Bump hash for rpmdb cookie to SHA256 to appease FIPS

The rpmdb cookie is not a security feature, but as these existing hashes are more convenient than coming up with our own... we then run into the great big wall of FIPS which in its current incarnation disallows use of SHA1. And so rpmdbCookie() fails under current FIPS. Just bumping the algorithm to SHA256 seems the path of lowest resistance, whether that algo makes sense for this purpose or not. (cherry picked from commit a26f6655546158153807017e7ded2aff5e4e10e4)
author: Panu Matilainen <pmatilai@redhat.com> 2022-01-31 11:13:35 +0200
committer: Michal Domonkos <mdomonko@redhat.com> 2022-07-01 10:52:14 +0200
commit: 1db8004b3bcbf073257b4a059915001d512e0686 (patch)
tree: 1d077088eb8d48bbd3356bc51cb732f2504b6314
parent: 030f74db1ecfdcaf72c9152ecfd74ee7c96faff3 (diff)
download: rpm-1db8004b3bcbf073257b4a059915001d512e0686.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/rpmdb.c b/lib/rpmdb.c
index 2fa1f00fa..99a2619c4 100644
--- a/lib/rpmdb.c
+++ b/lib/rpmdb.c
@@ -2643,7 +2643,7 @@ char *rpmdbCookie(rpmdb db)
     rpmdbIndexIterator ii = rpmdbIndexIteratorInit(db, RPMDBI_NAME);
 
     if (ii) {
-	DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
+	DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA256, RPMDIGEST_NONE);
 	const void *key = 0;
 	size_t keylen = 0;
 	while ((rpmdbIndexIteratorNext(ii, &key, &keylen)) == 0) {
author	Panu Matilainen <pmatilai@redhat.com>	2022-01-31 11:13:35 +0200
committer	Michal Domonkos <mdomonko@redhat.com>	2022-07-01 10:52:14 +0200
commit	1db8004b3bcbf073257b4a059915001d512e0686 (patch)
tree	1d077088eb8d48bbd3356bc51cb732f2504b6314
parent	030f74db1ecfdcaf72c9152ecfd74ee7c96faff3 (diff)
download	rpm-1db8004b3bcbf073257b4a059915001d512e0686.tar.gz