diff options
Diffstat (limited to 'openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch')
| -rw-r--r-- | openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch b/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch new file mode 100644 index 0000000..5756c68 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch @@ -0,0 +1,26 @@ +diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c +--- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/asn1/a_verify.c 2019-02-28 11:25:31.531862873 +0100 +@@ -7,6 +7,9 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE ++ + #include <stdio.h> + #include <time.h> + #include <sys/types.h> +@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it + if (ret != 2) + goto err; + ret = -1; ++ } else if ((mdnid == NID_md5 ++ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) || ++ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ++ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); ++ goto err; + } else { + const EVP_MD *type = EVP_get_digestbynid(mdnid); + |