Bug#529586: openssl dgst -hmac option undocumented (both usage and manpage)

Fri, 22 May 2009 09:37:33 -0700 

tag 529586 + patch
thanks

I’ve committed the thing below in MirBSD¹; since the apps code
changes very little between OpenSSL versions, it will probably
apply to the Debian package as well. I’m open for better wor-
ding though, especially considering the FIPS option, which I
found as undocumented too.

Index: src/lib/libssl/src/doc/apps/dgst.pod
diff -up src/lib/libssl/src/doc/apps/dgst.pod:1.1.1.2 
src/lib/libssl/src/doc/apps/dgst.pod:1.2
--- src/lib/libssl/src/doc/apps/dgst.pod:1.1.1.2        Fri Apr 29 13:39:55 2005
+++ src/lib/libssl/src/doc/apps/dgst.pod        Wed May 20 09:51:51 2009
@@ -12,6 +12,8 @@ B<openssl> B<dgst> 
 [B<-d>]
 [B<-hex>]
 [B<-binary>]
+[B<-hmac arg>]
+[B<-non-fips-allow>]
 [B<-out filename>]
 [B<-sign filename>]
 [B<-passin arg>]
@@ -52,6 +54,14 @@ digest as opposed to a digital signature
 
 output the digest or signature in binary form.
 
+=item B<-hmac arg>
+
+set the HMAC key to "arg".
+
+=item B<-non-fips-allow>
+
+allow use of non FIPS digest.
+
 =item B<-out filename>
 
 filename to output to, or standard output by default.
Index: src/lib/libssl/src/apps/dgst.c
diff -up src/lib/libssl/src/apps/dgst.c:1.1.1.2 
src/lib/libssl/src/apps/dgst.c:1.2
--- src/lib/libssl/src/apps/dgst.c:1.1.1.2      Fri Apr 29 13:38:41 2005
+++ src/lib/libssl/src/apps/dgst.c      Wed May 20 09:51:52 2009
@@ -226,6 +228,8 @@ int MAIN(int argc, char **argv)
                BIO_printf(bio_err,"-d              to output debug info\n");
                BIO_printf(bio_err,"-hex            output as hex dump\n");
                BIO_printf(bio_err,"-binary         output in binary form\n");
+               BIO_printf(bio_err,"-hmac arg       set the HMAC key to arg\n");
+               BIO_printf(bio_err,"-non-fips-allow allow use of non FIPS 
digest\n");
                BIO_printf(bio_err,"-sign   file    sign digest using private 
key in file\n");
                BIO_printf(bio_err,"-verify file    verify a signature using 
public key in file\n");
                BIO_printf(bio_err,"-prverify file  verify a signature using 
private key in file\n");


bye,
//mirabilos

① Does it count as “patch” tag? I hope.
-- 
“It is inappropriate to require that a time represented as
 seconds since the Epoch precisely represent the number of
 seconds between the referenced time and the Epoch.”
        -- IEEE Std 1003.1b-1993 (POSIX) Section B.2.2.2



--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to