File chrony-refid-internal-md5.patch of Package chrony.23349
--- util.c.orig
+++ util.c
@@ -32,7 +32,13 @@
#include "logging.h"
#include "memory.h"
#include "util.h"
-#include "hash.h"
+/*
+ * We use the internal MD5 implementation here to avoid trouble with
+ * FIPS. This is OK, because MD5 is only being used for the non-crypto
+ * purpose of hashing 128 bit IPv6 addresses to 32 bit referenc IDs,
+ * as required by RFC 5905.
+ */
+#include "md5.c"
#define NSEC_PER_SEC 1000000000
@@ -392,21 +398,17 @@ UTI_IsIPReal(const IPAddr *ip)
uint32_t
UTI_IPToRefid(const IPAddr *ip)
{
- static int MD5_hash = -1;
- unsigned char buf[16];
+ MD5_CTX ctx;
+ unsigned char *buf = &ctx.digest;
switch (ip->family) {
case IPADDR_INET4:
return ip->addr.in4;
case IPADDR_INET6:
- if (MD5_hash < 0)
- MD5_hash = HSH_GetHashId(HSH_MD5);
-
- if (MD5_hash < 0 ||
- HSH_Hash(MD5_hash, (const unsigned char *)ip->addr.in6, sizeof (ip->addr.in6),
- NULL, 0, buf, sizeof (buf)) != sizeof (buf))
- LOG_FATAL("Could not get MD5");
-
+ MD5Init(&ctx);
+ MD5Update(&ctx, (unsigned const char *)ip->addr.in6,
+ sizeof(ip->addr.in6));
+ MD5Final(&ctx);
return (uint32_t)buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3];
}
return 0;