generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use SHA256 not MD5 as default digest.

Browse Source 
(Documentation update was in the MR but not the commit.  Oops.)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Rich Salz 2015-12-12 19:25:25 -05:00
parent 40abdf8e39
commit 9e8b6f0427
3 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -210,6 +210,10 @@
*) Added HTTP GET support to the ocsp command. *) Added HTTP GET support to the ocsp command.
[Rich Salz] [Rich Salz]
*) Changed default digest for the dgst and enc commands from MD5 to
sha256
[Rich Salz]
*) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead. *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.
[Matt Caswell] [Matt Caswell]

14
doc/apps/dgst.pod
View File

@ -2,12 +2,12 @@
=head1 NAME =head1 NAME
dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5 - message digests
=head1 SYNOPSIS =head1 SYNOPSIS
B<openssl> B<dgst> B<openssl> B<dgst>
[B<-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md2|-md4|-md5|-dss1>] [B<-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md4|-md5>]
[B<-c>] [B<-c>]
[B<-d>] [B<-d>]
[B<-hex>] [B<-hex>]
@ -36,6 +36,13 @@ The digest functions output the message digest of a supplied file or files
in hexadecimal. The digest functions also generate and verify digital in hexadecimal. The digest functions also generate and verify digital
signatures using message digests. signatures using message digests.
The generic name, B<dgst>, may be used with an option specifying the
algorithm to be used.
The default digest is I<sha256>.
The digest name may also be used as the command name.
To see the list of supported algorithms, use the <Ilist --digest-commands>
command.
=head1 OPTIONS =head1 OPTIONS
=over 4 =over 4
@ -209,5 +216,8 @@ Hex signatures cannot be verified using B<openssl>. Instead, use "xxd -r"
or similar program to transform the hex signature into a binary signature or similar program to transform the hex signature into a binary signature
prior to verification. prior to verification.
=head1 HISTORY
The default digest was chaned from MD5 to SHA256 in Openssl 1.1.
=cut =cut

11
doc/apps/enc.pod
View File

@ -22,7 +22,7 @@ B<openssl enc -ciphername>
[B<-salt>] [B<-salt>]
[B<-nosalt>] [B<-nosalt>]
[B<-z>] [B<-z>]
[B<-md>] [B<-md digest>]
[B<-p>] [B<-p>]
[B<-P>] [B<-P>]
[B<-bufsize number>] [B<-bufsize number>]
@ -97,6 +97,11 @@ read the password to derive the key from the first line of B<filename>.
This is for compatibility with previous versions of OpenSSL. Superseded by This is for compatibility with previous versions of OpenSSL. Superseded by
the B<-pass> argument. the B<-pass> argument.
=item B<-md digest>
Use the specified digest to create the key from the passphrase.
The default algorithm is sha-256.
=item B<-nosalt> =item B<-nosalt>
do not use a salt do not use a salt
@ -329,4 +334,8 @@ The B<enc> program only supports a fixed number of algorithms with
certain parameters. So if, for example, you want to use RC2 with a certain parameters. So if, for example, you want to use RC2 with a
76 bit key or RC4 with an 84 bit key you can't use this program. 76 bit key or RC4 with an 84 bit key you can't use this program.
=head1 HISTORY
The default digest was chaned from MD5 to SHA256 in Openssl 1.1.
=cut =cut