Fix multiple vulnerabilities of ntp.

Approved by:	so

1 files changed, 8 insertions, 3 deletions

diff --git a/contrib/ntp/libntp/ssl_init.c b/contrib/ntp/libntp/ssl_init.c
index a9d1d54..ef0f1c1 100644
--- a/contrib/ntp/libntp/ssl_init.c
+++ b/contrib/ntp/libntp/ssl_init.c
@@ -15,6 +15,7 @@
 #ifdef OPENSSL
 #include "openssl/err.h"
 #include "openssl/evp.h"
+#include "libssl_compat.h"
 
 void	atexit_ssl_cleanup(void);
 
@@ -62,6 +63,7 @@ ssl_check_version(void)
 
 	INIT_SSL();
 }
+
 #endif	/* OPENSSL */
 
 
@@ -84,7 +86,6 @@ keytype_from_text(
 	u_char		digest[EVP_MAX_MD_SIZE];
 	char *		upcased;
 	char *		pch;
-	EVP_MD_CTX	ctx;
 
 	/*
 	 * OpenSSL digest short names are capitalized, so uppercase the
@@ -110,8 +111,12 @@ keytype_from_text(
 
 	if (NULL != pdigest_len) {
 #ifdef OPENSSL
-		EVP_DigestInit(&ctx, EVP_get_digestbynid(key_type));
-		EVP_DigestFinal(&ctx, digest, &digest_len);
+		EVP_MD_CTX	*ctx;
+
+		ctx = EVP_MD_CTX_new();
+		EVP_DigestInit(ctx, EVP_get_digestbynid(key_type));
+		EVP_DigestFinal(ctx, digest, &digest_len);
+		EVP_MD_CTX_free(ctx);
 		if (digest_len > max_digest_len) {
 			fprintf(stderr,
 				"key type %s %u octet digests are too big, max %lu\n",