mirror of
https://github.com/ceph/ceph
synced 2025-01-12 14:10:27 +00:00
build, common, crypto, rgw: drop USE_OPENSSL as OpenSSL is obligatory.
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
This commit is contained in:
Radoslaw Zarzynski
parent
b966fa4f91
commit
b9986374aa
@ -407,7 +407,6 @@ set(CMAKE_REQUIRED_LIBRARIES ${CURL_LIBRARIES})
|
||||
CHECK_SYMBOL_EXISTS(curl_multi_wait curl/curl.h HAVE_CURL_MULTI_WAIT)
|
||||
|
||||
find_package(OpenSSL REQUIRED)
|
||||
set(USE_OPENSSL 1)
|
||||
set(CRYPTO_LIBS OpenSSL::Crypto)
|
||||
|
||||
option(WITH_DPDK "Enable DPDK messaging" OFF)
|
||||
@ -462,50 +461,40 @@ if(WITH_RADOSGW)
|
||||
message(WARNING "unable to run curl-config; rgw cannot make ssl requests to external systems reliably")
|
||||
endif()
|
||||
|
||||
if (WITH_RADOSGW_BEAST_FRONTEND AND WITH_RADOSGW_BEAST_OPENSSL)
|
||||
find_package(OpenSSL REQUIRED)
|
||||
else()
|
||||
find_package(OpenSSL)
|
||||
if (NOT NO_CURL_SSL_LINK)
|
||||
message(STATUS "libcurl is linked with openssl: explicitly setting locks")
|
||||
set(WITH_CURL_OPENSSL ON)
|
||||
endif() # CURL_SSL_LINK
|
||||
execute_process(
|
||||
COMMAND
|
||||
"sh" "-c"
|
||||
"objdump -p ${OPENSSL_SSL_LIBRARY} | sed -n 's/^ SONAME *//p'"
|
||||
OUTPUT_VARIABLE LIBSSL_SONAME
|
||||
ERROR_VARIABLE OBJDUMP_ERRORS
|
||||
RESULT_VARIABLE OBJDUMP_RESULTS
|
||||
OUTPUT_STRIP_TRAILING_WHITESPACE)
|
||||
if (OBJDUMP_RESULTS)
|
||||
message(FATAL_ERROR "can't run objdump: ${OBJDUMP_RESULTS}")
|
||||
endif()
|
||||
|
||||
if (OPENSSL_FOUND)
|
||||
if (NOT NO_CURL_SSL_LINK)
|
||||
message(STATUS "libcurl is linked with openssl: explicitly setting locks")
|
||||
set(WITH_CURL_OPENSSL ON)
|
||||
endif() # CURL_SSL_LINK
|
||||
execute_process(
|
||||
COMMAND
|
||||
"sh" "-c"
|
||||
"objdump -p ${OPENSSL_SSL_LIBRARY} | sed -n 's/^ SONAME *//p'"
|
||||
OUTPUT_VARIABLE LIBSSL_SONAME
|
||||
ERROR_VARIABLE OBJDUMP_ERRORS
|
||||
RESULT_VARIABLE OBJDUMP_RESULTS
|
||||
OUTPUT_STRIP_TRAILING_WHITESPACE)
|
||||
if (OBJDUMP_RESULTS)
|
||||
message(FATAL_ERROR "can't run objdump: ${OBJDUMP_RESULTS}")
|
||||
endif()
|
||||
if (NOT OBJDUMP_ERRORS STREQUAL "")
|
||||
message(WARNING "message from objdump: ${OBJDUMP_ERRORS}")
|
||||
endif()
|
||||
execute_process(
|
||||
COMMAND
|
||||
"sh" "-c"
|
||||
"objdump -p ${OPENSSL_CRYPTO_LIBRARY} | sed -n 's/^ SONAME *//p'"
|
||||
OUTPUT_VARIABLE LIBCRYPTO_SONAME
|
||||
ERROR_VARIABLE OBJDUMP_ERRORS
|
||||
RESULT_VARIABLE OBJDUMP_RESULTS
|
||||
OUTPUT_STRIP_TRAILING_WHITESPACE)
|
||||
if (OBJDUMP_RESULTS)
|
||||
message(FATAL_ERROR "can't run objdump: ${OBJDUMP_RESULTS}")
|
||||
endif()
|
||||
if (NOT OBJDUMP_ERRORS STREQUAL "")
|
||||
message(WARNING "message from objdump: ${OBJDUMP_ERRORS}")
|
||||
endif()
|
||||
message(STATUS "ssl soname: ${LIBSSL_SONAME}")
|
||||
message(STATUS "crypto soname: ${LIBCRYPTO_SONAME}")
|
||||
else()
|
||||
message(WARNING "ssl not found: rgw civetweb may fail to dlopen libssl libcrypto")
|
||||
endif() # OPENSSL_FOUND
|
||||
if (NOT OBJDUMP_ERRORS STREQUAL "")
|
||||
message(WARNING "message from objdump: ${OBJDUMP_ERRORS}")
|
||||
endif()
|
||||
execute_process(
|
||||
COMMAND
|
||||
"sh" "-c"
|
||||
"objdump -p ${OPENSSL_CRYPTO_LIBRARY} | sed -n 's/^ SONAME *//p'"
|
||||
OUTPUT_VARIABLE LIBCRYPTO_SONAME
|
||||
ERROR_VARIABLE OBJDUMP_ERRORS
|
||||
RESULT_VARIABLE OBJDUMP_RESULTS
|
||||
OUTPUT_STRIP_TRAILING_WHITESPACE)
|
||||
if (OBJDUMP_RESULTS)
|
||||
message(FATAL_ERROR "can't run objdump: ${OBJDUMP_RESULTS}")
|
||||
endif()
|
||||
if (NOT OBJDUMP_ERRORS STREQUAL "")
|
||||
message(WARNING "message from objdump: ${OBJDUMP_ERRORS}")
|
||||
endif()
|
||||
message(STATUS "ssl soname: ${LIBSSL_SONAME}")
|
||||
message(STATUS "crypto soname: ${LIBCRYPTO_SONAME}")
|
||||
endif (WITH_RADOSGW)
|
||||
|
||||
#option for CephFS
|
||||
|
||||
@ -14,13 +14,11 @@
|
||||
#include <array>
|
||||
#include <sstream>
|
||||
#include <limits>
|
||||
|
||||
#include <fcntl.h>
|
||||
|
||||
#include <openssl/aes.h>
|
||||
|
||||
#include "Crypto.h"
|
||||
#ifdef USE_OPENSSL
|
||||
# include <openssl/aes.h>
|
||||
#endif
|
||||
|
||||
#include "include/ceph_assert.h"
|
||||
#include "common/Clock.h"
|
||||
@ -202,7 +200,6 @@ public:
|
||||
CryptoKeyHandler *get_key_handler(const bufferptr& secret, string& error) override;
|
||||
};
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
// when we say AES, we mean AES-128
|
||||
static constexpr const std::size_t AES_KEY_LEN{16};
|
||||
static constexpr const std::size_t AES_BLOCK_LEN{16};
|
||||
@ -378,11 +375,6 @@ public:
|
||||
}
|
||||
};
|
||||
|
||||
#else
|
||||
# error "No supported crypto implementation found."
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
// ------------------------------------------------------------
|
||||
|
||||
|
||||
@ -16,18 +16,17 @@
|
||||
#include "common/config.h"
|
||||
#include "ceph_crypto.h"
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
#include <openssl/evp.h>
|
||||
|
||||
# if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
# include <openssl/conf.h>
|
||||
# include <openssl/engine.h>
|
||||
# include <openssl/err.h>
|
||||
# endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
# include <openssl/conf.h>
|
||||
# include <openssl/engine.h>
|
||||
# include <openssl/err.h>
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
|
||||
namespace ceph::crypto::ssl {
|
||||
|
||||
# if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
static std::atomic_uint32_t crypto_refs;
|
||||
|
||||
// XXX: vector instead?
|
||||
@ -68,7 +67,7 @@ ssl_get_thread_id(void)
|
||||
memcpy(&ret, &t, sizeof(pthread_t));
|
||||
return ret;
|
||||
}
|
||||
# endif /* not OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
#endif /* not OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
|
||||
static void init() {
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
@ -117,11 +116,11 @@ static void init() {
|
||||
CRYPTO_THREADID_current(&tmp);
|
||||
init_records.tids.emplace_back(std::move(tmp));
|
||||
}
|
||||
# endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
}
|
||||
|
||||
static void shutdown() {
|
||||
# if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
if (--crypto_refs != 0) {
|
||||
return;
|
||||
}
|
||||
@ -161,31 +160,20 @@ static void shutdown() {
|
||||
}
|
||||
delete[] ssl_mutexes;
|
||||
ssl_mutexes = nullptr;
