[openssl] master update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Tue May 28 15:15:50 UTC 2019

The branch master has been updated
       via  cd4c83b52423008391b50abcccf18a7d8fcce03b (commit)
      from  3b437400d90fb89ce5e0d74fd79bda9028f185fb (commit)

- Log -----------------------------------------------------------------
commit cd4c83b52423008391b50abcccf18a7d8fcce03b
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Mon May 27 16:52:03 2019 +0200

    The SHA256 is not a mandatory digest for DSA.
    The #7408 implemented mandatory digest checking in TLS.
    However this broke compatibility of DSS support with GnuTLS
    which supports only SHA1 with DSS.
    There is no reason why SHA256 would be a mandatory digest
    for DSA as other digests in SHA family can be used as well.
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/9015)


Summary of changes:
 crypto/dsa/dsa_ameth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 756ee74..ef6fc76 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -505,7 +505,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
         *(int *)arg2 = NID_sha256;
-        return 2;
+        return 1;
         return -2;

More information about the openssl-commits mailing list