Use SHA256 not MD5 as default digest.

(Documentation update was in the MR but not the commit. Oops.) Reviewed-by: N Viktor Dukhovni <viktor@openssl.org>

Use SHA256 not MD5 as default digest.
(Documentation update was in the MR but not the commit. Oops.) Reviewed-by: N Viktor Dukhovni <viktor@openssl.org>
9e8b6f04 · Rich Salz · 40abdf8e · 9e8b6f04 · 9e8b6f04 · 9e8b6f04
隐藏空白更改
内联并排

Showing with 26 addition and 3 deletion

CHANGES CHANGES +4 -0

doc/apps/dgst.pod doc/apps/dgst.pod +12 -2

doc/apps/enc.pod doc/apps/enc.pod +10 -1

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -210,6 +210,10 @@
  *) Added HTTP GET support to the ocsp command.
     [Rich Salz]

+  *) Changed default digest for the dgst and enc commands from MD5 to
+     sha256
+     [Rich Salz]
+
  *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.
     [Matt Caswell]


--- a/doc/apps/dgst.pod
+++ b/doc/apps/dgst.pod
@@ -2,12 +2,12 @@

 =head1 NAME

-dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests
+dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5 - message digests

 =head1 SYNOPSIS

 B<openssl> B<dgst> 
-[B<-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md2|-md4|-md5|-dss1>]
+[B<-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md4|-md5>]
 [B<-c>]
 [B<-d>]
 [B<-hex>]
@@ -36,6 +36,13 @@ The digest functions output the message digest of a supplied file or files
 in hexadecimal.  The digest functions also generate and verify digital
 signatures using message digests.

+The generic name, B<dgst>, may be used with an option specifying the
+algorithm to be used.
+The default digest is I<sha256>.
+The digest name may also be used as the command name.
+To see the list of supported algorithms, use the <Ilist --digest-commands>
+command.
+
 =head1 OPTIONS

 =over 4
@@ -209,5 +216,8 @@ Hex signatures cannot be verified using B<openssl>.  Instead, use "xxd -r"
 or similar program to transform the hex signature into a binary signature
 prior to verification.

+=head1 HISTORY
+
+The default digest was chaned from MD5 to SHA256 in Openssl 1.1.

 =cut
--- a/doc/apps/enc.pod
+++ b/doc/apps/enc.pod
@@ -22,7 +22,7 @@ B<openssl enc -ciphername>
 [B<-salt>]
 [B<-nosalt>]
 [B<-z>]
-[B<-md>]
+[B<-md digest>]
 [B<-p>]
 [B<-P>]
 [B<-bufsize number>]
@@ -97,6 +97,11 @@ read the password to derive the key from the first line of B<filename>.
 This is for compatibility with previous versions of OpenSSL. Superseded by
 the B<-pass> argument.

+=item B<-md digest>
+
+Use the specified digest to create the key from the passphrase.
+The default algorithm is sha-256.
+
 =item B<-nosalt>

 do not use a salt 
@@ -329,4 +334,8 @@ The B<enc> program only supports a fixed number of algorithms with
 certain parameters. So if, for example, you want to use RC2 with a
 76 bit key or RC4 with an 84 bit key you can't use this program.

+=head1 HISTORY
+
+The default digest was chaned from MD5 to SHA256 in Openssl 1.1.
+
 =cut