3505ea6700
Four patches are not being applied due to failures in the build and/or applying them: - openssl-1.1.1-fips.patch - openssl-1.1.1-fips-post-rand.patch - openssl-1.1.1-evp-kdf.patch - openssl-1.1.1-ssh-kdf.patch Mind that fips related patches were not applied in the previously version either. Resolves: rhbz#1740772 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
27 lines
958 B
Diff
27 lines
958 B
Diff
diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c
|
|
--- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify 2019-02-26 15:15:30.000000000 +0100
|
|
+++ openssl-1.1.1b/crypto/asn1/a_verify.c 2019-02-28 11:25:31.531862873 +0100
|
|
@@ -7,6 +7,9 @@
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
+/* for secure_getenv */
|
|
+#define _GNU_SOURCE
|
|
+
|
|
#include <stdio.h>
|
|
#include <time.h>
|
|
#include <sys/types.h>
|
|
@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
|
|
if (ret != 2)
|
|
goto err;
|
|
ret = -1;
|
|
+ } else if ((mdnid == NID_md5
|
|
+ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
|
|
+ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
|
|
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
|
|
+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
|
|
+ goto err;
|
|
} else {
|
|
const EVP_MD *type = EVP_get_digestbynid(mdnid);
|
|
|