openssl/sme8/openssl-fips-0.9.8e-apps-dgst.patch

diff -up openssl-fips-0.9.8e/apps/ca.c.dgst openssl-fips-0.9.8e/apps/ca.c
--- openssl-fips-0.9.8e/apps/ca.c.dgst  2006-11-27 14:36:52.000000000 +0100
+++ openssl-fips-0.9.8e/apps/ca.c       2011-04-04 14:36:24.000000000 +0200
@@ -158,7 +158,7 @@ static const char *ca_usage[]={
 " -startdate YYMMDDHHMMSSZ  - certificate validity notBefore\n",
 " -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)\n",
 " -days arg       - number of days to certify the certificate for\n",
-" -md arg         - md to use, one of md2, md5, sha or sha1\n",
+" -md arg         - md to use, see openssl dgst -h for list\n",
 " -policy arg     - The CA 'policy' to support\n",
 " -keyfile arg    - private key file\n",
 " -keyform arg    - private key file format (PEM or ENGINE)\n",
diff -up openssl-fips-0.9.8e/apps/dgst.c.dgst openssl-fips-0.9.8e/apps/dgst.c
--- openssl-fips-0.9.8e/apps/dgst.c.dgst        2007-09-19 02:02:10.000000000 +0200
+++ openssl-fips-0.9.8e/apps/dgst.c     2011-04-04 14:41:31.000000000 +0200
@@ -280,10 +280,14 @@ ERR_load_crypto_strings();
                        LN_sha512,LN_sha512);
 #endif
 #endif
+#ifndef OPENSSL_NO_MDC2
                BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
                        LN_mdc2,LN_mdc2);
+#endif
+#ifndef OPENSSL_NO_RIPEMD
                BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
                        LN_ripemd160,LN_ripemd160);
+#endif
                err=1;
                goto end;
                }
diff -up openssl-fips-0.9.8e/apps/enc.c.dgst openssl-fips-0.9.8e/apps/enc.c
--- openssl-fips-0.9.8e/apps/enc.c.dgst 2007-03-22 01:37:43.000000000 +0100
+++ openssl-fips-0.9.8e/apps/enc.c      2011-04-04 14:39:17.000000000 +0200
@@ -285,7 +285,7 @@ bad:
                        BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
                        BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
                        BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
-                       BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
+                       BIO_printf(bio_err,"%-14s   from a passphrase. See openssl dgst -h for list.\n","");
                        BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
                        BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
                        BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
diff -up openssl-fips-0.9.8e/apps/req.c.dgst openssl-fips-0.9.8e/apps/req.c
--- openssl-fips-0.9.8e/apps/req.c.dgst 2005-07-16 13:13:03.000000000 +0200
+++ openssl-fips-0.9.8e/apps/req.c      2011-04-04 14:40:46.000000000 +0200
@@ -523,7 +523,7 @@ bad:
 #ifndef OPENSSL_NO_ECDSA
                BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
 #endif
-               BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
+               BIO_printf(bio_err," -[digest]      Digest to sign with (see openssl dgst -h for list)\n");
                BIO_printf(bio_err," -config file   request template file.\n");
                BIO_printf(bio_err," -subj arg      set or modify request subject\n");
                BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
diff -up openssl-fips-0.9.8e/apps/x509.c.dgst openssl-fips-0.9.8e/apps/x509.c
--- openssl-fips-0.9.8e/apps/x509.c.dgst        2011-04-04 14:18:34.000000000 +0200
+++ openssl-fips-0.9.8e/apps/x509.c     2011-04-04 14:35:05.000000000 +0200
@@ -134,7 +134,7 @@ static const char *x509_usage[]={
 " -set_serial     - serial number to use\n",
 " -text           - print the certificate in text form\n",
 " -C              - print out C code forms\n",
-" -md2/-md5/-sha1/-mdc2 - digest to use\n",
+" -<dgst>         - digest to use, see openssl dgst -h output for list\n",
 " -extfile        - configuration file with X509V3 extensions to add\n",
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
diff -up openssl-fips-0.9.8e/doc/apps/ca.pod.dgst openssl-fips-0.9.8e/doc/apps/ca.pod
--- openssl-fips-0.9.8e/doc/apps/ca.pod.dgst    2005-07-15 11:50:38.000000000 +0200
+++ openssl-fips-0.9.8e/doc/apps/ca.pod 2011-04-04 15:03:07.000000000 +0200
@@ -160,7 +160,8 @@ the number of days to certify the certif
 =item B<-md alg>
 
 the message digest to use. Possible values include md5, sha1 and mdc2.
-This option also applies to CRLs.
+For full list of digests see openssl dgst -h output. This option also
+applies to CRLs.
 
