From: Tomas Mraz Date: Mon, 27 May 2019 14:52:03 +0000 (+0200) Subject: The SHA256 is not a mandatory digest for DSA. X-Git-Tag: openssl-3.0.0-alpha1~2027 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=cd4c83b52423008391b50abcccf18a7d8fcce03b;p=oweals%2Fopenssl.git The SHA256 is not a mandatory digest for DSA. The #7408 implemented mandatory digest checking in TLS. However this broke compatibility of DSS support with GnuTLS which supports only SHA1 with DSS. There is no reason why SHA256 would be a mandatory digest for DSA as other digests in SHA family can be used as well. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9015) --- diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 756ee7441d..ef6fc7632a 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -505,7 +505,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) case ASN1_PKEY_CTRL_DEFAULT_MD_NID: *(int *)arg2 = NID_sha256; - return 2; + return 1; default: return -2;