From f2424dfbd572f514a598f39ad5b18b9316d7c6fa Mon Sep 17 00:00:00 2001 From: Yehuda Sadeh Date: Fri, 3 Dec 2010 14:45:59 -0800 Subject: [PATCH] rgw: get rid of openssl altogether --- configure.ac | 5 ----- src/Makefile.am | 4 ++-- src/rgw/rgw_access.h | 2 -- src/rgw/rgw_admin.cc | 18 ++++++------------ src/rgw/rgw_common.h | 6 ++++-- src/rgw/rgw_main.cc | 31 ++++++++++++++++++++----------- src/rgw/rgw_op.cc | 24 ++++++++++++------------ 7 files changed, 44 insertions(+), 46 deletions(-) diff --git a/configure.ac b/configure.ac index b34e05d298700..ba7ae52dc4b7e 100644 --- a/configure.ac +++ b/configure.ac @@ -161,11 +161,6 @@ AC_CHECK_HEADER([histedit.h], [], [AC_MSG_ERROR([Sorry you need histedit.h (libedit-dev on debian)])]) -AC_CHECK_HEADER([openssl/md5.h], - [], - [AC_MSG_ERROR([Sorry you need openssl dev files (libssl-dev on debian)])]) -PKG_CHECK_MODULES([OPENSSL], [openssl]) - AC_CHECK_MEMBER([struct fiemap_extent.fe_logical], [AC_DEFINE([HAVE_FIEMAP_H], [], [linux/fiemap.h was found, fiemap ioctl will be used])], [AC_MSG_NOTICE([linux/fiemap.h was not found or not usable; using local Ceph copy])], diff --git a/src/Makefile.am b/src/Makefile.am index ee136acbdee03..24b8f06c48db1 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -244,9 +244,9 @@ libradosgw_a_CFLAGS = ${AM_CFLAGS} # lib_LTLIBRARIES += libradosgw.a radosgw_SOURCES = rgw/rgw_main.cc -radosgw_LDADD = libradosgw.a librados.a libcrush.a -lfcgi $(OPENSSL_LIBS) -lexpat -lpthread -lm -lcrypto++ +radosgw_LDADD = libradosgw.a librados.a libcrush.a -lfcgi -lexpat -lpthread -lm -lcrypto++ radosgw_admin_SOURCES = rgw/rgw_admin.cc -radosgw_admin_LDADD = libradosgw.a librados.a libcrush.a -lfcgi $(OPENSSL_LIBS) -lexpat -lpthread -lm -lcrypto++ +radosgw_admin_LDADD = libradosgw.a librados.a libcrush.a -lfcgi -lexpat -lpthread -lm -lcrypto++ bin_PROGRAMS += radosgw radosgw_admin endif diff --git a/src/rgw/rgw_access.h b/src/rgw/rgw_access.h index 01a15f1766526..8e2db59d0ed8a 100644 --- a/src/rgw/rgw_access.h +++ b/src/rgw/rgw_access.h @@ -6,8 +6,6 @@ #include #include -#include - #include "rgw_common.h" /** diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc index e24403142f31f..f5d71e4726676 100644 --- a/src/rgw/rgw_admin.cc +++ b/src/rgw/rgw_admin.cc @@ -7,7 +7,7 @@ using namespace std; #include "config.h" -#include +#include #include "common/common_init.h" #include "common/armor.h" @@ -39,13 +39,10 @@ int gen_rand_base64(char *dest, int size) /* size should be the required string unsigned char buf[size]; char tmp_dest[size + 4]; /* so that there's space for the extra '=' characters, and some */ - int ret = RAND_bytes(buf, sizeof(buf)); - if (!ret) { - cerr << "RAND_bytes failed, entropy problem?" << std::endl; - return -1; - } + CryptoPP::AutoSeededRandomPool rng; + rng.GenerateBlock(buf, sizeof(buf)); - ret = ceph_armor(tmp_dest, &tmp_dest[sizeof(tmp_dest)], + int ret = ceph_armor(tmp_dest, &tmp_dest[sizeof(tmp_dest)], (const char *)buf, ((const char *)buf) + ((size - 1) * 3 + 4 - 1) / 4); if (ret < 0) { cerr << "ceph_armor failed" << std::endl; @@ -61,11 +58,8 @@ static const char alphanum_table[]="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; int gen_rand_alphanumeric(char *dest, int size) /* size should be the required string size + 1 */ { - int ret = RAND_bytes((unsigned char *)dest, size); - if (!ret) { - cerr << "RAND_bytes failed, entropy problem?" << std::endl; - return -1; - } + CryptoPP::AutoSeededRandomPool rng; + rng.GenerateBlock((unsigned char *)dest, size); int i; for (i=0; i +#include +#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 +#include #include #include #include "include/types.h" @@ -195,7 +197,7 @@ struct RGWObjEnt { std::string name; size_t size; time_t mtime; - char etag[MD5_DIGEST_LENGTH * 2 + 1]; + char etag[CryptoPP::Weak::MD5::DIGESTSIZE * 2 + 1]; void encode(bufferlist& bl) const { __u8 struct_v = 1; diff --git a/src/rgw/rgw_main.cc