This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push: new 99199be disable fips when TS_ENABLE_FIPS == 0 99199be is described below commit 99199be4453a57afecbe73bc8396ccdee4ad8d8c Author: scw00 <sc...@apache.org> AuthorDate: Tue Mar 6 17:38:30 2018 +0800 disable fips when TS_ENABLE_FIPS == 0 --- iocore/cache/P_CacheVol.h | 10 +++++----- lib/ts/CryptoHash.cc | 18 +++++++++++------- lib/ts/CryptoHash.h | 4 ++-- lib/ts/INK_MD5.h | 3 --- lib/ts/SHA256.h | 7 ++----- lib/ts/ink_code.cc | 2 +- lib/ts/ink_code.h | 2 +- proxy/Main.cc | 2 +- tools/jtest/jtest.cc | 12 ------------ 9 files changed, 23 insertions(+), 37 deletions(-) diff --git a/iocore/cache/P_CacheVol.h b/iocore/cache/P_CacheVol.h index 6747161..082e195 100644 --- a/iocore/cache/P_CacheVol.h +++ b/iocore/cache/P_CacheVol.h @@ -279,14 +279,14 @@ struct Doc { uint32_t magic; // DOC_MAGIC uint32_t len; // length of this fragment (including hlen & sizeof(Doc), unrounded) uint64_t total_len; // total length of document -#ifndef TS_ENABLE_FIPS - CryptoHash first_key; ///< first key in object. - CryptoHash key; ///< Key for this doc. -#else +#if TS_ENABLE_FIPS == 1 // For FIPS CryptoHash is 256 bits vs. 128, and the 'first_key' must be checked first, so // ensure that the new 'first_key' overlaps the old 'first_key' and that the rest of the data layout // is the same by putting 'key' at the ned. CryptoHash first_key; ///< first key in object. +#else + CryptoHash first_key; ///< first key in object. + CryptoHash key; ///< Key for this doc. #endif uint32_t hlen; ///< Length of this header. uint32_t doc_type : 8; ///< Doc type - indicates the format of this structure and its content. @@ -297,7 +297,7 @@ struct Doc { uint32_t write_serial; uint32_t pinned; // pinned until uint32_t checksum; -#ifdef TS_ENABLE_FIPS +#if TS_ENABLE_FIPS == 1 CryptoHash key; ///< Key for this doc. #endif diff --git a/lib/ts/CryptoHash.cc b/lib/ts/CryptoHash.cc index 4e5792c..b28181b 100644 --- a/lib/ts/CryptoHash.cc +++ b/lib/ts/CryptoHash.cc @@ -30,35 +30,39 @@ #include "ts/CryptoHash.h" #include "ts/SHA256.h" -#ifndef TS_ENABLE_FIPS -CryptoContext::HashType CryptoContext::Setting = CryptoContext::MD5; -#else +#if TS_ENABLE_FIPS == 1 CryptoContext::HashType CryptoContext::Setting = CryptoContext::SHA256; +#else +#include "ts/INK_MD5.h" +#include "ts/MMH.h" +CryptoContext::HashType CryptoContext::Setting = CryptoContext::MD5; #endif CryptoContext::CryptoContext() { switch (Setting) { case UNSPECIFIED: -#ifndef TS_ENABLE_FIPS +#if TS_ENABLE_FIPS == 0 case MD5: new (_obj) MD5Context; break; case MMH: new (_obj) MMHContext; break; -#endif +#else case SHA256: new (_obj) SHA256Context; break; +#endif default: ink_release_assert("Invalid global URL hash context"); }; -#ifndef TS_ENABLE_FIPS +#if TS_ENABLE_FIPS == 0 static_assert(CryptoContext::OBJ_SIZE >= sizeof(MD5Context), "bad OBJ_SIZE"); static_assert(CryptoContext::OBJ_SIZE >= sizeof(MMHContext), "bad OBJ_SIZE"); -#endif +#else static_assert(CryptoContext::OBJ_SIZE >= sizeof(SHA256Context), "bad