rpms / glusterfs

Clone
Source Code
GIT

Blame SOURCES/0497-socket-Use-AES128-cipher-in-SSL-if-AES-is-supported-.patch

c4 c5 c5-plus c6 c6-plus c6-sig-storage-gluster-5 c6-sig-storage-gluster-6 c6-sig-storage-gluster-7 c7 c7-alt c7-atomic c7-beta c7-sig-storage-gluster-5 c7-sig-storage-gluster-6 c7-sig-storage-gluster-7 c7-sig-storage-gluster-8 c7-sig-storage-gluster-9 c8 c8-beta c8-sig-storage-gluster-10 c8-sig-storage-gluster-6 c8-sig-storage-gluster-7 c8-sig-storage-gluster-8 c8-sig-storage-gluster-9 c8s c8s-sig-storage-gluster-10 c8s-sig-storage-gluster-11 c8s-sig-storage-gluster-8 c8s-sig-storage-gluster-9 c9 c9-beta c9s-sig-storage-gluster-10 c9s-sig-storage-gluster-11 c9s-sig-storage-gluster-9
  1.   c8
  2.   SOURCES
  3.   0497-socket-Use-AES128-cipher-in-SSL-if-AES-is-supported-.patch
Blob History Raw
b7d4d7 
From 85a5cce40dba0393e636c0eb5af9d8f8746f2315 Mon Sep 17 00:00:00 2001
b7d4d7 
From: Mohit Agrawal <moagrawal@redhat.com>
b7d4d7 
Date: Thu, 2 Jan 2020 10:23:52 +0530
b7d4d7 
Subject: [PATCH 497/511] socket: Use AES128 cipher in SSL if AES is supported
b7d4d7 
 by CPU
b7d4d7
b7d4d7 
SSL performance is improved after configuring AES128 cipher
b7d4d7 
so use AES128 cipher as a default cipher on the CPU those
b7d4d7 
enabled AES bits otherwise ssl use AES256 cipher
b7d4d7
b7d4d7 
> Change-Id: I91c50fe987cbb22ed76f8012094730c592c63506
b7d4d7 
> Fixes: #1050
b7d4d7 
> Signed-off-by: Mohit Agrawal <moagrawal@redhat.com>
b7d4d7 
> (Cherry pick from commit 177cc09d24515596eb51739ce0a276c26e3c52f1)
b7d4d7 
> (Reviewed on upstream link https://review.gluster.org/#/c/glusterfs/+/23952/)
b7d4d7
b7d4d7 
Change-Id: I91c50fe987cbb22ed76f8012094730c592c63506
b7d4d7 
Bug: 1612973
b7d4d7 
Signed-off-by: Mohit Agrawal <moagrawal@redhat.com>
b7d4d7 
Reviewed-on: https://code.engineering.redhat.com/gerrit/220870
b7d4d7 
Tested-by: Mohit Agrawal <moagrawa@redhat.com>
b7d4d7 
Tested-by: RHGS Build Bot <nigelb@redhat.com>
b7d4d7 
Reviewed-by: Sunil Kumar Heggodu Gopala Acharya <sheggodu@redhat.com>
b7d4d7 
---
b7d4d7 
 rpc/rpc-transport/socket/src/socket.c | 32 ++++++++++++++++++++++++++++++++
b7d4d7 
 1 file changed, 32 insertions(+)
b7d4d7
b7d4d7 
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c
b7d4d7 
index 54cd5df..1ee7320 100644
b7d4d7 
--- a/rpc/rpc-transport/socket/src/socket.c
b7d4d7 
+++ b/rpc/rpc-transport/socket/src/socket.c
b7d4d7 
@@ -4238,6 +4238,34 @@ static void __attribute__((destructor)) fini_openssl_mt(void)
b7d4d7 
     ERR_free_strings();
b7d4d7 
 }
b7d4d7
b7d4d7 
+/* The function returns 0 if AES bit is enabled on the CPU */
b7d4d7 
+static int
b7d4d7 
+ssl_check_aes_bit(void)
b7d4d7 
+{
b7d4d7 
+    FILE *fp = fopen("/proc/cpuinfo", "r");
b7d4d7 
+    int ret = 1;
b7d4d7 
+    size_t len = 0;
b7d4d7 
+    char *line = NULL;
b7d4d7 
+    char *match = NULL;
b7d4d7 
+
b7d4d7 
+    GF_ASSERT(fp != NULL);
b7d4d7 
+
b7d4d7 
+    while (getline(&line, &len, fp) > 0) {
b7d4d7 
+        if (!strncmp(line, "flags", 5)) {
b7d4d7 
+            match = strstr(line, " aes");
b7d4d7 
+            if ((match != NULL) && ((match[4] == ' ') || (match[4] == 0))) {
b7d4d7 
+                ret = 0;
b7d4d7 
+                break;
b7d4d7 
+            }
b7d4d7 
+        }
b7d4d7 
+    }
b7d4d7 
+
b7d4d7 
+    free(line);
b7d4d7 
+    fclose(fp);
b7d4d7 
+
b7d4d7 
+    return ret;
b7d4d7 
+}
b7d4d7 
+
b7d4d7 
 static int
b7d4d7 
 ssl_setup_connection_params(rpc_transport_t *this)
b7d4d7 
 {
b7d4d7 
@@ -4261,6 +4289,10 @@ ssl_setup_connection_params(rpc_transport_t *this)
b7d4d7 
         return 0;
b7d4d7 
     }
b7d4d7
b7d4d7 
+    if (!ssl_check_aes_bit()) {
b7d4d7 
+        cipher_list = "AES128:" DEFAULT_CIPHER_LIST;
b7d4d7 
+    }
b7d4d7 
+
b7d4d7 
     priv->ssl_own_cert = DEFAULT_CERT_PATH;
b7d4d7 
     if (dict_get_str(this->options, SSL_OWN_CERT_OPT, &optstr) == 0) {
b7d4d7 
         if (!priv->ssl_enabled) {
b7d4d7 
--
b7d4d7 
1.8.3.1
b7d4d7

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation