[rpms/openssl] rebase_40beta: clarify apps help texts for available digest algorithms (#693858)

[rpms/openssl] rebase_40beta: clarify apps help texts for available digest algorithms (#693858)

[Tomas Mraz]

A new commit has been pushed.

Repo   : rpms/openssl
Branch : rebase_40beta
Commit : 8d20fec2813dc3af5a6c5adc30f32064afdcd935
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date   : 2011-04-05T21:24:01+02:00
Stats  : +116/-1 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/openssl/c/8d20fec2813dc3af5a6c5adc30f32064afdcd935?branch=rebase_40beta

Log:
clarify apps help texts for available digest algorithms (#693858)

---
diff --git a/openssl-1.0.0d-apps-dgst.patch b/openssl-1.0.0d-apps-dgst.patch
new file mode 100644
index 0000000..da20481
--- /dev/null
+++ b/openssl-1.0.0d-apps-dgst.patch
@@ -0,0 +1,110 @@
+diff -up openssl-1.0.0d/apps/ca.c.dgst openssl-1.0.0d/apps/ca.c
+--- openssl-1.0.0d/apps/ca.c.dgst	2009-12-02 15:41:24.000000000 +0100
++++ openssl-1.0.0d/apps/ca.c	2011-04-05 21:09:42.000000000 +0200
+@@ -157,7 +157,7 @@ static const char *ca_usage[]={
+ " -startdate YYMMDDHHMMSSZ  - certificate validity notBefore\n",
+ " -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)\n",
+ " -days arg       - number of days to certify the certificate for\n",
+-" -md arg         - md to use, one of md2, md5, sha or sha1\n",
++" -md arg         - md to use, see openssl dgst -h for list\n",
+ " -policy arg     - The CA 'policy' to support\n",
+ " -keyfile arg    - private key file\n",
+ " -keyform arg    - private key file format (PEM or ENGINE)\n",
+diff -up openssl-1.0.0d/apps/enc.c.dgst openssl-1.0.0d/apps/enc.c
+--- openssl-1.0.0d/apps/enc.c.dgst	2010-06-15 19:25:02.000000000 +0200
++++ openssl-1.0.0d/apps/enc.c	2011-04-05 21:11:54.000000000 +0200
+@@ -302,7 +302,7 @@ bad:
+ 			BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
+ 			BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
+ 			BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
+-			BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
++			BIO_printf(bio_err,"%-14s   from a passphrase. See openssl dgst -h for list.\n","");
+ 			BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S");
+ 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
+ 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
+diff -up openssl-1.0.0d/apps/req.c.dgst openssl-1.0.0d/apps/req.c
+--- openssl-1.0.0d/apps/req.c.dgst	2010-03-10 14:48:21.000000000 +0100
++++ openssl-1.0.0d/apps/req.c	2011-04-05 21:12:33.000000000 +0200
+@@ -421,7 +421,7 @@ bad:
+ #ifndef OPENSSL_NO_ECDSA
+ 		BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
+ #endif
+-		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
++		BIO_printf(bio_err," -[digest]      Digest to sign with (see openssl dgst -h for list)\n");
+ 		BIO_printf(bio_err," -config file   request template file.\n");
+ 		BIO_printf(bio_err," -subj arg      set or modify request subject\n");
+ 		BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
+diff -up openssl-1.0.0d/apps/ts.c.dgst openssl-1.0.0d/apps/ts.c
+--- openssl-1.0.0d/apps/ts.c.dgst	2009-10-18 16:42:26.000000000 +0200
++++ openssl-1.0.0d/apps/ts.c	2011-04-05 21:16:07.000000000 +0200
+@@ -368,7 +368,7 @@ int MAIN(int argc, char **argv)
+ 	BIO_printf(bio_err, "usage:\n"
+ 		   "ts -query [-rand file%cfile%c...] [-config configfile] "
+ 		   "[-data file_to_hash] [-digest digest_bytes]"
+-		   "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
++		   "[-<hashalg>] "
+ 		   "[-policy object_id] [-no_nonce] [-cert] "
+ 		   "[-in request.tsq] [-out request.tsq] [-text]\n",
+ 		   LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+diff -up openssl-1.0.0d/apps/x509.c.dgst openssl-1.0.0d/apps/x509.c
+--- openssl-1.0.0d/apps/x509.c.dgst	2011-04-05 21:13:42.000000000 +0200
++++ openssl-1.0.0d/apps/x509.c	2011-04-05 21:13:17.000000000 +0200
+@@ -141,7 +141,7 @@ static const char *x509_usage[]={
+ " -set_serial     - serial number to use\n",
+ " -text           - print the certificate in text form\n",
+ " -C              - print out C code forms\n",
+-" -md2/-md5/-sha1/-mdc2 - digest to use\n",
++" -<dgst>         - digest to use, see openssl dgst -h output for list\n",
+ " -extfile        - configuration file with X509V3 extensions to add\n",
+ " -extensions     - section from config file with X509V3 extensions to add\n",
+ " -clrext         - delete extensions before signing and input certificate\n",
+diff -up openssl-1.0.0d/doc/apps/ca.pod.dgst openssl-1.0.0d/doc/apps/ca.pod
+--- openssl-1.0.0d/doc/apps/ca.pod.dgst	2009-04-10 13:25:53.000000000 +0200
++++ openssl-1.0.0d/doc/apps/ca.pod	2011-04-05 21:16:39.000000000 +0200
+@@ -160,7 +160,8 @@ the number of days to certify the certif
+ =item B<-md alg>
+ 
+ the message digest to use. Possible values include md5, sha1 and mdc2.
+-This option also applies to CRLs.
++For full list of digests see openssl dgst -h output. This option also
++applies to CRLs.
+ 
+ =item B<-policy arg>
+ 
+diff -up openssl-1.0.0d/doc/apps/ocsp.pod.dgst openssl-1.0.0d/doc/apps/ocsp.pod
+--- openssl-1.0.0d/doc/apps/ocsp.pod.dgst	2008-02-25 19:11:47.000000000 +0100
++++ openssl-1.0.0d/doc/apps/ocsp.pod	2011-04-05 21:18:17.000000000 +0200
+@@ -210,7 +210,8 @@ check is not performed.
+ =item B<-md5|-sha1|-sha256|-ripemod160|...>
+ 
+ this option sets digest algorithm to use for certificate identification
+-in the OCSP request. By default SHA-1 is used. 
++in the OCSP request. By default SHA-1 is used. See openssl dgst -h output for
++the list of available algorithms.
+ 
+ =back
+ 
+diff -up openssl-1.0.0d/doc/apps/req.pod.dgst openssl-1.0.0d/doc/apps/req.pod
+--- openssl-1.0.0d/doc/apps/req.pod.dgst	2009-04-10 18:42:28.000000000 +0200
++++ openssl-1.0.0d/doc/apps/req.pod	2011-04-05 21:20:47.000000000 +0200
+@@ -201,7 +201,8 @@ will not be encrypted.
+ 
+ this specifies the message digest to sign the request with (such as
+ B<-md5>, B<-sha1>). This overrides the digest algorithm specified in
+-the configuration file.
++the configuration file. For full list of possible digests see openssl
++dgst -h output.
+ 
+ Some public key algorithms may override this choice. For instance, DSA
+ signatures always use SHA1, GOST R 34.10 signatures always use
+diff -up openssl-1.0.0d/doc/apps/x509.pod.dgst openssl-1.0.0d/doc/apps/x509.pod
+--- openssl-1.0.0d/doc/apps/x509.pod.dgst	2010-01-12 18:27:11.000000000 +0100
++++ openssl-1.0.0d/doc/apps/x509.pod	2011-04-05 21:19:56.000000000 +0200
+@@ -101,6 +101,7 @@ the digest to use. This affects any sign
+ digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
+ specified then SHA1 is used. If the key being used to sign with is a DSA key
+ then this option has no effect: SHA1 is always used with DSA keys.
++For full list of digests see openssl dgst -h output.
+ 
+ =item B<-engine id>
+ 

