rpms / openssl

Clone
Source Code
GIT

Blame SOURCES/0006-Disable-signature-verification-with-totally-unsafe-h.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   2871ff99559eaaa77680185c5c93c22ec93bb7c8
  2.   SOURCES
  3.   0006-Disable-signature-verification-with-totally-unsafe-h.patch
Blob History Raw
2871ff 
From 3f9deff30ae6efbfe979043b00cdf649b39793c0 Mon Sep 17 00:00:00 2001
2871ff 
From: Tomas Mraz <tmraz@fedoraproject.org>
2871ff 
Date: Thu, 24 Sep 2020 09:51:34 +0200
2871ff 
Subject: Disable signature verification with totally unsafe hash algorithms
2871ff
2871ff 
(was openssl-1.1.1-no-weak-verify.patch)
2871ff 
---
2871ff 
 crypto/asn1/a_verify.c | 5 +++++
2871ff 
 1 file changed, 5 insertions(+)
2871ff
2871ff 
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
2871ff 
index b7eed914b0..af62f0ef08 100644
2871ff 
--- a/crypto/asn1/a_verify.c
2871ff 
+++ b/crypto/asn1/a_verify.c
2871ff 
@@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
2871ff 
             ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
2871ff 
         if (ret <= 1)
2871ff 
             goto err;
2871ff 
+    } else if ((mdnid == NID_md5
2871ff 
+               && ossl_safe_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
2871ff 
+               mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
2871ff 
+        ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
2871ff 
+        goto err;
2871ff 
     } else {
2871ff 
         const EVP_MD *type = NULL;
2871ff
2871ff 
--
2871ff 
2.26.2
2871ff

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation