Match OpenSSL 1.1's openssl(1) and switch the default algorithm for
the dgst command from MD5 to SHA256.

This is in line with the MD5 -> SHA256 change in the default key
derivation for the enc command, and general good crypto principles.

ok?

Index: dgst.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/dgst.c,v
retrieving revision 1.12
diff -u -p -r1.12 dgst.c
--- dgst.c      7 Feb 2018 05:47:55 -0000       1.12
+++ dgst.c      18 Jan 2019 22:51:14 -0000
@@ -373,7 +373,7 @@ mac_end:
        /* we use md as a filter, reading from 'in' */
        else {
                if (md == NULL)
-                       md = EVP_md5();
+                       md = EVP_sha256();
                if (!BIO_set_md(bmd, md)) {
                        BIO_printf(bio_err, "Error setting digest %s\n", pname);
                        ERR_print_errors(bio_err);
Index: openssl.1
===================================================================
RCS file: /cvs/src/usr.bin/openssl/openssl.1,v
retrieving revision 1.97
diff -u -p -r1.97 openssl.1
--- openssl.1   18 Jan 2019 07:11:51 -0000      1.97
+++ openssl.1   18 Jan 2019 22:52:53 -0000
@@ -1010,16 +1010,16 @@ Print BIO debugging information.
 .It Fl Ar digest
 Use the specified message
 .Ar digest .
-The default is MD5.
+The default is SHA256.
 The available digests can be displayed using
 .Nm openssl
 .Cm list-message-digest-commands .
 The following are equivalent:
 .Nm openssl dgst
-.Fl md5
+.Fl sha256
 and
 .Nm openssl
-.Cm md5 .
+.Cm sha256 .
 .It Fl hex
 Digest is to be output as a hex dump.
 This is the default case for a
-- 
Christian "naddy" Weisgerber                          na...@mips.inka.de

Reply via email to