diff options
author | Marek Skalický <mskalick@redhat.com> | 2017-01-11 11:29:51 +0100 |
---|---|---|
committer | Spencer Jackson <spencer.jackson@mongodb.com> | 2017-05-03 16:31:23 -0400 |
commit | 7e18d1b41a25d20b90d534515d317b5266741b0d (patch) | |
tree | 499416100e3cab7ce2ac7d2785133226103276dd | |
parent | e6b5935caccd012bccef945b4df82149a5a9957c (diff) | |
download | mongo-7e18d1b41a25d20b90d534515d317b5266741b0d.tar.gz |
SERVER-26781 Building with openssl 1.1.0
Closes #1133
Signed-off-by: Spencer Jackson <spencer.jackson@mongodb.com>
(cherry picked from commit f257e51df267110a14b489fbfbfbe07896096ad1)
-rw-r--r-- | src/mongo/crypto/crypto_openssl.cpp | 43 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_manager.cpp | 2 |
2 files changed, 30 insertions, 15 deletions
diff --git a/src/mongo/crypto/crypto_openssl.cpp b/src/mongo/crypto/crypto_openssl.cpp index 4dc1e5d02c4..89e9cbb468f 100644 --- a/src/mongo/crypto/crypto_openssl.cpp +++ b/src/mongo/crypto/crypto_openssl.cpp @@ -29,15 +29,37 @@ #include "mongo/platform/basic.h" #include "mongo/config.h" -#include "mongo/util/scopeguard.h" +#include "mongo/crypto/crypto.h" +#include "mongo/stdx/memory.h" +#include "mongo/util/assert_util.h" #ifndef MONGO_CONFIG_SSL #error This file should only be included in SSL-enabled builds #endif -#include <openssl/sha.h> +#include <cstring> #include <openssl/evp.h> #include <openssl/hmac.h> +#include <openssl/sha.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000L +namespace { +// Copies of OpenSSL after 1.1.0 define new EVP digest routines. We must +// polyfill used definitions to interact with older OpenSSL versions. +EVP_MD_CTX* EVP_MD_CTX_new() { + void* ret = OPENSSL_malloc(sizeof(EVP_MD_CTX)); + + if (ret != NULL) { + memset(ret, 0, sizeof(EVP_MD_CTX)); + } + return static_cast<EVP_MD_CTX*>(ret); +} + +void EVP_MD_CTX_free(EVP_MD_CTX* ctx) { + EVP_MD_CTX_cleanup(ctx); + OPENSSL_free(ctx); +} +} // namespace +#endif namespace mongo { namespace crypto { @@ -45,19 +67,12 @@ namespace crypto { * Computes a SHA-1 hash of 'input'. */ bool sha1(const unsigned char* input, const size_t inputLen, unsigned char* output) { - EVP_MD_CTX digestCtx; - EVP_MD_CTX_init(&digestCtx); - ON_BLOCK_EXIT(EVP_MD_CTX_cleanup, &digestCtx); - - if (1 != EVP_DigestInit_ex(&digestCtx, EVP_sha1(), NULL)) { - return false; - } - - if (1 != EVP_DigestUpdate(&digestCtx, input, inputLen)) { - return false; - } + std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_free)> digestCtx(EVP_MD_CTX_new(), + EVP_MD_CTX_free); - return (1 == EVP_DigestFinal_ex(&digestCtx, output, NULL)); + return (EVP_DigestInit_ex(digestCtx.get(), EVP_sha1(), NULL) == 1 && + EVP_DigestUpdate(digestCtx.get(), input, inputLen) == 1 && + EVP_DigestFinal_ex(digestCtx.get(), output, NULL) == 1); } /* diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp index 7057bf3c004..a8c025df700 100644 --- a/src/mongo/util/net/ssl_manager.cpp +++ b/src/mongo/util/net/ssl_manager.cpp @@ -709,7 +709,7 @@ unsigned long long SSLManager::_convertASN1ToMillis(ASN1_TIME* asn1time) { bool SSLManager::_parseAndValidateCertificate(const std::string& keyFile, std::string* subjectName, Date_t* serverCertificateExpirationDate) { - BIO* inBIO = BIO_new(BIO_s_file_internal()); + BIO* inBIO = BIO_new(BIO_s_file()); if (inBIO == NULL) { error() << "failed to allocate BIO object: " << getSSLErrorMessage(ERR_get_error()); return false; |