Various doc fixes.

Make all mention of digest algorithm use "any supported algorithm"

RT2071, some new manpages from Victor B. Wagner <vitus@cryptocom.ru>:
    X509_LOOKUP_hash_dir.pod
    X509_check_ca.pod
    X509_check_issued.pod

RT 1600:
    Remove references to non-existant objects(3)
    Add RETURN VALUES to BIO_do_accept page.

RT1818:
    RSA_sign Can return values other than 0 on failure.

RT3634:
    Fix AES CBC aliases (Steffen Nurpmeso <sdaoden@yandex.com>)

RT3678:
    Some clarifications to BIO_new_pair
    (Devchandra L Meetei <dlmeetei@gmail.com>)

RT3787:
    Fix some EVP_ function return values
    (Laetitia Baudoin <lbaudoin@google.com>)

Reviewed-by: Tim Hudson <tjh@openssl.org>

8 files changed, 40 insertions, 35 deletions

diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod
index be0153a..3a3d1b6 100644
--- a/doc/apps/ca.pod
+++ b/doc/apps/ca.pod
@@ -167,7 +167,8 @@ the number of days to certify the certificate for.
 
 =item B<-md alg>
 
-the message digest to use. Possible values include md5, sha1 and mdc2.
+the message digest to use.
+Any digest supported by the OpenSSL B<dgst> command can be used.
 This option also applies to CRLs.
 
 =item B<-policy arg>
@@ -406,7 +407,7 @@ least one of these must be present to generate a CRL.
 
 =item B<default_md>
 
-the same as the B<-md> option. The message digest to use. Mandatory.
+the same as the B<-md> option. Mandatory.
 
 =item B<database>
 
diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod
index 96d3cc0..1b1a7e1 100644
--- a/doc/apps/dgst.pod
+++ b/doc/apps/dgst.pod
@@ -185,6 +185,10 @@ To verify a signature:
 
 =head1 NOTES
 
+The digest mechanisms that are available will depend on the options
+used when building OpenSSL.
+The B<list digest-commands> command can be used to list them.
+
 New or agile applications should use probably use SHA-256. Other digests,
 particularly SHA-1 and MD5, are still widely used for interoperating
 with existing formats and protocols.
diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod
index 1d25cf3..26e678c 100644
--- a/doc/apps/enc.pod
+++ b/doc/apps/enc.pod
@@ -282,7 +282,7 @@ authentication tag.
  rc5-ofb            RC5 cipher in OFB mode
 
  aes-[128|192|256]-cbc	128/192/256 bit AES in CBC mode
- aes-[128|192|256]	Alias for aes-[128|192|256]-cbc
+ aes[128|192|256]	Alias for aes-[128|192|256]-cbc
  aes-[128|192|256]-cfb	128/192/256 bit AES in 128 bit CFB mode
  aes-[128|192|256]-cfb1	128/192/256 bit AES in 1 bit CFB mode
  aes-[128|192|256]-cfb8	128/192/256 bit AES in 8 bit CFB mode
diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
index a9b29b0..2566966 100644
--- a/doc/apps/ocsp.pod
+++ b/doc/apps/ocsp.pod
@@ -261,10 +261,12 @@ information is immediately available. In this case the age of the B<notBefore> f
 is checked to see it is not older than B<age> seconds old. By default this additional
 check is not performed.
 
-=item B<-md5|-sha1|-sha256|-ripemod160|...>
+=item B<-[digest]>
 
 this option sets digest algorithm to use for certificate identification
-in the OCSP request. By default SHA-1 is used. 
+in the OCSP request.
+Any digest supported by the OpenSSL B<dgst> command can be used.
+The default is SHA-1.
 
 =back
 
diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod
index d996eda..30ea9bd 100644
--- a/doc/apps/openssl.pod
+++ b/doc/apps/openssl.pod
@@ -12,7 +12,7 @@ I<command>
 [ I<command_opts> ]
 [ I<command_args> ]
 
-B<openssl> [ B<list-standard-commands> | B<list-message-digest-commands> | B<list-cipher-commands> | B<list-cipher-algorithms> | B<list-message-digest-algorithms> | B<list-public-key-algorithms>]
+B<openssl> B<list> [ B<standard-commands> | B<digest-commands> | B<cipher-commands> | B<cipher-algorithms> | B<digest-algorithms> | B<public-key-algorithms>]
 
 B<openssl> B<no->I<XXX> [ I<arbitrary options> ]
 
@@ -41,20 +41,20 @@ The B<openssl> program provides a rich variety of commands (I<command> in the
 SYNOPSIS above), each of which often has a wealth of options and arguments
 (I<command_opts> and I<command_args> in the SYNOPSIS).
 
-The pseudo-commands B<list-standard-commands>, B<list-message-digest-commands>,
-and B<list-cipher-commands> output a list (one entry per line) of the names
+The list parameters B<standard-commands>, B<digest-commands>,
+and B<cipher-commands> output a list (one entry per line) of the names
 of all standard commands, message digest commands, or cipher commands,
 respectively, that are available in the present B<openssl> utility.
 
