hash: allow non-security MD5 use in FIPS mode

gnutls running in the FIPS140-2 mode does not allow MD5 to be initialized, which breaks chronyd using MD5 to calculate reference ID of IPv6 addresses. Specify a new hash algorithm for non-security MD5 use and temporarily switch to the lax mode when initializing the hash function.
2025-12-03 16:35:06 -05:00 · 2021-09-02 11:44:15 +02:00
parent f363998517
commit 36441fabde
8 changed files with 28 additions and 3 deletions
--- a/hash_nettle.c
+++ b/hash_nettle.c
@@ -59,6 +59,9 @@ HSH_GetHashId(HSH_Algorithm algorithm)
 {
  int id, nid;

+  if (algorithm == HSH_MD5_NONCRYPTO)
+    algorithm = HSH_MD5;
+
  for (id = 0; hashes[id].algorithm != 0; id++) {
    if (hashes[id].algorithm == algorithm)
      break;