rpms / openssl

Clone
Source Code
GIT

Blame SOURCES/openssl-1.1.1-no-weak-verify.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c8s
  2.   SOURCES
  3.   openssl-1.1.1-no-weak-verify.patch
Blob History Raw
3a273b 
diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c
3a273b 
--- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify	2019-02-26 15:15:30.000000000 +0100
3a273b 
+++ openssl-1.1.1b/crypto/asn1/a_verify.c	2019-02-28 11:25:31.531862873 +0100
3a273b 
@@ -7,6 +7,9 @@
3a273b 
  * https://www.openssl.org/source/license.html
3a273b 
  */
3a273b
3a273b 
+/* for secure_getenv */
3a273b 
+#define _GNU_SOURCE
3a273b 
+
3a273b 
 #include <stdio.h>
3a273b 
 #include <time.h>
3a273b 
 #include <sys/types.h>
3a273b 
@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
3a273b 
         if (ret != 2)
3a273b 
             goto err;
3a273b 
         ret = -1;
3a273b 
+    } else if ((mdnid == NID_md5
3a273b 
+               && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
3a273b 
+               mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
3a273b 
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
3a273b 
+                ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
3a273b 
+        goto err;
3a273b 
     } else {
3a273b 
         const EVP_MD *type = EVP_get_digestbynid(mdnid);
3a273b

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation