From 5e1ff664f95ab4c9176b3e86b5111e5777bad61a Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 15 Oct 2013 14:15:54 +0100
Subject: [PATCH] Don't use RSA+MD5 with TLS 1.2

Since the TLS 1.2 supported signature algorithms extension is less
sophisticaed in OpenSSL 1.0.1 this has to be done in two stages.

RSA+MD5 is removed from supported signature algorithms extension:
any compliant implementation should never use RSA+MD5 as a result.

To cover the case of a broken implementation using RSA+MD5 anyway
disable lookup of MD5 algorithm in TLS 1.2.
---
 ssl/t1_lib.c | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index f93216d454029..33afdeba33e5d 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -342,19 +342,11 @@ static unsigned char tls12_sigalgs[] = {
 #ifndef OPENSSL_NO_SHA
 	tlsext_sigalg(TLSEXT_hash_sha1)
 #endif
-#ifndef OPENSSL_NO_MD5
-	tlsext_sigalg_rsa(TLSEXT_hash_md5)
-#endif
 };
 
 int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
 	{
 	size_t slen = sizeof(tls12_sigalgs);
-#ifdef OPENSSL_FIPS
-	/* If FIPS mode don't include MD5 which is last */
-	if (FIPS_mode())
-		slen -= 2;
-#endif
 	if (p)
 		memcpy(p, tls12_sigalgs, slen);
 	return (int)slen;
@@ -2452,14 +2444,6 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg)
 	{
 	switch(hash_alg)
 		{
-#ifndef OPENSSL_NO_MD5
-		case TLSEXT_hash_md5:
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			return NULL;
-#endif
-		return EVP_md5();
-#endif
 #ifndef OPENSSL_NO_SHA
 		case TLSEXT_hash_sha1:
 		return EVP_sha1();