Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove SHA0 #77

Open
Sp1l opened this issue Jun 11, 2017 · 3 comments
Open

Remove SHA0 #77

Sp1l opened this issue Jun 11, 2017 · 3 comments

Comments

@Sp1l
Copy link

Sp1l commented Jun 11, 2017

In https://github.com/spacemonkeygo/openssl/blob/master/cert.go you're using SHA-0. This standard was never used as collisions were found prior to ratifying it as a standard, please remove it from the code.

Context: OpenSSL 1.1 removed SHA-0 completely (as did LibreSSL). Building breaks on could not determine kind of name for C.EVP_sha
@Sp1l
Copy link
Author

Sp1l commented Jun 11, 2017

This is a duplicate of #43
Nevertheless, SHA-0 is not just phased-out, it should never even have been part of OpenSSL. Anywhere it is used that is in error, you don't want to use a hash that is weaker than MD5.

Simply removing it from the code was sufficient.

@zeebo
Copy link
Member

zeebo commented Jun 12, 2017

Have you tried on the most recent master? I closed #43 because we have this shim function return null on 1.1:

openssl/shim.c

Line 131 in 1ea168d

const EVP_MD *X_EVP_sha() {

@zeebo
Copy link
Member

zeebo commented Jun 12, 2017

Although it does look like a bug was introduced where returning NULL will cause problems. That needs to be fixed, regardless, but I don't believe there is a current build failure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zeebo @Sp1l