centos 7
crypto weakness #341


Weakness Breakdown


This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

DES only supports a 56-bit keysize, which is too small given today's computers.

File Name:



The highlighted line of code below is the trigger point of this particular Centos 7 crypto weakness.

 	if (load_crls(store, "smime-crl-file", "smime-crl-dir") != OKAY)
		return 1;
	for (ip = msgvec; *ip; ip++) {
		ec |= smime_verify(&message[*ip-1], *ip, chain, store);
	return ec;

static EVP_CIPHER *
smime_cipher(const char *name)
	const EVP_CIPHER	*cipher;
	char	*vn, *cp;
	int	vs;

	vn = ac_alloc(vs = strlen(name) + 30);
	snprintf(vn, vs, "smime-cipher-%s", name);
	if ((cp = value(vn)) != NULL) {
		if (strcmp(cp, "rc2-40") == 0)
			cipher = EVP_rc2_40_cbc();
		else if (strcmp(cp, "rc2-64") == 0)
			cipher = EVP_rc2_64_cbc();
		else if (strcmp(cp, "des") == 0)
			cipher = EVP_des_cbc();
		else if (strcmp(cp, "des-ede3") == 0)
			cipher = EVP_des_ede3_cbc();
		else {
			fprintf(stderr, "Invalid cipher \"%s\".\n", cp);
			cipher = NULL;
	} else
		cipher = EVP_des_ede3_cbc();
	return (EVP_CIPHER *)cipher;

smime_encrypt(FILE *ip, const char *certfile, const char *to)
	FILE	*yp, *fp, *bp, *hp;
	char	*cp;
	X509	*cert;
	PKCS7	*pkcs7;
	BIO	*bb, *yb;
	STACK_OF(X509)	*certs;
	STACK	*certs;

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.