/[smecontribs]/rpms/openssl3/contribs10/0006-Disable-signature-verification-with-totally-unsafe-h.patch
ViewVC logotype

Contents of /rpms/openssl3/contribs10/0006-Disable-signature-verification-with-totally-unsafe-h.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Wed Jan 31 17:24:32 2024 UTC (9 months, 3 weeks ago) by jpp
Branch: MAIN
CVS Tags: openssl3-3_0_7-5_el7_sme_1, HEAD
Initial import

1 From 3f9deff30ae6efbfe979043b00cdf649b39793c0 Mon Sep 17 00:00:00 2001
2 From: Tomas Mraz <tmraz@fedoraproject.org>
3 Date: Thu, 24 Sep 2020 09:51:34 +0200
4 Subject: Disable signature verification with totally unsafe hash algorithms
5
6 (was openssl-1.1.1-no-weak-verify.patch)
7 ---
8 crypto/asn1/a_verify.c | 5 +++++
9 1 file changed, 5 insertions(+)
10
11 diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
12 index b7eed914b0..af62f0ef08 100644
13 --- a/crypto/asn1/a_verify.c
14 +++ b/crypto/asn1/a_verify.c
15 @@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
16 ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
17 if (ret <= 1)
18 goto err;
19 + } else if ((mdnid == NID_md5
20 + && ossl_safe_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
21 + mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
22 + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
23 + goto err;
24 } else {
25 const EVP_MD *type = NULL;
26
27 --
28 2.26.2
29

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed