RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-02-15 23:07:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #49533 from mkogan1/wip-fips-openssl3

Browse Source 
rgw: under fips & openssl 3.x allow md5 iusage in select rgw ops

Reviewed-by: Matt Benjamin <mbenjamin@redhat.com>
This commit is contained in:
Casey Bodley 2023-01-17 08:12:54 -05:00 committed by GitHub
commit 728e8ac088
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/common/ceph_crypto.cc
View File

@ -196,14 +196,29 @@ ssl::OpenSSLDigest::OpenSSLDigest(const EVP_MD * _type)
ssl::OpenSSLDigest::~OpenSSLDigest() {
EVP_MD_CTX_destroy(mpContext);
if (mpType_FIPS) {
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_MD_free(mpType_FIPS);
#endif // OPENSSL_VERSION_NUMBER >= 0x30000000L
}
}
void ssl::OpenSSLDigest::Restart() {
EVP_DigestInit_ex(mpContext, mpType, NULL);
if (mpType_FIPS) {
EVP_DigestInit_ex(mpContext, mpType_FIPS, NULL);
} else {
EVP_DigestInit_ex(mpContext, mpType, NULL);
}
}
void ssl::OpenSSLDigest::SetFlags(int flags) {
EVP_MD_CTX_set_flags(mpContext, flags);
if (flags == EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && OpenSSL_version_num() >= 0x30000000L && mpType == EVP_md5() && !mpType_FIPS) {
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
mpType_FIPS = EVP_MD_fetch(NULL, "MD5", "fips=no");
#endif // OPENSSL_VERSION_NUMBER >= 0x30000000L
} else {
EVP_MD_CTX_set_flags(mpContext, flags);
}
this->Restart();
}

1
src/common/ceph_crypto.h
View File

@ -54,6 +54,7 @@ namespace TOPNSPC::crypto {
private:
EVP_MD_CTX *mpContext;
const EVP_MD *mpType;
EVP_MD *mpType_FIPS = nullptr;
public:
OpenSSLDigest (const EVP_MD *_type);
~OpenSSLDigest ();