b629b66276
- Synced patches with native openssl-1.0.1e-38.fc21 - Enable ECC support (RHBZ #1037919) - Fixes CVE-2013-6450 (RHBZ #1047844) - Fixes CVE-2013-4353 (RHBZ #1049062) - Fixes CVE-2013-6449 (RHBZ #1045444)
26 lines
736 B
Diff
26 lines
736 B
Diff
diff -up openssl-1.0.1e/crypto/asn1/a_verify.c.no-md5-verify openssl-1.0.1e/crypto/asn1/a_verify.c
|
|
--- openssl-1.0.1e/crypto/asn1/a_verify.c.no-md5-verify 2013-02-11 16:26:04.000000000 +0100
|
|
+++ openssl-1.0.1e/crypto/asn1/a_verify.c 2013-11-13 16:30:04.628791616 +0100
|
|
@@ -56,6 +56,9 @@
|
|
* [including the GNU Public Licence.]
|
|
*/
|
|
|
|
+/* for secure_getenv */
|
|
+#define _GNU_SOURCE
|
|
+
|
|
#include <stdio.h>
|
|
#include <time.h>
|
|
|
|
@@ -171,6 +174,11 @@ int ASN1_item_verify(const ASN1_ITEM *it
|
|
goto err;
|
|
ret = -1;
|
|
}
|
|
+ else if (mdnid == NID_md5 && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL)
|
|
+ {
|
|
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
|
|
+ goto err;
|
|
+ }
|
|
else
|
|
{
|
|
const EVP_MD *type;
|