You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 lines
958 B
26 lines
958 B
diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c |
|
--- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify 2019-02-26 15:15:30.000000000 +0100 |
|
+++ openssl-1.1.1b/crypto/asn1/a_verify.c 2019-02-28 11:25:31.531862873 +0100 |
|
@@ -7,6 +7,9 @@ |
|
* https://www.openssl.org/source/license.html |
|
*/ |
|
|
|
+/* for secure_getenv */ |
|
+#define _GNU_SOURCE |
|
+ |
|
#include <stdio.h> |
|
#include <time.h> |
|
#include <sys/types.h> |
|
@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it |
|
if (ret != 2) |
|
goto err; |
|
ret = -1; |
|
+ } else if ((mdnid == NID_md5 |
|
+ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) || |
|
+ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) { |
|
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, |
|
+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); |
|
+ goto err; |
|
} else { |
|
const EVP_MD *type = EVP_get_digestbynid(mdnid); |
|
|
|
|