summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKotresh HR <khiremat@redhat.com>2017-12-19 07:21:07 -0500
committerAmar Tumballi <amarts@redhat.com>2017-12-21 04:31:31 +0000
commit1d32720335ffd8835c4a7b3164fe9aa9028f77a5 (patch)
tree9234608444f07d385564e1e386844dadd63fd1ee
parent4a06f851dcad6bdd730f3d2e12bd8f26709f27fe (diff)
rchecksum/fips: Replace MD5 usage to enable fips support
rchecksum uses MD5 which is not fips compliant. Hence using sha256 for the same. Updates: #230 Change-Id: I7fad016fcc2a9900395d0da919cf5ba996ec5278 Signed-off-by: Kotresh HR <khiremat@redhat.com>
-rw-r--r--libglusterfs/src/checksum.c8
-rw-r--r--libglusterfs/src/default-args.c2
-rw-r--r--xlators/cluster/afr/src/afr-self-heal-common.c2
-rw-r--r--xlators/cluster/afr/src/afr-self-heal-data.c4
-rw-r--r--xlators/cluster/afr/src/afr.h2
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-utils.c2
-rw-r--r--xlators/protocol/server/src/server-common.c2
-rw-r--r--xlators/storage/bd/src/bd.c4
-rw-r--r--xlators/storage/posix/src/posix-inode-fd-ops.c3
9 files changed, 14 insertions, 15 deletions
diff --git a/libglusterfs/src/checksum.c b/libglusterfs/src/checksum.c
index 5fac1330094..a7f9877ddf0 100644
--- a/libglusterfs/src/checksum.c
+++ b/libglusterfs/src/checksum.c
@@ -8,9 +8,10 @@
cases as published by the Free Software Foundation.
*/
-#include <openssl/md5.h>
+#include <openssl/sha.h>
#include <zlib.h>
#include <stdint.h>
+#include <string.h>
/*
* The "weak" checksum required for the rsync algorithm.
@@ -30,7 +31,8 @@ gf_rsync_weak_checksum (unsigned char *buf, size_t len)
* The "strong" checksum required for the rsync algorithm.
*/
void
-gf_rsync_strong_checksum (unsigned char *data, size_t len, unsigned char *md5)
+gf_rsync_strong_checksum (unsigned char *data, size_t len,
+ unsigned char *sha256_md)
{
- MD5 (data, len, md5);
+ SHA256((const unsigned char *)data, len, sha256_md);
}
diff --git a/libglusterfs/src/default-args.c b/libglusterfs/src/default-args.c
index 20cd05e68cb..2bc1ec28649 100644
--- a/libglusterfs/src/default-args.c
+++ b/libglusterfs/src/default-args.c
@@ -1180,7 +1180,7 @@ args_rchecksum_cbk_store (default_args_cbk_t *args,
args->weak_checksum =
weak_checksum;
args->strong_checksum =
- memdup (strong_checksum, MD5_DIGEST_LENGTH);
+ memdup (strong_checksum, SHA256_DIGEST_LENGTH);
}
if (xdata)
args->xdata = dict_ref (xdata);
diff --git a/xlators/cluster/afr/src/afr-self-heal-common.c b/xlators/cluster/afr/src/afr-self-heal-common.c
index 8e75d200567..7e020bb6bee 100644
--- a/xlators/cluster/afr/src/afr-self-heal-common.c
+++ b/xlators/cluster/afr/src/afr-self-heal-common.c
@@ -648,7 +648,7 @@ afr_reply_copy (struct afr_reply *dst, struct afr_reply *src)
if (dst->xdata)
dict_unref (dst->xdata);
dst->xdata = xdata;
- memcpy (dst->checksum, src->checksum, MD5_DIGEST_LENGTH);
+ memcpy (dst->checksum, src->checksum, SHA256_DIGEST_LENGTH);
}
void
diff --git a/xlators/cluster/afr/src/afr-self-heal-data.c b/xlators/cluster/afr/src/afr-self-heal-data.c
index 8cf43f2807b..7880a611592 100644
--- a/xlators/cluster/afr/src/afr-self-heal-data.c
+++ b/xlators/cluster/afr/src/afr-self-heal-data.c
@@ -42,7 +42,7 @@ __checksum_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
replies[i].buf_has_zeroes = dict_get_str_boolean (xdata,
"buf-has-zeroes", _gf_false);
if (strong)
- memcpy (local->replies[i].checksum, strong, MD5_DIGEST_LENGTH);
+ memcpy (local->replies[i].checksum, strong, SHA256_DIGEST_LENGTH);
syncbarrier_wake (&local->barrier);
return 0;