OBJ_SIZE"); +#endif } /** diff --git a/lib/ts/CryptoHash.h b/lib/ts/CryptoHash.h index 7d4cea7..973d6b3 100644 --- a/lib/ts/CryptoHash.h +++ b/lib/ts/CryptoHash.h @@ -25,7 +25,7 @@ /// Apache Traffic Server commons. -#ifdef TS_ENABLE_FIPS +#if TS_ENABLE_FIPS == 1 // #include "ts/SHA256.h" #define CRYPTO_HASH_SIZE (256 / 8) #else @@ -149,7 +149,7 @@ public: enum HashType { UNSPECIFIED, -#ifndef TS_ENABLE_FIPS +#if TS_ENABLE_FIPS == 0 MD5, MMH, #endif diff --git a/lib/ts/INK_MD5.h b/lib/ts/INK_MD5.h index 1fee6bf..38ad1d3 100644 --- a/lib/ts/INK_MD5.h +++ b/lib/ts/INK_MD5.h @@ -28,8 +28,6 @@ #include "ts/ink_defs.h" #include "ts/CryptoHash.h" -#ifndef TS_ENABLE_FIPS - class MD5Context : public ats::CryptoContextBase { protected: @@ -44,6 +42,5 @@ public: }; typedef CryptoHash INK_MD5; -#endif #endif diff --git a/lib/ts/SHA256.h b/lib/ts/SHA256.h index eff7e1d..57bfca9 100644 --- a/lib/ts/SHA256.h +++ b/lib/ts/SHA256.h @@ -21,16 +21,14 @@ limitations under the License. */ -#ifndef _INK_MD5_h_ -#define _INK_MD5_h_ +#ifndef _SHA256_h_ +#define _SHA256_h_ #include "ts/ink_code.h" #include "ts/ink_defs.h" #include "ts/CryptoHash.h" #include <openssl/sha.h> -#ifdef TS_ENABLE_FIPS - class SHA256Context : public ats::CryptoContextBase { protected: @@ -53,4 +51,3 @@ public: }; #endif -#endif diff --git a/lib/ts/ink_code.cc b/lib/ts/ink_code.cc index 60270d0..11d16fa 100644 --- a/lib/ts/ink_code.cc +++ b/lib/ts/ink_code.cc @@ -28,7 +28,7 @@ #include "ts/ink_assert.h" ats::CryptoHash const ats::CRYPTO_HASH_ZERO; // default constructed is correct. -#ifndef TS_ENABLE_FIPS +#if TS_ENABLE_FIPS == 0 MD5Context::MD5Context() { diff --git a/lib/ts/ink_code.h b/lib/ts/ink_code.h index 996ed3c..b0f9876 100644 --- a/lib/ts/ink_code.h +++ b/lib/ts/ink_code.h @@ -26,7 +26,7 @@ #include "ts/ink_apidefs.h" #include "ts/ink_defs.h" -#ifndef TS_ENABLE_FIPS +#if TS_ENABLE_FIPS == 0 #include <openssl/md5.h> /* INK_MD5 context. */ diff --git a/proxy/Main.cc b/proxy/Main.cc index 53a122a..eb6e878 100644 --- a/proxy/Main.cc +++ b/proxy/Main.cc @@ -689,7 +689,7 @@ CB_After_Cache_Init() start = ink_atomic_swap(&delay_listen_for_cache_p, -1); -#ifndef TS_ENABLE_FIPS +#if TS_ENABLE_FIPS == 0 // Check for cache BC after the cache is initialized and before listen, if possible. if (cacheProcessor.min_stripe_version.ink_major < CACHE_DB_MAJOR_VERSION) { // Versions before 23 need the MMH hash. diff --git a/tools/jtest/jtest.cc b/tools/jtest/jtest.cc index 6a9d0fa..0422e4a 100644 --- a/tools/jtest/jtest.cc +++ b/tools/jtest/jtest.cc @@ -3438,18 +3438,6 @@ UrlHashTable::~UrlHashTable() } // UrlHashTable::~UrlHashTable static int -ink_code_md5(unsigned const char *input, int input_length, unsigned char *sixteen_byte_hash_pointer) -{ - MD5_CTX context; - - MD5_Init(&context); - MD5_Update(&context, input, input_length); - MD5_Final(sixteen_byte_hash_pointer, &context); - - return (0); -} - -static int seen_it(char *url) { if (!url_hash_entries) { -- To stop receiving notification emails like this one, please contact zw...@apache.org.