This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 99199be disable fips when TS_ENABLE_FIPS == 0
99199be is described below
commit 99199be4453a57afecbe73bc8396ccdee4ad8d8c
Author: scw00 <sc...@apache.org>
AuthorDate: Tue Mar 6 17:38:30 2018 +0800
disable fips when TS_ENABLE_FIPS == 0
---
iocore/cache/P_CacheVol.h | 10 +++++-----
lib/ts/CryptoHash.cc | 18 +++++++++++-------
lib/ts/CryptoHash.h | 4 ++--
lib/ts/INK_MD5.h | 3 ---
lib/ts/SHA256.h | 7 ++-----
lib/ts/ink_code.cc | 2 +-
lib/ts/ink_code.h | 2 +-
proxy/Main.cc | 2 +-
tools/jtest/jtest.cc | 12 ------------
9 files changed, 23 insertions(+), 37 deletions(-)
diff --git a/iocore/cache/P_CacheVol.h b/iocore/cache/P_CacheVol.h
index 6747161..082e195 100644
--- a/iocore/cache/P_CacheVol.h
+++ b/iocore/cache/P_CacheVol.h
@@ -279,14 +279,14 @@ struct Doc {
uint32_t magic; // DOC_MAGIC
uint32_t len; // length of this fragment (including hlen &
sizeof(Doc), unrounded)
uint64_t total_len; // total length of document
-#ifndef TS_ENABLE_FIPS
- CryptoHash first_key; ///< first key in object.
- CryptoHash key; ///< Key for this doc.
-#else
+#if TS_ENABLE_FIPS == 1
// For FIPS CryptoHash is 256 bits vs. 128, and the 'first_key' must be
checked first, so
// ensure that the new 'first_key' overlaps the old 'first_key' and that the
rest of the data layout
// is the same by putting 'key' at the ned.
CryptoHash first_key; ///< first key in object.
+#else
+ CryptoHash first_key; ///< first key in object.
+ CryptoHash key; ///< Key for this doc.
#endif
uint32_t hlen; ///< Length of this header.
uint32_t doc_type : 8; ///< Doc type - indicates the format of this
structure and its content.
@@ -297,7 +297,7 @@ struct Doc {
uint32_t write_serial;
uint32_t pinned; // pinned until
uint32_t checksum;
-#ifdef TS_ENABLE_FIPS
+#if TS_ENABLE_FIPS == 1
CryptoHash key; ///< Key for this doc.
#endif
diff --git a/lib/ts/CryptoHash.cc b/lib/ts/CryptoHash.cc
index 4e5792c..b28181b 100644
--- a/lib/ts/CryptoHash.cc
+++ b/lib/ts/CryptoHash.cc
@@ -30,35 +30,39 @@
#include "ts/CryptoHash.h"
#include "ts/SHA256.h"
-#ifndef TS_ENABLE_FIPS
-CryptoContext::HashType CryptoContext::Setting = CryptoContext::MD5;
-#else
+#if TS_ENABLE_FIPS == 1
CryptoContext::HashType CryptoContext::Setting = CryptoContext::SHA256;
+#else
+#include "ts/INK_MD5.h"
+#include "ts/MMH.h"
+CryptoContext::HashType CryptoContext::Setting = CryptoContext::MD5;
#endif
CryptoContext::CryptoContext()
{
switch (Setting) {
case UNSPECIFIED:
-#ifndef TS_ENABLE_FIPS
+#if TS_ENABLE_FIPS == 0
case MD5:
new (_obj) MD5Context;
break;
case MMH:
new (_obj) MMHContext;
break;
-#endif
+#else
case SHA256:
new (_obj) SHA256Context;
break;
+#endif
default:
ink_release_assert("Invalid global URL hash context");
};
-#ifndef TS_ENABLE_FIPS
+#if TS_ENABLE_FIPS == 0
static_assert(CryptoContext::OBJ_SIZE >= sizeof(MD5Context), "bad OBJ_SIZE");
static_assert(CryptoContext::OBJ_SIZE >= sizeof(MMHContext), "bad OBJ_SIZE");
-#endif
+#else
static_assert(CryptoContext::OBJ_SIZE >= sizeof(SHA256Context), "bad
OBJ_SIZE");
+#endif
}
/**
diff --git a/lib/ts/CryptoHash.h b/lib/ts/CryptoHash.h
index 7d4cea7..973d6b3 100644
--- a/lib/ts/CryptoHash.h
+++ b/lib/ts/CryptoHash.h
@@ -25,7 +25,7 @@
/// Apache Traffic Server commons.
