[Git][NTPsec/ntpsec][master] Use OpenSSL 3.0.0 MD5 calls, force fips off property to run on FIPS hosts. My...
Hal Murray (@hal.murray)
gitlab at mg.gitlab.com
Wed Aug 16 18:06:12 UTC 2023
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
2403ed08 by Jared Hamlin at 2023-08-16T18:06:07+00:00
Use OpenSSL 3.0.0 MD5 calls, force fips off property to run on FIPS hosts. My...
- - - - -
1 changed file:
- libntp/macencrypt.c
Changes:
=====================================
libntp/macencrypt.c
=====================================
@@ -298,6 +298,20 @@ addr2refid(sockaddr_u *addr)
if (IS_IPV4(addr))
return (NSRCADR(addr));
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EVP_MD *md5;
+ ctx = EVP_MD_CTX_new();
+ /* See section FIPS Provider:
+ * https://www.openssl.org/docs/man3.0/man7/crypto.html
+ * for property query strings
+ */
+ md5 = EVP_MD_fetch(NULL, "MD5", "fips=no");
+ if(!EVP_DigestInit_ex(ctx, md5, NULL)) {
+ msyslog(LOG_ERR, "MAC: MD5 init failed");
+ exit(1);
+ }
+ EVP_MD_free(md5);
+#else
ctx = EVP_MD_CTX_create();
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* MD5 is not used as a crypto hash here. */
@@ -307,7 +321,7 @@ addr2refid(sockaddr_u *addr)
msyslog(LOG_ERR, "MAC: MD5 init failed");
exit(1);
}
-
+#endif
EVP_DigestUpdate(ctx, (uint8_t *)PSOCK_ADDR6(addr),
sizeof(struct in6_addr));
EVP_DigestFinal_ex(ctx, digest, &len);
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/2403ed08edac6a44a7af5d54f3718a293acd7b5b
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/2403ed08edac6a44a7af5d54f3718a293acd7b5b
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20230816/507b094b/attachment-0001.htm>
More information about the vc
mailing list