b/src/rgw/rgw_main.cc index 92aefd2789452..1c57c6138815b 100644 --- a/src/rgw/rgw_main.cc +++ b/src/rgw/rgw_main.cc @@ -8,9 +8,8 @@ #include #include -#include -#include -#include +#include +#include #include "fcgiapp.h" @@ -32,6 +31,7 @@ #include "common/BackTrace.h" using namespace std; +using namespace CryptoPP; #define CGI_PRINTF(stream, format, ...) do { \ FCGX_FPrintF(stream, format, __VA_ARGS__); \ @@ -118,17 +118,25 @@ static void get_auth_header(struct req_state *s, string& dest, bool qsr) /* * calculate the sha1 value of a given msg and key */ -static void calc_hmac_sha1(const char *key, int key_len, +static int calc_hmac_sha1(const char *key, int key_len, const char *msg, int msg_len, char *dest, int *len) /* dest should be large enough to hold result */ { - char hex_str[128]; - unsigned char *result = HMAC(EVP_sha1(), key, key_len, (const unsigned char *)msg, - msg_len, (unsigned char *)dest, (unsigned int *)len); + if (*len < HMAC::DIGESTSIZE) + return -EINVAL; - buf_to_hex(result, *len, hex_str); + char hex_str[HMAC::DIGESTSIZE * 2 + 1]; + + HMAC hmac((const unsigned char *)key, key_len); + hmac.Update((const unsigned char *)msg, msg_len); + hmac.Final((unsigned char *)dest); + *len = HMAC::DIGESTSIZE; + + buf_to_hex((unsigned char *)dest, *len, hex_str); RGW_LOG(15) << "hmac=" << hex_str << endl; + + return 0; } /* @@ -186,9 +194,10 @@ static bool verify_signature(struct req_state *s) const char *key = s->user.secret_key.c_str(); int key_len = strlen(key); - char hmac_sha1[EVP_MAX_MD_SIZE]; - int len; - calc_hmac_sha1(key, key_len, auth_hdr.c_str(), auth_hdr.size(), hmac_sha1, &len); + char hmac_sha1[HMAC::DIGESTSIZE]; + int len = sizeof(hmac_sha1); + if (calc_hmac_sha1(key, key_len, auth_hdr.c_str(), auth_hdr.size(), hmac_sha1, &len) < 0) + return false; char b64[64]; /* 64 is really enough */ int ret = ceph_armor(b64, &b64[sizeof(b64)], hmac_sha1, &hmac_sha1[len]); diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index c5f1f5109c898..f302f77e24a84 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -13,6 +13,7 @@ #include "rgw_user.h" using namespace std; +using namespace CryptoPP::Weak; static int parse_range(const char *range, off_t& ofs, off_t& end) { @@ -325,32 +326,31 @@ void RGWPutObj::execute() goto done; } - char supplied_md5_bin[MD5_DIGEST_LENGTH + 1]; - char supplied_md5[MD5_DIGEST_LENGTH * 2 + 1]; - char calc_md5[MD5_DIGEST_LENGTH * 2 + 1]; - MD5_CTX c; - unsigned char m[MD5_DIGEST_LENGTH]; + char supplied_md5_bin[MD5::DIGESTSIZE + 1]; + char supplied_md5[MD5::DIGESTSIZE * 2 + 1]; + char calc_md5[MD5::DIGESTSIZE * 2 + 1]; + unsigned char m[MD5::DIGESTSIZE]; if (supplied_md5_b64) { RGW_LOG(15) << "supplied_md5_b64=" << supplied_md5_b64 << endl; - int ret = ceph_unarmor(supplied_md5_bin, &supplied_md5_bin[MD5_DIGEST_LENGTH + 1], + int ret = ceph_unarmor(supplied_md5_bin, &supplied_md5_bin[MD5::DIGESTSIZE + 1], supplied_md5_b64, supplied_md5_b64 + strlen(supplied_md5_b64)); RGW_LOG(15) << "ceph_armor ret=" << ret << endl; - if (ret != MD5_DIGEST_LENGTH) { + if (ret != MD5::DIGESTSIZE) { err.code = "InvalidDigest"; ret = -EINVAL; goto done; } - buf_to_hex((const unsigned char *)supplied_md5_bin, MD5_DIGEST_LENGTH, supplied_md5); + buf_to_hex((const unsigned char *)supplied_md5_bin, MD5::DIGESTSIZE, supplied_md5); RGW_LOG(15) << "supplied_md5=" << supplied_md5 << endl; } - MD5_Init(&c); + MD5 hash; do { get_data(); if (len > 0) { - MD5_Update(&c, data, (unsigned long)len); + hash.Update((unsigned char *)data, len); ret = rgwstore->put_obj_data(s->user.user_id, s->bucket_str, s->object_str, data, ofs, len, NULL); free(data); if (ret < 0) @@ -359,9 +359,9 @@ void RGWPutObj::execute() } } while ( len > 0); - MD5_Final(m, &c); + hash.Final(m); - buf_to_hex(m, MD5_DIGEST_LENGTH, calc_md5); + buf_to_hex(m, MD5::DIGESTSIZE, calc_md5); if (supplied_md5_b64 && strcmp(calc_md5, supplied_md5)) { err.code = "BadDigest"; -- 2.39.5