 =item B<-policy arg>
 
diff -up openssl-fips-0.9.8e/doc/apps/req.pod.dgst openssl-fips-0.9.8e/doc/apps/req.pod
--- openssl-fips-0.9.8e/doc/apps/req.pod.dgst   2005-07-15 11:50:38.000000000 +0200
+++ openssl-fips-0.9.8e/doc/apps/req.pod        2011-04-04 15:05:22.000000000 +0200
@@ -160,6 +160,7 @@ will not be encrypted.
 this specifies the message digest to sign the request with. This
 overrides the digest algorithm specified in the configuration file.
 This option is ignored for DSA requests: they always use SHA1.
+For full list of possible digests see openssl dgst -h output.
 
 =item B<-config filename>
 
diff -up openssl-fips-0.9.8e/doc/apps/x509.pod.dgst openssl-fips-0.9.8e/doc/apps/x509.pod
--- openssl-fips-0.9.8e/doc/apps/x509.pod.dgst  2007-02-03 11:27:31.000000000 +0100
+++ openssl-fips-0.9.8e/doc/apps/x509.pod       2011-04-04 15:06:14.000000000 +0200
@@ -100,6 +100,7 @@ the digest to use. This affects any sign
 digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
 specified then SHA1 is used. If the key being used to sign with is a DSA key
 then this option has no effect: SHA1 is always used with DSA keys.
+For full list of digests see openssl dgst -h output.
 
 =item B<-engine id>
 
1	diff -up openssl-fips-0.9.8e/apps/ca.c.dgst openssl-fips-0.9.8e/apps/ca.c
2	--- openssl-fips-0.9.8e/apps/ca.c.dgst 2006-11-27 14:36:52.000000000 +0100
3	+++ openssl-fips-0.9.8e/apps/ca.c 2011-04-04 14:36:24.000000000 +0200
4	@@ -158,7 +158,7 @@ static const char *ca_usage[]={
5	" -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
6	" -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
7	" -days arg - number of days to certify the certificate for\n",
8	-" -md arg - md to use, one of md2, md5, sha or sha1\n",
9	+" -md arg - md to use, see openssl dgst -h for list\n",
10	" -policy arg - The CA 'policy' to support\n",
11	" -keyfile arg - private key file\n",
12	" -keyform arg - private key file format (PEM or ENGINE)\n",
13	diff -up openssl-fips-0.9.8e/apps/dgst.c.dgst openssl-fips-0.9.8e/apps/dgst.c
14	--- openssl-fips-0.9.8e/apps/dgst.c.dgst 2007-09-19 02:02:10.000000000 +0200
15	+++ openssl-fips-0.9.8e/apps/dgst.c 2011-04-04 14:41:31.000000000 +0200
16	@@ -280,10 +280,14 @@ ERR_load_crypto_strings();
17	LN_sha512,LN_sha512);
18	#endif
19	#endif
20	+#ifndef OPENSSL_NO_MDC2
21	BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
22	LN_mdc2,LN_mdc2);
23	+#endif
24	+#ifndef OPENSSL_NO_RIPEMD
25	BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
26	LN_ripemd160,LN_ripemd160);
27	+#endif
28	err=1;
29	goto end;
30	}
31	diff -up openssl-fips-0.9.8e/apps/enc.c.dgst openssl-fips-0.9.8e/apps/enc.c
32	--- openssl-fips-0.9.8e/apps/enc.c.dgst 2007-03-22 01:37:43.000000000 +0100
33	+++ openssl-fips-0.9.8e/apps/enc.c 2011-04-04 14:39:17.000000000 +0200
34	@@ -285,7 +285,7 @@ bad:
35	BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
36	BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
37	BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
38	- BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n","");
39	+ BIO_printf(bio_err,"%-14s from a passphrase. See openssl dgst -h for list.\n","");
40	BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
41	BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
42	BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
43	diff -up openssl-fips-0.9.8e/apps/req.c.dgst openssl-fips-0.9.8e/apps/req.c
44	--- openssl-fips-0.9.8e/apps/req.c.dgst 2005-07-16 13:13:03.000000000 +0200
45	+++ openssl-fips-0.9.8e/apps/req.c 2011-04-04 14:40:46.000000000 +0200
46	@@ -523,7 +523,7 @@ bad:
47	#ifndef OPENSSL_NO_ECDSA
48	BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
49	#endif
50	- BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
51	+ BIO_printf(bio_err," -[digest] Digest to sign with (see openssl dgst -h for list)\n");
52	BIO_printf(bio_err," -config file request template file.\n");
53	BIO_printf(bio_err," -subj arg set or modify request subject\n");
54	BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
55	diff -up openssl-fips-0.9.8e/apps/x509.c.dgst openssl-fips-0.9.8e/apps/x509.c
56	--- openssl-fips-0.9.8e/apps/x509.c.dgst 2011-04-04 14:18:34.000000000 +0200
57	+++ openssl-fips-0.9.8e/apps/x509.c 2011-04-04 14:35:05.000000000 +0200
58	@@ -134,7 +134,7 @@ static const char *x509_usage[]={
59	" -set_serial - serial number to use\n",
60	" -text - print the certificate in text form\n",
61	" -C - print out C code forms\n",
62	-" -md2/-md5/-sha1/-mdc2 - digest to use\n",
63	+" -<dgst> - digest to use, see openssl dgst -h output for list\n",
64	" -extfile - configuration file with X509V3 extensions to add\n",
65	" -extensions - section from config file with X509V3 extensions to add\n",
66	" -clrext - delete extensions before signing and input certificate\n",
67	diff -up openssl-fips-0.9.8e/doc/apps/ca.pod.dgst openssl-fips-0.9.8e/doc/apps/ca.pod
68	--- openssl-fips-0.9.8e/doc/apps/ca.pod.dgst 2005-07-15 11:50:38.000000000 +0200
69	+++ openssl-fips-0.9.8e/doc/apps/ca.pod 2011-04-04 15:03:07.000000000 +0200
70	@@ -160,7 +160,8 @@ the number of days to certify the certif
71	=item B<-md alg>
72
73	the message digest to use. Possible values include md5, sha1 and mdc2.
74	-This option also applies to CRLs.
75	+For full list of digests see openssl dgst -h output. This option also
76	+applies to CRLs.
77
78	=item B<-policy arg>
79
80	diff -up openssl-fips-0.9.8e/doc/apps/req.pod.dgst openssl-fips-0.9.8e/doc/apps/req.pod
81	--- openssl-fips-0.9.8e/doc/apps/req.pod.dgst 2005-07-15 11:50:38.000000000 +0200
82	+++ openssl-fips-0.9.8e/doc/apps/req.pod 2011-04-04 15:05:22.000000000 +0200
83	@@ -160,6 +160,7 @@ will not be encrypted.
84	this specifies the message digest to sign the request with. This
85	overrides the digest algorithm specified in the configuration file.
86	This option is ignored for DSA requests: they always use SHA1.
87	+For full list of possible digests see openssl dgst -h output.
88
89	=item B<-config filename>
90
91	diff -up openssl-fips-0.9.8e/doc/apps/x509.pod.dgst openssl-fips-0.9.8e/doc/apps/x509.pod
92	--- openssl-fips-0.9.8e/doc/apps/x509.pod.dgst 2007-02-03 11:27:31.000000000 +0100
93	+++ openssl-fips-0.9.8e/doc/apps/x509.pod 2011-04-04 15:06:14.000000000 +0200
94	@@ -100,6 +100,7 @@ the digest to use. This affects any sign
95	digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
96	specified then SHA1 is used. If the key being used to sign with is a DSA key
97	then this option has no effect: SHA1 is always used with DSA keys.
98	+For full list of digests see openssl dgst -h output.
99
100	=item B<-engine id>
101