|
||||
# endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
}
|
||||
|
||||
} // namespace ceph::crypto::openssl
|
||||
#else
|
||||
# error "No supported crypto implementation found."
|
||||
#endif /*USE_OPENSSL*/
|
||||
|
||||
|
||||
void ceph::crypto::init() {
|
||||
#ifdef USE_OPENSSL
|
||||
ceph::crypto::ssl::init();
|
||||
#endif
|
||||
}
|
||||
|
||||
void ceph::crypto::shutdown(const bool shared) {
|
||||
static_cast<void>(shared);
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
void ceph::crypto::shutdown([[maybe_unused]] const bool shared) {
|
||||
ceph::crypto::ssl::shutdown();
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
|
||||
ceph::crypto::ssl::OpenSSLDigest::OpenSSLDigest(const EVP_MD * _type)
|
||||
: mpContext(EVP_MD_CTX_create())
|
||||
, mpType(_type) {
|
||||
@ -210,6 +198,3 @@ void ceph::crypto::ssl::OpenSSLDigest::Final(unsigned char *digest) {
|
||||
unsigned int s;
|
||||
EVP_DigestFinal_ex(mpContext, digest, &s);
|
||||
}
|
||||
#else
|
||||
# error "No supported crypto implementation found."
|
||||
#endif /*USE_OPENSSL*/
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
#define CEPH_CRYPTO_SHA256_DIGESTSIZE 32
|
||||
#define CEPH_CRYPTO_SHA512_DIGESTSIZE 64
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/ossl_typ.h>
|
||||
#include <openssl/hmac.h>
|
||||
@ -28,7 +27,6 @@ extern "C" {
|
||||
const EVP_MD *EVP_sha256(void);
|
||||
const EVP_MD *EVP_sha512(void);
|
||||
}
|
||||
#endif /*USE_OPENSSL*/
|
||||
|
||||
namespace ceph {
|
||||
namespace crypto {
|
||||
@ -38,7 +36,6 @@ namespace ceph {
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
namespace ceph {
|
||||
namespace crypto {
|
||||
class DigestException : public std::runtime_error
|
||||
@ -198,10 +195,6 @@ namespace ceph {
|
||||
using ceph::crypto::ssl::HMACSHA1;
|
||||
}
|
||||
}
|
||||
#else
|
||||
// cppcheck-suppress preprocessorErrorDirective
|
||||
# error "No supported crypto implementation found."
|
||||
#endif /*USE_OPENSSL*/
|
||||
|
||||
namespace ceph::crypto {
|
||||
template<class Digest>
|
||||
|
||||
@ -124,9 +124,6 @@
|
||||
/* Define if have curl_multi_wait() */
|
||||
#cmakedefine HAVE_CURL_MULTI_WAIT 1
|
||||
|
||||
/* Define if using OpenSSL. */
|
||||
#cmakedefine USE_OPENSSL
|
||||
|
||||
/* AsyncMessenger RDMA conditional compilation */
|
||||
#cmakedefine HAVE_RDMA
|
||||
|
||||
|
||||
@ -68,33 +68,31 @@ if(WITH_MGR)
|
||||
message(FATAL_ERROR "mgr plugins require python3 binding")
|
||||
endif()
|
||||
|
||||
if(USE_OPENSSL)
|
||||
execute_process(
|
||||
COMMAND ${PYTHON${PYTHON_VERSION}_EXECUTABLE} -c "import ssl; print('.'.join(map(str,ssl.OPENSSL_VERSION_INFO[0:3])))"
|
||||
RESULT_VARIABLE PYSSL_RESULT
|
||||
OUTPUT_VARIABLE PYSSL_VER
|
||||
ERROR_QUIET)
|
||||
if (NOT ${PYSSL_RESULT})
|
||||
# the ideal way to get the soversion is to parse the suffix of file name of
|
||||
# `/lib/x86_64-linux-gnu/libssl.so.1.0.0`, but since we're lazy, and will just
|
||||
# trust the version number here.
|
||||
macro(get_openssl_soversion version prefix)
|
||||
string(REPLACE "." ";" ssl_version_list ${version})
|
||||
list(GET ssl_version_list 0 ssl_version_major)
|
||||
list(GET ssl_version_list 1 ssl_version_minor)
|
||||
set(${prefix}_SOVERSION ${ssl_version_major}.${ssl_version_minor})
|
||||
unset(ssl_version_list)
|
||||
unset(ssl_version_major)
|
||||
unset(ssl_version_minor)
|
||||
endmacro()
|
||||
get_openssl_soversion(${OPENSSL_VERSION} OPENSSL)
|
||||
get_openssl_soversion(${PYSSL_VER} PYSSL)
|
||||
if(NOT (OPENSSL_SOVERSION VERSION_EQUAL PYSSL_SOVERSION))
|
||||
message(FATAL_ERROR "Python and Ceph link to different OpenSSL versions: ${PYSSL_VER} vs ${OPENSSL_VERSION}")
|
||||
endif()
|
||||
else()
|
||||
message(WARNING "could not determine ssl version of python crypto lib")
|
||||
execute_process(
|
||||
COMMAND ${PYTHON${PYTHON_VERSION}_EXECUTABLE} -c "import ssl; print('.'.join(map(str,ssl.OPENSSL_VERSION_INFO[0:3])))"
|
||||
RESULT_VARIABLE PYSSL_RESULT
|
||||
OUTPUT_VARIABLE PYSSL_VER
|
||||
ERROR_QUIET)
|
||||
if (NOT ${PYSSL_RESULT})
