From a75391899459f6123721631613c5d044fc4795af Mon Sep 17 00:00:00 2001
From: Kotresh HR <khiremat@redhat.com>
Date: Wed, 20 Dec 2017 15:24:11 +0530
Subject: [PATCH 377/385] fips/geo-rep: Replace MD5 with SHA256
MD5 is not fips compliant. Hence replacing
with SHA256.
NOTE:
The hash is used to form the ctl_path for the ssh connection.
The length of ctl_path for ssh connection should not be > 108.
ssh fails with ctl_path too long if it is so. But when rsync
is piped to ssh, it is not taking > 90. rsync is failing with
error number 12. Hence using first 32 bytes of hash. Hash
collision doesn't matter as only one sock file is created
per directory.
Backport of:
> Patch: https://review.gluster.org/19061
> Updates: #230
> Change-Id: I58aeb32a80b5422f6ac0188cf33fbecccbf08ae7
> Signed-off-by: Kotresh HR <khiremat@redhat.com>
BUG: 1459709
Change-Id: I58aeb32a80b5422f6ac0188cf33fbecccbf08ae7
Signed-off-by: Kotresh HR <khiremat@redhat.com>
Reviewed-on: https://code.engineering.redhat.com/gerrit/149772
Tested-by: RHGS Build Bot <nigelb@redhat.com>
Reviewed-by: Aravinda Vishwanathapura Krishna Murthy <avishwan@redhat.com>
Reviewed-by: Sunil Kumar Heggodu Gopala Acharya <sheggodu@redhat.com>
---
geo-replication/syncdaemon/master.py | 4 ++--
geo-replication/syncdaemon/syncdutils.py | 26 ++++++++++++++++----------
2 files changed, 18 insertions(+), 12 deletions(-)
diff --git a/geo-replication/syncdaemon/master.py b/geo-replication/syncdaemon/master.py
index 6de2c77..cd135df 100644
--- a/geo-replication/syncdaemon/master.py
+++ b/geo-replication/syncdaemon/master.py
@@ -23,7 +23,7 @@ from threading import Condition, Lock
from datetime import datetime
from gconf import gconf
from syncdutils import Thread, GsyncdError, boolify, escape_space_newline
-from syncdutils import unescape_space_newline, gauxpfx, md5hex, selfkill
+from syncdutils import unescape_space_newline, gauxpfx, escape1, selfkill
from syncdutils import lstat, errno_wrap, FreeObject, lf, matching_disk_gfid
from syncdutils import NoStimeAvailable, PartialHistoryAvailable
@@ -771,7 +771,7 @@ class GMasterChangelogMixin(GMasterCommon):
selfkill()
def setup_working_dir(self):
- workdir = os.path.join(gconf.working_dir, md5hex(gconf.local_path))
+ workdir = os.path.join(gconf.working_dir, escape1(gconf.local_path))
logging.debug('changelog working dir %s' % workdir)
return workdir
diff --git a/geo-replication/syncdaemon/syncdutils.py b/geo-replication/syncdaemon/syncdutils.py
index d798356..3218192 100644
--- a/geo-replication/syncdaemon/syncdutils.py
+++ b/geo-replication/syncdaemon/syncdutils.py
@@ -60,11 +60,7 @@ try:
except ImportError:
import urllib
-try:
- from hashlib import md5 as md5
-except ImportError:
- # py 2.4
- from md5 import new as md5
+from hashlib import sha256 as sha256
# auxiliary gfid based access prefix
_CL_AUX_GFID_PFX = ".gfid/"
@@ -97,6 +93,8 @@ def escape(s):
to turn whatever data to creatable representation"""
return urllib.quote_plus(s)
+def escape1(s):
+ return s.replace("/", "-").strip("-")
def unescape(s):
"""inverse of .escape"""
@@ -175,13 +173,21 @@ def setup_ssh_ctl(ctld, remote_addr, resource_url):
gconf.ssh_ctl_dir = ctld
content = "SLAVE_HOST=%s\nSLAVE_RESOURCE_URL=%s" % (remote_addr,
resource_url)
- content_md5 = md5hex(content)
+ content_sha256 = sha256hex(content)
+ """
+ The length of ctl_path for ssh connection should not be > 108.
+ ssh fails with ctl_path too long if it is so. But when rsync
+ is piped to ssh, it is not taking > 90. Hence using first 32
+ bytes of hash. Hash collision doesn't matter as only one sock
+ file is created per directory.
+ """
+ content_sha256 = content_sha256[:32]
fname = os.path.join(gconf.ssh_ctl_dir,
- "%s.mft" % content_md5)
+ "%s.mft" % content_sha256)
create_manifest(fname, content)
ssh_ctl_path = os.path.join(gconf.ssh_ctl_dir,
- "%s.sock" % content_md5)
+ "%s.sock" % content_sha256)
gconf.ssh_ctl_args = ["-oControlMaster=auto", "-S", ssh_ctl_path]
@@ -536,8 +542,8 @@ def gauxpfx():
return _CL_AUX_GFID_PFX
-def md5hex(s):
- return md5(s).hexdigest()
+def sha256hex(s):
+ return sha256(s).hexdigest()
def selfkill(sig=SIGTERM):
--
1.8.3.1