--- net-snmp-5.9.4/snmplib/scapi.c.orig
+++ net-snmp-5.9.4/snmplib/scapi.c
@@ -207,6 +207,10 @@
 
 #ifdef NETSNMP_USE_OPENSSL
 static
+void EVP_hmac(const EVP_MD *evp_md, const void *key,
+              const unsigned char *msg, unsigned char *md,
+              size_t *md_len);
+static
 int EVP_decrypt(const EVP_CIPHER *type, u_char * key,
                 u_int keylen, u_char * iv, u_char * ciphertext,
                 u_int ctlen, u_char * plaintext);
@@ -744,7 +748,7 @@
     size_t          properlength;
     u_char          buf[SNMP_MAXBUF_SMALL];
 #if  defined(NETSNMP_USE_OPENSSL) || defined(NETSNMP_USE_PKCS11)
-    unsigned int    buf_len = sizeof(buf);
+    size_t    buf_len = sizeof(buf);
 #endif
 #ifdef NETSNMP_USE_OPENSSL
     const EVP_MD   *hashfn;
@@ -791,7 +795,12 @@
     if (NULL == hashfn) {
         QUITFUN(SNMPERR_GENERR, sc_generate_keyed_hash_quit);
     }
-    HMAC(hashfn, key, keylen, message, msglen, buf, &buf_len);
+#ifndef NETSNMP_DISABLE_MD5
+    if (auth_type == NETSNMP_USMAUTH_HMACMD5)
+        EVP_hmac(hashfn, key, message, buf, &buf_len);
+    else
+#endif
+        HMAC(hashfn, key, keylen, message, msglen, buf, &buf_len);
     if (buf_len != properlength) {
         QUITFUN(rval, sc_generate_keyed_hash_quit);
     }
@@ -1827,6 +1836,49 @@
 #endif /* NETSNMP_USE_INTERNAL_CRYPTO */
 #ifdef NETSNMP_USE_OPENSSL
 static
+void EVP_hmac(const EVP_MD *evp_md, const void *key,
+              const unsigned char *msg, unsigned char *md,
+              size_t *md_len)
+{
+        EVP_MD_CTX* mdctx = NULL;
+        EVP_PKEY *pkey = NULL;
+
+        if(!(mdctx = EVP_MD_CTX_create())) {
+            snmp_log(LOG_ERR, "EVP_MD_CTX_create failure.\n");
+            return;
+        }
+        if(!(pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
+                                         key, EVP_MD_size(evp_md)))) {
+            snmp_log(LOG_ERR, "EVP_PKEY_new_mac_key failure.\n");
+            EVP_MD_CTX_destroy(mdctx);
+            return;
+        }
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
+        EVP_MD_CTX_set_flags (mdctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+#endif  
+        if(EVP_DigestSignInit(mdctx, NULL, evp_md, NULL, pkey) != 1) {
+            snmp_log(LOG_ERR, "EVP_DigestSignInit failure.\n");
+            EVP_MD_CTX_destroy(mdctx);
+            EVP_PKEY_free(pkey);
+            return;
+        }
+        if(EVP_DigestSignUpdate(mdctx, msg, strlen(msg)) != 1) {
+            snmp_log(LOG_ERR, "EVP_DigestSignUpdate failure.\n");
+            EVP_MD_CTX_destroy(mdctx);
+            EVP_PKEY_free(pkey);
+            return;
+        }
+        if(EVP_DigestSignFinal(mdctx, md, md_len) != 1) {
+            snmp_log(LOG_ERR, "EVP_DigestSignFinal failure.\n");
+            EVP_MD_CTX_destroy(mdctx);
+            EVP_PKEY_free(pkey);
+            return;
+        }   
+        EVP_MD_CTX_destroy(mdctx);
+        EVP_PKEY_free(pkey);
+}
+
+static
 int EVP_encrypt(const EVP_CIPHER *type, u_char * key,
                 u_int keylen, u_char * iv, const u_char * plaintext,
                 u_int ptlen, u_char * ciphertext, size_t * ctlen)