You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by no...@apache.org on 2017/01/03 21:02:48 UTC
[trafficserver] branch master updated: TS-5059: OpenSSL 1.1
EVP_MD_CTX and HMAC_CTX
This is an automated email from the ASF dual-hosted git repository.
nottheoilrig pushed a commit to branch master
in repository https://git-dual.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 92d004c TS-5059: OpenSSL 1.1 EVP_MD_CTX and HMAC_CTX
92d004c is described below
commit 92d004cfd6d8e7069ce0a959e5f1327789090261
Author: Jack Bates <ja...@nottheoilrig.com>
AuthorDate: Mon Jan 2 17:16:33 2017 -0700
TS-5059: OpenSSL 1.1 EVP_MD_CTX and HMAC_CTX
EVP_MD_CTX and HMAC_CTX were made opaque in OpenSSL 1.1 [1],
so allocating them on the stack is no longer supported.
Also EVP_MD_CTX_cleanup() was removed. EVP_MD_CTX_reset() should be
called instead, to reinitialise an already created structure.
[1] https://www.openssl.org/news/changelog#x4
---
example/cppapi/websocket/WSBuffer.cc | 47 +++++++++++++++++++++++++--------
lib/ts/HashMD5.cc | 5 +++-
plugins/s3_auth/s3_auth.cc | 50 ++++++++++++++++++++++--------------
3 files changed, 71 insertions(+), 31 deletions(-)
diff --git a/example/cppapi/websocket/WSBuffer.cc b/example/cppapi/websocket/WSBuffer.cc
index 54fc48a..e84429c 100644
--- a/example/cppapi/websocket/WSBuffer.cc
+++ b/example/cppapi/websocket/WSBuffer.cc
@@ -157,29 +157,54 @@ WSBuffer::read_buffered_message(std::string &message, int &code)
std::string
WSBuffer::ws_digest(std::string const &key)
{
- EVP_MD_CTX digest;
- EVP_MD_CTX_init(&digest);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_MD_CTX digest[1];
+ EVP_MD_CTX_init(digest);
+#else
+ EVP_MD_CTX *digest;
+ digest = EVP_MD_CTX_new();
+#endif
- if (!EVP_DigestInit_ex(&digest, EVP_sha1(), nullptr)) {
- EVP_MD_CTX_cleanup(&digest);
+ if (!EVP_DigestInit_ex(digest, EVP_sha1(), nullptr)) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_MD_CTX_cleanup(digest);
+#else
+ EVP_MD_CTX_free(digest);
+#endif
return "init-failed";
}
- if (!EVP_DigestUpdate(&digest, key.data(), key.length())) {
- EVP_MD_CTX_cleanup(&digest);
+ if (!EVP_DigestUpdate(digest, key.data(), key.length())) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_MD_CTX_cleanup(digest);
+#else
+ EVP_MD_CTX_free(digest);
+#endif
return "update1-failed";
}
- if (!EVP_DigestUpdate(&digest, magic.data(), magic.length())) {
- EVP_MD_CTX_cleanup(&digest);
+ if (!EVP_DigestUpdate(digest, magic.data(), magic.length())) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_MD_CTX_cleanup(digest);
+#else
+ EVP_MD_CTX_free(digest);
+#endif
return "update2-failed";
}
unsigned char hash_buf[EVP_MAX_MD_SIZE];
unsigned int hash_len = 0;
- if (!EVP_DigestFinal_ex(&digest, hash_buf, &hash_len)) {
- EVP_MD_CTX_cleanup(&digest);
+ if (!EVP_DigestFinal_ex(digest, hash_buf, &hash_len)) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_MD_CTX_cleanup(digest);
+#else
+ EVP_MD_CTX_free(digest);
+#endif
return "final-failed";
}
- EVP_MD_CTX_cleanup(&digest);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_MD_CTX_cleanup(digest);
+#else
+ EVP_MD_CTX_free(digest);
+#endif
if (hash_len != 20) {
return "bad-hash-length";
}
