From: Dr. Stephen Henson <steve@openssl.org>
Date: Wed, 22 Jun 2011 02:18:19 +0000 (+0000)
Subject: allow MD5 use for computing old format hash links
X-Git-Tag: OpenSSL-fips-2_0-rc1~306
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a52b7b44b2a21cd37c1d7f13a07cd34215e51335;p=openssl

allow MD5 use for computing old format hash links
---

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 67a84d17d3..80ebcd3421 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -240,13 +240,18 @@ unsigned long X509_NAME_hash(X509_NAME *x)
 
 unsigned long X509_NAME_hash_old(X509_NAME *x)
 	{
+	EVP_MD_CTX md_ctx;
 	unsigned long ret=0;
 	unsigned char md[16];
 
 	/* Make sure X509_NAME structure contains valid cached encoding */
 	i2d_X509_NAME(x,NULL);
-	if (!EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL))
-		return 0;
+	EVP_MD_CTX_init(&md_ctx);
+	EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+	EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
+	EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
+	EVP_DigestFinal_ex(&md_ctx,md,NULL);
+	EVP_MD_CTX_cleanup(&md_ctx);
 
 	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
 		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)