Stop marking default digest for EC keys as mandatory
authorDavid Woodhouse <dwmw2@infradead.org>
Tue, 16 Oct 2018 14:41:17 +0000 (07:41 -0700)
committerNicola Tuveri <nic.tuv@gmail.com>
Sat, 24 Nov 2018 07:00:25 +0000 (09:00 +0200)
ASN1_PKEY_CTRL_DEFAULT_MD_NID is documented to return 2 for a mandatory
digest algorithm, when the key can't support any others. That isn't true
here, so return 1 instead.

Partially fixes #7348

(cherry picked from commit eb7eb1378cd15c4652884b3701d4c0ef27b5b8a6)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7610)

crypto/ec/ec_ameth.c

index aa5f3056af77a3c8957c1718d2d8b11aeb94dccc..db7e791bf530601d85a8ceada0d6456bcf4d5189 100644 (file)
@@ -601,7 +601,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 
     case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
         *(int *)arg2 = NID_sha256;
-        return 2;
+        return 1;
 
     default:
         return -2;