diff options
author | Brent Cook <bcook@cvs.openbsd.org> | 2015-09-21 13:13:07 +0000 |
---|---|---|
committer | Brent Cook <bcook@cvs.openbsd.org> | 2015-09-21 13:13:07 +0000 |
commit | 4ce184f4ebd312a3ec83ee56669a42e8ece086c9 (patch) | |
tree | 00ece9122f3030ba9bce31217b39f1ce046d1415 /usr.bin | |
parent | 484c62580868b386067762d70a0274b77ee984b9 (diff) |
remove vestigial bits of sha-0 and md2 from openssl(1)
Noted by kinichiro on github. We probably need a better way to indicate the
list of message digests that are allowed, as the current ones are nowhere near
exhaustive (sigh - guenther@)
OK guenther@ jmc@
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/openssl/ca.c | 4 | ||||
-rw-r--r-- | usr.bin/openssl/openssl.1 | 23 | ||||
-rw-r--r-- | usr.bin/openssl/openssl.c | 5 | ||||
-rw-r--r-- | usr.bin/openssl/ts.c | 4 | ||||
-rw-r--r-- | usr.bin/openssl/x509.c | 4 |
5 files changed, 17 insertions, 23 deletions
diff --git a/usr.bin/openssl/ca.c b/usr.bin/openssl/ca.c index c9419ee7a73..a4f00ee62c0 100644 --- a/usr.bin/openssl/ca.c +++ b/usr.bin/openssl/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.14 2015/09/12 19:34:07 lteo Exp $ */ +/* $OpenBSD: ca.c,v 1.15 2015/09/21 13:13:06 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -132,7 +132,7 @@ static const char *ca_usage[] = { " -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n", " -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n", " -days arg - number of days to certify the certificate for\n", - " -md arg - md to use, one of md2, md5, sha or sha1\n", + " -md arg - md to use, one of md5 or sha1\n", " -policy arg - The CA 'policy' to support\n", " -keyfile arg - private key file\n", " -keyform arg - private key file format (PEM)\n", diff --git a/usr.bin/openssl/openssl.1 b/usr.bin/openssl/openssl.1 index 1ce8e84291f..dc593f42e74 100644 --- a/usr.bin/openssl/openssl.1 +++ b/usr.bin/openssl/openssl.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.1,v 1.28 2015/09/14 01:45:03 doug Exp $ +.\" $OpenBSD: openssl.1,v 1.29 2015/09/21 13:13:06 bcook Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" @@ -112,7 +112,7 @@ .\" .\" OPENSSL .\" -.Dd $Mdocdate: September 14 2015 $ +.Dd $Mdocdate: September 21 2015 $ .Dt OPENSSL 1 .Os .Sh NAME @@ -1795,7 +1795,7 @@ install user certificates and CAs in MSIE using the Xenroll control. .Bk -words .Oo .Fl gost-mac | streebog256 | streebog512 | md_gost94 | -.Fl md4 | md5 | ripemd160 | sha | sha1 | +.Fl md4 | md5 | ripemd160 | sha1 | .Fl sha224 | sha256 | sha384 | sha512 | whirlpool .Oc .Op Fl binary @@ -1818,7 +1818,7 @@ install user certificates and CAs in MSIE using the Xenroll control. .Pp .Nm openssl .Cm gost-mac | streebog256 | streebog512 | md_gost94 | -.Cm md4 | md5 | ripemd160 | sha | sha1 | +.Cm md4 | md5 | ripemd160 | sha1 | .Cm sha224 | sha256 | sha384 | sha512 | whirlpool .Op Fl c .Op Fl d @@ -2780,9 +2780,7 @@ Use to create a key from a pass phrase. .Ar digest may be one of -.Dq md2 , -.Dq md5 , -.Dq sha , +.Dq md5 or .Dq sha1 . .It Fl none @@ -4210,11 +4208,11 @@ command line option, including PKCS#5 v1.5 and PKCS#12. These are described in more detail below. .Pp .Bl -tag -width "XXXX" -compact -.It Ar PBE-MD2-DES | PBE-MD5-DES +.It Ar PBE-MD5-DES These algorithms were included in the original PKCS#5 v1.5 specification. They only