Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 01:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Tell OpenSSL that MD5 is not used for security in order to allow bro to work properly on a FIPS system

Browse source
This commit is contained in:
Robert Clark 2018-10-26 10:32:21 -04:00
parent fa6e7219ff
commit a72e9a8126
No known key found for this signature in database
GPG key ID: 7355980FEB03D257
10 changed files with 97 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/util.cc
View file

@ -41,6 +41,7 @@
# include <malloc.h>
#endif
#include "digest.h"
#include "input.h"
#include "util.h"
#include "Obj.h"
@ -712,12 +713,12 @@ void hmac_md5(size_t size, const unsigned char* bytes, unsigned char digest[16])
if ( ! hmac_key_set )
reporter->InternalError("HMAC-MD5 invoked before the HMAC key is set");
MD5(bytes, size, digest);
internal_md5(bytes, size, digest);
for ( int i = 0; i < 16; ++i )
digest[i] ^= shared_hmac_md5_key[i];
MD5(digest, 16, digest);
internal_md5(digest, 16, digest);
}
static bool read_random_seeds(const char* read_file, uint32* seed,
@ -871,7 +872,7 @@ void init_random_seed(const char* read_file, const char* write_file)
if ( ! hmac_key_set )
{
assert(sizeof(buf) - 16 == 64);
MD5((const u_char*) buf, sizeof(buf) - 16, shared_hmac_md5_key); // The last 128 bits of buf are for siphash
internal_md5((const u_char*) buf, sizeof(buf) - 16, shared_hmac_md5_key); // The last 128 bits of buf are for siphash
hmac_key_set = true;
}