This is an automated email from the ASF dual-hosted git repository. sorber pushed a commit to branch 6.2.x in repository https://git-dual.apache.org/repos/asf/trafficserver.git
commit 6a0b2790811669a9841f0fa5239c3da6e12363b9 Author: Jack Bates <j...@nottheoilrig.com> AuthorDate: Mon Jan 2 17:16:33 2017 -0700 TS-5059: OpenSSL 1.1 EVP_MD_CTX and HMAC_CTX EVP_MD_CTX and HMAC_CTX were made opaque in OpenSSL 1.1 [1], so allocating them on the stack is no longer supported. Also EVP_MD_CTX_cleanup() was removed. EVP_MD_CTX_reset() should be called instead, to reinitialise an already created structure. [1] https://www.openssl.org/news/changelog#x4 (cherry picked from commit 92d004cfd6d8e7069ce0a959e5f1327789090261) --- lib/ts/HashMD5.cc | 11 ++++++-- plugins/experimental/s3_auth/s3_auth.cc | 50 ++++++++++++++++++++------------- 2 files changed, 39 insertions(+), 22 deletions(-) diff --git a/lib/ts/HashMD5.cc b/lib/ts/HashMD5.cc index c457b71..d6546d3 100644 --- a/lib/ts/HashMD5.cc +++ b/lib/ts/HashMD5.cc @@ -20,6 +20,7 @@ */ #include "ts/HashMD5.h" +#include "ts/ink_assert.h" ATSHashMD5::ATSHashMD5(void) { @@ -65,9 +66,13 @@ ATSHashMD5::size(void) const void ATSHashMD5::clear(void) { - EVP_MD_CTX_destroy(ctx); - ctx = EVP_MD_CTX_create(); - EVP_DigestInit(ctx, EVP_md5()); +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_cleanup((ctx)) +#endif + int ret = EVP_MD_CTX_reset(ctx); + ink_assert(ret == 1); + ret = EVP_DigestInit_ex(ctx, EVP_md5(), nullptr); + ink_assert(ret == 1); md_len = 0; finalized = false; } diff --git a/plugins/experimental/s3_auth/s3_auth.cc b/plugins/experimental/s3_auth/s3_auth.cc index cd17a9d..f9697c5 100644 --- a/plugins/experimental/s3_auth/s3_auth.cc +++ b/plugins/experimental/s3_auth/s3_auth.cc @@ -410,37 +410,49 @@ S3Request::authorize(S3Config *s3) TSDebug(PLUGIN_NAME, "%s", left); } - // Produce the SHA1 MAC digest - HMAC_CTX ctx; +// Produce the SHA1 MAC digest +#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX ctx[1]; +#else + HMAC_CTX *ctx; +#endif unsigned int hmac_len; size_t hmac_b64_len; unsigned char hmac[SHA_DIGEST_LENGTH]; char hmac_b64[SHA_DIGEST_LENGTH * 2]; - HMAC_CTX_init(&ctx); - HMAC_Init_ex(&ctx, s3->secret(), s3->secret_len(), EVP_sha1(), NULL); - HMAC_Update(&ctx, (unsigned char *)method, method_len); - HMAC_Update(&ctx, (unsigned char *)"\n", 1); - HMAC_Update(&ctx, (unsigned char *)con_md5, con_md5_len); - HMAC_Update(&ctx, (unsigned char *)"\n", 1); - HMAC_Update(&ctx, (unsigned char *)con_type, con_type_len); - HMAC_Update(&ctx, (unsigned char *)"\n", 1); - HMAC_Update(&ctx, (unsigned char *)date, date_len); - HMAC_Update(&ctx, (unsigned char *)"\n/", 2); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_init(ctx); +#else + ctx = HMAC_CTX_new(); +#endif + HMAC_Init_ex(ctx, s3->secret(), s3->secret_len(), EVP_sha1(), nullptr); + HMAC_Update(ctx, (unsigned char *)method, method_len); + HMAC_Update(ctx, (unsigned char *)"\n", 1); + HMAC_Update(ctx, (unsigned char *)con_md5, con_md5_len); + HMAC_Update(ctx, (unsigned char *)"\n", 1); + HMAC_Update(ctx, (unsigned char *)con_type, con_type_len); + HMAC_Update(ctx, (unsigned char *)"\n", 1); + HMAC_Update(ctx, (unsigned char *)date, date_len); + HMAC_Update(ctx, (unsigned char *)"\n/", 2); if (host && host_endp) { - HMAC_Update(&ctx, (unsigned char *)host, host_endp - host); - HMAC_Update(&ctx, (unsigned char *)"/", 1); + HMAC_Update(ctx, (unsigned char *)host, host_endp - host); + HMAC_Update(ctx, (unsigned char *)"/", 1); } - HMAC_Update(&ctx, (unsigned char *)path, path_len); + HMAC_Update(ctx, (unsigned char *)path, path_len); if (param) { - HMAC_Update(&ctx, (unsigned char *)";", 1); // TSUrlHttpParamsGet() does not include ';' - HMAC_Update(&ctx, (unsigned char *)param, param_len); + HMAC_Update(ctx, (unsigned char *)";", 1); // TSUrlHttpParamsGet() does not include ';' + HMAC_Update(ctx, (unsigned char *)param, param_len); } - HMAC_Final(&ctx, hmac, &hmac_len); - HMAC_CTX_cleanup(&ctx); + HMAC_Final(ctx, hmac, &hmac_len); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_cleanup(ctx); +#else + HMAC_CTX_free(ctx); +#endif // Do the Base64 encoding and set the Authorization header. if (TS_SUCCESS == TSBase64Encode((const char *)hmac, hmac_len, hmac_b64, sizeof(hmac_b64) - 1, &hmac_b64_len)) { -- To stop receiving notification emails like this one, please contact "commits@trafficserver.apache.org" <commits@trafficserver.apache.org>.