Commit be681e12 authored Jun 27, 2012 by Dr. Stephen Henson

don't use pseudo digests for default values of keys

parent 6251989e

ssl/ssl_cert.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -164,14 +164,14 @@ void ssl_cert_set_default_md(CERT *cert)
		{
		/* Set digest values to defaults */
		#ifndef OPENSSL_NO_DSA
		cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
		cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
		#endif
		#ifndef OPENSSL_NO_RSA
		cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
		cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
		#endif
		#ifndef OPENSSL_NO_ECDSA
		cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
		cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
		#endif
		}

ssl/t1_lib.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -3055,7 +3055,7 @@ int tls1_process_sigalgs(SSL s, const unsigned char data, int dsize)
		*/
		#ifndef OPENSSL_NO_DSA
		if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
		c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
		c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
		#endif
		#ifndef OPENSSL_NO_RSA
		if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest)
		@@ -3066,7 +3066,7 @@ int tls1_process_sigalgs(SSL s, const unsigned char data, int dsize)
		#endif
		#ifndef OPENSSL_NO_ECDSA
		if (!c->pkeys[SSL_PKEY_ECC].digest)
		c->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
		c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
		#endif
		return 1;
		}