From f11f1c0f8ad579cfb88a2559e3efe0e0367cec85 Mon Sep 17 00:00:00 2001
From: naddy <>
Date: Fri, 18 Jan 2019 23:33:57 +0000
Subject: switch the default algorithm for the dgst command from MD5 to SHA256
 ok deraadt@

---
 src/usr.bin/openssl/dgst.c    | 4 ++--
 src/usr.bin/openssl/openssl.1 | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/usr.bin/openssl/dgst.c b/src/usr.bin/openssl/dgst.c
index 0bd8d66fc8..5456a6c701 100644
--- a/src/usr.bin/openssl/dgst.c
+++ b/src/usr.bin/openssl/dgst.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dgst.c,v 1.12 2018/02/07 05:47:55 jsing Exp $ */
+/* $OpenBSD: dgst.c,v 1.13 2019/01/18 23:33:57 naddy Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -373,7 +373,7 @@ mac_end:
 	/* we use md as a filter, reading from 'in' */
 	else {
 		if (md == NULL)
-			md = EVP_md5();
+			md = EVP_sha256();
 		if (!BIO_set_md(bmd, md)) {
 			BIO_printf(bio_err, "Error setting digest %s\n", pname);
 			ERR_print_errors(bio_err);
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 1a116c4477..5c3b61b275 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.97 2019/01/18 07:11:51 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.98 2019/01/18 23:33:57 naddy Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -1010,16 +1010,16 @@ Print BIO debugging information.
 .It Fl Ar digest
 Use the specified message
 .Ar digest .
-The default is MD5.
+The default is SHA256.
 The available digests can be displayed using
 .Nm openssl
 .Cm list-message-digest-commands .
 The following are equivalent:
 .Nm openssl dgst
-.Fl md5
+.Fl sha256
 and
 .Nm openssl
-.Cm md5 .
+.Cm sha256 .
 .It Fl hex
 Digest is to be output as a hex dump.
 This is the default case for a
-- 
cgit v1.2.3-55-g6feb