git.openssl.org Git - openssl.git/commit

author	Clemens Lang <cllang@redhat.com>
	Mon, 4 Jul 2022 14:15:07 +0000 (16:15 +0200)
committer	Dmitry Belyavskiy <beldmit@gmail.com>
	Wed, 17 Aug 2022 07:20:41 +0000 (09:20 +0200)
commit	653a7706781ebbe8a6a4b84d29b39d001c395ffe
tree	fb4d55bb3be0b0873b12750809192e64cacb2f22	tree \| snapshot
parent	33b9bb45a4d463052aef763cc7c64c91384d4249	commit \| diff

APPS: dgst: Support properties when signing

The -provider and -propquery options did not work on dgst when using it
for signing or signature verification (including HMACs). Fix this and
add tests that check that operations that would usually fail with the
FIPS provider work when run with

| -provider default -propquery '?fips!=yes'

Additionally, modify the behavior of dgst -list to also use the current
library context and property query. This reduces the output below the
headline "Supported digests" to a list of the digest algorithms that
will actually work with the current configuration, which is closer to
what users probably expect with this headline.

See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously
fixed the same problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956.

Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)

apps/dgst.c		diff \| blob \| history
test/recipes/20-test_cli_fips.t		diff \| blob \| history