diff options
| author | Kaleb S. KEITHLEY <kkeithle@redhat.com> | 2016-10-12 12:25:11 -0400 |
|---|---|---|
| committer | Jeff Darcy <jdarcy@redhat.com> | 2016-10-18 06:54:38 -0700 |
| commit | f5f22d0a84e77162fd5e5afd8e912cef6d8ad320 (patch) | |
| tree | b608051769d4b6d3b1fe4e99485f5209d3d64f07 | |
| parent | 3830b48b6a46854d6597a36b6f2089ac1e486eb5 (diff) | |
crypt: changes needed for openssl-1.1 (coming in Fedora 26)
Fedora is poised to update openssl-1.1.0b in/for Fedora 26
in the next day or so.
But already Fedora koji scratch builds are built against
openssl-1.1.0b because of the way scratch builds work.
N.B. that the latest Fedora rawhide (11 October) still ships
with openssl-1.0.2j.
HMAC_CTX is now an opaque type and instances of it must be
created and released by calling HMAC_CTX_new() and
HMAC_CTX_free().
Change-Id: I3a09751d7b0d9fc25fe18aac6527e5431e9ab19a
BUG: 1384142
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Reviewed-on: http://review.gluster.org/15629
Smoke: Gluster Build System <jenkins@build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
| -rw-r--r-- | xlators/encryption/crypt/src/keys.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/xlators/encryption/crypt/src/keys.c b/xlators/encryption/crypt/src/keys.c index 0b243d3e827..e9da55960c8 100644 --- a/xlators/encryption/crypt/src/keys.c +++ b/xlators/encryption/crypt/src/keys.c @@ -113,29 +113,42 @@ static int32_t kderive_init(struct kderive_context *ctx, static void kderive_update(struct kderive_context *ctx) { uint32_t i; +#if (OPENSSL_VERSION_NUMBER < 0x1010002f) HMAC_CTX hctx; +#endif + HMAC_CTX *phctx = NULL; unsigned char *pos = ctx->out; uint32_t *p_iter = (uint32_t *)ctx->fid; uint32_t num_iters = ctx->out_len / PRF_OUTPUT_SIZE; check_prf_iters(num_iters); +#if (OPENSSL_VERSION_NUMBER < 0x1010002f) HMAC_CTX_init(&hctx); + phctx = &hctx; +#else + phctx = HMAC_CTX_new(); + /* I guess we presume it was successful? */ +#endif for (i = 0; i < num_iters; i++) { /* * update the iteration number in the fid */ *p_iter = htobe32(i); - HMAC_Init_ex(&hctx, + HMAC_Init_ex(phctx, ctx->pkey, ctx->pkey_len >> 3, EVP_sha256(), NULL); - HMAC_Update(&hctx, ctx->fid, ctx->fid_len); - HMAC_Final(&hctx, pos, NULL); + HMAC_Update(phctx, ctx->fid, ctx->fid_len); + HMAC_Final(phctx, pos, NULL); pos += PRF_OUTPUT_SIZE; } - HMAC_CTX_cleanup(&hctx); +#if (OPENSSL_VERSION_NUMBER < 0x1010002f) + HMAC_CTX_cleanup(phctx); +#else + HMAC_CTX_free(phctx); +#endif } static void kderive_final(struct kderive_context *ctx, unsigned char *child) |