The SHA256 is not a mandatory digest for DSA.

The #7408 implemented mandatory digest checking in TLS. However this broke compatibility of DSS support with GnuTLS which supports only SHA1 with DSS. There is no reason why SHA256 would be a mandatory digest for DSA as other digests in SHA family can be used as well. Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9015) (cherry picked from commit cd4c83b52423008391b50abcccf18a7d8fcce03b)

The SHA256 is not a mandatory digest for DSA.
The #7408 implemented mandatory digest checking in TLS. However this broke compatibility of DSS support with GnuTLS which supports only SHA1 with DSS. There is no reason why SHA256 would be a mandatory digest for DSA as other digests in SHA family can be used as well. Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9015) (cherry picked from commit cd4c83b52423008391b50abcccf18a7d8fcce03b)
871c675b · Tomas Mraz · b29cd8b5 · 871c675b
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

crypto/dsa/dsa_ameth.c crypto/dsa/dsa_ameth.c +1 -1

未找到文件。
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -503,7 +503,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)

    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
        *(int *)arg2 = NID_sha256;
-        return 2;
+        return 1;

    default:
        return -2;