- initial patch by <stenn@ntp.org>, extended by <perlinger@ntp.org>
* [Sec 3412] ctl_getitem(): Don't compare names past NUL. <perlinger@ntp.org>
* [Sec 3012] Sybil vulnerability: noepeer support. HStenn, JPerlinger.
+* [Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org>
* [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
* [Bug 3450] Dubious error messages from plausibility checks in get_systime()
- removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
/* make sure MD5 is allowd */
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
-
- if (!EVP_DigestInit(ctx, EVP_get_digestbynid(ktype))) {
+ /* [Bug 3457] DON'T use plain EVP_DigestInit! It would
+ * kill the flags! */
+ if (!EVP_DigestInit_ex(ctx, EVP_get_digestbynid(ktype), NULL)) {
msyslog(LOG_ERR, "MAC encrypt: MAC %s Digest Init failed.",
OBJ_nid2sn(ktype));
goto mac_fail;
INIT_SSL();
ctx = EVP_MD_CTX_new();
-#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
+# ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* MD5 is not used as a crypto hash here. */
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-#endif
+# endif
+ /* [Bug 3457] DON'T use plain EVP_DigestInit! It would kill the
+ * flags! */
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) {
msyslog(LOG_ERR,
"MD5 init failed");
}
ctx = EVP_MD_CTX_new();
+# if defined(OPENSSL) && defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+ /* [Bug 3457] set flags and don't kill them again */
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_DigestInit_ex(ctx, EVP_get_digestbynid(NID_md5), NULL);
+# else
EVP_DigestInit(ctx, EVP_get_digestbynid(NID_md5));
+# endif
EVP_DigestUpdate(ctx, salt, sizeof(salt));
EVP_DigestUpdate(ctx, &ts_i, sizeof(ts_i));
EVP_DigestUpdate(ctx, &ts_f, sizeof(ts_f));
break;
}
ctx = EVP_MD_CTX_new();
+# if defined(OPENSSL) && defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+ /* [Bug 3457] set flags and don't kill them again */
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_DigestInit_ex(ctx, EVP_get_digestbynid(crypto_nid), NULL);
+# else
EVP_DigestInit(ctx, EVP_get_digestbynid(crypto_nid));
+# endif
EVP_DigestUpdate(ctx, (u_char *)header, hdlen);
EVP_DigestFinal(ctx, dgst, &len);
EVP_MD_CTX_free(ctx);
ptr = emalloc(len);
BN_bn2bin(bn, ptr);
ctx = EVP_MD_CTX_new();
+# if defined(OPENSSL) && defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+ /* [Bug 3457] set flags and don't kill them again */
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+# else
EVP_DigestInit(ctx, EVP_md5());
+# endif
EVP_DigestUpdate(ctx, ptr, len);
EVP_DigestFinal(ctx, dgst, &len);
EVP_MD_CTX_free(ctx);
if (!(ctx = EVP_MD_CTX_new())) {
msyslog(LOG_ERR, "make_mac: MAC %s Digest CTX new failed.",
macname);
+ goto mac_fail;
}
#ifdef OPENSSL /* OpenSSL 1 supports return codes 0 fail, 1 okay */
- else if (!EVP_DigestInit(ctx, EVP_get_digestbynid(key_type))) {
+# ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+# endif
+ /* [Bug 3457] DON'T use plain EVP_DigestInit! It would
+ * kill the flags! */
+ if (!EVP_DigestInit_ex(ctx, EVP_get_digestbynid(key_type), NULL)) {
msyslog(LOG_ERR, "make_mac: MAC %s Digest Init failed.",
macname);
+ goto mac_fail;
}
- else if (!EVP_DigestUpdate(ctx, key_data, key_size)) {
+ if (!EVP_DigestUpdate(ctx, key_data, key_size)) {
msyslog(LOG_ERR, "make_mac: MAC %s Digest Update key failed.",
macname);
+ goto mac_fail;
}
- else if (!EVP_DigestUpdate(ctx, pkt_data, pkt_size)) {
+ if (!EVP_DigestUpdate(ctx, pkt_data, pkt_size)) {
msyslog(LOG_ERR, "make_mac: MAC %s Digest Update data failed.",
macname);
+ goto mac_fail;
}
- else if (!EVP_DigestFinal(ctx, digest, &len)) {
+ if (!EVP_DigestFinal(ctx, digest, &len)) {
msyslog(LOG_ERR, "make_mac: MAC %s Digest Final failed.",
macname);
len = 0;
EVP_DigestUpdate(ctx, pkt_data, pkt_size);
EVP_DigestFinal(ctx, digest, &len);
#endif
-
+ mac_fail:
EVP_MD_CTX_free(ctx);
}
projects / thirdparty / ntp.git / commitdiff
