narenas
/
opengnsys_ipxe
mirror of https://github.com/ipxe/ipxe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[crypto] Disable MD5 as an OID-identifiable algorithm by default 

Disable the use of MD5 as an OID-identifiable algorithm.  Note that
the MD5 algorithm implementation will still be present in the build,
since it is used implicitly by various cryptographic components such
as HTTP digest authentication; this commit removes it only from the
list of OID-identifiable algorithms.

It would be appropriate to similarly disable the use of SHA-1 by
default, but doing so would break the use of OCSP since several OCSP
responders (including the current version of openca-ocspd) are not
capable of interpreting the hashAlgorithm field and so will fail if
the client uses any algorithm other than the configured default.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
pull/115/head
Michael Brown 2020-06-16 23:17:21 +01:00
parent bb74f00512
commit 7f2006a9ad
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/config/crypto.h
View File

@ -22,7 +22,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
//#define CRYPTO_DIGEST_MD4
/** MD5 digest algorithm */
#define CRYPTO_DIGEST_MD5
//#define CRYPTO_DIGEST_MD5
/** SHA-1 digest algorithm */
#define CRYPTO_DIGEST_SHA1