From 871c675b8592261abb7de294b40f2c6f7311fa58 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 27 May 2019 16:52:03 +0200 Subject: [PATCH] The SHA256 is not a mandatory digest for DSA. The #7408 implemented mandatory digest checking in TLS. However this broke compatibility of DSS support with GnuTLS which supports only SHA1 with DSS. There is no reason why SHA256 would be a mandatory digest for DSA as other digests in SHA family can be used as well. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9015) (cherry picked from commit cd4c83b52423008391b50abcccf18a7d8fcce03b) --- crypto/dsa/dsa_ameth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 9c5b8aa02e..c82e3bdd05 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -503,7 +503,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) case ASN1_PKEY_CTRL_DEFAULT_MD_NID: *(int *)arg2 = NID_sha256; - return 2; + return 1; default: return -2; -- 2.25.1