summaryrefslogtreecommitdiffstats
path: root/xlators/encryption
diff options
context:
space:
mode:
authorKaleb S. KEITHLEY <kkeithle@redhat.com>2016-10-12 12:25:11 -0400
committerJeff Darcy <jdarcy@redhat.com>2016-10-18 06:54:38 -0700
commitf5f22d0a84e77162fd5e5afd8e912cef6d8ad320 (patch)
treeb608051769d4b6d3b1fe4e99485f5209d3d64f07 /xlators/encryption
parent3830b48b6a46854d6597a36b6f2089ac1e486eb5 (diff)
crypt: changes needed for openssl-1.1 (coming in Fedora 26)
Fedora is poised to update openssl-1.1.0b in/for Fedora 26 in the next day or so. But already Fedora koji scratch builds are built against openssl-1.1.0b because of the way scratch builds work. N.B. that the latest Fedora rawhide (11 October) still ships with openssl-1.0.2j. HMAC_CTX is now an opaque type and instances of it must be created and released by calling HMAC_CTX_new() and HMAC_CTX_free(). Change-Id: I3a09751d7b0d9fc25fe18aac6527e5431e9ab19a BUG: 1384142 Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com> Reviewed-on: http://review.gluster.org/15629 Smoke: Gluster Build System <jenkins@build.gluster.org> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> Reviewed-by: Niels de Vos <ndevos@redhat.com> CentOS-regression: Gluster Build System <jenkins@build.gluster.org> Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Diffstat (limited to 'xlators/encryption')
-rw-r--r--xlators/encryption/crypt/src/keys.c21
1 files changed, 17 insertions, 4 deletions
diff --git a/xlators/encryption/crypt/src/keys.c b/xlators/encryption/crypt/src/keys.c
index 0b243d3e827..e9da55960c8 100644
--- a/xlators/encryption/crypt/src/keys.c
+++ b/xlators/encryption/crypt/src/keys.c
@@ -113,29 +113,42 @@ static int32_t kderive_init(struct kderive_context *ctx,
static void kderive_update(struct kderive_context *ctx)
{
uint32_t i;
+#if (OPENSSL_VERSION_NUMBER < 0x1010002f)
HMAC_CTX hctx;
+#endif
+ HMAC_CTX *phctx = NULL;
unsigned char *pos = ctx->out;
uint32_t *p_iter = (uint32_t *)ctx->fid;
uint32_t num_iters = ctx->out_len / PRF_OUTPUT_SIZE;
check_prf_iters(num_iters);
+#if (OPENSSL_VERSION_NUMBER < 0x1010002f)
HMAC_CTX_init(&hctx);
+ phctx = &hctx;
+#else
+ phctx = HMAC_CTX_new();
+ /* I guess we presume it was successful? */
+#endif
for (i = 0; i < num_iters; i++) {
/*
* update the iteration number in the fid
*/
*p_iter = htobe32(i);
- HMAC_Init_ex(&hctx,
+ HMAC_Init_ex(phctx,
ctx->pkey, ctx->pkey_len >> 3,
EVP_sha256(),
NULL);
- HMAC_Update(&hctx, ctx->fid, ctx->fid_len);
- HMAC_Final(&hctx, pos, NULL);
+ HMAC_Update(phctx, ctx->fid, ctx->fid_len);
+ HMAC_Final(phctx, pos, NULL);
pos += PRF_OUTPUT_SIZE;
}
- HMAC_CTX_cleanup(&hctx);
+#if (OPENSSL_VERSION_NUMBER < 0x1010002f)
+ HMAC_CTX_cleanup(phctx);
+#else
+ HMAC_CTX_free(phctx);
+#endif
}
static void kderive_final(struct kderive_context *ctx, unsigned char *child)