Commit 9e8b6f04 authored by Rich Salz's avatar Rich Salz
Browse files

Use SHA256 not MD5 as default digest. 



(Documentation update was in the MR but not the commit.  Oops.)
Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>
parent 40abdf8e

CHANGES

+4 −0
Original line number Diff line number Diff line
@@ -210,6 +210,10 @@ 
  *) Added HTTP GET support to the ocsp command.

     [Rich Salz]



  *) Changed default digest for the dgst and enc commands from MD5 to

     sha256

     [Rich Salz]



  *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.

     [Matt Caswell]

doc/apps/dgst.pod

+12 −2
Original line number Diff line number Diff line
@@ -2,12 +2,12 @@ 


=head1 NAME



dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests

dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5 - message digests



=head1 SYNOPSIS



B<openssl> B<dgst> 

[B<-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md2|-md4|-md5|-dss1>]

[B<-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md4|-md5>]

[B<-c>]

[B<-d>]

[B<-hex>]
@@ -36,6 +36,13 @@ The digest functions output the message digest of a supplied file or files 
in hexadecimal.  The digest functions also generate and verify digital

signatures using message digests.



The generic name, B<dgst>, may be used with an option specifying the

algorithm to be used.

The default digest is I<sha256>.

The digest name may also be used as the command name.

To see the list of supported algorithms, use the <Ilist --digest-commands>

command.



=head1 OPTIONS



=over 4
@@ -209,5 +216,8 @@ Hex signatures cannot be verified using B<openssl>. Instead, use "xxd -r" 
or similar program to transform the hex signature into a binary signature

prior to verification.



=head1 HISTORY



The default digest was chaned from MD5 to SHA256 in Openssl 1.1.



=cut

doc/apps/enc.pod

+10 −1
Original line number Diff line number Diff line
@@ -22,7 +22,7 @@ B<openssl enc -ciphername> 
[B<-salt>]

[B<-nosalt>]

[B<-z>]

[B<-md>]

[B<-md digest>]

[B<-p>]

[B<-P>]

[B<-bufsize number>]
@@ -97,6 +97,11 @@ read the password to derive the key from the first line of B<filename>. 
This is for compatibility with previous versions of OpenSSL. Superseded by

the B<-pass> argument.



=item B<-md digest>



Use the specified digest to create the key from the passphrase.

The default algorithm is sha-256.



=item B<-nosalt>



do not use a salt
@@ -329,4 +334,8 @@ The B<enc> program only supports a fixed number of algorithms with 
certain parameters. So if, for example, you want to use RC2 with a

76 bit key or RC4 with an 84 bit key you can't use this program.



=head1 HISTORY



The default digest was chaned from MD5 to SHA256 in Openssl 1.1.



=cut