crypto: Remove sha224 and add md5 hash

SHA224 is not supported on RHEL6 and also it's kind of weird. Instead of
that, md5 can now be configured.

Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Fabio M. Di Nitto <fdinitto@redhat.com>

exec/coroparse.c

@@ -480,8 +480,8 @@ static int main_config_parser_cb(const char *path,
 			}
 			if (strcmp(path, "totem.crypto_hash") == 0) {
 				if ((strcmp(value, "none") != 0) &&
+				    (strcmp(value, "md5") != 0) &&
 				    (strcmp(value, "sha1") != 0) &&
-				    (strcmp(value, "sha224") != 0) &&
 				    (strcmp(value, "sha256") != 0) &&
 				    (strcmp(value, "sha384") != 0) &&
 				    (strcmp(value, "sha512") != 0)) {

exec/totemconfig.c

@@ -152,12 +152,12 @@ static void totem_get_crypto(struct totem_config *totem_config)
 		if (strcmp(str, "none") == 0) {
 			tmp_hash = "none";
 		}
+		if (strcmp(str, "md5") == 0) {
+			tmp_hash = "md5";
+		}
 		if (strcmp(str, "sha1") == 0) {
 			tmp_hash = "sha1";
 		}
-		if (strcmp(str, "sha224") == 0) {
-			tmp_hash = "sha224";
-		}
 		if (strcmp(str, "sha256") == 0) {
 			tmp_hash = "sha256";
 		}

exec/totemcrypto.c

@@ -109,8 +109,8 @@ size_t cypher_block_len[] = {
 
 enum crypto_hash_t {
 	CRYPTO_HASH_TYPE_NONE	= 0,
-	CRYPTO_HASH_TYPE_SHA1	= 1,
-	CRYPTO_HASH_TYPE_SHA224	= 2,
+	CRYPTO_HASH_TYPE_MD5	= 1,
+	CRYPTO_HASH_TYPE_SHA1	= 2,
 	CRYPTO_HASH_TYPE_SHA256	= 3,
 	CRYPTO_HASH_TYPE_SHA384	= 4,
 	CRYPTO_HASH_TYPE_SHA512	= 5
@@ -118,8 +118,8 @@ enum crypto_hash_t {
 
 CK_MECHANISM_TYPE hash_to_nss[] = {
 	 0,				/* CRYPTO_HASH_TYPE_NONE */
+	CKM_MD5_HMAC,			/* CRYPTO_HASH_TYPE_MD5 */
 	CKM_SHA_1_HMAC,			/* CRYPTO_HASH_TYPE_SHA1 */
-	CKM_SHA224_HMAC,		/* CRYPTO_HASH_TYPE_SHA224 */
 	CKM_SHA256_HMAC,		/* CRYPTO_HASH_TYPE_SHA256 */
 	CKM_SHA384_HMAC,		/* CRYPTO_HASH_TYPE_SHA384 */
 	CKM_SHA512_HMAC			/* CRYPTO_HASH_TYPE_SHA512 */
@@ -127,8 +127,8 @@ CK_MECHANISM_TYPE hash_to_nss[] = {
 
 size_t hash_len[] = {
 	 0,				/* CRYPTO_HASH_TYPE_NONE */
+	MD5_LENGTH,			/* CRYPTO_HASH_TYPE_MD5 */
 	SHA1_LENGTH,			/* CRYPTO_HASH_TYPE_SHA1 */
-	SHA224_LENGTH,			/* CRYPTO_HASH_TYPE_SHA224 */
 	SHA256_LENGTH,			/* CRYPTO_HASH_TYPE_SHA256 */
 	SHA384_LENGTH,			/* CRYPTO_HASH_TYPE_SHA384 */
 	SHA512_LENGTH			/* CRYPTO_HASH_TYPE_SHA512 */
@@ -136,8 +136,8 @@ size_t hash_len[] = {
 
 size_t hash_block_len[] = {
 	 0,				/* CRYPTO_HASH_TYPE_NONE */
+	MD5_BLOCK_LENGTH,		/* CRYPTO_HASH_TYPE_MD5 */
 	SHA1_BLOCK_LENGTH,		/* CRYPTO_HASH_TYPE_SHA1 */
-	SHA224_BLOCK_LENGTH,		/* CRYPTO_HASH_TYPE_SHA224 */
 	SHA256_BLOCK_LENGTH,		/* CRYPTO_HASH_TYPE_SHA256 */
 	SHA384_BLOCK_LENGTH,		/* CRYPTO_HASH_TYPE_SHA384 */
 	SHA512_BLOCK_LENGTH		/* CRYPTO_HASH_TYPE_SHA512 */
@@ -586,10 +586,10 @@ static int string_to_crypto_hash_type(const char* crypto_hash_type)
 {
 	if (strcmp(crypto_hash_type, "none") == 0) {
 		return CRYPTO_HASH_TYPE_NONE;
+	} else if (strcmp(crypto_hash_type, "md5") == 0) {
+		return CRYPTO_HASH_TYPE_MD5;
 	} else if (strcmp(crypto_hash_type, "sha1") == 0) {
 		return CRYPTO_HASH_TYPE_SHA1;
-	} else if (strcmp(crypto_hash_type, "sha224") == 0) {
-		return CRYPTO_HASH_TYPE_SHA224;
 	} else if (strcmp(crypto_hash_type, "sha256") == 0) {
 		return CRYPTO_HASH_TYPE_SHA256;
 	} else if (strcmp(crypto_hash_type, "sha384") == 0) {

man/corosync.conf.5

@@ -160,7 +160,7 @@ a subset of the cluster (for example during a rolling upgrade).
 .TP
 crypto_hash
 This specifies which HMAC authentication should be used to authenticate all
-messages. Valid values are none (no authentication), sha1, sha224, sha256,
+messages. Valid values are none (no authentication), md5, sha1, sha256,
 sha384 and sha512.
 
 The default is sha1.