-The pseudo-commands B<list-cipher-algorithms> and
-B<list-message-digest-algorithms> list all cipher and message digest names, one entry per line. Aliases are listed as:
+The list parameters B<cipher-algorithms> and
+B<digest-algorithms> list all cipher and message digest names, one entry per line. Aliases are listed as:
 
  from => to
 
-The pseudo-command B<list-public-key-algorithms> lists all supported public
+The list parameter B<public-key-algorithms> lists all supported public
 key algorithms.
 
-The pseudo-command B<no->I<XXX> tests whether a command of the
+The command B<no->I<XXX> tests whether a command of the
 specified name is available.  If no command named I<XXX> exists, it
 returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1
 and prints I<XXX>.  In both cases, the output goes to B<stdout> and
@@ -63,7 +63,7 @@ are always ignored.  Since for each cipher there is a command of the
 same name, this provides an easy way for shell scripts to test for the
 availability of ciphers in the B<openssl> program.  (B<no->I<XXX> is
 not able to detect pseudo-commands such as B<quit>,
-B<list->I<...>B<-commands>, or B<no->I<XXX> itself.)
+B<list>, or B<no->I<XXX> itself.)
 
 =head2 STANDARD COMMANDS
 
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 3cbabb7..46bbfe6 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -127,13 +127,6 @@ in the configuration file and any requested extensions.
 If the B<-key> option is not used it will generate a new RSA private
 key using information specified in the configuration file.
 
-=item B<-subj arg>
-
-Replaces subject field of input request with specified data and outputs
-modified request. The arg must be formatted as
-I</type0=value0/type1=value1/type2=...>,
-characters may be escaped by \ (backslash), no spaces are skipped.
-
 =item B<-rand file(s)>
 
 a file or files containing random data used to seed the random number
@@ -198,8 +191,9 @@ will not be encrypted.
 
 =item B<-[digest]>
 
-this specifies the message digest to sign the request with (such as
-B<-md5>, B<-sha1>). This overrides the digest algorithm specified in
+this specifies the message digest to sign the request.
+Any digest supported by the OpenSSL B<dgst> command can be used.
+This overrides the digest algorithm specified in
 the configuration file.
 
 Some public key algorithms may override this choice. For instance, DSA
@@ -385,9 +379,10 @@ option. For compatibility B<encrypt_rsa_key> is an equivalent option.
 
 =item B<default_md>
 
-This option specifies the digest algorithm to use. Possible values
-include B<md5 sha1 mdc2>. If not present then MD5 is used. This
-option can be overridden on the command line.
+This option specifies the digest algorithm to use.
+Any digest supported by the OpenSSL B<dgst> command can be used.
+If not present then MD5 is used.
+This option can be overridden on the command line.
 
 =item B<string_mask>
 
diff --git a/doc/apps/ts.pod b/doc/apps/ts.pod
index ff086d8..7a55b61 100644
--- a/doc/apps/ts.pod
+++ b/doc/apps/ts.pod
@@ -12,7 +12,7 @@ B<-query>
 [B<-config> configfile]
 [B<-data> file_to_hash]
 [B<-digest> digest_bytes]
-[B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...>]
+[B<-[digest]>]
 [B<-policy> object_id]
 [B<-no_nonce>]
 [B<-cert>]
@@ -124,10 +124,10 @@ per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or
 1AF601...). The number of bytes must match the message digest algorithm
 in use. (Optional)
 
-=item B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...>
+=item B<-[digest]>
 
-The message digest to apply to the data file, it supports all the message
-digest algorithms that are supported by the openssl B<dgst> command.
+The message digest to apply to the data file.
+Any digest supported by the OpenSSL B<dgst> command can be used.
 The default is SHA-1. (Optional)
 
 =item B<-policy> object_id
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index 0c6aaef..a06393d 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -55,7 +55,7 @@ B<openssl> B<x509>
 [B<-text>]
 [B<-certopt option>]
 [B<-C>]
-[B<-md2|-md5|-sha1|-mdc2>]
+[B<-[digest]>]
 [B<-clrext>]
 [B<-extfile filename>]
 [B<-extensions section>]
@@ -101,12 +101,15 @@ if this option is not specified.
 This specifies the output filename to write to or standard output by
 default.
 
-=item B<-md2|-md5|-sha1|-mdc2>
+=item B<-[digest]>
 
-the digest to use. This affects any signing or display option that uses a message
-digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
-specified then SHA1 is used. If the key being used to sign with is a DSA key
-then this option has no effect: SHA1 is always used with DSA keys.
+the digest to use.
+This affects any signing or display option that uses a message
+digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options.
+Any digest supported by the OpenSSL B<dgst> command can be used.
+If not specified then SHA1 is used.
+Note that if a DSA key is used for signing, then this flag is ignored
+and SHA1 is used.
 
 =item B<-engine id>