 2022 -0700
Use progress_cb in genrsa
Signed-off-by: Philip Prindeville <philipp at redfish-solutions.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17336)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 6 +++++-
apps/dhparam.c | 22 +++++++++++++++++-----
apps/dsaparam.c | 6 +++++-
apps/gendsa.c | 6 +++++-
apps/genpkey.c | 12 ++++++++----
apps/genrsa.c | 32 +++++++-------------------------
doc/man1/openssl-ca.pod.in | 6 ++++++
doc/man1/openssl-dhparam.pod.in | 12 ++++++++++++
doc/man1/openssl-dsaparam.pod.in | 6 ++++++
doc/man1/openssl-gendsa.pod.in | 6 ++++++
doc/man1/openssl-genpkey.pod.in | 5 +++++
doc/man1/openssl-genrsa.pod.in | 6 ++++++
12 files changed, 88 insertions(+), 37 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index 271f7de9df..8de58288ba 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -154,7 +154,7 @@ typedef enum OPTION_choice {
OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC,
OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID,
OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS,
- OPT_RAND_SERIAL,
+ OPT_RAND_SERIAL, OPT_QUIET,
OPT_R_ENUM, OPT_PROV_ENUM,
/* Do not change the order here; see related case statements below */
OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, OPT_CRL_CA_COMPROMISE
@@ -166,6 +166,7 @@ const OPTIONS ca_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
{"verbose", OPT_VERBOSE, '-', "Verbose output during processing"},
+ {"quiet", OPT_QUIET, '-', "Terse output during processing"},
{"outdir", OPT_OUTDIR, '/', "Where to put output cert"},
{"in", OPT_IN, '<', "The input cert request(s)"},
{"inform", OPT_INFORM, 'F', "CSR input format (DER or PEM); default PEM"},
@@ -332,6 +333,9 @@ opthelp:
case OPT_VERBOSE:
verbose = 1;
break;
+ case OPT_QUIET:
+ verbose = 0;
+ break;
case OPT_CONFIG:
configfile = opt_arg();
break;
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 4a67a52d4a..dea7e48fd0 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -32,11 +32,13 @@
static EVP_PKEY *dsa_to_dh(EVP_PKEY *dh);
+static int verbose = 1;
+
typedef enum OPTION_choice {
OPT_COMMON,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
- OPT_DSAPARAM, OPT_2, OPT_3, OPT_5,
+ OPT_DSAPARAM, OPT_2, OPT_3, OPT_5, OPT_VERBOSE, OPT_QUIET,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
@@ -66,6 +68,8 @@ const OPTIONS dhparam_options[] = {
{"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
{"3", OPT_3, '-', "Generate parameters using 3 as the generator value"},
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
+ {"verbose", OPT_VERBOSE, '-', "Verbose output"},
+ {"quiet", OPT_QUIET, '-', "Terse output"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
@@ -137,6 +141,12 @@ int dhparam_main(int argc, char **argv)
case OPT_NOOUT:
noout = 1;
break;
+ case OPT_VERBOSE:
+ verbose = 1;
+ break;
+ case OPT_QUIET:
+ verbose = 0;
+ break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
@@ -187,11 +197,13 @@ int dhparam_main(int argc, char **argv)
alg);
goto end;
}
- EVP_PKEY_CTX_set_cb(ctx, progress_cb);
EVP_PKEY_CTX_set_app_data(ctx, bio_err);
- BIO_printf(bio_err,
- "Generating %s parameters, %d bit long %sprime\n",
- alg, num, dsaparam ? "" : "safe ");
+ if (verbose) {
+ EVP_PKEY_CTX_set_cb(ctx, progress_cb);
+ BIO_printf(bio_err,
+ "Generating %s parameters, %d bit long %sprime\n",
+ alg, num, dsaparam ? "" : "safe ");
+ }
if (EVP_PKEY_paramgen_init(ctx) <= 0) {
BIO_printf(bio_err,
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 708cb9a648..69f59556fc 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -27,7 +27,7 @@ static int verbose = 0;
typedef enum OPTION_choice {
OPT_COMMON,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT,
- OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_VERBOSE,
+ OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_VERBOSE, OPT_QUIET,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
@@ -50,6 +50,7 @@ const OPTIONS dsaparam_options[] = {
{"text", OPT_TEXT, '-', "Print as text"},
{"noout", OPT_NOOUT, '-', "No output"},
{"verbose", OPT_VERBOSE, '-', "Verbose output"},
+ {"quiet", OPT_QUIET, '-', "Terse output"},
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
OPT_R_OPTIONS,
@@ -121,6 +122,9 @@ int dsaparam_main(int argc, char **argv)
case OPT_VERBOSE:
verbose = 1;
break;
+ case OPT_QUIET:
+ verbose = 0;
+ break;
}
}
