From eba2217ac06dab658526991e93e018b91c92d7b5 Mon Sep 17 00:00:00 2001 From: Kotresh HR Date: Tue, 19 Dec 2017 00:05:05 -0500 Subject: [PATCH 364/385] fips: Replace md5sum usage to enable fips support md5sum is not fips compliant. Using xxhash64 instead of md5sum for socket file generation in glusterd and changelog to enable fips support. NOTE: md5sum is 128 bit hash. xxhash used is 64 bit. Backport of: > Patch: https://review.gluster.org/19048 > Updates: #230 > Change-Id: I1bf2ea05905b9151cd29fa951f903685ab0dc84c > Signed-off-by: Kotresh HR BUG: 1459709 Change-Id: I1bf2ea05905b9151cd29fa951f903685ab0dc84c Signed-off-by: Kotresh HR Reviewed-on: https://code.engineering.redhat.com/gerrit/149770 Tested-by: RHGS Build Bot Reviewed-by: Sunil Kumar Heggodu Gopala Acharya --- libglusterfs/src/common-utils.c | 11 ----------- libglusterfs/src/common-utils.h | 1 - xlators/features/changelog/src/changelog-misc.h | 20 ++++++++++---------- xlators/mgmt/glusterd/src/glusterd-utils.c | 8 +++++--- 4 files changed, 15 insertions(+), 25 deletions(-) diff --git a/libglusterfs/src/common-utils.c b/libglusterfs/src/common-utils.c index fd2f004..f632e78 100644 --- a/libglusterfs/src/common-utils.c +++ b/libglusterfs/src/common-utils.c @@ -75,17 +75,6 @@ typedef int32_t (*rw_op_t)(int32_t fd, char *buf, int32_t size); typedef int32_t (*rwv_op_t)(int32_t fd, const struct iovec *buf, int32_t size); void -md5_wrapper(const unsigned char *data, size_t len, char *md5) -{ - unsigned short i = 0; - unsigned short lim = MD5_DIGEST_LENGTH*2+1; - unsigned char scratch[MD5_DIGEST_LENGTH] = {0,}; - MD5(data, len, scratch); - for (; i < MD5_DIGEST_LENGTH; i++) - snprintf(md5 + i * 2, lim-i*2, "%02x", scratch[i]); -} - -void gf_xxh64_wrapper(const unsigned char *data, size_t len, unsigned long long seed, char *xxh64) { diff --git a/libglusterfs/src/common-utils.h b/libglusterfs/src/common-utils.h index 0131070..da943f4 100644 --- a/libglusterfs/src/common-utils.h +++ b/libglusterfs/src/common-utils.h @@ -835,7 +835,6 @@ gf_ports_reserved (char *blocked_port, unsigned char *ports, uint32_t ceiling); int gf_get_hostname_from_ip (char *client_ip, char **hostname); gf_boolean_t gf_is_local_addr (char *hostname); gf_boolean_t gf_is_same_address (char *host1, char *host2); -void md5_wrapper(const unsigned char *data, size_t len, char *md5); void gf_xxh64_wrapper(const unsigned char *data, size_t len, unsigned long long seed, char *xxh64); int gf_set_timestamp (const char *src, const char* dest); diff --git a/xlators/features/changelog/src/changelog-misc.h b/xlators/features/changelog/src/changelog-misc.h index 94d6c50..93af201 100644 --- a/xlators/features/changelog/src/changelog-misc.h +++ b/xlators/features/changelog/src/changelog-misc.h @@ -36,24 +36,24 @@ "GlusterFS Changelog | version: v%d.%d | encoding : %d\n" #define CHANGELOG_MAKE_SOCKET_PATH(brick_path, sockpath, len) do { \ - char md5_sum[MD5_DIGEST_LENGTH*2+1] = {0,}; \ - md5_wrapper((unsigned char *) brick_path, \ - strlen(brick_path), \ - md5_sum); \ + char xxh64[GF_XXH64_DIGEST_LENGTH*2+1] = {0,}; \ + gf_xxh64_wrapper ((unsigned char *)brick_path, \ + strlen(brick_path), \ + GF_XXHSUM64_DEFAULT_SEED, xxh64); \ (void) snprintf (sockpath, len, \ - CHANGELOG_UNIX_SOCK, md5_sum); \ + CHANGELOG_UNIX_SOCK, xxh64); \ } while (0) #define CHANGELOG_MAKE_TMP_SOCKET_PATH(brick_path, sockpath, len) do { \ unsigned long pid = 0; \ - char md5_sum[MD5_DIGEST_LENGTH*2+1] = {0,}; \ + char xxh64[GF_XXH64_DIGEST_LENGTH*2+1] = {0,}; \ pid = (unsigned long) getpid (); \ - md5_wrapper((unsigned char *) brick_path, \ - strlen(brick_path), \ - md5_sum); \ + gf_xxh64_wrapper ((unsigned char *)brick_path, \ + strlen(brick_path), \ + GF_XXHSUM64_DEFAULT_SEED, xxh64); \ (void) snprintf (sockpath, \ len, CHANGELOG_TMP_UNIX_SOCK, \ - md5_sum, pid); \ + xxh64, pid); \ } while (0) diff --git a/xlators/mgmt/glusterd/src/glusterd-utils.c b/xlators/mgmt/glusterd/src/glusterd-utils.c index 01345cd..4fd8575 100644 --- a/xlators/mgmt/glusterd/src/glusterd-utils.c +++ b/xlators/mgmt/glusterd/src/glusterd-utils.c @@ -1852,10 +1852,12 @@ out: void glusterd_set_socket_filepath (char *sock_filepath, char *sockpath, size_t len) { - char md5_sum[MD5_DIGEST_LENGTH*2+1] = {0,}; + char xxh64[GF_XXH64_DIGEST_LENGTH*2+1] = {0,}; - md5_wrapper ((unsigned char *) sock_filepath, strlen(sock_filepath), md5_sum); - snprintf (sockpath, len, "%s/%s.socket", GLUSTERD_SOCK_DIR, md5_sum); + gf_xxh64_wrapper ((unsigned char *)sock_filepath, + strlen(sock_filepath), + GF_XXHSUM64_DEFAULT_SEED, xxh64); + snprintf (sockpath, len, "%s/%s.socket", GLUSTERD_SOCK_DIR, xxh64); } void -- 1.8.3.1