|
||||
# the ideal way to get the soversion is to parse the suffix of file name of
|
||||
# `/lib/x86_64-linux-gnu/libssl.so.1.0.0`, but since we're lazy, and will just
|
||||
# trust the version number here.
|
||||
macro(get_openssl_soversion version prefix)
|
||||
string(REPLACE "." ";" ssl_version_list ${version})
|
||||
list(GET ssl_version_list 0 ssl_version_major)
|
||||
list(GET ssl_version_list 1 ssl_version_minor)
|
||||
set(${prefix}_SOVERSION ${ssl_version_major}.${ssl_version_minor})
|
||||
unset(ssl_version_list)
|
||||
unset(ssl_version_major)
|
||||
unset(ssl_version_minor)
|
||||
endmacro()
|
||||
get_openssl_soversion(${OPENSSL_VERSION} OPENSSL)
|
||||
get_openssl_soversion(${PYSSL_VER} PYSSL)
|
||||
if(NOT (OPENSSL_SOVERSION VERSION_EQUAL PYSSL_SOVERSION))
|
||||
message(FATAL_ERROR "Python and Ceph link to different OpenSSL versions: ${PYSSL_VER} vs ${OPENSSL_VERSION}")
|
||||
endif()
|
||||
endif(USE_OPENSSL)
|
||||
else()
|
||||
message(WARNING "could not determine ssl version of python crypto lib")
|
||||
endif()
|
||||
add_subdirectory(mgr)
|
||||
endif(WITH_MGR)
|
||||
|
||||
@ -17,11 +17,7 @@
|
||||
#include "crypto/crypto_accel.h"
|
||||
#include "crypto/crypto_plugin.h"
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
# include <openssl/evp.h>
|
||||
#else
|
||||
# error "No supported crypto implementation found."
|
||||
#endif // USE_OPENSSL
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#define dout_context g_ceph_context
|
||||
#define dout_subsys ceph_subsys_rgw
|
||||
@ -50,7 +46,6 @@ CryptoAccelRef get_crypto_accel(CephContext *cct)
|
||||
}
|
||||
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
template <std::size_t KeySizeV, std::size_t IvSizeV>
|
||||
static inline
|
||||
bool evp_sym_transform(CephContext* const cct,
|
||||
@ -113,9 +108,6 @@ bool evp_sym_transform(CephContext* const cct,
|
||||
ceph_assert(finally_written == 0);
|
||||
return (written + finally_written) == static_cast<int>(size);
|
||||
}
|
||||
#else // USE_OPENSSL
|
||||
# error "No supported crypto implementation found."
|
||||
#endif
|
||||
|
||||
|
||||
/**
|
||||
@ -169,8 +161,6 @@ public:
|
||||
return CHUNK_SIZE;
|
||||
}
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
|
||||
bool cbc_transform(unsigned char* out,
|
||||
const unsigned char* in,
|
||||
const size_t size,
|
||||
@ -182,10 +172,6 @@ public:
|
||||
cct, EVP_aes_256_cbc(), out, in, size, iv, key, encrypt);
|
||||
}
|
||||
|
||||
#else
|
||||
# error "No supported crypto implementation found."
|
||||
#endif // USE_OPENSSL
|
||||
|
||||
bool cbc_transform(unsigned char* out,
|
||||
const unsigned char* in,
|
||||
size_t size,
|
||||
@ -362,7 +348,6 @@ const uint8_t AES_256_CBC::IV[AES_256_CBC::AES_256_IVSIZE] =
|
||||
{ 'a', 'e', 's', '2', '5', '6', 'i', 'v', '_', 'c', 't', 'r', '1', '3', '3', '7' };
|
||||
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
bool AES_256_ECB_encrypt(CephContext* cct,
|
||||
const uint8_t* key,
|
||||
size_t key_size,
|
||||
@ -380,10 +365,6 @@ bool AES_256_ECB_encrypt(CephContext* cct,
|
||||
}
|
||||
}
|
||||
|
||||
#else
|
||||
# error "No supported crypto implementation found."
|
||||
#endif // USE_OPENSSL
|
||||
|
||||
|
||||
RGWGetObj_BlockDecrypt::RGWGetObj_BlockDecrypt(CephContext* cct,
|
||||
RGWGetObj_Filter* next,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user