[openssl] OpenSSL_1_1_1-stable update
tmraz at fedoraproject.org
tmraz at fedoraproject.org
Tue May 28 15:22:27 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via 871c675b8592261abb7de294b40f2c6f7311fa58 (commit)
from b29cd8b57f0764c413e40b42f077a2de74b87f13 (commit)
- Log -----------------------------------------------------------------
commit 871c675b8592261abb7de294b40f2c6f7311fa58
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Mon May 27 16:52:03 2019 +0200
The SHA256 is not a mandatory digest for DSA.
The #7408 implemented mandatory digest checking in TLS.
However this broke compatibility of DSS support with GnuTLS
which supports only SHA1 with DSS.
There is no reason why SHA256 would be a mandatory digest
for DSA as other digests in SHA family can be used as well.
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9015)
(cherry picked from commit cd4c83b52423008391b50abcccf18a7d8fcce03b)
-----------------------------------------------------------------------
Summary of changes:
crypto/dsa/dsa_ameth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 9c5b8aa..c82e3bd 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -503,7 +503,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha256;
- return 2;
+ return 1;
default:
return -2;
More information about the openssl-commits
mailing list