Use SHA256 not MD5 as default digest.

Reviewed-by: N Viktor Dukhovni <viktor@openssl.org>

Use SHA256 not MD5 as default digest.
Reviewed-by: N Viktor Dukhovni <viktor@openssl.org>
f8547f62 · Rich Salz · Rich Salz · 6ebe8dac · f8547f62 · f8547f62
隐藏空白更改
内联并排

Showing with 3 addition and 3 deletion

apps/ca.c apps/ca.c +1 -1

apps/dgst.c apps/dgst.c +1 -1

apps/enc.c apps/enc.c +1 -1

未找到文件。
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1420,7 +1420,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
    } else
        BIO_printf(bio_err, "Signature ok\n");

-    if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
+    if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
        goto end;

    ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,

--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -375,7 +375,7 @@ int dgst_main(int argc, char **argv)
            goto end;
        }
        if (md == NULL)
-            md = EVP_md5();
+            md = EVP_sha256();
        if (!EVP_DigestInit_ex(mctx, md, impl)) {
            BIO_printf(bio_err, "Error setting digest\n");
            ERR_print_errors(bio_err);

--- a/apps/enc.c
+++ b/apps/enc.c
@@ -306,7 +306,7 @@ int enc_main(int argc, char **argv)
    }

    if (dgst == NULL)
-        dgst = EVP_md5();
+        dgst = EVP_sha256();

    /* It must be large enough for a base64 encoded line */
    if (base64 && bsize < 80)