Match OpenSSL 1.1's openssl(1) and switch the default algorithm for the dgst command from MD5 to SHA256.
This is in line with the MD5 -> SHA256 change in the default key derivation for the enc command, and general good crypto principles. ok? Index: dgst.c =================================================================== RCS file: /cvs/src/usr.bin/openssl/dgst.c,v retrieving revision 1.12 diff -u -p -r1.12 dgst.c --- dgst.c 7 Feb 2018 05:47:55 -0000 1.12 +++ dgst.c 18 Jan 2019 22:51:14 -0000 @@ -373,7 +373,7 @@ mac_end: /* we use md as a filter, reading from 'in' */ else { if (md == NULL) - md = EVP_md5(); + md = EVP_sha256(); if (!BIO_set_md(bmd, md)) { BIO_printf(bio_err, "Error setting digest %s\n", pname); ERR_print_errors(bio_err); Index: openssl.1 =================================================================== RCS file: /cvs/src/usr.bin/openssl/openssl.1,v retrieving revision 1.97 diff -u -p -r1.97 openssl.1 --- openssl.1 18 Jan 2019 07:11:51 -0000 1.97 +++ openssl.1 18 Jan 2019 22:52:53 -0000 @@ -1010,16 +1010,16 @@ Print BIO debugging information. .It Fl Ar digest Use the specified message .Ar digest . -The default is MD5. +The default is SHA256. The available digests can be displayed using .Nm openssl .Cm list-message-digest-commands . The following are equivalent: .Nm openssl dgst -.Fl md5 +.Fl sha256 and .Nm openssl -.Cm md5 . +.Cm sha256 . .It Fl hex Digest is to be output as a hex dump. This is the default case for a -- Christian "naddy" Weisgerber na...@mips.inka.de