@@ -92,7 +92,7 @@ __afr_can_skip_data_block_heal (call_frame_t *frame, xlator_t *this, fd_t *fd,
if (local->replies[i].valid) {
if (memcmp (local->replies[source].checksum,
local->replies[i].checksum,
- MD5_DIGEST_LENGTH)) {
+ SHA256_DIGEST_LENGTH)) {
checksum_match = _gf_false;
break;
}
diff --git a/xlators/cluster/afr/src/afr.h b/xlators/cluster/afr/src/afr.h
index b59b9439273..7a7cb2e656f 100644
--- a/xlators/cluster/afr/src/afr.h
+++ b/xlators/cluster/afr/src/afr.h
@@ -319,7 +319,7 @@ struct afr_reply {
struct iatt preparent2;
struct iatt postparent2;
/* For rchecksum */
- uint8_t checksum[MD5_DIGEST_LENGTH];
+ uint8_t checksum[SHA256_DIGEST_LENGTH];
gf_boolean_t buf_has_zeroes;
/* For lookup */
int8_t need_heal;
diff --git a/xlators/mgmt/glusterd/src/glusterd-utils.c b/xlators/mgmt/glusterd/src/glusterd-utils.c
index 8da9362515c..065f6daecd6 100644
--- a/xlators/mgmt/glusterd/src/glusterd-utils.c
+++ b/xlators/mgmt/glusterd/src/glusterd-utils.c
@@ -1863,7 +1863,7 @@ glusterd_set_brick_socket_filepath (glusterd_volinfo_t *volinfo,
char sock_filepath[PATH_MAX] = {0,};
expected_file_len = strlen (GLUSTERD_SOCK_DIR) + strlen ("/") +
- MD5_DIGEST_LENGTH*2 + strlen (".socket") + 1;
+ SHA256_DIGEST_LENGTH*2 + strlen (".socket") + 1;
GF_ASSERT (len >= expected_file_len);
this = THIS;
GF_ASSERT (this);
diff --git a/xlators/protocol/server/src/server-common.c b/xlators/protocol/server/src/server-common.c
index ce3308937ca..9c38706dbcb 100644
--- a/xlators/protocol/server/src/server-common.c
+++ b/xlators/protocol/server/src/server-common.c
@@ -298,7 +298,7 @@ server_post_rchecksum (gfs3_rchecksum_rsp *rsp, uint32_t weak_checksum,
rsp->weak_checksum = weak_checksum;
rsp->strong_checksum.strong_checksum_val = (char *)strong_checksum;
- rsp->strong_checksum.strong_checksum_len = MD5_DIGEST_LENGTH;
+ rsp->strong_checksum.strong_checksum_len = SHA256_DIGEST_LENGTH;
}
diff --git a/xlators/storage/bd/src/bd.c b/xlators/storage/bd/src/bd.c
index 07b7ecd52ad..57699ae0aac 100644
--- a/xlators/storage/bd/src/bd.c
+++ b/xlators/storage/bd/src/bd.c
@@ -2148,7 +2148,7 @@ bd_rchecksum (call_frame_t *frame, xlator_t *this, fd_t *fd, off_t offset,
char *buf = NULL;
int32_t weak_checksum = 0;
bd_fd_t *bd_fd = NULL;
- unsigned char strong_checksum[MD5_DIGEST_LENGTH] = {0};
+ unsigned char strong_checksum[SHA256_DIGEST_LENGTH] = {0};
VALIDATE_OR_GOTO (frame, out);
VALIDATE_OR_GOTO (this, out);
@@ -2162,8 +2162,6 @@ bd_rchecksum (call_frame_t *frame, xlator_t *this, fd_t *fd, off_t offset,
return 0;
}
- memset (strong_checksum, 0, MD5_DIGEST_LENGTH);
-
alloc_buf = page_aligned_alloc (len, &buf);
if (!alloc_buf) {
op_errno = ENOMEM;
diff --git a/xlators/storage/posix/src/posix-inode-fd-ops.c b/xlators/storage/posix/src/posix-inode-fd-ops.c
index 9d1b19ac9a0..2a3c7a2b025 100644
--- a/xlators/storage/posix/src/posix-inode-fd-ops.c
+++ b/xlators/storage/posix/src/posix-inode-fd-ops.c
@@ -4852,7 +4852,7 @@ posix_rchecksum (call_frame_t *frame, xlator_t *this,
ssize_t bytes_read = 0;
int32_t weak_checksum = 0;
int32_t zerofillcheck = 0;
- unsigned char strong_checksum[MD5_DIGEST_LENGTH] = {0};
+ unsigned char strong_checksum[SHA256_DIGEST_LENGTH] = {0};
struct posix_private *priv = NULL;
dict_t *rsp_xdata = NULL;
gf_boolean_t buf_has_zeroes = _gf_false;
@@ -4862,7 +4862,6 @@ posix_rchecksum (call_frame_t *frame, xlator_t *this,
VALIDATE_OR_GOTO (fd, out);
priv = this->private;
- memset (strong_checksum, 0, MD5_DIGEST_LENGTH);
alloc_buf = _page_aligned_alloc (len, &buf);
if (!alloc_buf) {