[Pkg-openssl-devel] Bug#529586: openssl dgst -hmac option undocumented (both usage and manpage)

Thorsten Glaser tg at mirbsd.de
Fri May 22 16:28:05 UTC 2009 

tag 529586 + patch
thanks

I’ve committed the thing below in MirBSD¹; since the apps code
changes very little between OpenSSL versions, it will probably
apply to the Debian package as well. I’m open for better wor-
ding though, especially considering the FIPS option, which I
found as undocumented too.

Index: src/lib/libssl/src/doc/apps/dgst.pod
diff -up src/lib/libssl/src/doc/apps/dgst.pod:1.1.1.2 src/lib/libssl/src/doc/apps/dgst.pod:1.2
--- src/lib/libssl/src/doc/apps/dgst.pod:1.1.1.2	Fri Apr 29 13:39:55 2005
+++ src/lib/libssl/src/doc/apps/dgst.pod	Wed May 20 09:51:51 2009
@@ -12,6 +12,8 @@ B<openssl> B<dgst> 
 [B<-d>]
 [B<-hex>]
 [B<-binary>]
+[B<-hmac arg>]
+[B<-non-fips-allow>]
 [B<-out filename>]
 [B<-sign filename>]
 [B<-passin arg>]
@@ -52,6 +54,14 @@ digest as opposed to a digital signature
 
 output the digest or signature in binary form.
 
+=item B<-hmac arg>
+
+set the HMAC key to "arg".
+
+=item B<-non-fips-allow>
+
+allow use of non FIPS digest.
+
 =item B<-out filename>
 
 filename to output to, or standard output by default.
Index: src/lib/libssl/src/apps/dgst.c
diff -up src/lib/libssl/src/apps/dgst.c:1.1.1.2 src/lib/libssl/src/apps/dgst.c:1.2
--- src/lib/libssl/src/apps/dgst.c:1.1.1.2	Fri Apr 29 13:38:41 2005
+++ src/lib/libssl/src/apps/dgst.c	Wed May 20 09:51:52 2009
@@ -226,6 +228,8 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-d              to output debug info\n");
 		BIO_printf(bio_err,"-hex            output as hex dump\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
+		BIO_printf(bio_err,"-hmac arg       set the HMAC key to arg\n");
+		BIO_printf(bio_err,"-non-fips-allow allow use of non FIPS digest\n");
 		BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
 		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
 		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");


bye,
//mirabilos

① Does it count as “patch” tag? I hope.
-- 
“It is inappropriate to require that a time represented as
 seconds since the Epoch precisely represent the number of
 seconds between the referenced time and the Epoch.”
	-- IEEE Std 1003.1b-1993 (POSIX) Section B.2.2.2

More information about the Pkg-openssl-devel mailing list