diff -up openssl-fips-0.9.8e/apps/ca.c.dgst openssl-fips-0.9.8e/apps/ca.c --- openssl-fips-0.9.8e/apps/ca.c.dgst 2006-11-27 14:36:52.000000000 +0100 +++ openssl-fips-0.9.8e/apps/ca.c 2011-04-04 14:36:24.000000000 +0200 @@ -158,7 +158,7 @@ static const char *ca_usage[]={ " -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n", " -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n", " -days arg - number of days to certify the certificate for\n", -" -md arg - md to use, one of md2, md5, sha or sha1\n", +" -md arg - md to use, see openssl dgst -h for list\n", " -policy arg - The CA 'policy' to support\n", " -keyfile arg - private key file\n", " -keyform arg - private key file format (PEM or ENGINE)\n", diff -up openssl-fips-0.9.8e/apps/dgst.c.dgst openssl-fips-0.9.8e/apps/dgst.c --- openssl-fips-0.9.8e/apps/dgst.c.dgst 2007-09-19 02:02:10.000000000 +0200 +++ openssl-fips-0.9.8e/apps/dgst.c 2011-04-04 14:41:31.000000000 +0200 @@ -280,10 +280,14 @@ ERR_load_crypto_strings(); LN_sha512,LN_sha512); #endif #endif +#ifndef OPENSSL_NO_MDC2 BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_mdc2,LN_mdc2); +#endif +#ifndef OPENSSL_NO_RIPEMD BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_ripemd160,LN_ripemd160); +#endif err=1; goto end; } diff -up openssl-fips-0.9.8e/apps/enc.c.dgst openssl-fips-0.9.8e/apps/enc.c --- openssl-fips-0.9.8e/apps/enc.c.dgst 2007-03-22 01:37:43.000000000 +0100 +++ openssl-fips-0.9.8e/apps/enc.c 2011-04-04 14:39:17.000000000 +0200 @@ -285,7 +285,7 @@ bad: BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k"); BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile"); BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md"); - BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n",""); + BIO_printf(bio_err,"%-14s from a passphrase. See openssl dgst -h for list.\n",""); BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); BIO_printf(bio_err,"%-14s buffer size\n","-bufsize "); diff -up openssl-fips-0.9.8e/apps/req.c.dgst openssl-fips-0.9.8e/apps/req.c --- openssl-fips-0.9.8e/apps/req.c.dgst 2005-07-16 13:13:03.000000000 +0200 +++ openssl-fips-0.9.8e/apps/req.c 2011-04-04 14:40:46.000000000 +0200 @@ -523,7 +523,7 @@ bad: #ifndef OPENSSL_NO_ECDSA BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n"); #endif - BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n"); + BIO_printf(bio_err," -[digest] Digest to sign with (see openssl dgst -h for list)\n"); BIO_printf(bio_err," -config file request template file.\n"); BIO_printf(bio_err," -subj arg set or modify request subject\n"); BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n"); diff -up openssl-fips-0.9.8e/apps/x509.c.dgst openssl-fips-0.9.8e/apps/x509.c --- openssl-fips-0.9.8e/apps/x509.c.dgst 2011-04-04 14:18:34.000000000 +0200 +++ openssl-fips-0.9.8e/apps/x509.c 2011-04-04 14:35:05.000000000 +0200 @@ -134,7 +134,7 @@ static const char *x509_usage[]={ " -set_serial - serial number to use\n", " -text - print the certificate in text form\n", " -C - print out C code forms\n", -" -md2/-md5/-sha1/-mdc2 - digest to use\n", +" - - digest to use, see openssl dgst -h output for list\n", " -extfile - configuration file with X509V3 extensions to add\n", " -extensions - section from config file with X509V3 extensions to add\n", " -clrext - delete extensions before signing and input certificate\n", diff -up openssl-fips-0.9.8e/doc/apps/ca.pod.dgst openssl-fips-0.9.8e/doc/apps/ca.pod --- openssl-fips-0.9.8e/doc/apps/ca.pod.dgst 2005-07-15 11:50:38.000000000 +0200 +++ openssl-fips-0.9.8e/doc/apps/ca.pod 2011-04-04 15:03:07.000000000 +0200 @@ -160,7 +160,8 @@ the number of days to certify the certif =item B<-md alg> the message digest to use. Possible values include md5, sha1 and mdc2. -This option also applies to CRLs. +For full list of digests see openssl dgst -h output. This option also +applies to CRLs. =item B<-policy arg> diff -up openssl-fips-0.9.8e/doc/apps/req.pod.dgst openssl-fips-0.9.8e/doc/apps/req.pod --- openssl-fips-0.9.8e/doc/apps/req.pod.dgst 2005-07-15 11:50:38.000000000 +0200 +++ openssl-fips-0.9.8e/doc/apps/req.pod 2011-04-04 15:05:22.000000000 +0200 @@ -160,6 +160,7 @@ will not be encrypted. this specifies the message digest to sign the request with. This overrides the digest algorithm specified in the configuration file. This option is ignored for DSA requests: they always use SHA1. +For full list of possible digests see openssl dgst -h output. =item B<-config filename> diff -up openssl-fips-0.9.8e/doc/apps/x509.pod.dgst openssl-fips-0.9.8e/doc/apps/x509.pod --- openssl-fips-0.9.8e/doc/apps/x509.pod.dgst 2007-02-03 11:27:31.000000000 +0100 +++ openssl-fips-0.9.8e/doc/apps/x509.pod 2011-04-04 15:06:14.000000000 +0200 @@ -100,6 +100,7 @@ the digest to use. This affects any sign digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not specified then SHA1 is used. If the key being used to sign with is a DSA key then this option has no effect: SHA1 is always used with DSA keys. +For full list of digests see openssl dgst -h output. =item B<-engine id>