aboutsummaryrefslogtreecommitdiff
path: root/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch
diff options
context:
space:
mode:
Diffstat (limited to 'openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch')
-rw-r--r--openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch26
1 files changed, 26 insertions, 0 deletions
diff --git a/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch b/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch
new file mode 100644
index 0000000..5756c68
--- /dev/null
+++ b/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch
@@ -0,0 +1,26 @@
+diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c
+--- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify 2019-02-26 15:15:30.000000000 +0100
++++ openssl-1.1.1b/crypto/asn1/a_verify.c 2019-02-28 11:25:31.531862873 +0100
+@@ -7,6 +7,9 @@
+ * https://www.openssl.org/source/license.html
+ */
+
++/* for secure_getenv */
++#define _GNU_SOURCE
++
+ #include <stdio.h>
+ #include <time.h>
+ #include <sys/types.h>
+@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
+ if (ret != 2)
+ goto err;
+ ret = -1;
++ } else if ((mdnid == NID_md5
++ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
++ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
++ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
++ goto err;
+ } else {
+ const EVP_MD *type = EVP_get_digestbynid(mdnid);
+
bgstack15