andy/glusterfs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fips: Replace md5sum usage to enable fips support

Browse Source 
md5sum is not fips compliant. Using xxhash64 instead of
md5sum for socket file generation in glusterd and
changelog to enable fips support.

NOTE: md5sum is 128 bit hash. xxhash used is 64 bit.

Updates: #230
Change-Id: I1bf2ea05905b9151cd29fa951f903685ab0dc84c
Signed-off-by: Kotresh HR <khiremat@redhat.com>
This commit is contained in:
Kotresh HR 2017-12-19 00:05:05 -05:00 committed by Jeff Darcy
parent 7ff0ba71d5
commit 5aca4cf569
4 changed files with 15 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libglusterfs/src/common-utils.c
View File

@ -73,17 +73,6 @@ char *vol_type_str[] = {"Distribute",
typedef int32_t (*rw_op_t)(int32_t fd, char *buf, int32_t size);
typedef int32_t (*rwv_op_t)(int32_t fd, const struct iovec *buf, int32_t size);
void
md5_wrapper(const unsigned char *data, size_t len, char *md5)
{
unsigned short i = 0;
unsigned short lim = MD5_DIGEST_LENGTH*2+1;
unsigned char scratch[MD5_DIGEST_LENGTH] = {0,};
MD5(data, len, scratch);
for (; i < MD5_DIGEST_LENGTH; i++)
snprintf(md5 + i * 2, lim-i*2, "%02x", scratch[i]);
}
void
gf_xxh64_wrapper(const unsigned char *data, size_t len, unsigned long long seed,
char *xxh64)

1
libglusterfs/src/common-utils.h
View File

@ -841,7 +841,6 @@ gf_ports_reserved (char *blocked_port, unsigned char *ports, uint32_t ceiling);
int gf_get_hostname_from_ip (char *client_ip, char **hostname);
gf_boolean_t gf_is_local_addr (char *hostname);
gf_boolean_t gf_is_same_address (char *host1, char *host2);
void md5_wrapper(const unsigned char *data, size_t len, char *md5);
void gf_xxh64_wrapper(const unsigned char *data, size_t len,
unsigned long long seed, char *xxh64);
int gf_set_timestamp (const char *src, const char* dest);

20
xlators/features/changelog/src/changelog-misc.h
View File

@ -36,24 +36,24 @@
"GlusterFS Changelog | version: v%d.%d | encoding : %d\n"
#define CHANGELOG_MAKE_SOCKET_PATH(brick_path, sockpath, len) do { \
char md5_sum[MD5_DIGEST_LENGTH*2+1] = {0,}; \
md5_wrapper((unsigned char *) brick_path, \
strlen(brick_path), \
md5_sum); \
char xxh64[GF_XXH64_DIGEST_LENGTH*2+1] = {0,}; \
gf_xxh64_wrapper ((unsigned char *)brick_path, \
strlen(brick_path), \
GF_XXHSUM64_DEFAULT_SEED, xxh64); \
(void) snprintf (sockpath, len, \
CHANGELOG_UNIX_SOCK, md5_sum); \
CHANGELOG_UNIX_SOCK, xxh64); \
} while (0)
#define CHANGELOG_MAKE_TMP_SOCKET_PATH(brick_path, sockpath, len) do { \
unsigned long pid = 0; \
char md5_sum[MD5_DIGEST_LENGTH*2+1] = {0,}; \
char xxh64[GF_XXH64_DIGEST_LENGTH*2+1] = {0,}; \
pid = (unsigned long) getpid (); \
md5_wrapper((unsigned char *) brick_path, \
strlen(brick_path), \
md5_sum); \
gf_xxh64_wrapper ((unsigned char *)brick_path, \
strlen(brick_path), \
GF_XXHSUM64_DEFAULT_SEED, xxh64); \
(void) snprintf (sockpath, \
len, CHANGELOG_TMP_UNIX_SOCK, \
md5_sum, pid); \
xxh64, pid); \
} while (0)

8
xlators/mgmt/glusterd/src/glusterd-utils.c
View File

@ -1842,10 +1842,12 @@ out:
void
glusterd_set_socket_filepath (char *sock_filepath, char *sockpath, size_t len)
{
char md5_sum[MD5_DIGEST_LENGTH*2+1] = {0,};
char xxh64[GF_XXH64_DIGEST_LENGTH*2+1] = {0,};
md5_wrapper ((unsigned char *) sock_filepath, strlen(sock_filepath), md5_sum);
snprintf (sockpath, len, "%s/%s.socket", GLUSTERD_SOCK_DIR, md5_sum);
gf_xxh64_wrapper ((unsigned char *)sock_filepath,
strlen(sock_filepath),
GF_XXHSUM64_DEFAULT_SEED, xxh64);
snprintf (sockpath, len, "%s/%s.socket", GLUSTERD_SOCK_DIR, xxh64);
}
void