Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.4:Update
openssl-1_1.14217
openssl-fips_allow_md5_sha1_for_tls1.0.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-fips_allow_md5_sha1_for_tls1.0.patch of Package openssl-1_1.14217
Index: openssl-1.1.0i/ssl/statem/statem_clnt.c =================================================================== --- openssl-1.1.0i.orig/ssl/statem/statem_clnt.c 2018-08-14 14:45:09.000000000 +0200 +++ openssl-1.1.0i/ssl/statem/statem_clnt.c 2020-01-18 16:33:49.479601945 +0100 @@ -1716,6 +1716,9 @@ MSG_PROCESS_RETURN tls_process_key_excha goto err; } + /* Allow md5/sha1 in FIPS */ + EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0 || EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE) <= 0 Index: openssl-1.1.0i/ssl/s3_enc.c =================================================================== --- openssl-1.1.0i.orig/ssl/s3_enc.c 2018-08-14 14:45:09.000000000 +0200 +++ openssl-1.1.0i/ssl/s3_enc.c 2020-01-18 16:33:49.479601945 +0100 @@ -369,6 +369,9 @@ int ssl3_digest_cached_records(SSL *s, i return 0; } + /* Allow md5/sha1 in FIPS */ + EVP_MD_CTX_set_flags(s->s3->handshake_dgst, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + md = ssl_handshake_md(s); if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL) || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) { Index: openssl-1.1.0i/crypto/evp/c_alld.c =================================================================== --- openssl-1.1.0i.orig/crypto/evp/c_alld.c 2020-01-18 16:33:48.695597515 +0100 +++ openssl-1.1.0i/crypto/evp/c_alld.c 2020-01-18 16:35:07.572043216 +0100 @@ -58,6 +58,8 @@ void openssl_add_all_digests_int(void) EVP_add_digest(EVP_sha256()); EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); + /* Add md5_sha1 in FIPS for TLS 1.0 */ + EVP_add_digest(EVP_md5_sha1()); } #endif }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor