Commit 9e8b6f04 authored by Rich Salz's avatar Rich Salz
Browse files

Use SHA256 not MD5 as default digest. 



(Documentation update was in the MR but not the commit.  Oops.)
Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>
parent 40abdf8e

CHANGES

+4 −0
Original line number Original line Diff line number Diff line
@@ -210,6 +210,10 @@ 
  *) Added HTTP GET support to the ocsp command.

  *) Added HTTP GET support to the ocsp command.

     [Rich Salz]

     [Rich Salz]





  *) Changed default digest for the dgst and enc commands from MD5 to

     sha256

     [Rich Salz]



  *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.

  *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.

     [Matt Caswell]

     [Matt Caswell]

doc/apps/dgst.pod

+12 −2
Original line number Original line Diff line number Diff line
@@ -2,12 +2,12 @@ 




=head1 NAME

=head1 NAME





dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests

dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5 - message digests





=head1 SYNOPSIS

=head1 SYNOPSIS





B<openssl> B<dgst> 

B<openssl> B<dgst> 

[B<-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md2|-md4|-md5|-dss1>]

[B<-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md4|-md5>]

[B<-c>]

[B<-c>]

[B<-d>]

[B<-d>]

[B<-hex>]

[B<-hex>]
@@ -36,6 +36,13 @@ The digest functions output the message digest of a supplied file or files 
in hexadecimal.  The digest functions also generate and verify digital

in hexadecimal.  The digest functions also generate and verify digital

signatures using message digests.

signatures using message digests.





The generic name, B<dgst>, may be used with an option specifying the

algorithm to be used.

The default digest is I<sha256>.

The digest name may also be used as the command name.

To see the list of supported algorithms, use the <Ilist --digest-commands>

command.



=head1 OPTIONS

=head1 OPTIONS





=over 4

=over 4
@@ -209,5 +216,8 @@ Hex signatures cannot be verified using B<openssl>. Instead, use "xxd -r" 
or similar program to transform the hex signature into a binary signature

or similar program to transform the hex signature into a binary signature

prior to verification.

prior to verification.





=head1 HISTORY



The default digest was chaned from MD5 to SHA256 in Openssl 1.1.





=cut
 
=cut

doc/apps/enc.pod

+10 −1
Original line number Original line Diff line number Diff line
@@ -22,7 +22,7 @@ B<openssl enc -ciphername> 
[B<-salt>]

[B<-salt>]

[B<-nosalt>]

[B<-nosalt>]

[B<-z>]

[B<-z>]

[B<-md>]

[B<-md digest>]

[B<-p>]

[B<-p>]

[B<-P>]

[B<-P>]

[B<-bufsize number>]

[B<-bufsize number>]
@@ -97,6 +97,11 @@ read the password to derive the key from the first line of B<filename>. 
This is for compatibility with previous versions of OpenSSL. Superseded by

This is for compatibility with previous versions of OpenSSL. Superseded by

the B<-pass> argument.

the B<-pass> argument.





=item B<-md digest>



Use the specified digest to create the key from the passphrase.

The default algorithm is sha-256.



=item B<-nosalt>

=item B<-nosalt>





do not use a salt 

do not use a salt
@@ -329,4 +334,8 @@ The B<enc> program only supports a fixed number of algorithms with 
certain parameters. So if, for example, you want to use RC2 with a

certain parameters. So if, for example, you want to use RC2 with a

76 bit key or RC4 with an 84 bit key you can't use this program.

76 bit key or RC4 with an 84 bit key you can't use this program.





=head1 HISTORY



The default digest was chaned from MD5 to SHA256 in Openssl 1.1.



=cut
 
=cut