offer 56 bits of protection since they both use DES. .Pp -.It Ar PBE-SHA1-RC2-64 | PBE-MD2-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES +.It Ar PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES These algorithms are not mentioned in the original PKCS#5 v1.5 specification but they use the same key derivation algorithm and are supported by some software. @@ -7663,7 +7661,6 @@ command were first added in .Op Cm dsa1024 .Op Cm dsa2048 .Op Cm hmac -.Op Cm md2 .Op Cm md4 .Op Cm md5 .Op Cm rc2 @@ -7715,7 +7712,7 @@ benchmarks in parallel. .Nm "openssl ts" .Bk -words .Fl query -.Op Fl md4 | md5 | ripemd160 | sha | sha1 +.Op Fl md4 | md5 | ripemd160 | sha1 .Op Fl cert .Op Fl config Ar configfile .Op Fl data Ar file_to_hash @@ -8860,7 +8857,7 @@ option was added in .Op Fl issuer_hash .Op Fl issuer_hash_old .Op Fl keyform Ar DER | PEM -.Op Fl md2 | md5 | sha1 +.Op Fl md5 | sha1 .Op Fl modulus .Op Fl nameopt Ar option .Op Fl noout @@ -8917,7 +8914,7 @@ The .Ar NET option is an obscure Netscape server format that is now obsolete. -.It Fl md2 | md5 | sha1 +.It Fl md5 | sha1 The digest to use. This affects any signing or display option that uses a message digest, such as the diff --git a/usr.bin/openssl/openssl.c b/usr.bin/openssl/openssl.c index 604cfddcea6..08132e8f96e 100644 --- a/usr.bin/openssl/openssl.c +++ b/usr.bin/openssl/openssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: openssl.c,v 1.12 2015/09/14 01:45:03 doug Exp $ */ +/* $OpenBSD: openssl.c,v 1.13 2015/09/21 13:13:06 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -226,9 +226,6 @@ FUNCTION functions[] = { #ifndef OPENSSL_NO_RIPEMD160 { FUNC_TYPE_MD, "ripemd160", dgst_main }, #endif -#ifndef OPENSSL_NO_SHA - { FUNC_TYPE_MD, "sha", dgst_main }, -#endif #ifndef OPENSSL_NO_SHA1 { FUNC_TYPE_MD, "sha1", dgst_main }, #endif diff --git a/usr.bin/openssl/ts.c b/usr.bin/openssl/ts.c index e1936368686..93d258d583e 100644 --- a/usr.bin/openssl/ts.c +++ b/usr.bin/openssl/ts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts.c,v 1.9 2015/09/14 01:45:03 doug Exp $ */ +/* $OpenBSD: ts.c,v 1.10 2015/09/21 13:13:06 bcook Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -298,7 +298,7 @@ usage: BIO_printf(bio_err, "usage:\n" "ts -query [-config configfile] " "[-data file_to_hash] [-digest digest_bytes]" - "[-md2|-md4|-md5|-sha|-sha1|-ripemd160] " + "[-md4|-md5|-sha1|-ripemd160] " "[-policy object_id] [-no_nonce] [-cert] " "[-in request.tsq] [-out request.tsq] [-text]\n"); BIO_printf(bio_err, "or\n" diff --git a/usr.bin/openssl/x509.c b/usr.bin/openssl/x509.c index a8812f7e749..d0a6bcaa001 100644 --- a/usr.bin/openssl/x509.c +++ b/usr.bin/openssl/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.6 2015/09/11 14:30:23 bcook Exp $ */ +/* $OpenBSD: x509.c,v 1.7 2015/09/21 13:13:06 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -135,7 +135,7 @@ static const char *x509_usage[] = { " -set_serial - serial number to use\n", " -text - print the certificate in text form\n", " -C - print out C code forms\n", - " -md2/-md5/-sha1 - digest to use\n", + " -md5/-sha1 - digest to use\n", " -extfile - configuration file with X509V3 extensions to add\n", " -extensions - section from config file with X509V3 extensions to add\n", " -clrext - delete extensions before signing and input certificate\n", |