From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Tue, 3 Sep 2019 14:34:51 +0000 (-0400)
Subject: Use legacy MD5 implementation with GNU TLS since at least some Linux vendors are
X-Git-Tag: v2.3.1~58
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=68dc110f524f2c382588fbeadd30685111d06054;p=thirdparty%2Fcups.git

Use legacy MD5 implementation with GNU TLS since at least some Linux vendors are
disabling MD5 without allowing applications to detect it.
---

diff --git a/cups/hash.c b/cups/hash.c
index bfec994aab..4fbb443db1 100644
--- a/cups/hash.c
+++ b/cups/hash.c
@@ -16,6 +16,7 @@
 #  include <CommonCrypto/CommonDigest.h>
 #elif defined(HAVE_GNUTLS)
 #  include <gnutls/crypto.h>
+#  include "md5-internal.h"
 #else
 #  include "md5-internal.h"
 #endif /* __APPLE__ */
@@ -187,7 +188,22 @@ cupsHashData(const char    *algorithm,	/* I - Algorithm name */
 
 
   if (!strcmp(algorithm, "md5"))
-    alg = GNUTLS_DIG_MD5;
+  {
+   /*
+    * Some versions of GNU TLS disable MD5 without warning...
+    */
+
+    _cups_md5_state_t	state;		/* MD5 state info */
+
+    if (hashsize < 16)
+      goto too_small;
+
+    _cupsMD5Init(&state);
+    _cupsMD5Append(&state, data, datalen);
+    _cupsMD5Finish(&state, hash);
+
+    return (16);
+  }
   else if (!strcmp(algorithm, "sha"))
     alg = GNUTLS_DIG_SHA1;
   else if (!strcmp(algorithm, "sha2-224"))
@@ -243,6 +259,9 @@ cupsHashData(const char    *algorithm,	/* I - Algorithm name */
   {
     _cups_md5_state_t	state;		/* MD5 state info */
 
+    if (hashsize < 16)
+      goto too_small;
+
     _cupsMD5Init(&state);
     _cupsMD5Append(&state, data, datalen);
     _cupsMD5Finish(&state, hash);
diff --git a/cups/md5.c b/cups/md5.c
index c3b2768ddd..a94646c727 100644
--- a/cups/md5.c
+++ b/cups/md5.c
@@ -43,7 +43,7 @@
 #include "md5-internal.h"
 #include "string-private.h"
 
-#if !defined(__APPLE__) && !defined(HAVE_GNUTLS)
+#if !defined(__APPLE__)
 #  define T1 0xd76aa478
 #  define T2 0xe8c7b756
 #  define T3 0x242070db
@@ -338,4 +338,4 @@ _cupsMD5Finish(_cups_md5_state_t *pms, unsigned char digest[16])
     for (i = 0; i < 16; ++i)
 	digest[i] = (unsigned char)(pms->abcd[i >> 2] >> ((i & 3) << 3));
 }
-#endif /* !__APPLE__ && !HAVE_GNUTLS */
+#endif /* !__APPLE__ */