diff --git a/lib/ts/HashMD5.cc b/lib/ts/HashMD5.cc
index 7abba0b..1ebd950 100644
--- a/lib/ts/HashMD5.cc
+++ b/lib/ts/HashMD5.cc
@@ -67,7 +67,10 @@ ATSHashMD5::size(void) const
void
ATSHashMD5::clear(void)
{
- int ret = EVP_MD_CTX_cleanup(ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_cleanup((ctx))
+#endif
+ int ret = EVP_MD_CTX_reset(ctx);
ink_assert(ret == 1);
ret = EVP_DigestInit_ex(ctx, EVP_md5(), nullptr);
ink_assert(ret == 1);
diff --git a/plugins/s3_auth/s3_auth.cc b/plugins/s3_auth/s3_auth.cc
index 79869dd..033b13a 100644
--- a/plugins/s3_auth/s3_auth.cc
+++ b/plugins/s3_auth/s3_auth.cc
@@ -416,37 +416,49 @@ S3Request::authorize(S3Config *s3)
TSDebug(PLUGIN_NAME, "%s", left);
}
- // Produce the SHA1 MAC digest
- HMAC_CTX ctx;
+// Produce the SHA1 MAC digest
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ HMAC_CTX ctx[1];
+#else
+ HMAC_CTX *ctx;
+#endif
unsigned int hmac_len;
size_t hmac_b64_len;
unsigned char hmac[SHA_DIGEST_LENGTH];
char hmac_b64[SHA_DIGEST_LENGTH * 2];
- HMAC_CTX_init(&ctx);
- HMAC_Init_ex(&ctx, s3->secret(), s3->secret_len(), EVP_sha1(), nullptr);
- HMAC_Update(&ctx, (unsigned char *)method, method_len);
- HMAC_Update(&ctx, (unsigned char *)"\n", 1);
- HMAC_Update(&ctx, (unsigned char *)con_md5, con_md5_len);
- HMAC_Update(&ctx, (unsigned char *)"\n", 1);
- HMAC_Update(&ctx, (unsigned char *)con_type, con_type_len);
- HMAC_Update(&ctx, (unsigned char *)"\n", 1);
- HMAC_Update(&ctx, (unsigned char *)date, date_len);
- HMAC_Update(&ctx, (unsigned char *)"\n/", 2);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ HMAC_CTX_init(ctx);
+#else
+ ctx = HMAC_CTX_new();
+#endif
+ HMAC_Init_ex(ctx, s3->secret(), s3->secret_len(), EVP_sha1(), nullptr);
+ HMAC_Update(ctx, (unsigned char *)method, method_len);
+ HMAC_Update(ctx, (unsigned char *)"\n", 1);
+ HMAC_Update(ctx, (unsigned char *)con_md5, con_md5_len);
+ HMAC_Update(ctx, (unsigned char *)"\n", 1);
+ HMAC_Update(ctx, (unsigned char *)con_type, con_type_len);
+ HMAC_Update(ctx, (unsigned char *)"\n", 1);
+ HMAC_Update(ctx, (unsigned char *)date, date_len);
+ HMAC_Update(ctx, (unsigned char *)"\n/", 2);
if (host && host_endp) {
- HMAC_Update(&ctx, (unsigned char *)host, host_endp - host);
- HMAC_Update(&ctx, (unsigned char *)"/", 1);
+ HMAC_Update(ctx, (unsigned char *)host, host_endp - host);
+ HMAC_Update(ctx, (unsigned char *)"/", 1);
}
- HMAC_Update(&ctx, (unsigned char *)path, path_len);
+ HMAC_Update(ctx, (unsigned char *)path, path_len);
if (param) {
- HMAC_Update(&ctx, (unsigned char *)";", 1); // TSUrlHttpParamsGet() does not include ';'
- HMAC_Update(&ctx, (unsigned char *)param, param_len);
+ HMAC_Update(ctx, (unsigned char *)";", 1); // TSUrlHttpParamsGet() does not include ';'
+ HMAC_Update(ctx, (unsigned char *)param, param_len);
}
- HMAC_Final(&ctx, hmac, &hmac_len);
- HMAC_CTX_cleanup(&ctx);
+ HMAC_Final(ctx, hmac, &hmac_len);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ HMAC_CTX_cleanup(ctx);
+#else
+ HMAC_CTX_free(ctx);
+#endif
// Do the Base64 encoding and set the Authorization header.
if (TS_SUCCESS == TSBase64Encode((const char *)hmac, hmac_len, hmac_b64, sizeof(hmac_b64) - 1, &hmac_b64_len)) {
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].