allow MD5 use for computing old format hash links
authorDr. Stephen Henson <steve@openssl.org>
Wed, 22 Jun 2011 02:18:19 +0000 (02:18 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 22 Jun 2011 02:18:19 +0000 (02:18 +0000)
crypto/x509/x509_cmp.c

index 67a84d1..80ebcd3 100644 (file)
@@ -240,13 +240,18 @@ unsigned long X509_NAME_hash(X509_NAME *x)
 
 unsigned long X509_NAME_hash_old(X509_NAME *x)
        {
+       EVP_MD_CTX md_ctx;
        unsigned long ret=0;
        unsigned char md[16];
 
        /* Make sure X509_NAME structure contains valid cached encoding */
        i2d_X509_NAME(x,NULL);
-       if (!EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL))
-               return 0;
+       EVP_MD_CTX_init(&md_ctx);
+       EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+       EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
+       EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
+       EVP_DigestFinal_ex(&md_ctx,md,NULL);
+       EVP_MD_CTX_cleanup(&md_ctx);
 
        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)