[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Sun Dec 13 00:25:39 UTC 2015

The branch master has been updated
       via  9e8b6f042749ded556380227c9f2db7ffad9a3aa (commit)
      from  40abdf8e395c0851adb87382388acf887d79ffc3 (commit)

- Log -----------------------------------------------------------------
commit 9e8b6f042749ded556380227c9f2db7ffad9a3aa
Author: Rich Salz <rsalz at openssl.org>
Date:   Sat Dec 12 19:25:25 2015 -0500

    Use SHA256 not MD5 as default digest.
    (Documentation update was in the MR but not the commit.  Oops.)
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>


Summary of changes:
 CHANGES           |  4 ++++
 doc/apps/dgst.pod | 14 ++++++++++++--
 doc/apps/enc.pod  | 11 ++++++++++-
 3 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index 7a44426..a7833db 100644
@@ -210,6 +210,10 @@
   *) Added HTTP GET support to the ocsp command.
      [Rich Salz]
+  *) Changed default digest for the dgst and enc commands from MD5 to
+     sha256
+     [Rich Salz]
   *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.
      [Matt Caswell]
diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod
index 1b1a7e1..3c68ddd 100644
--- a/doc/apps/dgst.pod
+++ b/doc/apps/dgst.pod
@@ -2,12 +2,12 @@
 =head1 NAME
-dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests
+dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5 - message digests
 =head1 SYNOPSIS
 B<openssl> B<dgst> 
@@ -36,6 +36,13 @@ The digest functions output the message digest of a supplied file or files
 in hexadecimal.  The digest functions also generate and verify digital
 signatures using message digests.
+The generic name, B<dgst>, may be used with an option specifying the
+algorithm to be used.
+The default digest is I<sha256>.
+The digest name may also be used as the command name.
+To see the list of supported algorithms, use the <Ilist --digest-commands>
 =head1 OPTIONS
 =over 4
@@ -209,5 +216,8 @@ Hex signatures cannot be verified using B<openssl>.  Instead, use "xxd -r"
 or similar program to transform the hex signature into a binary signature
 prior to verification.
+=head1 HISTORY
+The default digest was chaned from MD5 to SHA256 in Openssl 1.1.
diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod
index 8f7e1cb..bcaa49f 100644
--- a/doc/apps/enc.pod
+++ b/doc/apps/enc.pod
@@ -22,7 +22,7 @@ B<openssl enc -ciphername>
+[B<-md digest>]
 [B<-bufsize number>]
@@ -97,6 +97,11 @@ read the password to derive the key from the first line of B<filename>.
 This is for compatibility with previous versions of OpenSSL. Superseded by
 the B<-pass> argument.
+=item B<-md digest>
+Use the specified digest to create the key from the passphrase.
+The default algorithm is sha-256.
 =item B<-nosalt>
 do not use a salt 
@@ -329,4 +334,8 @@ The B<enc> program only supports a fixed number of algorithms with
 certain parameters. So if, for example, you want to use RC2 with a
 76 bit key or RC4 with an 84 bit key you can't use this program.
+=head1 HISTORY
+The default digest was chaned from MD5 to SHA256 in Openssl 1.1.

More information about the openssl-commits mailing list