diff --git a/apps/gendsa.c b/apps/gendsa.c
index c4070c9e1a..f4608900b9 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -24,7 +24,7 @@
typedef enum OPTION_choice {
OPT_COMMON,
- OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER, OPT_VERBOSE,
+ OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER, OPT_VERBOSE, OPT_QUIET,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
@@ -44,6 +44,7 @@ const OPTIONS gendsa_options[] = {
OPT_PROV_OPTIONS,
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
{"verbose", OPT_VERBOSE, '-', "Verbose output"},
+ {"quiet", OPT_QUIET, '-', "Terse output"},
OPT_PARAMETERS(),
{"dsaparam-file", 0, 0, "File containing DSA parameters"},
@@ -98,6 +99,9 @@ int gendsa_main(int argc, char **argv)
case OPT_VERBOSE:
verbose = 1;
break;
+ case OPT_QUIET:
+ verbose = 0;
+ break;
}
}
diff --git a/apps/genpkey.c b/apps/genpkey.c
index 0f2a97137a..af0a55ab0c 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -15,7 +15,7 @@
#include <openssl/err.h>
#include <openssl/evp.h>
-static int quiet;
+static int verbose = 1;
static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
OSSL_LIB_CTX *libctx, const char *propq);
@@ -23,7 +23,7 @@ typedef enum OPTION_choice {
OPT_COMMON,
OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER,
- OPT_QUIET, OPT_CONFIG,
+ OPT_VERBOSE, OPT_QUIET, OPT_CONFIG,
OPT_PROV_ENUM
} OPTION_CHOICE;
@@ -35,6 +35,7 @@ const OPTIONS genpkey_options[] = {
#endif
{"paramfile", OPT_PARAMFILE, '<', "Parameters file"},
{"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"},
+ {"verbose", OPT_VERBOSE, '-', "Output status while generating keys"},
{"quiet", OPT_QUIET, '-', "Do not output status while generating keys"},
{"pkeyopt", OPT_PKEYOPT, 's',
"Set the public key algorithm option as opt:value"},
@@ -114,7 +115,10 @@ int genpkey_main(int argc, char **argv)
goto end;
break;
case OPT_QUIET:
- quiet = 1;
+ verbose = 0;
+ break;
+ case OPT_VERBOSE:
+ verbose = 1;
break;
case OPT_GENPARAM:
do_param = 1;
@@ -179,7 +183,7 @@ int genpkey_main(int argc, char **argv)
if (out == NULL)
goto end;
- if (!quiet)
+ if (verbose)
EVP_PKEY_CTX_set_cb(ctx, progress_cb);
EVP_PKEY_CTX_set_app_data(ctx, bio_err);
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 9d0fea7646..5ada971d43 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -29,15 +29,13 @@
static int verbose = 0;
-static int genrsa_cb(EVP_PKEY_CTX *ctx);
-
typedef enum OPTION_choice {
OPT_COMMON,
#ifndef OPENSSL_NO_DEPRECATED_3_0
OPT_3,
#endif
OPT_F4, OPT_ENGINE,
- OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE,
+ OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE, OPT_QUIET,
OPT_R_ENUM, OPT_PROV_ENUM, OPT_TRADITIONAL
} OPTION_CHOICE;
@@ -62,6 +60,7 @@ const OPTIONS genrsa_options[] = {
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"primes", OPT_PRIMES, 'p', "Specify number of primes"},
{"verbose", OPT_VERBOSE, '-', "Verbose output"},
+ {"quiet", OPT_QUIET, '-', "Terse output"},
{"traditional", OPT_TRADITIONAL, '-',
"Use traditional format for private keys"},
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
@@ -140,6 +139,9 @@ opthelp:
case OPT_VERBOSE:
verbose = 1;
break;
+ case OPT_QUIET:
+ verbose = 0;
+ break;
case OPT_TRADITIONAL:
traditional = 1;
break;
@@ -180,7 +182,8 @@ opthelp:
if (!init_gen_str(&ctx, "RSA", eng, 0, NULL, NULL))
goto end;
- EVP_PKEY_CTX_set_cb(ctx, genrsa_cb);
+ if (verbose)
+ EVP_PKEY_CTX_set_cb(ctx, progress_cb);
EVP_PKEY_CTX_set_app_data(ctx, bio_err);
if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, num) <= 0) {
@@ -243,24 +246,3 @@ opthelp:
return ret;
}
-static int genrsa_cb(EVP_PKEY_CTX *ctx)
-{
- char c = '*';
- BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
- int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
-
- if (!verbose)
- return 1;
-
- if (p == 0)
- c = '.';
- if (p == 1)
- c = '+';
- if (p == 2)
- c = '*';
- if (p == 3)
- c = '\n';
- BIO_write(b, &c, 1);
- (void)BIO_flush(b);
- return 1;
-}
diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in
index 1d497e848e..feeb446306 100644
--- a/doc/man1/openssl-ca.pod.in
+++ b/doc/man1/openssl-ca.pod.in
@@ -10,6 +10,7 @@ openssl-ca - sample minimal CA application
B<openssl> B<ca>
[B<-help>]
[B<-verbose>]
+[B<-quiet>]
[B<-config> I<filename>]
[B<-name> I<section>]
[B<-section> I<section>]
@@ -95,6 +96,11 @@ Print out a usage message.
