From c64c0e03d316696b8271ab105d141e3d4ec04a25 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 27 Jun 2012 14:11:40 +0000 Subject: don't use pseudo digests for default values of keys --- ssl/ssl_cert.c | 4 ++-- ssl/t1_lib.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 917be31876..5123a89182 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -164,14 +164,14 @@ static void ssl_cert_set_default_md(CERT *cert) { /* Set digest values to defaults */ #ifndef OPENSSL_NO_DSA - cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1(); + cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); #endif #ifndef OPENSSL_NO_RSA cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); #endif #ifndef OPENSSL_NO_ECDSA - cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa(); + cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #endif } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 27c8e3460d..05d69ae5d5 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2414,7 +2414,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) */ #ifndef OPENSSL_NO_DSA if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) - c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1(); + c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); #endif #ifndef OPENSSL_NO_RSA if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) @@ -2425,7 +2425,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) #endif #ifndef OPENSSL_NO_ECDSA if (!c->pkeys[SSL_PKEY_ECC].digest) - c->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa(); + c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #endif return 1; } -- cgit v1.2.3