Don't use RSA+MD5 with TLS 1.2 (5e1ff664) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/t1_lib.c

+0 −16

Original line number	Diff line number	Diff line
		@@ -342,19 +342,11 @@ static unsigned char tls12_sigalgs[] = {
		#ifndef OPENSSL_NO_SHA
		tlsext_sigalg(TLSEXT_hash_sha1)
		#endif
		#ifndef OPENSSL_NO_MD5
		tlsext_sigalg_rsa(TLSEXT_hash_md5)
		#endif
		};

		int tls12_get_req_sig_algs(SSL s, unsigned char p)
		{
		size_t slen = sizeof(tls12_sigalgs);
		#ifdef OPENSSL_FIPS
		/* If FIPS mode don't include MD5 which is last */
		if (FIPS_mode())
		slen -= 2;
		#endif
		if (p)
		memcpy(p, tls12_sigalgs, slen);
		return (int)slen;
		@@ -2452,14 +2444,6 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg)
		{
		switch(hash_alg)
		{
		#ifndef OPENSSL_NO_MD5
		case TLSEXT_hash_md5:
		#ifdef OPENSSL_FIPS
		if (FIPS_mode())
		return NULL;
		#endif
		return EVP_md5();
		#endif
		#ifndef OPENSSL_NO_SHA
		case TLSEXT_hash_sha1:
		return EVP_sha1();