f1e86c08f1
but needed for calculating refids from IPv6 addresses as part of the NTP protocol (rfc5905). As this is a non-cryptographic use of MD5 we can use our own implementation without violating FIPS rules: chrony-refid-internal-md5.patch . OBS-URL: https://build.opensuse.org/package/show/network:time/chrony?expand=0&rev=103
46 lines
1.3 KiB
Diff
46 lines
1.3 KiB
Diff
--- util.c.orig
|
|
+++ util.c
|
|
@@ -32,7 +32,13 @@
|
|
#include "logging.h"
|
|
#include "memory.h"
|
|
#include "util.h"
|
|
-#include "hash.h"
|
|
+/*
|
|
+ * We use the internal MD5 implementation here to avoid trouble with
|
|
+ * FIPS. This is OK, because MD5 is only being used for the non-crypto
|
|
+ * purpose of hashing 128 bit IPv6 addresses to 32 bit referenc IDs,
|
|
+ * as required by RFC 5905.
|
|
+ */
|
|
+#include "md5.c"
|
|
|
|
#define NSEC_PER_SEC 1000000000
|
|
|
|
@@ -392,21 +398,17 @@ UTI_IsIPReal(const IPAddr *ip)
|
|
uint32_t
|
|
UTI_IPToRefid(const IPAddr *ip)
|
|
{
|
|
- static int MD5_hash = -1;
|
|
- unsigned char buf[16];
|
|
+ MD5_CTX ctx;
|
|
+ unsigned char *buf = &ctx.digest;
|
|
|
|
switch (ip->family) {
|
|
case IPADDR_INET4:
|
|
return ip->addr.in4;
|
|
case IPADDR_INET6:
|
|
- if (MD5_hash < 0)
|
|
- MD5_hash = HSH_GetHashId(HSH_MD5);
|
|
-
|
|
- if (MD5_hash < 0 ||
|
|
- HSH_Hash(MD5_hash, (const unsigned char *)ip->addr.in6, sizeof (ip->addr.in6),
|
|
- NULL, 0, buf, sizeof (buf)) != sizeof (buf))
|
|
- LOG_FATAL("Could not get MD5");
|
|
-
|
|
+ MD5Init(&ctx);
|
|
+ MD5Update(&ctx, (unsigned const char *)ip->addr.in6,
|
|
+ sizeof(ip->addr.in6));
|
|
+ MD5Final(&ctx);
|
|
return (uint32_t)buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3];
|
|
}
|
|
return 0;
|