From f0e9776dd915c70bd9acb4e9624e8e2fd91ae7b7 Mon Sep 17 00:00:00 2001 From: Kotresh HR Date: Tue, 19 Dec 2017 07:21:07 -0500 Subject: [PATCH 376/385] rchecksum/fips: Replace MD5 usage to enable fips support rchecksum uses MD5 which is not fips compliant. Hence using sha256 for the same. Backport of: > Patch: https://review.gluster.org/19052 > Updates: #230 > Change-Id: I7fad016fcc2a9900395d0da919cf5ba996ec5278 > Signed-off-by: Kotresh HR BUG: 1459709 Change-Id: I7fad016fcc2a9900395d0da919cf5ba996ec5278 Signed-off-by: Kotresh HR Reviewed-on: https://code.engineering.redhat.com/gerrit/149771 Tested-by: RHGS Build Bot Reviewed-by: Sunil Kumar Heggodu Gopala Acharya --- libglusterfs/src/checksum.c | 8 +++++--- libglusterfs/src/default-args.c | 2 +- xlators/cluster/afr/src/afr-self-heal-common.c | 2 +- xlators/cluster/afr/src/afr-self-heal-data.c | 4 ++-- xlators/cluster/afr/src/afr.h | 2 +- xlators/mgmt/glusterd/src/glusterd-utils.c | 2 +- xlators/protocol/server/src/server-common.c | 2 +- xlators/storage/bd/src/bd.c | 4 +--- xlators/storage/posix/src/posix.c | 3 +-- 9 files changed, 14 insertions(+), 15 deletions(-) diff --git a/libglusterfs/src/checksum.c b/libglusterfs/src/checksum.c index 5fac133..a7f9877 100644 --- a/libglusterfs/src/checksum.c +++ b/libglusterfs/src/checksum.c @@ -8,9 +8,10 @@ cases as published by the Free Software Foundation. */ -#include +#include #include #include +#include /* * The "weak" checksum required for the rsync algorithm. @@ -30,7 +31,8 @@ gf_rsync_weak_checksum (unsigned char *buf, size_t len) * The "strong" checksum required for the rsync algorithm. */ void -gf_rsync_strong_checksum (unsigned char *data, size_t len, unsigned char *md5) +gf_rsync_strong_checksum (unsigned char *data, size_t len, + unsigned char *sha256_md) { - MD5 (data, len, md5); + SHA256((const unsigned char *)data, len, sha256_md); } diff --git a/libglusterfs/src/default-args.c b/libglusterfs/src/default-args.c index f40de2d..3ccf52a 100644 --- a/libglusterfs/src/default-args.c +++ b/libglusterfs/src/default-args.c @@ -1140,7 +1140,7 @@ args_rchecksum_cbk_store (default_args_cbk_t *args, args->weak_checksum = weak_checksum; args->strong_checksum = - memdup (strong_checksum, MD5_DIGEST_LENGTH); + memdup (strong_checksum, SHA256_DIGEST_LENGTH); } if (xdata) args->xdata = dict_ref (xdata); diff --git a/xlators/cluster/afr/src/afr-self-heal-common.c b/xlators/cluster/afr/src/afr-self-heal-common.c index 50989d6..2989b9e 100644 --- a/xlators/cluster/afr/src/afr-self-heal-common.c +++ b/xlators/cluster/afr/src/afr-self-heal-common.c @@ -665,7 +665,7 @@ afr_reply_copy (struct afr_reply *dst, struct afr_reply *src) if (dst->xdata) dict_unref (dst->xdata); dst->xdata = xdata; - memcpy (dst->checksum, src->checksum, MD5_DIGEST_LENGTH); + memcpy (dst->checksum, src->checksum, SHA256_DIGEST_LENGTH); } void diff --git a/xlators/cluster/afr/src/afr-self-heal-data.c b/xlators/cluster/afr/src/afr-self-heal-data.c index 3ef7376..dd44deb 100644 --- a/xlators/cluster/afr/src/afr-self-heal-data.c +++ b/xlators/cluster/afr/src/afr-self-heal-data.c @@ -42,7 +42,7 @@ __checksum_cbk (call_frame_t *frame, void *cookie, xlator_t *this, replies[i].buf_has_zeroes = dict_get_str_boolean (xdata, "buf-has-zeroes", _gf_false); if (strong) - memcpy (local->replies[i].checksum, strong, MD5_DIGEST_LENGTH); + memcpy (local->replies[i].checksum, strong, SHA256_DIGEST_LENGTH); syncbarrier_wake (&local->barrier); return 0; @@ -92,7 +92,7 @@ __afr_can_skip_data_block_heal (call_frame_t *frame, xlator_t *this, fd_t *fd, if (local->replies[i].valid) { if (memcmp (local->replies[source].checksum, local->replies[i].checksum, - MD5_DIGEST_LENGTH)) { + SHA256_DIGEST_LENGTH)) { checksum_match = _gf_false; break; } diff --git a/xlators/cluster/afr/src/afr.h b/xlators/cluster/afr/src/afr.h index 35928a9..7cb6f00 100644 --- a/xlators/cluster/afr/src/afr.h +++ b/xlators/cluster/afr/src/afr.h @@ -271,7 +271,7 @@ struct afr_reply { struct iatt preparent2; struct iatt postparent2; /* For rchecksum */ - uint8_t checksum[MD5_DIGEST_LENGTH]; + uint8_t checksum[SHA256_DIGEST_LENGTH]; gf_boolean_t buf_has_zeroes; /* For lookup */ int8_t need_heal; diff --git a/xlators/mgmt/glusterd/src/glusterd-utils.c b/xlators/mgmt/glusterd/src/glusterd-utils.c index 3db3a15..2a176be 100644 --- a/xlators/mgmt/glusterd/src/glusterd-utils.c +++ b/xlators/mgmt/glusterd/src/glusterd-utils.c @@ -1873,7 +1873,7 @@ glusterd_set_brick_socket_filepath (glusterd_volinfo_t *volinfo, char sock_filepath[PATH_MAX] = {0,}; expected_file_len = strlen (GLUSTERD_SOCK_DIR) + strlen ("/") + - MD5_DIGEST_LENGTH*2 + strlen (".socket") + 1; + SHA256_DIGEST_LENGTH*2 + strlen (".socket") + 1; GF_ASSERT (len >= expected_file_len); this = THIS; GF_ASSERT (this); diff --git a/xlators/protocol/server/src/server-common.c b/xlators/protocol/server/src/server-common.c index ce33089..9c38706 100644 --- a/xlators/protocol/server/src/server-common.c +++ b/xlators/protocol/server/src/server-common.c @@ -298,7 +298,7 @@ server_post_rchecksum (gfs3_rchecksum_rsp *rsp, uint32_t weak_checksum, rsp->weak_checksum = weak_checksum; rsp->strong_checksum.strong_checksum_val = (char *)strong_checksum; - rsp->strong_checksum.strong_checksum_len = MD5_DIGEST_LENGTH; + rsp->strong_checksum.strong_checksum_len = SHA256_DIGEST_LENGTH; } diff --git a/xlators/storage/bd/src/bd.c b/xlators/storage/bd/src/bd.c index af3ac84..64b34d9 100644 --- a/xlators/storage/bd/src/bd.c +++ b/xlators/storage/bd/src/bd.c @@ -2148,7 +2148,7 @@ bd_rchecksum (call_frame_t *frame, xlator_t *this, fd_t *fd, off_t offset, char *buf = NULL; int32_t weak_checksum = 0; bd_fd_t *bd_fd = NULL; - unsigned char strong_checksum[MD5_DIGEST_LENGTH] = {0}; + unsigned char strong_checksum[SHA256_DIGEST_LENGTH] = {0}; VALIDATE_OR_GOTO (frame, out); VALIDATE_OR_GOTO (this, out); @@ -2162,8 +2162,6 @@ bd_rchecksum (call_frame_t *frame, xlator_t *this, fd_t *fd, off_t offset, return 0; } - memset (strong_checksum, 0, MD5_DIGEST_LENGTH); - alloc_buf = page_aligned_alloc (len, &buf); if (!alloc_buf) { op_errno = ENOMEM; diff --git a/xlators/storage/posix/src/posix.c b/xlators/storage/posix/src/posix.c index efbf804..4e13465 100644 --- a/xlators/storage/posix/src/posix.c +++ b/xlators/storage/posix/src/posix.c @@ -7000,7 +7000,7 @@ posix_rchecksum (call_frame_t *frame, xlator_t *this, ssize_t bytes_read = 0; int32_t weak_checksum = 0; int32_t zerofillcheck = 0; - unsigned char strong_checksum[MD5_DIGEST_LENGTH] = {0}; + unsigned char strong_checksum[SHA256_DIGEST_LENGTH] = {0}; struct posix_private *priv = NULL; dict_t *rsp_xdata = NULL; gf_boolean_t buf_has_zeroes = _gf_false; @@ -7010,7 +7010,6 @@ posix_rchecksum (call_frame_t *frame, xlator_t *this, VALIDATE_OR_GOTO (fd, out); priv = this->private; - memset (strong_checksum, 0, MD5_DIGEST_LENGTH); alloc_buf = _page_aligned_alloc (len, &buf); if (!alloc_buf) { -- 1.8.3.1