This prints extra details about the operations being performed.
+=item B<-quiet>
+
+This prints fewer details about the operations being performed, which may
+be handy during batch scripts or pipelines.
+
=item B<-config> I<filename>
Specifies the configuration file to use.
diff --git a/doc/man1/openssl-dhparam.pod.in b/doc/man1/openssl-dhparam.pod.in
index d358ba95dc..8eb36daa44 100644
--- a/doc/man1/openssl-dhparam.pod.in
+++ b/doc/man1/openssl-dhparam.pod.in
@@ -17,6 +17,8 @@ B<openssl dhparam>
[B<-check>]
[B<-noout>]
[B<-text>]
+[B<-verbose>]
+[B<-quiet>]
[B<-2>]
[B<-3>]
[B<-5>]
@@ -104,6 +106,16 @@ This option prints out the DH parameters in human readable form.
{- $OpenSSL::safe::opt_provider_item -}
+=item B<-verbose>
+
+This option enables the output of progress messages, which is handy when
+running commands interactively that may take a long time to execute.
+
+=item B<-quiet>
+
+This option suppresses the output of progress messages, which may be
+undesirable in batch scripts or pipelines.
+
=back
=head1 NOTES
diff --git a/doc/man1/openssl-dsaparam.pod.in b/doc/man1/openssl-dsaparam.pod.in
index c88e11f3cf..d83f6100c8 100644
--- a/doc/man1/openssl-dsaparam.pod.in
+++ b/doc/man1/openssl-dsaparam.pod.in
@@ -17,6 +17,7 @@ B<openssl dsaparam>
[B<-text>]
[B<-genkey>]
[B<-verbose>]
+[B<-quiet>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
[I<numbits>]
@@ -79,6 +80,11 @@ parameters.
Print extra details about the operations being performed.
+=item B<-quiet>
+
+Print fewer details about the operations being performed, which may
+be handy during batch scripts and pipelines.
+
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
diff --git a/doc/man1/openssl-gendsa.pod.in b/doc/man1/openssl-gendsa.pod.in
index 3dc2e3a6bd..0cc847a262 100644
--- a/doc/man1/openssl-gendsa.pod.in
+++ b/doc/man1/openssl-gendsa.pod.in
@@ -24,6 +24,7 @@ B<openssl> B<gendsa>
[B<-des3>]
[B<-idea>]
[B<-verbose>]
+[B<-quiet>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
[I<paramfile>]
@@ -61,6 +62,11 @@ If none of these options is specified no encryption is used.
Print extra details about the operations being performed.
+=item B<-quiet>
+
+Print fewer details about the operations being performed, which may
+be handy during batch scripts and pipelines.
+
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
diff --git a/doc/man1/openssl-genpkey.pod.in b/doc/man1/openssl-genpkey.pod.in
index 1a5bedc22c..2d47be52bb 100644
--- a/doc/man1/openssl-genpkey.pod.in
+++ b/doc/man1/openssl-genpkey.pod.in
@@ -15,6 +15,7 @@ B<openssl> B<genpkey>
[B<-help>]
[B<-out> I<filename>]
[B<-outform> B<DER>|B<PEM>]
+[B<-verbose>]
[B<-quiet>]
[B<-pass> I<arg>]
[B<-I<cipher>>]
@@ -50,6 +51,10 @@ See L<openssl-format-options(1)> for details.
When B<-genparam> is given, B<-outform> is ignored.
+=item B<-verbose>
+
+Output "status dots" while generating keys.
+
=item B<-quiet>
Do not output "status dots" while generating keys.
diff --git a/doc/man1/openssl-genrsa.pod.in b/doc/man1/openssl-genrsa.pod.in
index 6296409615..4edebc2cb7 100644
--- a/doc/man1/openssl-genrsa.pod.in
+++ b/doc/man1/openssl-genrsa.pod.in
@@ -28,6 +28,7 @@ B<openssl> B<genrsa>
[B<-3>]
[B<-primes> I<num>]
[B<-verbose>]
+[B<-quiet>]
[B<-traditional>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
@@ -81,6 +82,11 @@ RSA key, which is defined in RFC 8017.
Print extra details about the operations being performed.
+=item B<-quiet>
+
+Print fewer details about the operations being performed, which may
+be handy during batch scripts and pipelines.
+
=item B<-traditional>
Write the key using the traditional PKCS#1 format instead of the PKCS#8 format.
More information about the openssl-commits
mailing list