centos 7
crypto weakness #340

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

These keysizes are too small given today's computers.

File Name:

mailx-12.5/openssl.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 crypto weakness.

 		}
	}
	if (load_crls(store, "smime-crl-file", "smime-crl-dir") != OKAY)
		return 1;
	for (ip = msgvec; *ip; ip++) {
		setdot(&message[*ip-1]);
		ec |= smime_verify(&message[*ip-1], *ip, chain, store);
	}
	return ec;
}

static EVP_CIPHER *
smime_cipher(const char *name)
{
	const EVP_CIPHER	*cipher;
	char	*vn, *cp;
	int	vs;

	vn = ac_alloc(vs = strlen(name) + 30);
	snprintf(vn, vs, "smime-cipher-%s", name);
	if ((cp = value(vn)) != NULL) {
		if (strcmp(cp, "rc2-40") == 0)
			cipher = EVP_rc2_40_cbc();
		else if (strcmp(cp, "rc2-64") == 0)
			cipher = EVP_rc2_64_cbc();
		else if (strcmp(cp, "des") == 0)
			cipher = EVP_des_cbc();
		else if (strcmp(cp, "des-ede3") == 0)
			cipher = EVP_des_ede3_cbc();
		else {
			fprintf(stderr, "Invalid cipher \"%s\".\n", cp);
			cipher = NULL;
		}
	} else
		cipher = EVP_des_ede3_cbc();
	ac_free(vn);
	return (EVP_CIPHER *)cipher;
}

FILE *
smime_encrypt(FILE *ip, const char *certfile, const char *to)
{
	FILE	*yp, *fp, *bp, *hp;
	char	*cp;
	X509	*cert;
	PKCS7	*pkcs7;
	BIO	*bb, *yb;
#ifdef HAVE_STACK_OF
	STACK_OF(X509)	*certs;
#else 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.