git.apps.os.sepia.ceph.com Git

author	Mark Kogan <mkogan@redhat.com>
	Thu, 14 Oct 2021 14:32:31 +0000 (14:32 +0000)
committer	Mark Kogan <mkogan@redhat.com>
	Thu, 27 Jan 2022 12:47:29 +0000 (14:47 +0200)
commit	20cc83d13239b386b23b3e2912e07d17f4539280
tree	bbfa25259ac39757cfbec1f0ea58a3115e93f1c1	tree \| snapshot
parent	b5bc47b321ad1724e4e4f62297108f02eb9ea409	commit \| diff

rgw: under fips, set flag to allow md5 in select rgw ops - for review

the ovrrides for review and relevant md5 usage:
```
src/rgw/rgw_crypt.cc:975:      unsigned char key_hash_res[CEPH_CRYPTO_MD5_DIGESTSIZE];
    int rgw_s3_prepare_encrypt(...)
        crypt_http_responses["x-amz-server-side-encryption-customer-algorithm"] = "AES256";
        crypt_http_responses["x-amz-server-side-encryption-customer-key-MD5"] = std::string(keymd5);
                                                           ~~~~~~~~~~~~~~~~

src/rgw/rgw_crypt.cc:1225:    uint8_t key_hash_res[CEPH_CRYPTO_MD5_DIGESTSIZE];
    int rgw_s3_prepare_decrypt(...)
        crypt_http_responses["x-amz-server-side-encryption-customer-algorithm"] = "AES256";
        crypt_http_responses["x-amz-server-side-encryption-customer-key-MD5"] = keymd5;
                                                           ~~~~~~~~~~~~~~~~

src/rgw/rgw_keystone.cc:40:  unsigned char m[CEPH_CRYPTO_MD5_DIGESTSIZE];
        void TokenCache::add_admin(...)
  rgw_get_token_id(token.token.id, admin_token_id);
                                   ~~~~~~~~~~~~~~ md5
  add_locked(admin_token_id, token);

        void TokenCache::add_barbican(...)
  rgw_get_token_id(token.token.id, barbican_token_id);
                                   ~~~~~~~~~~~~~~~~~ md5
  add_locked(barbican_token_id, token);
```

Signed-off-by: Mark Kogan <mkogan@redhat.com>
(cherry picked from commit 551e0c8f38f3f646dbfb5fbfde51d3107ca90cc6)

src/rgw/rgw_crypt.cc		diff \| blob \| history
src/rgw/rgw_keystone.cc		diff \| blob \| history