the ovrrides for review and relevant md5 usage:
```
src/rgw/rgw_crypt.cc:975: unsigned char key_hash_res[CEPH_CRYPTO_MD5_DIGESTSIZE];
int rgw_s3_prepare_encrypt(...)
crypt_http_responses["x-amz-server-side-encryption-customer-algorithm"] = "AES256";
crypt_http_responses["x-amz-server-side-encryption-customer-key-MD5"] = std::string(keymd5);
~~~~~~~~~~~~~~~~
src/rgw/rgw_crypt.cc:1225: uint8_t key_hash_res[CEPH_CRYPTO_MD5_DIGESTSIZE];
int rgw_s3_prepare_decrypt(...)
crypt_http_responses["x-amz-server-side-encryption-customer-algorithm"] = "AES256";
crypt_http_responses["x-amz-server-side-encryption-customer-key-MD5"] = keymd5;
~~~~~~~~~~~~~~~~
src/rgw/rgw_keystone.cc:40: unsigned char m[CEPH_CRYPTO_MD5_DIGESTSIZE];
void TokenCache::add_admin(...)
rgw_get_token_id(token.token.id, admin_token_id);
~~~~~~~~~~~~~~ md5
add_locked(admin_token_id, token);
void TokenCache::add_barbican(...)
rgw_get_token_id(token.token.id, barbican_token_id);
~~~~~~~~~~~~~~~~~ md5
add_locked(barbican_token_id, token);
```
Signed-off-by: Mark Kogan <mkogan@redhat.com>
(cherry picked from commit
551e0c8f38f3f646dbfb5fbfde51d3107ca90cc6)
}
MD5 key_hash;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ key_hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
unsigned char key_hash_res[CEPH_CRYPTO_MD5_DIGESTSIZE];
key_hash.Update(reinterpret_cast<const unsigned char*>(key_bin.c_str()), key_bin.size());
key_hash.Final(key_hash_res);
}
MD5 key_hash;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ key_hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
uint8_t key_hash_res[CEPH_CRYPTO_MD5_DIGESTSIZE];
key_hash.Update(reinterpret_cast<const unsigned char*>(key_bin.c_str()), key_bin.size());
key_hash.Final(key_hash_res);
unsigned char m[CEPH_CRYPTO_MD5_DIGESTSIZE];
MD5 hash;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
hash.Update((const unsigned char *)token.c_str(), token.size());
hash.Final(m);
projects / ceph.git / commitdiff