From 6daa6535692b2c68b493636a9bbfdcbc475b3d80 Mon Sep 17 00:00:00 2001 From: Ravishankar N Date: Sun, 11 Feb 2018 06:54:35 +0530 Subject: posix/afr: handle backward compatibility for rchecksum fop Added a volume option 'fips-mode-rchecksum' tied to op version 4. If not set, rchecksum fop will use MD5 instead of SHA256. updates: #230 Change-Id: Id8ea1303777e6450852c0bc25503cda341a6aec2 Signed-off-by: Ravishankar N --- xlators/storage/posix/src/posix-common.c | 16 ++++++++++++++++ xlators/storage/posix/src/posix-inode-fd-ops.c | 26 +++++++++++++++++++++++--- xlators/storage/posix/src/posix.h | 2 ++ 3 files changed, 41 insertions(+), 3 deletions(-) (limited to 'xlators/storage') diff --git a/xlators/storage/posix/src/posix-common.c b/xlators/storage/posix/src/posix-common.c index a67b3d7dc70..f1fa81e056b 100644 --- a/xlators/storage/posix/src/posix-common.c +++ b/xlators/storage/posix/src/posix-common.c @@ -387,6 +387,9 @@ posix_reconfigure (xlator_t *this, dict_t *options) GF_OPTION_RECONF ("max-hardlinks", priv->max_hardlinks, options, uint32, out); + + GF_OPTION_RECONF ("fips-mode-rchecksum", priv->fips_mode_rchecksum, + options, bool, out); ret = 0; out: return ret; @@ -1076,6 +1079,9 @@ posix_init (xlator_t *this) _private->create_directory_mask = create_directory_mask; GF_OPTION_INIT ("max-hardlinks", _private->max_hardlinks, uint32, out); + + GF_OPTION_INIT ("fips-mode-rchecksum", _private->fips_mode_rchecksum, + bool, out); out: if (ret) { if (_private) { @@ -1362,5 +1368,15 @@ struct volume_options options[] = { .description = "max number of hardlinks allowed on any one inode.\n" "0 is unlimited, 1 prevents any hardlinking at all." }, + { + .key = {"fips-mode-rchecksum"}, + .type = GF_OPTION_TYPE_BOOL, + .default_value = "off", + .op_version = {GD_OP_VERSION_4_0_0}, + .flags = OPT_FLAG_SETTABLE, + .tags = {"posix"}, + .description = "If enabled, posix_rchecksum uses the FIPS compliant" + "SHA256 checksum. MD5 otherwise." + }, { .key = {NULL} } }; diff --git a/xlators/storage/posix/src/posix-inode-fd-ops.c b/xlators/storage/posix/src/posix-inode-fd-ops.c index 812cf792874..f3a2a7bfb83 100644 --- a/xlators/storage/posix/src/posix-inode-fd-ops.c +++ b/xlators/storage/posix/src/posix-inode-fd-ops.c @@ -4873,7 +4873,9 @@ posix_rchecksum (call_frame_t *frame, xlator_t *this, ssize_t bytes_read = 0; int32_t weak_checksum = 0; int32_t zerofillcheck = 0; + unsigned char md5_checksum[MD5_DIGEST_LENGTH] = {0}; unsigned char strong_checksum[SHA256_DIGEST_LENGTH] = {0}; + unsigned char *checksum = NULL; struct posix_private *priv = NULL; dict_t *rsp_xdata = NULL; gf_boolean_t buf_has_zeroes = _gf_false; @@ -4942,13 +4944,31 @@ posix_rchecksum (call_frame_t *frame, xlator_t *this, } } weak_checksum = gf_rsync_weak_checksum ((unsigned char *) buf, (size_t) ret); - gf_rsync_strong_checksum ((unsigned char *) buf, (size_t) bytes_read, - (unsigned char *) strong_checksum); + if (priv->fips_mode_rchecksum) { + ret = dict_set_int32 (rsp_xdata, "fips-mode-rchecksum", 1); + if (ret) { + gf_msg (this->name, GF_LOG_WARNING, -ret, + P_MSG_DICT_SET_FAILED, "%s: Failed to set " + "dictionary value for key: %s", + uuid_utoa (fd->inode->gfid), + "fips-mode-rchecksum"); + goto out; + } + checksum = strong_checksum; + gf_rsync_strong_checksum ((unsigned char *)buf, + (size_t) bytes_read, + (unsigned char *)checksum); + } else { + checksum = md5_checksum; + gf_rsync_md5_checksum ((unsigned char *)buf, + (size_t) bytes_read, + (unsigned char *)checksum); + } op_ret = 0; out: STACK_UNWIND_STRICT (rchecksum, frame, op_ret, op_errno, - weak_checksum, strong_checksum, rsp_xdata); + weak_checksum, checksum, rsp_xdata); if (rsp_xdata) dict_unref (rsp_xdata); GF_FREE (alloc_buf); diff --git a/xlators/storage/posix/src/posix.h b/xlators/storage/posix/src/posix.h index 5a623aa657a..08bcb1bddae 100644 --- a/xlators/storage/posix/src/posix.h +++ b/xlators/storage/posix/src/posix.h @@ -243,6 +243,8 @@ struct posix_private { mode_t create_mask; mode_t create_directory_mask; uint32_t max_hardlinks; + + gf_boolean_t fips_mode_rchecksum; }; typedef struct { -- cgit