octoleo/s3fs-fuse
1
0
Fork 0
mirror of https://github.com/s3fs-fuse/s3fs-fuse.git synced 2025-01-03 13:07:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compatible with OpenSSL 3.0

Browse Source
This commit is contained in:
Takeshi Nakatani 2022-11-23 11:05:57 +00:00 committed by Andrew Gaul
parent f5af9dc4e2
commit 23a8124c51
3 changed files with 83 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
configure.ac
View File

@ -61,6 +61,7 @@ dnl Choice SSL library
dnl ---------------------------------------------- dnl ----------------------------------------------
auth_lib=na auth_lib=na
nettle_lib=no nettle_lib=no
use_openssl_30=no
dnl dnl
dnl nettle library dnl nettle library
@ -189,6 +190,14 @@ case "${auth_lib}" in
openssl) openssl)
AC_MSG_RESULT(OpenSSL) AC_MSG_RESULT(OpenSSL)
PKG_CHECK_MODULES([DEPS], [fuse >= ${min_fuse_version} libcurl >= 7.0 libxml-2.0 >= 2.6 libcrypto >= 0.9 ]) PKG_CHECK_MODULES([DEPS], [fuse >= ${min_fuse_version} libcurl >= 7.0 libxml-2.0 >= 2.6 libcrypto >= 0.9 ])
AC_MSG_CHECKING([openssl 3.0 or later])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM([[#include <openssl/opensslv.h>
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L
#error "found openssl is 3.0 or later(so compiling is stopped with error)"
#endif]], [[]])],
[AC_MSG_RESULT(no)],
[AC_MSG_RESULT(yes); use_openssl_30=yes])
;; ;;
gnutls) gnutls)
AC_MSG_RESULT(GnuTLS-gcrypt) AC_MSG_RESULT(GnuTLS-gcrypt)
@ -228,6 +237,7 @@ nss)
esac esac
AM_CONDITIONAL([USE_SSL_OPENSSL], [test "$auth_lib" = openssl]) AM_CONDITIONAL([USE_SSL_OPENSSL], [test "$auth_lib" = openssl])
AM_CONDITIONAL([USE_SSL_OPENSSL_30], [test "$use_openssl_30" = yes])
AM_CONDITIONAL([USE_SSL_GNUTLS], [test "$auth_lib" = gnutls -o "$auth_lib" = nettle]) AM_CONDITIONAL([USE_SSL_GNUTLS], [test "$auth_lib" = gnutls -o "$auth_lib" = nettle])
AM_CONDITIONAL([USE_GNUTLS_NETTLE], [test "$auth_lib" = nettle]) AM_CONDITIONAL([USE_GNUTLS_NETTLE], [test "$auth_lib" = nettle])
AM_CONDITIONAL([USE_SSL_NSS], [test "$auth_lib" = nss]) AM_CONDITIONAL([USE_SSL_NSS], [test "$auth_lib" = nss])

7
src/Makefile.am
View File

@ -23,6 +23,9 @@ AM_CPPFLAGS = $(DEPS_CFLAGS)
if USE_GNUTLS_NETTLE if USE_GNUTLS_NETTLE
AM_CPPFLAGS += -DUSE_GNUTLS_NETTLE AM_CPPFLAGS += -DUSE_GNUTLS_NETTLE
endif endif
if USE_SSL_OPENSSL_30
AM_CPPFLAGS += -DUSE_OPENSSL_30
endif
s3fs_SOURCES = \ s3fs_SOURCES = \
s3fs.cpp \ s3fs.cpp \
@ -108,6 +111,6 @@ clang-tidy:
# tab-width: 4 # tab-width: 4
# c-basic-offset: 4 # c-basic-offset: 4
# End: # End:
# vim600: expandtab sw=4 ts= fdm=marker # vim600: noexpandtab sw=4 ts=4 fdm=marker
# vim<600: expandtab sw=4 ts=4 # vim<600: noexpandtab sw=4 ts=4
# #

69
src/openssl_auth.cpp
View File

@ -51,7 +51,14 @@ const char* s3fs_crypt_lib_name()
bool s3fs_init_global_ssl() bool s3fs_init_global_ssl()
{ {
ERR_load_crypto_strings(); ERR_load_crypto_strings();
// [NOTE]
// OpenSSL 3.0 loads error strings automatically so these functions are not needed.
//
#ifndef USE_OPENSSL_30
ERR_load_BIO_strings(); ERR_load_BIO_strings();
#endif
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
return true; return true;
} }
@ -238,8 +245,67 @@ bool s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, siz
return s3fs_HMAC_RAW(key, keylen, data, datalen, digest, digestlen, true); return s3fs_HMAC_RAW(key, keylen, data, datalen, digest, digestlen, true);
} }
#ifdef USE_OPENSSL_30
//------------------------------------------------------------------- //-------------------------------------------------------------------
// Utility Function for MD5 // Utility Function for MD5 (OpenSSL >= 3.0)
//-------------------------------------------------------------------
// [NOTE]
// OpenSSL 3.0 deprecated the MD5_*** low-level encryption functions,
// so we should use the high-level EVP API instead.
//
size_t get_md5_digest_length()
{
return EVP_MD_size(EVP_md5());
}
unsigned char* s3fs_md5_fd(int fd, off_t start, off_t size)
{
EVP_MD_CTX* mdctx;
unsigned char* md5_digest;
unsigned int md5_digest_len = get_md5_digest_length();
off_t bytes;
if(-1 == size){
struct stat st;
if(-1 == fstat(fd, &st)){
return NULL;
}
size = st.st_size;
}
// instead of MD5_Init
mdctx = EVP_MD_CTX_new();
EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
for(off_t total = 0; total < size; total += bytes){
const off_t len = 512;
char buf[len];
bytes = len < (size - total) ? len : (size - total);
bytes = pread(fd, buf, bytes, start + total);
if(0 == bytes){
// end of file
break;
}else if(-1 == bytes){
// error
S3FS_PRN_ERR("file read error(%d)", errno);
EVP_MD_CTX_free(mdctx);
return NULL;
}
// instead of MD5_Update
EVP_DigestUpdate(mdctx, buf, bytes);
}
// instead of MD5_Final
md5_digest = new unsigned char[md5_digest_len];
EVP_DigestFinal_ex(mdctx, md5_digest, &md5_digest_len);
EVP_MD_CTX_free(mdctx);
return md5_digest;
}
#else
//-------------------------------------------------------------------
// Utility Function for MD5 (OpenSSL < 3.0)
//------------------------------------------------------------------- //-------------------------------------------------------------------
size_t get_md5_digest_length() size_t get_md5_digest_length()
{ {
@ -283,6 +349,7 @@ unsigned char* s3fs_md5_fd(int fd, off_t start, off_t size)
return result; return result;
} }
#endif
//------------------------------------------------------------------- //-------------------------------------------------------------------
// Utility Function for SHA256 // Utility Function for SHA256