Use SHA256 not MD5 as default digest.
authorRich Salz <rsalz@akamai.com>
Sat, 13 Jun 2015 21:03:39 +0000 (17:03 -0400)
committerRich Salz <rsalz@openssl.org>
Fri, 11 Dec 2015 16:59:59 +0000 (11:59 -0500)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
apps/ca.c
apps/dgst.c
apps/enc.c

index f6ba239..535526c 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1420,7 +1420,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
     } else
         BIO_printf(bio_err, "Signature ok\n");
 
-    if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
+    if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
         goto end;
 
     ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
index e62a8de..fb09a45 100644 (file)
@@ -375,7 +375,7 @@ int dgst_main(int argc, char **argv)
             goto end;
         }
         if (md == NULL)
-            md = EVP_md5();
+            md = EVP_sha256();
         if (!EVP_DigestInit_ex(mctx, md, impl)) {
             BIO_printf(bio_err, "Error setting digest\n");
             ERR_print_errors(bio_err);
index b0c82d6..cf02185 100644 (file)
@@ -306,7 +306,7 @@ int enc_main(int argc, char **argv)
     }
 
     if (dgst == NULL)
-        dgst = EVP_md5();
+        dgst = EVP_sha256();
 
     /* It must be large enough for a base64 encoded line */
     if (base64 && bsize < 80)