diff options
author | delphij <delphij@FreeBSD.org> | 2016-12-22 16:19:05 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2016-12-22 16:19:05 +0000 |
commit | 570e4ab90f4cd78ac7fef92fbb56aab29321dc2c (patch) | |
tree | cf1cd029c639825e80d40c5da7f0aa2e0d932883 /contrib/ntp/libntp/ssl_init.c | |
parent | 96b7b5bc05779ba1bdc5a939d6146b1f8883bd92 (diff) | |
download | FreeBSD-src-570e4ab90f4cd78ac7fef92fbb56aab29321dc2c.zip FreeBSD-src-570e4ab90f4cd78ac7fef92fbb56aab29321dc2c.tar.gz |
Fix multiple vulnerabilities of ntp.
Approved by: so
Diffstat (limited to 'contrib/ntp/libntp/ssl_init.c')
-rw-r--r-- | contrib/ntp/libntp/ssl_init.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/contrib/ntp/libntp/ssl_init.c b/contrib/ntp/libntp/ssl_init.c index a9d1d54..ef0f1c1 100644 --- a/contrib/ntp/libntp/ssl_init.c +++ b/contrib/ntp/libntp/ssl_init.c @@ -15,6 +15,7 @@ #ifdef OPENSSL #include "openssl/err.h" #include "openssl/evp.h" +#include "libssl_compat.h" void atexit_ssl_cleanup(void); @@ -62,6 +63,7 @@ ssl_check_version(void) INIT_SSL(); } + #endif /* OPENSSL */ @@ -84,7 +86,6 @@ keytype_from_text( u_char digest[EVP_MAX_MD_SIZE]; char * upcased; char * pch; - EVP_MD_CTX ctx; /* * OpenSSL digest short names are capitalized, so uppercase the @@ -110,8 +111,12 @@ keytype_from_text( if (NULL != pdigest_len) { #ifdef OPENSSL - EVP_DigestInit(&ctx, EVP_get_digestbynid(key_type)); - EVP_DigestFinal(&ctx, digest, &digest_len); + EVP_MD_CTX *ctx; + + ctx = EVP_MD_CTX_new(); + EVP_DigestInit(ctx, EVP_get_digestbynid(key_type)); + EVP_DigestFinal(ctx, digest, &digest_len); + EVP_MD_CTX_free(ctx); if (digest_len > max_digest_len) { fprintf(stderr, "key type %s %u octet digests are too big, max %lu\n", |