Match OpenSSL 1.1's openssl(1) and switch the default algorithm for
the dgst command from MD5 to SHA256.
This is in line with the MD5 -> SHA256 change in the default key
derivation for the enc command, and general good crypto principles.
ok?
Index: dgst.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/dgst.c,v
retrieving revision 1.12
diff -u -p -r1.12 dgst.c
--- dgst.c 7 Feb 2018 05:47:55 -0000 1.12
+++ dgst.c 18 Jan 2019 22:51:14 -0000
@@ -373,7 +373,7 @@ mac_end:
/* we use md as a filter, reading from 'in' */
else {
if (md == NULL)
- md = EVP_md5();
+ md = EVP_sha256();
if (!BIO_set_md(bmd, md)) {
BIO_printf(bio_err, "Error setting digest %s\n", pname);
ERR_print_errors(bio_err);
Index: openssl.1
===================================================================
RCS file: /cvs/src/usr.bin/openssl/openssl.1,v
retrieving revision 1.97
diff -u -p -r1.97 openssl.1
--- openssl.1 18 Jan 2019 07:11:51 -0000 1.97
+++ openssl.1 18 Jan 2019 22:52:53 -0000
@@ -1010,16 +1010,16 @@ Print BIO debugging information.
.It Fl Ar digest
Use the specified message
.Ar digest .
-The default is MD5.
+The default is SHA256.
The available digests can be displayed using
.Nm openssl
.Cm list-message-digest-commands .
The following are equivalent:
.Nm openssl dgst
-.Fl md5
+.Fl sha256
and
.Nm openssl
-.Cm md5 .
+.Cm sha256 .
.It Fl hex
Digest is to be output as a hex dump.
This is the default case for a
--
Christian "naddy" Weisgerber na...@mips.inka.de