-#ifdef TS_ENABLE_FIPS
+#if TS_ENABLE_FIPS == 1
// #include "ts/SHA256.h"
#define CRYPTO_HASH_SIZE (256 / 8)
#else
@@ -149,7 +149,7 @@ public:
enum HashType {
UNSPECIFIED,
-#ifndef TS_ENABLE_FIPS
+#if TS_ENABLE_FIPS == 0
MD5,
MMH,
#endif
diff --git a/lib/ts/INK_MD5.h b/lib/ts/INK_MD5.h
index 1fee6bf..38ad1d3 100644
--- a/lib/ts/INK_MD5.h
+++ b/lib/ts/INK_MD5.h
@@ -28,8 +28,6 @@
#include "ts/ink_defs.h"
#include "ts/CryptoHash.h"
-#ifndef TS_ENABLE_FIPS
-
class MD5Context : public ats::CryptoContextBase
{
protected:
@@ -44,6 +42,5 @@ public:
};
typedef CryptoHash INK_MD5;
-#endif
#endif
diff --git a/lib/ts/SHA256.h b/lib/ts/SHA256.h
index eff7e1d..57bfca9 100644
--- a/lib/ts/SHA256.h
+++ b/lib/ts/SHA256.h
@@ -21,16 +21,14 @@
limitations under the License.
*/
-#ifndef _INK_MD5_h_
-#define _INK_MD5_h_
+#ifndef _SHA256_h_
+#define _SHA256_h_
#include "ts/ink_code.h"
#include "ts/ink_defs.h"
#include "ts/CryptoHash.h"
#include <openssl/sha.h>
-#ifdef TS_ENABLE_FIPS
-
class SHA256Context : public ats::CryptoContextBase
{
protected:
@@ -53,4 +51,3 @@ public:
};
#endif
-#endif
diff --git a/lib/ts/ink_code.cc b/lib/ts/ink_code.cc
index 60270d0..11d16fa 100644
--- a/lib/ts/ink_code.cc
+++ b/lib/ts/ink_code.cc
@@ -28,7 +28,7 @@
#include "ts/ink_assert.h"
ats::CryptoHash const ats::CRYPTO_HASH_ZERO; // default constructed is correct.
-#ifndef TS_ENABLE_FIPS
+#if TS_ENABLE_FIPS == 0
MD5Context::MD5Context()
{
diff --git a/lib/ts/ink_code.h b/lib/ts/ink_code.h
index 996ed3c..b0f9876 100644
--- a/lib/ts/ink_code.h
+++ b/lib/ts/ink_code.h
@@ -26,7 +26,7 @@
#include "ts/ink_apidefs.h"
#include "ts/ink_defs.h"
-#ifndef TS_ENABLE_FIPS
+#if TS_ENABLE_FIPS == 0
#include <openssl/md5.h>
/* INK_MD5 context. */
diff --git a/proxy/Main.cc b/proxy/Main.cc
index 53a122a..eb6e878 100644
--- a/proxy/Main.cc
+++ b/proxy/Main.cc
@@ -689,7 +689,7 @@ CB_After_Cache_Init()
start = ink_atomic_swap(&delay_listen_for_cache_p, -1);
-#ifndef TS_ENABLE_FIPS
+#if TS_ENABLE_FIPS == 0
// Check for cache BC after the cache is initialized and before listen, if
possible.
if (cacheProcessor.min_stripe_version.ink_major < CACHE_DB_MAJOR_VERSION) {
// Versions before 23 need the MMH hash.
diff --git a/tools/jtest/jtest.cc b/tools/jtest/jtest.cc
index 6a9d0fa..0422e4a 100644
--- a/tools/jtest/jtest.cc
+++ b/tools/jtest/jtest.cc
@@ -3438,18 +3438,6 @@ UrlHashTable::~UrlHashTable()
} // UrlHashTable::~UrlHashTable
static int
-ink_code_md5(unsigned const char *input, int input_length, unsigned char
*sixteen_byte_hash_pointer)
-{
- MD5_CTX context;
-
- MD5_Init(&context);
- MD5_Update(&context, input, input_length);
- MD5_Final(sixteen_byte_hash_pointer, &context);
-
- return (0);
-}
-
-static int
seen_it(char *url)
{
if (!url_hash_entries) {
--
To stop receiving notification emails like this one, please contact
zw...@apache.org.
