/[smecontribs]/rpms/openssl3/contribs10/0024-load-legacy-prov.patch
ViewVC logotype

Annotation of /rpms/openssl3/contribs10/0024-load-legacy-prov.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Jan 31 17:24:34 2024 UTC (9 months, 4 weeks ago) by jpp
Branch: MAIN
CVS Tags: openssl3-3_0_7-5_el7_sme_1, HEAD
Initial import

1 jpp 1.1 diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf
2     --- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200
3     +++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200
4     @@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1
5     tsa_policy2 = 1.2.3.4.5.6
6     tsa_policy3 = 1.2.3.4.5.7
7    
8     -# For FIPS
9     -# Optionally include a file that is generated by the OpenSSL fipsinstall
10     -# application. This file contains configuration data required by the OpenSSL
11     -# fips provider. It contains a named section e.g. [fips_sect] which is
12     -# referenced from the [provider_sect] below.
13     -# Refer to the OpenSSL security policy for more information.
14     -# .include fipsmodule.cnf
15     -
16     [openssl_init]
17     providers = provider_sect
18     # Load default TLS policy configuration
19     ssl_conf = ssl_module
20    
21     -# List of providers to load
22     -[provider_sect]
23     -default = default_sect
24     -# The fips section name should match the section name inside the
25     -# included fipsmodule.cnf.
26     -# fips = fips_sect
27     +# Uncomment the sections that start with ## below to enable the legacy provider.
28     +# Loading the legacy provider enables support for the following algorithms:
29     +# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160
30     +# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED
31     +# Key Derivation Function (KDF): PBKDF1
32     +# In general it is not recommended to use the above mentioned algorithms for
33     +# security critical operations, as they are cryptographically weak or vulnerable
34     +# to side-channel attacks and as such have been deprecated.
35    
36     -# If no providers are activated explicitly, the default one is activated implicitly.
37     -# See man 7 OSSL_PROVIDER-default for more details.
38     -#
39     -# If you add a section explicitly activating any other provider(s), you most
40     -# probably need to explicitly activate the default provider, otherwise it
41     -# becomes unavailable in openssl. As a consequence applications depending on
42     -# OpenSSL may not work correctly which could lead to significant system
43     -# problems including inability to remotely access the system.
44     -[default_sect]
45     -# activate = 1
46     +[provider_sect]
47     +default = default_sect
48     +##legacy = legacy_sect
49     +##
50     +[default_sect]
51     +activate = 1
52     +
53     +##[legacy_sect]
54     +##activate = 1
55    
56     [ ssl_module ]
57    
58     diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/config.pod
59     --- openssl-3.0.0/doc/man5/config.pod.legacy-prov 2021-09-09 12:09:38.079040853 +0200
60     +++ openssl-3.0.0/doc/man5/config.pod 2021-09-09 12:11:56.646224876 +0200
61     @@ -273,6 +273,14 @@ significant.
62     All parameters in the section as well as sub-sections are made
63     available to the provider.
64    
65     +=head3 Loading the legacy provider
66     +
67     +Uncomment the sections that start with ## in openssl.cnf
68     +to enable the legacy provider.
69     +Note: In general it is not recommended to use the above mentioned algorithms for
70     +security critical operations, as they are cryptographically weak or vulnerable
71     +to side-channel attacks and as such have been deprecated.
72     +
73     =head3 Default provider and its activation
74    
75     If no providers are activated explicitly, the default one is activated implicitly.

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed