[openssl/openssl] 6eb648: fix: drop DSA <=> dsaWithSHA1 aliasing

[Richard Levitte]

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 6eb648941e3ca0fff08876d1d8b849ad2a6b300a
      https://github.com/openssl/openssl/commit/6eb648941e3ca0fff08876d1d8b849ad2a6b300a
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2024-07-12 (Fri, 12 Jul 2024)

  Changed paths:
    M crypto/asn1/standard_methods.h
    M crypto/dsa/dsa_ameth.c
    M include/crypto/asn1.h

  Log Message:
  -----------
  fix: drop DSA <=> dsaWithSHA1 aliasing

For some reason, DSA has been aliased with dsaWithSHA1 for an eternity.
They are not the same, though, and should never have been aliased in the
first place.

This was first discovered with 'openssl list':

    $ openssl list -signature-algorithms
    ...
    { 1.2.840.10040.4.1, 1.2.840.10040.4.3, 1.3.14.3.2.12, 1.3.14.3.2.13, 1.3.14.3.2.27, DSA, DSA-old, DSA-SHA, DSA-SHA1, DSA-SHA1-old, dsaEncryption, dsaEncryption-old, dsaWithSHA, dsaWithSHA1, dsaWithSHA1-old } @ default

This isn't good at all, as it confuses the key algorithms signature
function with a signature scheme that involves SHA1, and it makes it
look like OpenSSL's providers offer a DSA-SHA1 implementation (which
they currently do not do).

Breaking this aliasing apart (i.e. aliasing DSA, DSA-old, dsaEncryption
and dsaEncryption-old separately from the names that involve SHA) appears
harmless as far as OpenSSL's test suite goes.

Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24828)



To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications