File gnome-keyring-bsc932232-use-non-fips-md5.patch of Package gnome-keyring.1838

diff --git a/egg/egg-openssl.c b/egg/egg-openssl.c
index 5515be1..e68c2b7 100644
--- a/egg/egg-openssl.c
+++ b/egg/egg-openssl.c
@@ -226,7 +226,7 @@ egg_openssl_decrypt_block (const gchar *dekinfo,
 	g_return_val_if_fail (ivlen >= 8, FALSE);
 
 	/* IV is already set from the DEK info */
-	if (!egg_symkey_generate_simple (algo, GCRY_MD_MD5, password,
+	if (!egg_symkey_generate_simple (algo, GCRY_MD_SHA1, password,
 	                                 n_password, iv, 8, 1, &key, NULL)) {
 		g_free (iv);
 		return NULL;
@@ -289,7 +289,7 @@ egg_openssl_encrypt_block (const gchar *dekinfo,
 	g_return_val_if_fail (ivlen >= 8, NULL);
 
 	/* IV is already set from the DEK info */
-	if (!egg_symkey_generate_simple (algo, GCRY_MD_MD5, password,
+	if (!egg_symkey_generate_simple (algo, GCRY_MD_SHA1, password,
 	                                        n_password, iv, 8, 1, &key, NULL))
 		g_return_val_if_reached (NULL);
 
diff --git a/pkcs11/secret-store/gkm-secret-binary.c b/pkcs11/secret-store/gkm-secret-binary.c
index a4ee19c..4eda4cc 100644
--- a/pkcs11/secret-store/gkm-secret-binary.c
+++ b/pkcs11/secret-store/gkm-secret-binary.c
@@ -437,12 +437,16 @@ static gboolean
 verify_decrypted_buffer (EggBuffer *buffer)
 {
         guchar digest[16];
+	GChecksum *cs;
+	gsize cs_len = sizeof (digest);
 
 	/* In case the world changes on us... */
-	g_return_val_if_fail (gcry_md_get_algo_dlen (GCRY_MD_MD5) == sizeof (digest), 0);
+	g_return_val_if_fail (g_checksum_type_get_length (G_CHECKSUM_MD5) == sizeof (digest), 0);
 
-	gcry_md_hash_buffer (GCRY_MD_MD5, (void*)digest,
-			     (guchar*)buffer->buf + 16, buffer->len - 16);
+	cs = g_checksum_new (G_CHECKSUM_MD5);
+	g_checksum_update (cs, (const guchar *) buffer->buf + 16, buffer->len - 16);
+	g_checksum_get_digest (cs, digest, &cs_len);
+	g_checksum_free (cs);
 
 	return memcmp (buffer->buf, digest, 16) == 0;
 }
@@ -574,12 +578,14 @@ gkm_secret_binary_write (GkmSecretCollection *collection, GkmSecretData *sdata,
         gint lock_timeout;
         guchar salt[8];
 	guint flags = 0;
+	GChecksum *cs;
+	gsize cs_len;
 	int i;
 
 	g_return_val_if_fail (GKM_IS_SECRET_COLLECTION (collection), GKM_DATA_FAILURE);
 	g_return_val_if_fail (GKM_IS_SECRET_DATA (sdata), GKM_DATA_LOCKED);
 	g_return_val_if_fail (data && n_data, GKM_DATA_FAILURE);
-	g_return_val_if_fail (gcry_md_get_algo_dlen (GCRY_MD_MD5) == sizeof (digest), GKM_DATA_FAILURE);
+	g_return_val_if_fail (g_checksum_type_get_length (G_CHECKSUM_MD5) == sizeof (digest), GKM_DATA_FAILURE);
 
 	obj = GKM_SECRET_OBJECT (collection);
 
@@ -636,8 +642,11 @@ gkm_secret_binary_write (GkmSecretCollection *collection, GkmSecretData *sdata,
 	while (to_encrypt.len % 16 != 0)
 		egg_buffer_add_byte (&to_encrypt, 0);
 
-	gcry_md_hash_buffer (GCRY_MD_MD5, (void*)digest,
-			     (guchar*)to_encrypt.buf + 16, to_encrypt.len - 16);
+	cs = g_checksum_new (G_CHECKSUM_MD5);
+	g_checksum_update (cs, (const guchar *) to_encrypt.buf + 16, to_encrypt.len - 16);
+	g_checksum_get_digest (cs, digest, &cs_len);
+	g_checksum_free (cs);
+
 	memcpy (to_encrypt.buf, digest, 16);
 
 	/* If no master password is set, we shouldn't be writing binary... */
diff --git a/pkcs11/secret-store/gkm-secret-fields.c b/pkcs11/secret-store/gkm-secret-fields.c
index 578d618..66ede8d 100644
--- a/pkcs11/secret-store/gkm-secret-fields.c
+++ b/pkcs11/secret-store/gkm-secret-fields.c
@@ -111,12 +111,18 @@ static gchar*
 compat_hash_value_as_string (const gchar *value)
 {
 	guchar digest[16];
+	GChecksum *cs;
+	gsize cs_len = sizeof (digest);
 
 	if (!value)
 		return NULL;
 
-	g_assert (gcry_md_get_algo_dlen (GCRY_MD_MD5) == sizeof (digest));
-	gcry_md_hash_buffer (GCRY_MD_MD5, (void*)digest, value, strlen (value));
+	g_assert (g_checksum_type_get_length (G_CHECKSUM_MD5) == sizeof (digest));
+
+	cs = g_checksum_new (G_CHECKSUM_MD5);
+	g_checksum_update (cs, (const guchar *) value, strlen (value));
+	g_checksum_get_digest (cs, digest, &cs_len);
+	g_checksum_free (cs);
 
 	/* The old keyring code used lower case hex */
 	return egg_hex_encode_full (digest, sizeof (digest), FALSE, '\0', 0);
diff --git a/pkcs11/secret-store/tests/dump-keyring0-format.c b/pkcs11/secret-store/tests/dump-keyring0-format.c
index a459cd3..2ff1064 100644
--- a/pkcs11/secret-store/tests/dump-keyring0-format.c
+++ b/pkcs11/secret-store/tests/dump-keyring0-format.c
@@ -556,13 +556,17 @@ decrypt_buffer (Buffer *buffer,
 static gboolean
 verify_decrypted_buffer (Buffer *buffer)
 {
-	guchar digest[16];
+        guchar digest[16];
+	GChecksum *cs;
+	gsize cs_len = sizeof (digest);
 
 	/* In case the world changes on us... */
-	g_return_val_if_fail (gcry_md_get_algo_dlen (GCRY_MD_MD5) == sizeof (digest), 0);
+	g_return_val_if_fail (g_checksum_type_get_length (G_CHECKSUM_MD5) == sizeof (digest), 0);
 
-	gcry_md_hash_buffer (GCRY_MD_MD5, (void*)digest,
-			     (guchar*)buffer->buf + 16, buffer->len - 16);
+	cs = g_checksum_new (G_CHECKSUM_MD5);
+	g_checksum_update (cs, (const guchar *) buffer->buf + 16, buffer->len - 16);
+	g_checksum_get_digest (cs, digest, &cs_len);
+	g_checksum_free (cs);
 
 	return memcmp (buffer->buf, digest, 16) == 0;
 }