[trafficserver] 03/04: TS-5059: OpenSSL 1.1 EVP_MD_CTX and HMAC_CTX

sorber Thu, 09 Feb 2017 14:18:06 -0800

This is an automated email from the ASF dual-hosted git repository.

sorber pushed a commit to branch 6.2.x
in repository https://git-dual.apache.org/repos/asf/trafficserver.git


commit 6a0b2790811669a9841f0fa5239c3da6e12363b9
Author: Jack Bates <j...@nottheoilrig.com>
AuthorDate: Mon Jan 2 17:16:33 2017 -0700

    TS-5059: OpenSSL 1.1 EVP_MD_CTX and HMAC_CTX
    
    EVP_MD_CTX and HMAC_CTX were made opaque in OpenSSL 1.1 [1],
    so allocating them on the stack is no longer supported.
    
    Also EVP_MD_CTX_cleanup() was removed. EVP_MD_CTX_reset() should be
    called instead, to reinitialise an already created structure.
    
    [1] https://www.openssl.org/news/changelog#x4
    
    (cherry picked from commit 92d004cfd6d8e7069ce0a959e5f1327789090261)
---
 lib/ts/HashMD5.cc                       | 11 ++++++--
 plugins/experimental/s3_auth/s3_auth.cc | 50 ++++++++++++++++++++-------------
 2 files changed, 39 insertions(+), 22 deletions(-)

diff --git a/lib/ts/HashMD5.cc b/lib/ts/HashMD5.cc
index c457b71..d6546d3 100644
--- a/lib/ts/HashMD5.cc
+++ b/lib/ts/HashMD5.cc
@@ -20,6 +20,7 @@
  */
 
 #include "ts/HashMD5.h"
+#include "ts/ink_assert.h"
 
 ATSHashMD5::ATSHashMD5(void)
 {
@@ -65,9 +66,13 @@ ATSHashMD5::size(void) const
 void
 ATSHashMD5::clear(void)
 {
-  EVP_MD_CTX_destroy(ctx);
-  ctx = EVP_MD_CTX_create();
-  EVP_DigestInit(ctx, EVP_md5());
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_cleanup((ctx))
+#endif
+  int ret = EVP_MD_CTX_reset(ctx);
+  ink_assert(ret == 1);
+  ret = EVP_DigestInit_ex(ctx, EVP_md5(), nullptr);
+  ink_assert(ret == 1);
   md_len    = 0;
   finalized = false;
 }
diff --git a/plugins/experimental/s3_auth/s3_auth.cc 
b/plugins/experimental/s3_auth/s3_auth.cc
index cd17a9d..f9697c5 100644
--- a/plugins/experimental/s3_auth/s3_auth.cc
+++ b/plugins/experimental/s3_auth/s3_auth.cc
@@ -410,37 +410,49 @@ S3Request::authorize(S3Config *s3)
     TSDebug(PLUGIN_NAME, "%s", left);
   }
 
-  // Produce the SHA1 MAC digest
-  HMAC_CTX ctx;
+// Produce the SHA1 MAC digest
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  HMAC_CTX ctx[1];
+#else
+  HMAC_CTX *ctx;
+#endif
   unsigned int hmac_len;
   size_t hmac_b64_len;
   unsigned char hmac[SHA_DIGEST_LENGTH];
   char hmac_b64[SHA_DIGEST_LENGTH * 2];
 
-  HMAC_CTX_init(&ctx);
-  HMAC_Init_ex(&ctx, s3->secret(), s3->secret_len(), EVP_sha1(), NULL);
-  HMAC_Update(&ctx, (unsigned char *)method, method_len);
-  HMAC_Update(&ctx, (unsigned char *)"\n", 1);
-  HMAC_Update(&ctx, (unsigned char *)con_md5, con_md5_len);
-  HMAC_Update(&ctx, (unsigned char *)"\n", 1);
-  HMAC_Update(&ctx, (unsigned char *)con_type, con_type_len);
-  HMAC_Update(&ctx, (unsigned char *)"\n", 1);
-  HMAC_Update(&ctx, (unsigned char *)date, date_len);
-  HMAC_Update(&ctx, (unsigned char *)"\n/", 2);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  HMAC_CTX_init(ctx);
+#else
+  ctx = HMAC_CTX_new();
+#endif
+  HMAC_Init_ex(ctx, s3->secret(), s3->secret_len(), EVP_sha1(), nullptr);
+  HMAC_Update(ctx, (unsigned char *)method, method_len);
+  HMAC_Update(ctx, (unsigned char *)"\n", 1);
+  HMAC_Update(ctx, (unsigned char *)con_md5, con_md5_len);
+  HMAC_Update(ctx, (unsigned char *)"\n", 1);
+  HMAC_Update(ctx, (unsigned char *)con_type, con_type_len);
+  HMAC_Update(ctx, (unsigned char *)"\n", 1);
+  HMAC_Update(ctx, (unsigned char *)date, date_len);
+  HMAC_Update(ctx, (unsigned char *)"\n/", 2);
 
   if (host && host_endp) {
-    HMAC_Update(&ctx, (unsigned char *)host, host_endp - host);
-    HMAC_Update(&ctx, (unsigned char *)"/", 1);
+    HMAC_Update(ctx, (unsigned char *)host, host_endp - host);
+    HMAC_Update(ctx, (unsigned char *)"/", 1);
   }
 
-  HMAC_Update(&ctx, (unsigned char *)path, path_len);
+  HMAC_Update(ctx, (unsigned char *)path, path_len);
   if (param) {
-    HMAC_Update(&ctx, (unsigned char *)";", 1); // TSUrlHttpParamsGet() does 
not include ';'
-    HMAC_Update(&ctx, (unsigned char *)param, param_len);
+    HMAC_Update(ctx, (unsigned char *)";", 1); // TSUrlHttpParamsGet() does 
not include ';'
+    HMAC_Update(ctx, (unsigned char *)param, param_len);
   }
 
-  HMAC_Final(&ctx, hmac, &hmac_len);
-  HMAC_CTX_cleanup(&ctx);
+  HMAC_Final(ctx, hmac, &hmac_len);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  HMAC_CTX_cleanup(ctx);
+#else
+  HMAC_CTX_free(ctx);
+#endif
 
   // Do the Base64 encoding and set the Authorization header.
   if (TS_SUCCESS == TSBase64Encode((const char *)hmac, hmac_len, hmac_b64, 
sizeof(hmac_b64) - 1, &hmac_b64_len)) {

-- 
To stop receiving notification emails like this one, please contact
"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>.

[trafficserver] 03/04: TS-5059: OpenSSL 1.1 EVP_MD_CTX and HMAC_CTX

Reply via email to