sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2025-12-20 03:55:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

[crypto] Disable MD5 as an OID-identifiable algorithm by default

Browse Source 
Disable the use of MD5 as an OID-identifiable algorithm.  Note that
the MD5 algorithm implementation will still be present in the build,
since it is used implicitly by various cryptographic components such
as HTTP digest authentication; this commit removes it only from the
list of OID-identifiable algorithms.

It would be appropriate to similarly disable the use of SHA-1 by
default, but doing so would break the use of OCSP since several OCSP
responders (including the current version of openca-ocspd) are not
capable of interpreting the hashAlgorithm field and so will fail if
the client uses any algorithm other than the configured default.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2020-06-16 23:17:21 +01:00
parent bb74f00512
commit 7f2006a9ad
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/config/crypto.h
View File

@@ -22,7 +22,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
//#define CRYPTO_DIGEST_MD4 //#define CRYPTO_DIGEST_MD4
/** MD5 digest algorithm */ /** MD5 digest algorithm */
#define CRYPTO_DIGEST_MD5 //#define CRYPTO_DIGEST_MD5
/** SHA-1 digest algorithm */ /** SHA-1 digest algorithm */
#define CRYPTO_DIGEST_SHA1 #define CRYPTO_DIGEST_SHA1