rpms / glusterfs

Clone
Source Code
GIT

Blame SOURCES/0364-fips-Replace-md5sum-usage-to-enable-fips-support.patch

c4 c5 c5-plus c6 c6-plus c6-sig-storage-gluster-5 c6-sig-storage-gluster-6 c6-sig-storage-gluster-7 c7 c7-alt c7-atomic c7-beta c7-sig-storage-gluster-5 c7-sig-storage-gluster-6 c7-sig-storage-gluster-7 c7-sig-storage-gluster-8 c7-sig-storage-gluster-9 c8 c8-beta c8-sig-storage-gluster-10 c8-sig-storage-gluster-6 c8-sig-storage-gluster-7 c8-sig-storage-gluster-8 c8-sig-storage-gluster-9 c8s c8s-sig-storage-gluster-10 c8s-sig-storage-gluster-11 c8s-sig-storage-gluster-8 c8s-sig-storage-gluster-9 c9 c9-beta c9s-sig-storage-gluster-10 c9s-sig-storage-gluster-11 c9s-sig-storage-gluster-9
  1.   2035baf668bb97fc7ff04dffbff22574feba0023
  2.   SOURCES
  3.   0364-fips-Replace-md5sum-usage-to-enable-fips-support.patch
Blob History Raw
e7a346 
From eba2217ac06dab658526991e93e018b91c92d7b5 Mon Sep 17 00:00:00 2001
e7a346 
From: Kotresh HR <khiremat@redhat.com>
e7a346 
Date: Tue, 19 Dec 2017 00:05:05 -0500
e7a346 
Subject: [PATCH 364/385] fips: Replace md5sum usage to enable fips support
e7a346
e7a346 
md5sum is not fips compliant. Using xxhash64 instead of
e7a346 
md5sum for socket file generation in glusterd and
e7a346 
changelog to enable fips support.
e7a346
e7a346 
NOTE: md5sum is 128 bit hash. xxhash used is 64 bit.
e7a346
e7a346 
Backport of:
e7a346 
 > Patch: https://review.gluster.org/19048
e7a346 
 > Updates: #230
e7a346 
 > Change-Id: I1bf2ea05905b9151cd29fa951f903685ab0dc84c
e7a346 
 > Signed-off-by: Kotresh HR <khiremat@redhat.com>
e7a346
e7a346 
BUG: 1459709
e7a346 
Change-Id: I1bf2ea05905b9151cd29fa951f903685ab0dc84c
e7a346 
Signed-off-by: Kotresh HR <khiremat@redhat.com>
e7a346 
Reviewed-on: https://code.engineering.redhat.com/gerrit/149770
e7a346 
Tested-by: RHGS Build Bot <nigelb@redhat.com>
e7a346 
Reviewed-by: Sunil Kumar Heggodu Gopala Acharya <sheggodu@redhat.com>
e7a346 
---
e7a346 
 libglusterfs/src/common-utils.c                 | 11 -----------
e7a346 
 libglusterfs/src/common-utils.h                 |  1 -
e7a346 
 xlators/features/changelog/src/changelog-misc.h | 20 ++++++++++----------
e7a346 
 xlators/mgmt/glusterd/src/glusterd-utils.c      |  8 +++++---
e7a346 
 4 files changed, 15 insertions(+), 25 deletions(-)
e7a346
e7a346 
diff --git a/libglusterfs/src/common-utils.c b/libglusterfs/src/common-utils.c
e7a346 
index fd2f004..f632e78 100644
e7a346 
--- a/libglusterfs/src/common-utils.c
e7a346 
+++ b/libglusterfs/src/common-utils.c
e7a346 
@@ -75,17 +75,6 @@ typedef int32_t (*rw_op_t)(int32_t fd, char *buf, int32_t size);
e7a346 
 typedef int32_t (*rwv_op_t)(int32_t fd, const struct iovec *buf, int32_t size);
e7a346
e7a346 
 void
e7a346 
-md5_wrapper(const unsigned char *data, size_t len, char *md5)
e7a346 
-{
e7a346 
-        unsigned short i = 0;
e7a346 
-        unsigned short lim = MD5_DIGEST_LENGTH*2+1;
e7a346 
-        unsigned char scratch[MD5_DIGEST_LENGTH] = {0,};
e7a346 
-        MD5(data, len, scratch);
e7a346 
-        for (; i < MD5_DIGEST_LENGTH; i++)
e7a346 
-                snprintf(md5 + i * 2, lim-i*2, "%02x", scratch[i]);
e7a346 
-}
e7a346 
-
e7a346 
-void
e7a346 
 gf_xxh64_wrapper(const unsigned char *data, size_t len, unsigned long long seed,
e7a346 
                  char *xxh64)
e7a346 
 {
e7a346 
diff --git a/libglusterfs/src/common-utils.h b/libglusterfs/src/common-utils.h
e7a346 
index 0131070..da943f4 100644
e7a346 
--- a/libglusterfs/src/common-utils.h
e7a346 
+++ b/libglusterfs/src/common-utils.h
e7a346 
@@ -835,7 +835,6 @@ gf_ports_reserved (char *blocked_port, unsigned char *ports, uint32_t ceiling);
e7a346 
 int gf_get_hostname_from_ip (char *client_ip, char **hostname);
e7a346 
 gf_boolean_t gf_is_local_addr (char *hostname);
e7a346 
 gf_boolean_t gf_is_same_address (char *host1, char *host2);
e7a346 
-void md5_wrapper(const unsigned char *data, size_t len, char *md5);
e7a346 
 void gf_xxh64_wrapper(const unsigned char *data, size_t len,
e7a346 
                       unsigned long long seed, char *xxh64);
e7a346 
 int gf_set_timestamp  (const char *src, const char* dest);
e7a346 
diff --git a/xlators/features/changelog/src/changelog-misc.h b/xlators/features/changelog/src/changelog-misc.h
e7a346 
index 94d6c50..93af201 100644
e7a346 
--- a/xlators/features/changelog/src/changelog-misc.h
e7a346 
+++ b/xlators/features/changelog/src/changelog-misc.h
e7a346 
@@ -36,24 +36,24 @@
e7a346 
         "GlusterFS Changelog | version: v%d.%d | encoding : %d\n"
e7a346
e7a346 
 #define CHANGELOG_MAKE_SOCKET_PATH(brick_path, sockpath, len) do {      \
e7a346 
-                char md5_sum[MD5_DIGEST_LENGTH*2+1] = {0,};             \
e7a346 
-                md5_wrapper((unsigned char *) brick_path,               \
e7a346 
-                            strlen(brick_path),                         \
e7a346 
-                            md5_sum);                                   \
e7a346 
+                char xxh64[GF_XXH64_DIGEST_LENGTH*2+1] = {0,};          \
e7a346 
+                gf_xxh64_wrapper ((unsigned char *)brick_path,          \
e7a346 
+                                  strlen(brick_path),                   \
e7a346 
+                                  GF_XXHSUM64_DEFAULT_SEED, xxh64);     \
e7a346 
                 (void) snprintf (sockpath, len,                         \
e7a346 
-                                 CHANGELOG_UNIX_SOCK, md5_sum);         \
e7a346 
+                                 CHANGELOG_UNIX_SOCK, xxh64);           \
e7a346 
         } while (0)
e7a346
e7a346 
 #define CHANGELOG_MAKE_TMP_SOCKET_PATH(brick_path, sockpath, len) do {  \
e7a346 
                 unsigned long pid = 0;                                  \
e7a346 
-                char md5_sum[MD5_DIGEST_LENGTH*2+1] = {0,};             \
e7a346 
+                char xxh64[GF_XXH64_DIGEST_LENGTH*2+1] = {0,};          \
e7a346 
                 pid = (unsigned long) getpid ();                        \
e7a346 
-                md5_wrapper((unsigned char *) brick_path,               \
e7a346 
-                            strlen(brick_path),                         \
e7a346 
-                            md5_sum);                                   \
e7a346 
+                gf_xxh64_wrapper ((unsigned char *)brick_path,          \
e7a346 
+                                  strlen(brick_path),                   \
e7a346 
+                                  GF_XXHSUM64_DEFAULT_SEED, xxh64);     \
e7a346 
                 (void) snprintf (sockpath,                              \
e7a346 
                                  len, CHANGELOG_TMP_UNIX_SOCK,          \
e7a346 
-                                 md5_sum, pid);                         \
e7a346 
+                                 xxh64, pid);                           \
e7a346 
         } while (0)
e7a346
e7a346
e7a346 
diff --git a/xlators/mgmt/glusterd/src/glusterd-utils.c b/xlators/mgmt/glusterd/src/glusterd-utils.c
e7a346 
index 01345cd..4fd8575 100644
e7a346 
--- a/xlators/mgmt/glusterd/src/glusterd-utils.c
e7a346 
+++ b/xlators/mgmt/glusterd/src/glusterd-utils.c
e7a346 
@@ -1852,10 +1852,12 @@ out:
e7a346 
 void
e7a346 
 glusterd_set_socket_filepath (char *sock_filepath, char *sockpath, size_t len)
e7a346 
 {
e7a346 
-        char md5_sum[MD5_DIGEST_LENGTH*2+1] = {0,};
e7a346 
+        char xxh64[GF_XXH64_DIGEST_LENGTH*2+1] = {0,};
e7a346
e7a346 
-        md5_wrapper ((unsigned char *) sock_filepath, strlen(sock_filepath), md5_sum);
e7a346 
-        snprintf (sockpath, len, "%s/%s.socket", GLUSTERD_SOCK_DIR, md5_sum);
e7a346 
+        gf_xxh64_wrapper ((unsigned char *)sock_filepath,
e7a346 
+                          strlen(sock_filepath),
e7a346 
+                          GF_XXHSUM64_DEFAULT_SEED, xxh64);
e7a346 
+        snprintf (sockpath, len, "%s/%s.socket", GLUSTERD_SOCK_DIR, xxh64);
e7a346 
 }
e7a346
e7a346 
 void
e7a346 
--
e7a346 
1.8.3.1
e7a346

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation