File gnome-keyring-bsc932232-use-non-fips-md5.patch of Package gnome-keyring
--- a/pkcs11/secret-store/gkm-secret-binary.c
+++ a/pkcs11/secret-store/gkm-secret-binary.c
@@ -437,12 +437,16 @@ static gboolean
verify_decrypted_buffer (EggBuffer *buffer)
{
guchar digest[16];
+ GChecksum *cs;
+ gsize cs_len = sizeof (digest);
/* In case the world changes on us... */
- g_return_val_if_fail (gcry_md_get_algo_dlen (GCRY_MD_MD5) == sizeof (digest), 0);
+ g_return_val_if_fail (g_checksum_type_get_length (G_CHECKSUM_MD5) == sizeof (digest), 0);
- gcry_md_hash_buffer (GCRY_MD_MD5, (void*)digest,
- (guchar*)buffer->buf + 16, buffer->len - 16);
+ cs = g_checksum_new (G_CHECKSUM_MD5);
+ g_checksum_update (cs, (const guchar *) buffer->buf + 16, buffer->len - 16);
+ g_checksum_get_digest (cs, digest, &cs_len);
+ g_checksum_free (cs);
return memcmp (buffer->buf, digest, 16) == 0;
}
@@ -574,12 +578,14 @@ gkm_secret_binary_write (GkmSecretCollection *collection, GkmSecretData *sdata,
gint lock_timeout;
guchar salt[8];
guint flags = 0;
+ GChecksum *cs;
+ gsize cs_len = sizeof (digest);
int i;
g_return_val_if_fail (GKM_IS_SECRET_COLLECTION (collection), GKM_DATA_FAILURE);
g_return_val_if_fail (GKM_IS_SECRET_DATA (sdata), GKM_DATA_LOCKED);
g_return_val_if_fail (data && n_data, GKM_DATA_FAILURE);
- g_return_val_if_fail (gcry_md_get_algo_dlen (GCRY_MD_MD5) == sizeof (digest), GKM_DATA_FAILURE);
+ g_return_val_if_fail (g_checksum_type_get_length (G_CHECKSUM_MD5) == sizeof (digest), GKM_DATA_FAILURE);
obj = GKM_SECRET_OBJECT (collection);
@@ -636,8 +642,11 @@ gkm_secret_binary_write (GkmSecretCollection *collection, GkmSecretData *sdata,
while (to_encrypt.len % 16 != 0)
egg_buffer_add_byte (&to_encrypt, 0);
- gcry_md_hash_buffer (GCRY_MD_MD5, (void*)digest,
- (guchar*)to_encrypt.buf + 16, to_encrypt.len - 16);
+ cs = g_checksum_new (G_CHECKSUM_MD5);
+ g_checksum_update (cs, (const guchar *) to_encrypt.buf + 16, to_encrypt.len - 16);
+ g_checksum_get_digest (cs, digest, &cs_len);
+ g_checksum_free (cs);
+
memcpy (to_encrypt.buf, digest, 16);
/* If no master password is set, we shouldn't be writing binary... */
--- a/pkcs11/secret-store/gkm-secret-fields.c
+++ a/pkcs11/secret-store/gkm-secret-fields.c
@@ -111,12 +111,18 @@ static gchar*
compat_hash_value_as_string (const gchar *value)
{
guchar digest[16];
+ GChecksum *cs;
+ gsize cs_len = sizeof (digest);
if (!value)
return NULL;
- g_assert (gcry_md_get_algo_dlen (GCRY_MD_MD5) == sizeof (digest));
- gcry_md_hash_buffer (GCRY_MD_MD5, (void*)digest, value, strlen (value));
+ g_assert (g_checksum_type_get_length (G_CHECKSUM_MD5) == sizeof (digest));
+
+ cs = g_checksum_new (G_CHECKSUM_MD5);
+ g_checksum_update (cs, (const guchar *) value, strlen (value));
+ g_checksum_get_digest (cs, digest, &cs_len);
+ g_checksum_free (cs);
/* The old keyring code used lower case hex */
return egg_hex_encode_full (digest, sizeof (digest), FALSE, '\0', 0);