DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 17:55:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

hash: allow non-security MD5 use in FIPS mode

Browse Source 
gnutls running in the FIPS140-2 mode does not allow MD5 to be
initialized, which breaks chronyd using MD5 to calculate reference ID
of IPv6 addresses. Specify a new hash algorithm for non-security MD5 use
and temporarily switch to the lax mode when initializing the hash
function.
This commit is contained in:
Miroslav Lichvar
2021-09-02 11:44:15 +02:00
parent f363998517
commit 36441fabde
8 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
util.c
View File

@@ -400,7 +400,7 @@ UTI_IPToRefid(const IPAddr *ip)
return ip->addr.in4;
case IPADDR_INET6:
if (MD5_hash < 0)
MD5_hash = HSH_GetHashId(HSH_MD5);
MD5_hash = HSH_GetHashId(HSH_MD5_NONCRYPTO);
if (MD5_hash < 0 ||
HSH_Hash(MD5_hash, (const unsigned char *)ip->addr.in6, sizeof (ip->addr.in6),