Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MinIO SDK GO with FIPS compatibility #2024

Open
LeonidWeinberg opened this issue Nov 26, 2024 · 1 comment
Open

MinIO SDK GO with FIPS compatibility #2024

LeonidWeinberg opened this issue Nov 26, 2024 · 1 comment

Comments

@LeonidWeinberg
Copy link

Hello,

I am using GO FIPS compliant image with MinioSDK v7.0.80
My program fails while using the following APIs

  • RemoveObjectWithResult
  • RemoveObjects

Code

`package main

import (
"bytes"
"context"
"fmt"
"log"

"github.com/minio/minio-go/v7"
"github.com/minio/minio-go/v7/pkg/credentials"

)

func main() {
minioClient, err := minio.New("minio:9000", &minio.Options{
Creds: credentials.NewStaticV4("admin", "secretpassword", ""),
Secure: false,
})

if err != nil {
	log.Fatalf("Failed to initialize MinIO client: %v", err)
}

minioClient.TraceOn(log.Writer())
bucketName := "test-s3-fips"

// Ensure the bucket exists
err = minioClient.MakeBucket(context.Background(), bucketName, minio.MakeBucketOptions{Region: "us-east-1"})
if err != nil {
	exists, errBucketExists := minioClient.BucketExists(context.Background(), bucketName)
	if errBucketExists == nil && exists {
		log.Printf("Bucket %s already exists\n", bucketName)
	} else {
		log.Fatalf("Failed to create bucket: %v", err)
	}
}

// Upload objects programmatically
objectsToUpload := []string{"object1.txt", "object2.txt", "object3.txt"}
for _, obj := range objectsToUpload {
	uploadObject(minioClient, bucketName, obj)
}

// Test RemoveObjectsWithResult
log.Println("Testing RemoveObjectsWithResult...")
//testRemoveObjectsWithResult(minioClient, bucketName, objectsToUpload)

// Re-upload objects for next test
for _, obj := range objectsToUpload {
	uploadObject(minioClient, bucketName, obj)
}

// Test RemoveObjects
log.Println("Testing RemoveObjects...")
testRemoveObjects(minioClient, bucketName, objectsToUpload)

}

func uploadObject(minioClient *minio.Client, bucketName, objectName string) {
content := fmt.Sprintf("This is the content of %s", objectName)
_, err := minioClient.PutObject(
context.Background(),
bucketName,
objectName,
bytes.NewReader([]byte(content)),
int64(len(content)),
minio.PutObjectOptions{ContentType: "text/plain"},
)
if err != nil {
log.Fatalf("Failed to upload object %s: %v", objectName, err)
}
log.Printf("Successfully uploaded object: %s to bucket: %s", objectName, bucketName)
}

func testRemoveObjectsWithResult(minioClient *minio.Client, bucketName string, objectsToDelete []string) {
objectCh := make(chan minio.ObjectInfo)
go func() {
for _, obj := range objectsToDelete {
objectCh <- minio.ObjectInfo{Key: obj}
}
close(objectCh)
}()

// Call RemoveObjectsWithResult
errorCh := minioClient.RemoveObjectsWithResult(context.Background(), bucketName, objectCh, minio.RemoveObjectsOptions{})

log.Println("Starting RemoveObjectsWithResult...")
for err := range errorCh {
	if err.Err != nil {
		log.Printf("Failed to delete object %s: %v", err.ObjectName, err.Err)
	} else {
		log.Printf("Successfully deleted object: %s", err.ObjectName)
	}
}
log.Println("Completed RemoveObjectsWithResult.")

}

func testRemoveObjects(minioClient *minio.Client, bucketName string, objectsToDelete []string) {
objectCh := make(chan minio.ObjectInfo)
go func() {
for _, obj := range objectsToDelete {
objectCh <- minio.ObjectInfo{Key: obj}
}
close(objectCh)
}()

// Call RemoveObjects
errorCh := minioClient.RemoveObjects(context.Background(), bucketName, objectCh, minio.RemoveObjectsOptions{})

log.Println("Starting RemoveObjects...")
for err := range errorCh {
	if err.Err != nil {
		log.Printf("Failed to delete object %s: %v", err.ObjectName, err.Err)
	} else {
		log.Printf("Successfully deleted object: %s", err.ObjectName)
	}
}
log.Println("Completed RemoveObjects.")

}
`

Here is error (similar error for both APIs)

`2024/11/26 17:56:37 Successfully uploaded object: object3.txt to bucket: test-s3-fips
2024/11/26 17:56:37 Testing RemoveObjects...
2024/11/26 17:56:37 Starting RemoveObjects...
panic: openssl: unsupported hash function: 2

goroutine 59 [running]:
vendor/github.com/golang-fips/openssl/v2.newEvpHash(0x2, 0x10, 0x40)
/usr/lib/go/src/vendor/github.com/golang-fips/openssl/v2/hash.go:127 +0x16a
vendor/github.com/golang-fips/openssl/v2.NewMD5(...)
/usr/lib/go/src/vendor/github.com/golang-fips/openssl/v2/hash.go:248
crypto/internal/backend.NewMD5(...)
/usr/lib/go/src/crypto/internal/backend/openssl_linux.go:135
crypto/md5.New(...)
/usr/lib/go/src/crypto/md5/md5.go:104
github.com/minio/minio-go/v7.init.func3()
/home/nonroot/go/pkg/mod/github.com/minio/minio-go/[email protected]/utils.go:545 +0x25
sync.(*Pool).Get(0xb39040)
/usr/lib/go/src/sync/pool.go:155 +0xb1
github.com/minio/minio-go/v7.newMd5Hasher(...)
/home/nonroot/go/pkg/mod/github.com/minio/minio-go/[email protected]/utils.go:550
github.com/minio/minio-go/v7.sumMD5Base64({0xc00007a1e0, 0x9a, 0xa0})
/home/nonroot/go/pkg/mod/github.com/minio/minio-go/[email protected]/utils.go:100 +0x49
github.com/minio/minio-go/v7.(*Client).removeObjects(0xc00007cea0, {0x8cee60, 0xb684a0}, {0x80eb3d, 0xc}, 0xc00011c770, 0xc00026c2a0, {0x0?})
/home/nonroot/go/pkg/mod/github.com/minio/minio-go/[email protected]/api-remove.go:444 +0x385
created by github.com/minio/minio-go/v7.(*Client).RemoveObjects in goroutine 1
/home/nonroot/go/pkg/mod/github.com/minio/minio-go/[email protected]/api-remove.go:309 +0x186`

@klauspost
Copy link
Contributor

MD5 should be redundant here: https://github.com/minio/minio-go/blob/v7.0.81/api-remove.go#L444 (there is SHA256)

Feel free to send a PR to remove it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants