EVP_DigestInit_ex(mpContext, mpType, NULL);
}
+void ssl::OpenSSLDigest::SetFlags(int flags) {
+ EVP_MD_CTX_set_flags(mpContext, flags);
+ this->Restart();
+}
+
void ssl::OpenSSLDigest::Update(const unsigned char *input, size_t length) {
if (length) {
EVP_DigestUpdate(mpContext, const_cast<void *>(reinterpret_cast<const void *>(input)), length);
OpenSSLDigest (const EVP_MD *_type);
~OpenSSLDigest ();
void Restart();
+ void SetFlags(int flags);
void Update (const unsigned char *input, size_t length);
void Final (unsigned char *digest);
};
f->flush(bl);
MD5 hash;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
hash.Update((const unsigned char *)bl.c_str(), bl.length());
hash.Final(m);
public:
ETagVerifier(CephContext* cct_, rgw::sal::DataProcessor *next)
- : Pipe(next), cct(cct_) {}
+ : Pipe(next), cct(cct_) {
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ }
virtual void calculate_etag() = 0;
std::string get_calculated_etag() { return calculated_etag;}
rgw::sal::DataProcessor *next)
: ETagVerifier(cct, next),
part_ofs(std::move(part_ofs))
- {}
+ {
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ }
int process(bufferlist&& data, uint64_t logical_offset) override;
void calculate_etag() override;
// invoking this classes's header_init()
(void) RGWWriteRequest::header_init();
op = this;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
}
bool only_bucket() override { return true; }
rgw::sal::Bucket::ListResults results;
MD5 etag_sum;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ etag_sum.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
do {
static constexpr auto MAX_LIST_OBJS = 100u;
int r = bucket->list(dpp, params, MAX_LIST_OBJS, results, y);
map<uint64_t, rgw_slo_part> slo_parts;
MD5 etag_sum;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ etag_sum.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
total_len = 0;
for (const auto& entry : slo_info.entries) {
char calc_md5[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 1];
unsigned char m[CEPH_CRYPTO_MD5_DIGESTSIZE];
MD5 hash;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
bufferlist bl, aclbl, bs;
int len;
char calc_md5[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 1];
unsigned char m[CEPH_CRYPTO_MD5_DIGESTSIZE];
MD5 hash;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
ceph::buffer::list bl, aclbl;
int len = 0;
ldpp_dout(this, 15) << "read len=" << data.length() << " data=" << (buf ? buf : "") << dendl;
MD5 data_hash;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ data_hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
unsigned char data_hash_res[CEPH_CRYPTO_MD5_DIGESTSIZE];
data_hash.Update(reinterpret_cast<const unsigned char*>(buf), data.length());
data_hash.Final(data_hash_res);
string oetag = sattrs[RGW_ATTR_ETAG].to_str();
MD5 hash;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
for (const auto& [index, part] : parts->parts) {
std::string partetag = rgw_string_unquote(part);
char petag[CEPH_CRYPTO_MD5_DIGESTSIZE];
ssize_t len = 0;
size_t ofs = 0;
MD5 hash;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
do {
ceph::bufferlist data;
len = body.get_at_most(s->cct->_conf->rgw_max_chunk_size, data);
//calculate the etag
if (!cur_etag.empty()) {
MD5 hash;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
char petag[CEPH_CRYPTO_MD5_DIGESTSIZE];
char final_etag[CEPH_CRYPTO_MD5_DIGESTSIZE];
char final_etag_str[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 16];
unsigned char md5[CEPH_CRYPTO_MD5_DIGESTSIZE];
char md5_str[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 1];
MD5 hash;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
hash.Update((const unsigned char *)manifest_bl.c_str(), manifest_bl.length());
map<string, bufferlist>::iterator iter = attrset.find(RGW_ATTR_ETAG);
}
MD5 etag_sum;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ etag_sum.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
uint64_t total_size = 0;
for (auto& entry : slo_info->entries) {
etag_sum.Update((const unsigned char *)entry.etag.c_str(),
std::string etag;
bufferlist etag_bl;
MD5 hash;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
bool truncated;
int ret;
H hash;
public:
- RGWEtag() {}
+ RGWEtag() {
+ if constexpr (std::is_same_v<H, MD5>) {
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ }
+ }
void update(const char *buf, size_t len) {
hash.Update((const unsigned char *)buf, len);
using namespace std;
using namespace librados;
using namespace boost;
-using ceph::crypto::MD5;
using ceph::crypto::SHA1;
seed::seed()
{
unsigned char md5[CEPH_CRYPTO_MD5_DIGESTSIZE];
MD5 hash;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
hash.Update((const unsigned char *)zone_id.c_str(), zone_id.size());
hash.Final(md5);
unsigned char md5[CEPH_CRYPTO_MD5_DIGESTSIZE];
char md5_str[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 1];
MD5 hash;
+ // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
+ hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
hash.Update((const unsigned char *)new_realm_name.c_str(), new_realm_name.length());
hash.Final(md5);
buf_to_hex(md5, CEPH_CRYPTO_MD5_DIGESTSIZE, md5_str);
projects / ceph.git / commitdiff