Upgrade chrome's OpenSSL to same version Android ships with.

openssl/doc/apps/enc.pod

 =pod
 
 =head1 NAME
 
 enc - symmetric cipher routines
 
 =head1 SYNOPSIS
 
 B<openssl enc -ciphername>
 [B<-in filename>]
 [B<-out filename>]
 [B<-pass arg>]
 [B<-e>]
 [B<-d>]
-[B<-a>]
+[B<-a/-base64>]
 [B<-A>]
 [B<-k password>]
 [B<-kfile filename>]
 [B<-K key>]
 [B<-iv IV>]
+[B<-S salt>]
+[B<-salt>]
+[B<-nosalt>]
+[B<-z>]
+[B<-md>]
 [B<-p>]
 [B<-P>]
 [B<-bufsize number>]
 [B<-nopad>]
 [B<-debug>]
+[B<-none>]
+[B<-engine id>]
 
 =head1 DESCRIPTION
 
 The symmetric cipher commands allow data to be encrypted or decrypted
 using various block and stream ciphers using keys based on passwords
 or explicitly provided. Base64 encoding or decoding can also be performed
 either by itself or in addition to the encryption or decryption.
 
 =head1 OPTIONS
 
@@ skipping 29 matching lines @@
 =item B<-d>
 
 decrypt the input data.
 
 =item B<-a>
 
 base64 process the data. This means that if encryption is taking place
 the data is base64 encoded after encryption. If decryption is set then
 the input data is base64 decoded before being decrypted.
 
+=item B<-base64>
+
+same as B<-a>
+
 =item B<-A>
 
 if the B<-a> option is set then base64 process the data on one line.
 
 =item B<-k password>
 
 the password to derive the key from. This is for compatibility with previous
 versions of OpenSSL. Superseded by the B<-pass> argument.
 
 =item B<-kfile filename>
 
 read the password to derive the key from the first line of B<filename>.
 This is for compatibility with previous versions of OpenSSL. Superseded by
 the B<-pass> argument.
 
+=item B<-nosalt>
+
+do not use a salt 
+
+=item B<-salt>
+
+use salt (randomly generated or provide with B<-S> option) when
+encrypting (this is the default).
+
 =item B<-S salt>
 
-the actual salt to use: this must be represented as a string comprised only
-of hex digits.
+the actual salt to use: this must be represented as a string of hex digits.
 
 =item B<-K key>
 
 the actual key to use: this must be represented as a string comprised only
 of hex digits. If only the key is specified, the IV must additionally specified
 using the B<-iv> option. When both a key and a password are specified, the
 key given with the B<-K> option will be used and the IV generated from the
 password will be taken. It probably does not make much sense to specify
 both key and password.
 
@@ skipping 18 matching lines @@
 set the buffer size for I/O
 
 =item B<-nopad>
 
 disable standard block padding
 
 =item B<-debug>
 
 debug the BIOs used for I/O.
 
+=item B<-z>
+
+Compress or decompress clear text using zlib before encryption or after
+decryption. This option exists only if OpenSSL with compiled with zlib
+or zlib-dynamic option.
+
+=item B<-none>
+
+Use NULL cipher (no encryption or decryption of input).
+
 =back
 
 =head1 NOTES
 
 The program can be called either as B<openssl ciphername> or
-B<openssl enc -ciphername>.
+B<openssl enc -ciphername>. But the first form doesn't work with
+engine-provided ciphers, because this form is processed before the
+configuration file is read and any ENGINEs loaded.
+
+Engines which provide entirely new encryption algorithms (such as ccgost
+engine which provides gost89 algorithm) should be configured in the
+configuration file. Engines, specified in the command line using -engine
+options can only be used for hadrware-assisted implementations of
+ciphers, which are supported by OpenSSL core or other engine, specified
+in the configuration file.
+
+When enc command lists supported ciphers, ciphers provided by engines,
+specified in the configuration files are listed too.
 
 A password will be prompted for to derive the key and IV if necessary.
 
 The B<-salt> option should B<ALWAYS> be used if the key is being derived
 from a password unless you want compatibility with previous versions of
 OpenSSL and SSLeay.
 
 Without the B<-salt> option it is possible to perform efficient dictionary
 attacks on the password and to attack stream cipher encrypted data. The reason
 for this is that without the salt the same password always generates the same
@@ skipping 12 matching lines @@
 
 If padding is disabled then the input data must be a multiple of the cipher
 block length.
 
 All RC2 ciphers have the same key and effective key length.
 
 Blowfish and RC5 algorithms use a 128 bit key.
 
 =head1 SUPPORTED CIPHERS
 
+Note that some of these ciphers can be disabled at compile time
+and some are available only if an appropriate engine is configured
+in the configuration file. The output of the B<enc> command run with
+unsupported options (for example B<openssl enc -help>) includes a
+list of ciphers, supported by your versesion of OpenSSL, including
+ones provided by configured engines.
+
+
  base64             Base 64
 
  bf-cbc             Blowfish in CBC mode
  bf                 Alias for bf-cbc
  bf-cfb             Blowfish in CFB mode
  bf-ecb             Blowfish in ECB mode
  bf-ofb             Blowfish in OFB mode
 
  cast-cbc           CAST in CBC mode
  cast               Alias for cast-cbc
@@ skipping 14 matching lines @@
  des-ede-ofb        Two key triple DES EDE in OFB mode
 
  des-ede3-cbc       Three key triple DES EDE in CBC mode
  des-ede3           Three key triple DES EDE in ECB mode
  des3               Alias for des-ede3-cbc
  des-ede3-cfb       Three key triple DES EDE CFB mode
  des-ede3-ofb       Three key triple DES EDE in OFB mode
 
  desx               DESX algorithm.
 
+ gost89             GOST 28147-89 in CFB mode (provided by ccgost engine)
+ gost89-cnt        `GOST 28147-89 in CNT mode (provided by ccgost engine) 
+
  idea-cbc           IDEA algorithm in CBC mode
  idea               same as idea-cbc
  idea-cfb           IDEA in CFB mode
  idea-ecb           IDEA in ECB mode
  idea-ofb           IDEA in OFB mode
 
  rc2-cbc            128 bit RC2 in CBC mode
  rc2                Alias for rc2-cbc
  rc2-cfb            128 bit RC2 in CFB mode
  rc2-ecb            128 bit RC2 in ECB mode
@@ skipping 54 matching lines @@
 
 The B<-A> option when used with large files doesn't work properly.
 
 There should be an option to allow an iteration count to be included.
 
 The B<enc> program only supports a fixed number of algorithms with
 certain parameters. So if, for example, you want to use RC2 with a
 76 bit key or RC4 with an 84 bit key you can't use this program.
 
 =cut