rpms/edk2
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6ea72cd31f
edk2/openssl-1.1.0-issuer-hash.patch
Paolo Bonzini 91c79aab4c add openssl patches from Fedora, enable TLS mode 
Since edk2 does not compile the apps/ subdirectory, the only other patches
that might apply are openssl-1.1.0-no-md5-verify.patch (but edk2 does not have
secure_getenv) and of course FIPS 140-2 mode.
2018-01-19 10:16:19 +01:00

12 lines
655 B
Diff
Raw Blame History

diff -up a/CryptoPkg/Library/OpensslLib/openssl/crypto/x509/x509_cmp.c.issuer-hash b/CryptoPkg/Library/OpensslLib/openssl/crypto/x509/x509_cmp.c
--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/x509/x509_cmp.c.issuer-hash 2016-07-18 15:16:32.788881100 +0200
+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/x509/x509_cmp.c 2016-07-18 15:17:16.671871840 +0200
@@ -87,6 +87,7 @@ unsigned long X509_issuer_and_serial_has
if (ctx == NULL)
goto err;
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
goto err;
Reference in New Issue View Git Blame Copy Permalink