]>
Commit | Line | Data |
---|---|---|
5af29fb3 MT |
1 | diff -up ntp-4.2.6p5/libntp/a_md5encrypt.c.fipsmd5 ntp-4.2.6p5/libntp/a_md5encrypt.c |
2 | --- ntp-4.2.6p5/libntp/a_md5encrypt.c.fipsmd5 2011-12-01 03:55:17.000000000 +0100 | |
3 | +++ ntp-4.2.6p5/libntp/a_md5encrypt.c 2012-10-24 16:24:04.972358878 +0200 | |
4 | @@ -38,7 +38,11 @@ MD5authencrypt( | |
5 | * was creaded. | |
6 | */ | |
7 | INIT_SSL(); | |
8 | - EVP_DigestInit(&ctx, EVP_get_digestbynid(type)); | |
9 | + if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) { | |
10 | + msyslog(LOG_ERR, | |
11 | + "MAC encrypt: digest init failed"); | |
12 | + return (0); | |
13 | + } | |
14 | EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen); | |
15 | EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length); | |
16 | EVP_DigestFinal(&ctx, digest, &len); | |
17 | @@ -71,7 +75,11 @@ MD5authdecrypt( | |
18 | * was created. | |
19 | */ | |
20 | INIT_SSL(); | |
21 | - EVP_DigestInit(&ctx, EVP_get_digestbynid(type)); | |
22 | + if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) { | |
23 | + msyslog(LOG_ERR, | |
24 | + "MAC decrypt: digest init failed"); | |
25 | + return (0); | |
26 | + } | |
27 | EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen); | |
28 | EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length); | |
29 | EVP_DigestFinal(&ctx, digest, &len); | |
30 | @@ -101,7 +109,16 @@ addr2refid(sockaddr_u *addr) | |
31 | return (NSRCADR(addr)); | |
32 | ||
33 | INIT_SSL(); | |
34 | - EVP_DigestInit(&ctx, EVP_get_digestbynid(NID_md5)); | |
35 | + EVP_MD_CTX_init(&ctx); | |
36 | +#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW | |
37 | + /* MD5 is not used as a crypto hash here. */ | |
38 | + EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | |
39 | +#endif | |
40 | + if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) { | |
41 | + msyslog(LOG_ERR, | |
42 | + "MD5 init failed"); | |
43 | + exit(1); | |
44 | + } | |
45 | EVP_DigestUpdate(&ctx, (u_char *)PSOCK_ADDR6(addr), | |
46 | sizeof(struct in6_addr)); | |
47 | EVP_DigestFinal(&ctx, digest, &len); |