|
 |
c4366c |
diff -up openssl-fips-0.9.8e/apps/ca.c.dgst openssl-fips-0.9.8e/apps/ca.c
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/apps/ca.c.dgst 2006-11-27 14:36:52.000000000 +0100
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/apps/ca.c 2011-04-04 14:36:24.000000000 +0200
|
|
 |
c4366c |
@@ -158,7 +158,7 @@ static const char *ca_usage[]={
|
|
 |
c4366c |
" -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
|
|
 |
c4366c |
" -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
|
|
 |
c4366c |
" -days arg - number of days to certify the certificate for\n",
|
|
 |
c4366c |
-" -md arg - md to use, one of md2, md5, sha or sha1\n",
|
|
 |
c4366c |
+" -md arg - md to use, see openssl dgst -h for list\n",
|
|
 |
c4366c |
" -policy arg - The CA 'policy' to support\n",
|
|
 |
c4366c |
" -keyfile arg - private key file\n",
|
|
 |
c4366c |
" -keyform arg - private key file format (PEM or ENGINE)\n",
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/apps/dgst.c.dgst openssl-fips-0.9.8e/apps/dgst.c
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/apps/dgst.c.dgst 2007-09-19 02:02:10.000000000 +0200
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/apps/dgst.c 2011-04-04 14:41:31.000000000 +0200
|
|
 |
c4366c |
@@ -280,10 +280,14 @@ ERR_load_crypto_strings();
|
|
 |
c4366c |
LN_sha512,LN_sha512);
|
|
 |
c4366c |
#endif
|
|
 |
c4366c |
#endif
|
|
 |
c4366c |
+#ifndef OPENSSL_NO_MDC2
|
|
 |
c4366c |
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
|
|
 |
c4366c |
LN_mdc2,LN_mdc2);
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
+#ifndef OPENSSL_NO_RIPEMD
|
|
 |
c4366c |
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
|
|
 |
c4366c |
LN_ripemd160,LN_ripemd160);
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
err=1;
|
|
 |
c4366c |
goto end;
|
|
 |
c4366c |
}
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/apps/enc.c.dgst openssl-fips-0.9.8e/apps/enc.c
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/apps/enc.c.dgst 2007-03-22 01:37:43.000000000 +0100
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/apps/enc.c 2011-04-04 14:39:17.000000000 +0200
|
|
 |
c4366c |
@@ -285,7 +285,7 @@ bad:
|
|
 |
c4366c |
BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
|
|
 |
c4366c |
BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
|
|
 |
c4366c |
BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
|
|
 |
c4366c |
- BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n","");
|
|
 |
c4366c |
+ BIO_printf(bio_err,"%-14s from a passphrase. See openssl dgst -h for list.\n","");
|
|
 |
c4366c |
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
|
|
 |
c4366c |
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
|
|
 |
c4366c |
BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/apps/req.c.dgst openssl-fips-0.9.8e/apps/req.c
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/apps/req.c.dgst 2005-07-16 13:13:03.000000000 +0200
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/apps/req.c 2011-04-04 14:40:46.000000000 +0200
|
|
 |
c4366c |
@@ -523,7 +523,7 @@ bad:
|
|
 |
c4366c |
#ifndef OPENSSL_NO_ECDSA
|
|
 |
c4366c |
BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
|
|
 |
c4366c |
#endif
|
|
 |
c4366c |
- BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
|
|
 |
c4366c |
+ BIO_printf(bio_err," -[digest] Digest to sign with (see openssl dgst -h for list)\n");
|
|
 |
c4366c |
BIO_printf(bio_err," -config file request template file.\n");
|
|
 |
c4366c |
BIO_printf(bio_err," -subj arg set or modify request subject\n");
|
|
 |
c4366c |
BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/apps/x509.c.dgst openssl-fips-0.9.8e/apps/x509.c
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/apps/x509.c.dgst 2011-04-04 14:18:34.000000000 +0200
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/apps/x509.c 2011-04-04 14:35:05.000000000 +0200
|
|
 |
c4366c |
@@ -134,7 +134,7 @@ static const char *x509_usage[]={
|
|
 |
c4366c |
" -set_serial - serial number to use\n",
|
|
 |
c4366c |
" -text - print the certificate in text form\n",
|
|
 |
c4366c |
" -C - print out C code forms\n",
|
|
 |
c4366c |
-" -md2/-md5/-sha1/-mdc2 - digest to use\n",
|
|
 |
c4366c |
+" -<dgst> - digest to use, see openssl dgst -h output for list\n",
|
|
 |
c4366c |
" -extfile - configuration file with X509V3 extensions to add\n",
|
|
 |
c4366c |
" -extensions - section from config file with X509V3 extensions to add\n",
|
|
 |
c4366c |
" -clrext - delete extensions before signing and input certificate\n",
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/doc/apps/ca.pod.dgst openssl-fips-0.9.8e/doc/apps/ca.pod
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/doc/apps/ca.pod.dgst 2005-07-15 11:50:38.000000000 +0200
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/doc/apps/ca.pod 2011-04-04 15:03:07.000000000 +0200
|
|
 |
c4366c |
@@ -160,7 +160,8 @@ the number of days to certify the certif
|
|
 |
c4366c |
=item B<-md alg>
|
|
 |
c4366c |
|
|
 |
c4366c |
the message digest to use. Possible values include md5, sha1 and mdc2.
|
|
 |
c4366c |
-This option also applies to CRLs.
|
|
 |
c4366c |
+For full list of digests see openssl dgst -h output. This option also
|
|
 |
c4366c |
+applies to CRLs.
|
|
 |
c4366c |
|
|
 |
c4366c |
=item B<-policy arg>
|
|
 |
c4366c |
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/doc/apps/req.pod.dgst openssl-fips-0.9.8e/doc/apps/req.pod
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/doc/apps/req.pod.dgst 2005-07-15 11:50:38.000000000 +0200
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/doc/apps/req.pod 2011-04-04 15:05:22.000000000 +0200
|
|
 |
c4366c |
@@ -160,6 +160,7 @@ will not be encrypted.
|
|
 |
c4366c |
this specifies the message digest to sign the request with. This
|
|
 |
c4366c |
overrides the digest algorithm specified in the configuration file.
|
|
 |
c4366c |
This option is ignored for DSA requests: they always use SHA1.
|
|
 |
c4366c |
+For full list of possible digests see openssl dgst -h output.
|
|
 |
c4366c |
|
|
 |
c4366c |
=item B<-config filename>
|
|
 |
c4366c |
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/doc/apps/x509.pod.dgst openssl-fips-0.9.8e/doc/apps/x509.pod
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/doc/apps/x509.pod.dgst 2007-02-03 11:27:31.000000000 +0100
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/doc/apps/x509.pod 2011-04-04 15:06:14.000000000 +0200
|
|
 |
c4366c |
@@ -100,6 +100,7 @@ the digest to use. This affects any sign
|
|
 |
c4366c |
digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
|
|
 |
c4366c |
specified then SHA1 is used. If the key being used to sign with is a DSA key
|
|
 |
c4366c |
then this option has no effect: SHA1 is always used with DSA keys.
|
|
 |
c4366c |
+For full list of digests see openssl dgst -h output.
|
|
 |
c4366c |
|
|
 |
c4366c |
=item B<-engine id>
|
|
 |
c4366c |
|