diff --git a/openssl.spec b/openssl.spec
index 0c75dd5..c61818d 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
 Summary: A general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.0d
-Release: 1%{?dist}
+Release: 2%{?dist}
 # We remove certain patented algorithms from the openssl source tarball
 # with the hobble-openssl script which is included below.
 Source: openssl-%{version}-usa.tar.bz2
@@ -68,6 +68,7 @@ Patch56: openssl-1.0.0c-rsa-x931.patch
 Patch57: openssl-1.0.0c-fips186-3.patch
 Patch58: openssl-1.0.0c-fips-md5-allow.patch
 Patch59: openssl-1.0.0c-pkcs12-fips-default.patch
+Patch60: openssl-1.0.0d-apps-dgst.patch
 # Backported fixes including security fixes
 
 License: OpenSSL
@@ -156,6 +157,7 @@ from other formats to the formats used by the OpenSSL toolkit.
 %patch57 -p1 -b .fips186-3
 %patch58 -p1 -b .md5-allow
 %patch59 -p1 -b .fips-default
+%patch60 -p1 -b .dgst
 
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@@ -405,6 +407,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun -p /sbin/ldconfig
 
 %changelog
+* Tue Apr  5 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-2
+- clarify apps help texts for available digest algorithms (#693858)
+
 * Thu Feb 10 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-1
 - new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability)