Index: generic/tlsDigest.c
==================================================================
--- generic/tlsDigest.c
+++ generic/tlsDigest.c
@@ -135,11 +135,11 @@
  *
  *-------------------------------------------------------------------
  */
 int Tls_DigestInit(Tcl_Interp *interp, DigestState *statePtr, const EVP_MD *md,
 	const EVP_CIPHER *cipher, Tcl_Obj *keyObj) {
-    int key_len, res = 0;
+    int key_len = 0, res = 0;
     const unsigned char *key;
 
     /* Create message digest context */
     if (statePtr->format & TYPE_MD) {
 	statePtr->ctx = EVP_MD_CTX_new();
@@ -150,11 +150,11 @@
     } else if (statePtr->format & TYPE_CMAC) {
 	statePtr->cctx = CMAC_CTX_new();
 	res = (statePtr->cctx != NULL);
     }
     if (!res) {
-	Tcl_AppendResult(interp, "Create digest context failed: ", REASON(), NULL);
+	Tcl_AppendResult(interp, "Create context failed: ", REASON(), NULL);
 	return TCL_ERROR;
     }
 
     /* Initialize hash function */
     if (statePtr->format & TYPE_MD) {
@@ -165,11 +165,11 @@
     } else if (statePtr->format & TYPE_CMAC) {
 	key = Tcl_GetByteArrayFromObj(keyObj, &key_len);
 	res = CMAC_Init(statePtr->cctx, (const void *) key, key_len, cipher, NULL);
     }
     if (!res) {
-	Tcl_AppendResult(interp, "Initialize digest failed: ", REASON(), NULL);
+	Tcl_AppendResult(interp, "Initialize failed: ", REASON(), NULL);
 	return TCL_ERROR;
     }
     return TCL_OK;
 }
 
@@ -186,19 +186,23 @@
  * Side effects:
  *	Adds buf to hash function
  *
  *-------------------------------------------------------------------
  */
-int Tls_DigestUpdate(DigestState *statePtr, char *buf, size_t read) {
+int Tls_DigestUpdate(DigestState *statePtr, char *buf, size_t read, int show) {
     int res = 0;
 
     if (statePtr->format & TYPE_MD) {
 	res = EVP_DigestUpdate(statePtr->ctx, buf, read);
     } else if (statePtr->format & TYPE_HMAC) {
 	res = HMAC_Update(statePtr->hctx, buf, read);
     } else if (statePtr->format & TYPE_CMAC) {
 	res = CMAC_Update(statePtr->cctx, buf, read);
+    }
+    if (!res && show) {
+	Tcl_AppendResult(statePtr->interp, "Update failed: ", REASON(), NULL);
+	return TCL_ERROR;
     }
     return res;
 }
 
 /*
@@ -232,11 +236,11 @@
 	size_t len;
 	res = CMAC_Final(statePtr->cctx, md_buf, &len);
 	md_len = (unsigned int) len;
     }
     if (!res) {
-	Tcl_AppendResult(interp, "Finalize digest failed: ", REASON(), NULL);
+	Tcl_AppendResult(interp, "Finalize failed: ", REASON(), NULL);
 	return TCL_ERROR;
     }
 
     /* Return message digest as either a binary or hex string */
     if (statePtr->format & BIN_FORMAT) {
@@ -291,10 +295,11 @@
     }
     Tcl_SetChannelBufferSize(chan, BUFFER_SIZE);
 
     /* Create state data struct */
     if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
+	Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
 	res = TCL_ERROR;
 	goto done;
     }
 
     /* Initialize hash function */
@@ -304,12 +309,11 @@
 
     /* Read file data and update hash function */
     while (!Tcl_Eof(chan)) {
 	len = Tcl_ReadRaw(chan, (char *) buf, BUFFER_SIZE);
 	if (len > 0) {
-	    if (!Tls_DigestUpdate(statePtr, &buf[0], (size_t) len)) {
-		Tcl_AppendResult(interp, "Update digest failed: ", REASON(), NULL);
+	    if (!Tls_DigestUpdate(statePtr, &buf[0], (size_t) len, 1)) {
 		res = TCL_ERROR;
 		goto done;
 	    }
 	}
     }
@@ -433,12 +437,12 @@
     parent = Tcl_GetStackedChannel(statePtr->self);
     read = Tcl_ReadRaw(parent, buf, toRead);
 
     /* Update hash function */
     if (read > 0) {
-	if (!Tls_DigestUpdate(statePtr, buf, (size_t) read)) {
-	    Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Digest update failed: %s", REASON()));
+	if (!Tls_DigestUpdate(statePtr, buf, (size_t) read, 0)) {
+	    Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Update failed: %s", REASON()));
 	    *errorCodePtr = EINVAL;
 	    return -1;
 	}
 	/* This is correct */
 	read = -1;
@@ -462,11 +466,11 @@
 	    size_t len;
 	    res = CMAC_Final(statePtr->cctx, md_buf, &len);
 	    md_len = (unsigned int) len;
 	}
 	if (!res) {
-	    Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Digest finalize failed: %s", REASON()));
+	    Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Finalize failed: %s", REASON()));
 	    *errorCodePtr = EINVAL;
 
 	/* Write message digest to output channel as byte array or hex string */
 	} else if (md_len > 0) {
 	    if ((statePtr->format & BIN_FORMAT) && toRead >= (int) md_len) {
@@ -514,12 +518,12 @@
     if (toWrite <= 0 || statePtr->self == (Tcl_Channel) NULL) {
 	return 0;
     }
 
     /* Update hash function */
-    if (toWrite > 0 && !Tls_DigestUpdate(statePtr, buf, (size_t) toWrite)) {
-	Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Digest update failed: %s", REASON()));
+    if (toWrite > 0 && !Tls_DigestUpdate(statePtr, buf, (size_t) toWrite, 0)) {
+	Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Update failed: %s", REASON()));
 	*errorCodePtr = EINVAL;
 	return -1;
     }
     return toWrite;
 }
@@ -799,11 +803,11 @@
     /* Make sure to operate on the topmost channel */
     chan = Tcl_GetTopChannel(chan);
 
     /* Create state data struct */
     if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
-	Tcl_AppendResult(interp, "Initialize digest error: memory allocation failure", (char *) NULL);
+	Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
 	return TCL_ERROR;
     }
     statePtr->self = chan;
     statePtr->mode = mode;
 
@@ -924,19 +928,17 @@
 	    Tcl_WrongNumArgs(interp, 1, objv, "update data");
 	    return TCL_ERROR;
 	}
 
 	/* Update hash function */
-	if (!Tls_DigestUpdate(statePtr, buf, (size_t) len)) {
-	    Tcl_SetObjResult(interp, Tcl_ObjPrintf("Digest update failed: %s", REASON()));
+	if (!Tls_DigestUpdate(statePtr, buf, (size_t) len, 1)) {
 	    return TCL_ERROR;
 	}
 
     } else {
 	/* Finalize hash function and calculate message digest */
 	if (Tls_DigestFinialize(interp, statePtr) != TCL_OK) {
-	    Tcl_SetObjResult(interp, Tcl_ObjPrintf("Digest finalize failed: %s", REASON()));
 	    return TCL_ERROR;
 	}
 
 	Tcl_DeleteCommandFromToken(interp, statePtr->token);
     }
@@ -985,11 +987,11 @@
     DigestState *statePtr;
     char *cmdName = Tcl_GetStringFromObj(cmdObj, NULL);
 
     /* Create state data struct */
     if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
-	Tcl_AppendResult(interp, "Initialize digest error: memory allocation failure", (char *) NULL);
+	Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
 	return TCL_ERROR;
     }
 
     /* Initialize hash function */
     if (Tls_DigestInit(interp, statePtr, md, cipher, keyObj) != TCL_OK) {
@@ -1063,11 +1065,11 @@
 	if ((statePtr = Tls_DigestNew(interp, format)) == NULL) {
 	    Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
 	    return TCL_ERROR;
 	}
 	if (Tls_DigestInit(interp, statePtr, md, cipher, keyObj) != TCL_OK ||
-	    Tls_DigestUpdate(statePtr, data, (size_t) len) == 0 ||
+	    Tls_DigestUpdate(statePtr, data, (size_t) len, 1) == 0 ||
 	    Tls_DigestFinialize(interp, statePtr) != TCL_OK) {
 	    Tls_DigestFree(statePtr);
 	    return TCL_ERROR;
 	}
 	Tls_DigestFree(statePtr);

Index: generic/tlsX509.c
==================================================================
--- generic/tlsX509.c
+++ generic/tlsX509.c
@@ -432,17 +432,17 @@
     len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ);
     LAPPEND_STR(interp, certPtr, "subject", buffer, len);
 
     /* SHA1 Digest (Fingerprint) of cert - DER representation */
     if (X509_digest(cert, EVP_sha1(), md, &len)) {
-    len = String_to_Hex(md, len, buffer, BUFSIZ);
+	len = String_to_Hex(md, len, buffer, BUFSIZ);
 	LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, len);
     }
 
     /* SHA256 Digest (Fingerprint) of cert - DER representation */
     if (X509_digest(cert, EVP_sha256(), md, &len)) {
-    len = String_to_Hex(md, len, buffer, BUFSIZ);
+	len = String_to_Hex(md, len, buffer, BUFSIZ);
 	LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, len);
     }
 
     /* Subject Public Key Info specifies the public key and identifies the
 	algorithm with which the key is used. RFC 5280 section 4.1.2.7 */
@@ -478,11 +478,11 @@
 
     /* Get extensions flags */
     xflags = X509_get_extension_flags(cert);
     LAPPEND_INT(interp, certPtr, "extFlags", xflags);
 
-	/* Check if cert was issued by CA cert issuer or self signed */
+    /* Check if cert was issued by CA cert issuer or self signed */
     LAPPEND_BOOL(interp, certPtr, "selfIssued", xflags & EXFLAG_SI);
     LAPPEND_BOOL(interp, certPtr, "selfSigned", xflags & EXFLAG_SS);
     LAPPEND_BOOL(interp, certPtr, "isProxyCert", xflags & EXFLAG_PROXY);
     LAPPEND_BOOL(interp, certPtr, "extInvalid", xflags & EXFLAG_INVALID);
     LAPPEND_BOOL(interp, certPtr, "isCACert", X509_check_ca(cert));
@@ -489,11 +489,11 @@
 
     /* The Unique Ids are used to handle the possibility of reuse of subject
 	and/or issuer names over time. RFC 5280 section 4.1.2.8 */
     {
 	const ASN1_BIT_STRING *iuid, *suid;
-        X509_get0_uids(cert, &iuid, &suid);
+	X509_get0_uids(cert, &iuid, &suid);
 
 	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1));
 	if (iuid != NULL) {
 	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)iuid->data, iuid->length));
 	} else {
@@ -514,11 +514,11 @@
 
     /* Authority Key Identifier (AKI) is the Subject Key Identifier (SKI) of
 	its signer (the CA). RFC 5280 section 4.2.1.1, NID_authority_key_identifier */
     LAPPEND_OBJ(interp, certPtr, "authorityKeyIdentifier",
 	Tls_x509Identifier(X509_get0_authority_key_id(cert)));
-
+ 
     /* Subject Key Identifier (SKI) is used to identify certificates that contain
 	a particular public key. RFC 5280 section 4.2.1.2, NID_subject_key_identifier */
     LAPPEND_OBJ(interp, certPtr, "subjectKeyIdentifier",
 	Tls_x509Identifier(X509_get0_subject_key_id(cert)));