summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorBrent Cook <bcook@cvs.openbsd.org>2015-09-21 13:13:07 +0000
committerBrent Cook <bcook@cvs.openbsd.org>2015-09-21 13:13:07 +0000
commit4ce184f4ebd312a3ec83ee56669a42e8ece086c9 (patch)
tree00ece9122f3030ba9bce31217b39f1ce046d1415 /usr.bin
parent484c62580868b386067762d70a0274b77ee984b9 (diff)
remove vestigial bits of sha-0 and md2 from openssl(1)
Noted by kinichiro on github. We probably need a better way to indicate the list of message digests that are allowed, as the current ones are nowhere near exhaustive (sigh - guenther@) OK guenther@ jmc@
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/openssl/ca.c4
-rw-r--r--usr.bin/openssl/openssl.123
-rw-r--r--usr.bin/openssl/openssl.c5
-rw-r--r--usr.bin/openssl/ts.c4
-rw-r--r--usr.bin/openssl/x509.c4
5 files changed, 17 insertions, 23 deletions
diff --git a/usr.bin/openssl/ca.c b/usr.bin/openssl/ca.c
index c9419ee7a73..a4f00ee62c0 100644
--- a/usr.bin/openssl/ca.c
+++ b/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ca.c,v 1.14 2015/09/12 19:34:07 lteo Exp $ */
+/* $OpenBSD: ca.c,v 1.15 2015/09/21 13:13:06 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -132,7 +132,7 @@ static const char *ca_usage[] = {
" -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
" -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
" -days arg - number of days to certify the certificate for\n",
- " -md arg - md to use, one of md2, md5, sha or sha1\n",
+ " -md arg - md to use, one of md5 or sha1\n",
" -policy arg - The CA 'policy' to support\n",
" -keyfile arg - private key file\n",
" -keyform arg - private key file format (PEM)\n",
diff --git a/usr.bin/openssl/openssl.1 b/usr.bin/openssl/openssl.1
index 1ce8e84291f..dc593f42e74 100644
--- a/usr.bin/openssl/openssl.1
+++ b/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.28 2015/09/14 01:45:03 doug Exp $
+.\" $OpenBSD: openssl.1,v 1.29 2015/09/21 13:13:06 bcook Exp $
.\" ====================================================================
.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
.\"
@@ -112,7 +112,7 @@
.\"
.\" OPENSSL
.\"
-.Dd $Mdocdate: September 14 2015 $
+.Dd $Mdocdate: September 21 2015 $
.Dt OPENSSL 1
.Os
.Sh NAME
@@ -1795,7 +1795,7 @@ install user certificates and CAs in MSIE using the Xenroll control.
.Bk -words
.Oo
.Fl gost-mac | streebog256 | streebog512 | md_gost94 |
-.Fl md4 | md5 | ripemd160 | sha | sha1 |
+.Fl md4 | md5 | ripemd160 | sha1 |
.Fl sha224 | sha256 | sha384 | sha512 | whirlpool
.Oc
.Op Fl binary
@@ -1818,7 +1818,7 @@ install user certificates and CAs in MSIE using the Xenroll control.
.Pp
.Nm openssl
.Cm gost-mac | streebog256 | streebog512 | md_gost94 |
-.Cm md4 | md5 | ripemd160 | sha | sha1 |
+.Cm md4 | md5 | ripemd160 | sha1 |
.Cm sha224 | sha256 | sha384 | sha512 | whirlpool
.Op Fl c
.Op Fl d
@@ -2780,9 +2780,7 @@ Use
to create a key from a pass phrase.
.Ar digest
may be one of
-.Dq md2 ,
-.Dq md5 ,
-.Dq sha ,
+.Dq md5
or
.Dq sha1 .
.It Fl none
@@ -4210,11 +4208,11 @@ command line option, including PKCS#5 v1.5 and PKCS#12.
These are described in more detail below.
.Pp
.Bl -tag -width "XXXX" -compact
-.It Ar PBE-MD2-DES | PBE-MD5-DES
+.It Ar PBE-MD5-DES
These algorithms were included in the original PKCS#5 v1.5 specification.
They only offer 56 bits of protection since they both use DES.
.Pp
-.It Ar PBE-SHA1-RC2-64 | PBE-MD2-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
+.It Ar PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
These algorithms are not mentioned in the original PKCS#5 v1.5 specification
but they use the same key derivation algorithm and are supported by some
software.
@@ -7663,7 +7661,6 @@ command were first added in
.Op Cm dsa1024
.Op Cm dsa2048
.Op Cm hmac
-.Op Cm md2
.Op Cm md4
.Op Cm md5
.Op Cm rc2
@@ -7715,7 +7712,7 @@ benchmarks in parallel.
.Nm "openssl ts"
.Bk -words
.Fl query
-.Op Fl md4 | md5 | ripemd160 | sha | sha1
+.Op Fl md4 | md5 | ripemd160 | sha1
.Op Fl cert
.Op Fl config Ar configfile
.Op Fl data Ar file_to_hash
@@ -8860,7 +8857,7 @@ option was added in
.Op Fl issuer_hash
.Op Fl issuer_hash_old
.Op Fl keyform Ar DER | PEM
-.Op Fl md2 | md5 | sha1
+.Op Fl md5 | sha1
.Op Fl modulus
.Op Fl nameopt Ar option
.Op Fl noout
@@ -8917,7 +8914,7 @@ The
.Ar NET
option is an obscure Netscape server format that is now
obsolete.
-.It Fl md2 | md5 | sha1
+.It Fl md5 | sha1
The digest to use.
This affects any signing or display option that uses a message digest,
such as the
diff --git a/usr.bin/openssl/openssl.c b/usr.bin/openssl/openssl.c
index 604cfddcea6..08132e8f96e 100644
--- a/usr.bin/openssl/openssl.c
+++ b/usr.bin/openssl/openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: openssl.c,v 1.12 2015/09/14 01:45:03 doug Exp $ */
+/* $OpenBSD: openssl.c,v 1.13 2015/09/21 13:13:06 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -226,9 +226,6 @@ FUNCTION functions[] = {
#ifndef OPENSSL_NO_RIPEMD160
{ FUNC_TYPE_MD, "ripemd160", dgst_main },
#endif
-#ifndef OPENSSL_NO_SHA
- { FUNC_TYPE_MD, "sha", dgst_main },
-#endif
#ifndef OPENSSL_NO_SHA1
{ FUNC_TYPE_MD, "sha1", dgst_main },
#endif
diff --git a/usr.bin/openssl/ts.c b/usr.bin/openssl/ts.c
index e1936368686..93d258d583e 100644
--- a/usr.bin/openssl/ts.c
+++ b/usr.bin/openssl/ts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts.c,v 1.9 2015/09/14 01:45:03 doug Exp $ */
+/* $OpenBSD: ts.c,v 1.10 2015/09/21 13:13:06 bcook Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
* project 2002.
*/
@@ -298,7 +298,7 @@ usage:
BIO_printf(bio_err, "usage:\n"
"ts -query [-config configfile] "
"[-data file_to_hash] [-digest digest_bytes]"
- "[-md2|-md4|-md5|-sha|-sha1|-ripemd160] "
+ "[-md4|-md5|-sha1|-ripemd160] "
"[-policy object_id] [-no_nonce] [-cert] "
"[-in request.tsq] [-out request.tsq] [-text]\n");
BIO_printf(bio_err, "or\n"
diff --git a/usr.bin/openssl/x509.c b/usr.bin/openssl/x509.c
index a8812f7e749..d0a6bcaa001 100644
--- a/usr.bin/openssl/x509.c
+++ b/usr.bin/openssl/x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.c,v 1.6 2015/09/11 14:30:23 bcook Exp $ */
+/* $OpenBSD: x509.c,v 1.7 2015/09/21 13:13:06 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -135,7 +135,7 @@ static const char *x509_usage[] = {
" -set_serial - serial number to use\n",
" -text - print the certificate in text form\n",
" -C - print out C code forms\n",
- " -md2/-md5/-sha1 - digest to use\n",
+ " -md5/-sha1 - digest to use\n",
" -extfile - configuration file with X509V3 extensions to add\n",
" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",