From: Dr. Stephen Henson Date: Wed, 27 Jun 2012 14:11:40 +0000 (+0000) Subject: don't use pseudo digests for default values of keys X-Git-Tag: OpenSSL_1_0_1d~88 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c64c0e03d316696b8271ab105d141e3d4ec04a25;p=oweals%2Fopenssl.git don't use pseudo digests for default values of keys --- diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 917be31876..5123a89182 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -164,14 +164,14 @@ static void ssl_cert_set_default_md(CERT *cert) { /* Set digest values to defaults */ #ifndef OPENSSL_NO_DSA - cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1(); + cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); #endif #ifndef OPENSSL_NO_RSA cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); #endif #ifndef OPENSSL_NO_ECDSA - cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa(); + cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #endif } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 27c8e3460d..05d69ae5d5 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2414,7 +2414,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) */ #ifndef OPENSSL_NO_DSA if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) - c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1(); + c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); #endif #ifndef OPENSSL_NO_RSA if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) @@ -2425,7 +2425,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) #endif #ifndef OPENSSL_NO_ECDSA if (!c->pkeys[SSL_PKEY_ECC].digest) - c->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa(); + c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #endif return 1; }