Commit abaa2311 authored Oct 16, 2018 by David Woodhouse Committed by Nicola Tuveri Nov 24, 2018

Stop marking default digest for EC keys as mandatory



ASN1_PKEY_CTRL_DEFAULT_MD_NID is documented to return 2 for a mandatory
digest algorithm, when the key can't support any others. That isn't true
here, so return 1 instead.

Partially fixes #7348

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>

(cherry picked from commit eb7eb1378cd15c4652884b3701d4c0ef27b5b8a6)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7609)

parent 415c4a46

crypto/ec/ec_ameth.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -505,7 +505,7 @@ static int ec_pkey_ctrl(EVP_PKEY pkey, int op, long arg1, void arg2)

	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:		case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
	(int )arg2 = NID_sha256;		(int )arg2 = NID_sha256;
	return 2;		return 1;

	case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:		case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
	return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL);		return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL);

Admin message