lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-11-20 02:42:09 +03:00
Code Activity

openssl.c: Avoid OpenSSL latent error in FIPS mode (#528)

Browse Source 
File:
openssl.c

Notes:
Avoid initing MD5 digest, which is not permitted in OpenSSL FIPS certified cryptography mode.

Credit:
Marc
This commit is contained in:
Marc
2021-05-03 22:49:02 +01:00
committed by GitHub
parent 35695772d0
commit b853d7a86e
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/openssl.c
View File

@@ -2221,6 +2221,13 @@ _libssh2_sha512(const unsigned char *message, unsigned long len,
int
_libssh2_md5_init(libssh2_md5_ctx *ctx)
{
/* MD5 digest is not supported in OpenSSL FIPS mode
* Trying to init it will result in a latent OpenSSL error:
* "digital envelope routines:FIPS_DIGESTINIT:disabled for fips"
* So, just return 0 in FIPS mode
*/
if(FIPS_mode() != 0)
return 0;
#ifdef HAVE_OPAQUE_STRUCTS
*ctx = EVP_MD_CTX_new();