Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: 6eb648941e3ca0fff08876d1d8b849ad2a6b300a
https://github.com/openssl/openssl/commit/6eb648941e3ca0fff08876d1d8b849ad2a6b300a
Author: Richard Levitte <levi...@openssl.org>
Date: 2024-07-12 (Fri, 12 Jul 2024)
Changed paths:
M crypto/asn1/standard_methods.h
M crypto/dsa/dsa_ameth.c
M include/crypto/asn1.h
Log Message:
-----------
fix: drop DSA <=> dsaWithSHA1 aliasing
For some reason, DSA has been aliased with dsaWithSHA1 for an eternity.
They are not the same, though, and should never have been aliased in the
first place.
This was first discovered with 'openssl list':
$ openssl list -signature-algorithms
...
{ 1.2.840.10040.4.1, 1.2.840.10040.4.3, 1.3.14.3.2.12, 1.3.14.3.2.13,
1.3.14.3.2.27, DSA, DSA-old, DSA-SHA, DSA-SHA1, DSA-SHA1-old, dsaEncryption,
dsaEncryption-old, dsaWithSHA, dsaWithSHA1, dsaWithSHA1-old } @ default
This isn't good at all, as it confuses the key algorithms signature
function with a signature scheme that involves SHA1, and it makes it
look like OpenSSL's providers offer a DSA-SHA1 implementation (which
they currently do not do).
Breaking this aliasing apart (i.e. aliasing DSA, DSA-old, dsaEncryption
and dsaEncryption-old separately from the names that involve SHA) appears
harmless as far as OpenSSL's test suite goes.
Reviewed-by: Kurt Roeckx <k...@roeckx.be>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24828)
To unsubscribe from these emails, change your notification settings at
https://github.com/openssl/openssl/settings/notifications
