Upgrade chrome's OpenSSL to same version Android ships with.

openssl/doc/apps/dgst.pod

 =pod
 
 =head1 NAME
 
 dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 - message digests
 
 =head1 SYNOPSIS
 
 B<openssl> B<dgst> 
 [B<-md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1>]
 [B<-c>]
 [B<-d>]
 [B<-hex>]
 [B<-binary>]
 [B<-out filename>]
 [B<-sign filename>]
+[B<-keyform arg>]
 [B<-passin arg>]
 [B<-verify filename>]
 [B<-prverify filename>]
 [B<-signature filename>]
 [B<-hmac key>]
 [B<file...>]
 
 [B<md5|md4|md2|sha1|sha|mdc2|ripemd160>]
 [B<-c>]
 [B<-d>]
@@ skipping 27 matching lines @@
 output the digest or signature in binary form.
 
 =item B<-out filename>
 
 filename to output to, or standard output by default.
 
 =item B<-sign filename>
 
 digitally sign the digest using the private key in "filename".
 
+=item B<-keyform arg>
+
+Specifies the key format to sign digest with. Only PEM and ENGINE
+formats are supported by the B<dgst> command.
+
+=item B<-engine id>
+
+Use engine B<id> for operations (including private key storage).
+This engine is not used as source for digest algorithms, unless it is
+also specified in the configuration file.
+
+=item B<-sigopt nm:v>
+
+Pass options to the signature algorithm during sign or verify operations.
+Names and values of these options are algorithm-specific.
+
+
 =item B<-passin arg>
 
 the private key password source. For more information about the format of B<arg>
 see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
 
 =item B<-verify filename>
 
 verify the signature using the the public key in "filename".
 The output is either "Verification OK" or "Verification Failure".
 
 =item B<-prverify filename>
 
 verify the signature using the  the private key in "filename".
 
 =item B<-signature filename>
 
 the actual signature to verify.
 
 =item B<-hmac key>
 
 create a hashed MAC using "key".
 
+=item B<-mac alg>
+
+create MAC (keyed Message Authentication Code). The most popular MAC
+algorithm is HMAC (hash-based MAC), but there are other MAC algorithms
+which are not based on hash, for instance B<gost-mac> algorithm,
+supported by B<ccgost> engine. MAC keys and other options should be set
+via B<-macopt> parameter.
+
+=item B<-macopt nm:v>
+
+Passes options to MAC algorithm, specified by B<-mac> key.
+Following options are supported by both by B<HMAC> and B<gost-mac>:
+
+=over 8
+
+=item B<key:string>
+        
+Specifies MAC key as alphnumeric string (use if key contain printable
+characters only). String length must conform to any restrictions of
+the MAC algorithm for example exactly 32 chars for gost-mac.
+
+=item B<hexkey:string>
+
+Specifies MAC key in hexadecimal form (two hex digits per byte).
+Key length must conform to any restrictions of the MAC algorithm
+for example exactly 32 chars for gost-mac.
+
+=back
+
 =item B<-rand file(s)>
 
 a file or files containing random data used to seed the random number
 generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
 Multiple files can be specified separated by a OS-dependent character.
 The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others. 
 
 =item B<file...>
 
@@ skipping 10 matching lines @@
 If you wish to sign or verify data using the DSA algorithm then the dss1
 digest must be used.
 
 A source of random numbers is required for certain signing algorithms, in
 particular DSA.
 
 The signing and verify options should only be used if a single file is
 being signed or verified.
 
 =cut