The SHA256 is not a mandatory digest for DSA.

The #7408 implemented mandatory digest checking in TLS. However this broke compatibility of DSS support with GnuTLS which supports only SHA1 with DSS. There is no reason why SHA256 would be a mandatory digest for DSA as other digests in SHA family can be used as well. Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9015)

The SHA256 is not a mandatory digest for DSA.
The #7408 implemented mandatory digest checking in TLS. However this broke compatibility of DSS support with GnuTLS which supports only SHA1 with DSS. There is no reason why SHA256 would be a mandatory digest for DSA as other digests in SHA family can be used as well. Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9015)
cd4c83b5 · Tomas Mraz · 3b437400 · cd4c83b5
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

crypto/dsa/dsa_ameth.c crypto/dsa/dsa_ameth.c +1 -1

未找到文件。
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -505,7 +505,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)

    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
        *(int *)arg2 = NID_sha256;
-        return 2;
+        return 1;

    default:
        return -2;