File net-snmp-reenable-md5-fips.patch of Package net-snmp.1199

Index: net-snmp-5.7.2.1/snmplib/scapi.c
===================================================================
--- net-snmp-5.7.2.1.orig/snmplib/scapi.c
+++ net-snmp-5.7.2.1/snmplib/scapi.c
@@ -334,9 +334,19 @@ sc_generate_keyed_hash(const oid * autht
      * Determine transform type.
      */
 #ifndef NETSNMP_DISABLE_MD5
-    if (ISTRANSFORM(authtype, HMACMD5Auth))
-        HMAC(EVP_md5(), key, keylen, message, msglen, buf, &buf_len);
-    else
+    if (ISTRANSFORM(authtype, HMACMD5Auth)) {
+	HMAC_CTX hmacctx;
+
+        /* fips md5 allowing version of:
+	 * HMAC(EVP_md5(), key, keylen, message, msglen, buf, &buf_len);
+	 */
+	HMAC_CTX_init (&hmacctx);
+	HMAC_CTX_set_flags (&hmacctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+	HMAC_Init(&hmacctx, key, keylen, EVP_md5());
+	HMAC_Update(&hmacctx, message, msglen);
+	HMAC_Final(&hmacctx, buf, &buf_len);
+	HMAC_CTX_cleanup(&hmacctx);
+    } else
 #endif
         if (ISTRANSFORM(authtype, HMACSHA1Auth))
         HMAC(EVP_sha1(), key, keylen, message, msglen, buf, &buf_len);
Index: net-snmp-5.7.2.1/snmplib/keytools.c
===================================================================
--- net-snmp-5.7.2.1.orig/snmplib/keytools.c
+++ net-snmp-5.7.2.1/snmplib/keytools.c
@@ -156,6 +156,7 @@ generate_Ku(const oid * hashtype, u_int
     EVP_MD_CTX_init(ctx);
 #endif
 #ifndef NETSNMP_DISABLE_MD5
+    EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
     if (ISTRANSFORM(hashtype, HMACMD5Auth))
         EVP_DigestInit(ctx, EVP_md5());
     else
openSUSE Build Service is sponsored by