Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
ipsec-tools.6589
racoon-no-md5.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File racoon-no-md5.patch of Package ipsec-tools.6589
Index: ipsec-tools-0.8.0/src/racoon/handler.c =================================================================== --- ipsec-tools-0.8.0.orig/src/racoon/handler.c +++ ipsec-tools-0.8.0/src/racoon/handler.c @@ -1022,7 +1022,7 @@ check_recvdpkt(remote, local, rbuf) struct timeval now, diff; int len, s; - hash = eay_md5_one(rbuf); + hash = eay_sha1_one(rbuf); if (!hash) { plog(LLV_ERROR, LOCATION, NULL, "failed to allocate buffer.\n"); @@ -1109,7 +1109,7 @@ add_recvdpkt(remote, local, sbuf, rbuf) return -1; } - new->hash = eay_md5_one(rbuf); + new->hash = eay_sha1_one(rbuf); if (!new->hash) { plog(LLV_ERROR, LOCATION, NULL, "failed to allocate buffer.\n"); Index: ipsec-tools-0.8.0/src/racoon/crypto_openssl.c =================================================================== --- ipsec-tools-0.8.0.orig/src/racoon/crypto_openssl.c +++ ipsec-tools-0.8.0/src/racoon/crypto_openssl.c @@ -2343,6 +2343,35 @@ eay_md5_one(data) return eay_digest_one(data, EVP_md5()); } +vchar_t * +eay_md5fips_one(data) + vchar_t *data; +{ + EVP_MD_CTX ctx; + vchar_t *res; + unsigned int i; + + if ((res = vmalloc(EVP_MD_size(EVP_md5()))) == 0) + return NULL; + + EVP_MD_CTX_init(&ctx); +#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW + /* appeared around openssl 0.9.8k as define, allows usage in FIPS mode. */ + EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); +#endif + EVP_DigestInit_ex (&ctx, EVP_md5(), NULL); + + if (!EVP_DigestUpdate(&ctx, (void *) data->v, data->l)) + { + EVP_MD_CTX_cleanup(&ctx); + vfree(res); + return NULL; + } + EVP_DigestFinal_ex(&ctx, (void *) res->v, &i); + EVP_MD_CTX_cleanup(&ctx); + return res; +} + int eay_md5_hashlen() { Index: ipsec-tools-0.8.0/src/racoon/crypto_openssl.h =================================================================== --- ipsec-tools-0.8.0.orig/src/racoon/crypto_openssl.h +++ ipsec-tools-0.8.0/src/racoon/crypto_openssl.h @@ -202,6 +202,7 @@ extern caddr_t eay_md5_init __P((void)); extern void eay_md5_update __P((caddr_t, vchar_t *)); extern vchar_t *eay_md5_final __P((caddr_t)); extern vchar_t *eay_md5_one __P((vchar_t *)); +extern vchar_t *eay_md5fips_one __P((vchar_t *)); extern int eay_md5_hashlen __P((void)); /* RNG */ Index: ipsec-tools-0.8.0/src/racoon/vendorid.c =================================================================== --- ipsec-tools-0.8.0.orig/src/racoon/vendorid.c +++ ipsec-tools-0.8.0/src/racoon/vendorid.c @@ -166,7 +166,7 @@ compute_vendorids (void) vid.v = (char *) all_vendor_ids[i].string; vid.l = strlen(vid.v); - all_vendor_ids[i].hash = eay_md5_one(&vid); + all_vendor_ids[i].hash = eay_md5fips_one(&vid); if (all_vendor_ids[i].hash == NULL) plog(LLV_ERROR, LOCATION, NULL, "unable to hash vendor ID string\n");
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor