mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 06:01:37 +08:00
6eb648941e
For some reason, DSA has been aliased with dsaWithSHA1 for an eternity.
They are not the same, though, and should never have been aliased in the
first place.
This was first discovered with 'openssl list':
$ openssl list -signature-algorithms
...
{ 1.2.840.10040.4.1, 1.2.840.10040.4.3, 1.3.14.3.2.12, 1.3.14.3.2.13, 1.3.14.3.2.27, DSA, DSA-old, DSA-SHA, DSA-SHA1, DSA-SHA1-old, dsaEncryption, dsaEncryption-old, dsaWithSHA, dsaWithSHA1, dsaWithSHA1-old } @ default
This isn't good at all, as it confuses the key algorithms signature
function with a signature scheme that involves SHA1, and it makes it
look like OpenSSL's providers offer a DSA-SHA1 implementation (which
they currently do not do).
Breaking this aliasing apart (i.e. aliasing DSA, DSA-old, dsaEncryption
and dsaEncryption-old separately from the names that involve SHA) appears
harmless as far as OpenSSL's test suite goes.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24828)
|
||
|---|---|---|
| .. | ||
| build.info | ||
| dsa_ameth.c | ||
| dsa_asn1.c | ||
| dsa_backend.c | ||
| dsa_check.c | ||
| dsa_depr.c | ||
| dsa_err.c | ||
| dsa_gen.c | ||
| dsa_key.c | ||
| dsa_lib.c | ||
| dsa_local.h | ||
| dsa_meth.c | ||
| dsa_ossl.c | ||
| dsa_pmeth.c | ||
| dsa_prn.c | ||
| dsa_sign.c | ||
| dsa_vrf.c | ||