Compatible with OpenSSL 3.0
This commit is contained in:
Takeshi Nakatani
Andrew Gaul
parent
f5af9dc4e2
commit
23a8124c51
10
configure.ac
10
configure.ac
|
|
@ -61,6 +61,7 @@ dnl Choice SSL library
|
|||
dnl ----------------------------------------------
|
||||
auth_lib=na
|
||||
nettle_lib=no
|
||||
use_openssl_30=no
|
||||
|
||||
dnl
|
||||
dnl nettle library
|
||||
|
|
@ -189,6 +190,14 @@ case "${auth_lib}" in
|
|||
openssl)
|
||||
AC_MSG_RESULT(OpenSSL)
|
||||
PKG_CHECK_MODULES([DEPS], [fuse >= ${min_fuse_version} libcurl >= 7.0 libxml-2.0 >= 2.6 libcrypto >= 0.9 ])
|
||||
AC_MSG_CHECKING([openssl 3.0 or later])
|
||||
AC_COMPILE_IFELSE(
|
||||
[AC_LANG_PROGRAM([[#include <openssl/opensslv.h>
|
||||
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
#error "found openssl is 3.0 or later(so compiling is stopped with error)"
|
||||
#endif]], [[]])],
|
||||
[AC_MSG_RESULT(no)],
|
||||
[AC_MSG_RESULT(yes); use_openssl_30=yes])
|
||||
;;
|
||||
gnutls)
|
||||
AC_MSG_RESULT(GnuTLS-gcrypt)
|
||||
|
|
@ -228,6 +237,7 @@ nss)
|
|||
esac
|
||||
|
||||
AM_CONDITIONAL([USE_SSL_OPENSSL], [test "$auth_lib" = openssl])
|
||||
AM_CONDITIONAL([USE_SSL_OPENSSL_30], [test "$use_openssl_30" = yes])
|
||||
AM_CONDITIONAL([USE_SSL_GNUTLS], [test "$auth_lib" = gnutls -o "$auth_lib" = nettle])
|
||||
AM_CONDITIONAL([USE_GNUTLS_NETTLE], [test "$auth_lib" = nettle])
|
||||
AM_CONDITIONAL([USE_SSL_NSS], [test "$auth_lib" = nss])
|
||||
|
|
|
|||
|
|
@ -23,6 +23,9 @@ AM_CPPFLAGS = $(DEPS_CFLAGS)
|
|||
if USE_GNUTLS_NETTLE
|
||||
AM_CPPFLAGS += -DUSE_GNUTLS_NETTLE
|
||||
endif
|
||||
if USE_SSL_OPENSSL_30
|
||||
AM_CPPFLAGS += -DUSE_OPENSSL_30
|
||||
endif
|
||||
|
||||
s3fs_SOURCES = \
|
||||
s3fs.cpp \
|
||||
|
|
@ -108,6 +111,6 @@ clang-tidy:
|
|||
# tab-width: 4
|
||||
# c-basic-offset: 4
|
||||
# End:
|
||||
# vim600: expandtab sw=4 ts= fdm=marker
|
||||
# vim<600: expandtab sw=4 ts=4
|
||||
# vim600: noexpandtab sw=4 ts=4 fdm=marker
|
||||
# vim<600: noexpandtab sw=4 ts=4
|
||||
#
|
||||
|
|
|
|||
|
|
@ -51,7 +51,14 @@ const char* s3fs_crypt_lib_name()
|
|||
bool s3fs_init_global_ssl()
|
||||
{
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
// [NOTE]
|
||||
// OpenSSL 3.0 loads error strings automatically so these functions are not needed.
|
||||
//
|
||||
#ifndef USE_OPENSSL_30
|
||||
ERR_load_BIO_strings();
|
||||
#endif
|
||||
|
||||
OpenSSL_add_all_algorithms();
|
||||
return true;
|
||||
}
|
||||
|
|
@ -238,8 +245,67 @@ bool s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, siz
|
|||
return s3fs_HMAC_RAW(key, keylen, data, datalen, digest, digestlen, true);
|
||||
}
|
||||
|
||||
#ifdef USE_OPENSSL_30
|
||||
//-------------------------------------------------------------------
|
||||
// Utility Function for MD5
|
||||
// Utility Function for MD5 (OpenSSL >= 3.0)
|
||||
//-------------------------------------------------------------------
|
||||
// [NOTE]
|
||||
// OpenSSL 3.0 deprecated the MD5_*** low-level encryption functions,
|
||||
// so we should use the high-level EVP API instead.
|
||||
//
|
||||
size_t get_md5_digest_length()
|
||||
{
|
||||
return EVP_MD_size(EVP_md5());
|
||||
}
|
||||
|
||||
unsigned char* s3fs_md5_fd(int fd, off_t start, off_t size)
|
||||
{
|
||||
EVP_MD_CTX* mdctx;
|
||||
unsigned char* md5_digest;
|
||||
unsigned int md5_digest_len = get_md5_digest_length();
|
||||
off_t bytes;
|
||||
|
||||
if(-1 == size){
|
||||
struct stat st;
|
||||
if(-1 == fstat(fd, &st)){
|
||||
return NULL;
|
||||
}
|
||||
size = st.st_size;
|
||||
}
|
||||
|
||||
// instead of MD5_Init
|
||||
mdctx = EVP_MD_CTX_new();
|
||||
EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
|
||||
|
||||
for(off_t total = 0; total < size; total += bytes){
|
||||
const off_t len = 512;
|
||||
char buf[len];
|
||||
bytes = len < (size - total) ? len : (size - total);
|
||||
bytes = pread(fd, buf, bytes, start + total);
|
||||
if(0 == bytes){
|
||||
// end of file
|
||||
break;
|
||||
}else if(-1 == bytes){
|
||||
// error
|
||||
S3FS_PRN_ERR("file read error(%d)", errno);
|
||||
EVP_MD_CTX_free(mdctx);
|
||||
return NULL;
|
||||
}
|
||||
// instead of MD5_Update
|
||||
EVP_DigestUpdate(mdctx, buf, bytes);
|
||||
}
|
||||
|
||||
// instead of MD5_Final
|
||||
md5_digest = new unsigned char[md5_digest_len];
|
||||
EVP_DigestFinal_ex(mdctx, md5_digest, &md5_digest_len);
|
||||
EVP_MD_CTX_free(mdctx);
|
||||
|
||||
return md5_digest;
|
||||
}
|
||||
|
||||
#else
|
||||
//-------------------------------------------------------------------
|
||||
// Utility Function for MD5 (OpenSSL < 3.0)
|
||||
//-------------------------------------------------------------------
|
||||
size_t get_md5_digest_length()
|
||||
{
|
||||
|
|
@ -283,6 +349,7 @@ unsigned char* s3fs_md5_fd(int fd, off_t start, off_t size)
|
|||
|
||||
return result;
|
||||
}
|
||||
#endif
|
||||
|
||||
//-------------------------------------------------------------------
|
||||
// Utility Function for SHA256
|
||||
|
|
|
|||
Loading…
Reference in New Issue