SERVER-26781 Building with openssl 1.1.0

Closes #1133 Signed-off-by: Spencer Jackson <spencer.jackson@mongodb.com>
author: Marek Skalický <mskalick@redhat.com> 2017-01-11 11:29:51 +0100
committer: Spencer Jackson <spencer.jackson@mongodb.com> 2017-02-08 13:22:27 -0500
commit: f257e51df267110a14b489fbfbfbe07896096ad1 (patch)
tree: b276fd0cd716aaf9126f8a77aeb0365a5fcf1f39
parent: b65f66e20f7ba380b2202947b68db89d42c45931 (diff)
download: mongo-f257e51df267110a14b489fbfbfbe07896096ad1.tar.gz
2 files changed, 38 insertions, 10 deletions
diff --git a/src/mongo/crypto/crypto_openssl.cpp b/src/mongo/crypto/crypto_openssl.cpp
index 5c552826090..bdcb23402cd 100644
--- a/src/mongo/crypto/crypto_openssl.cpp
+++ b/src/mongo/crypto/crypto_openssl.cpp
@@ -30,16 +30,36 @@
 
 #include "mongo/config.h"
 #include "mongo/crypto/crypto.h"
+#include "mongo/stdx/memory.h"
 #include "mongo/util/assert_util.h"
-#include "mongo/util/scopeguard.h"
 
 #ifndef MONGO_CONFIG_SSL
 #error This file should only be included in SSL-enabled builds
 #endif
 
+#include <cstring>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/sha.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+namespace {
+// Copies of OpenSSL after 1.1.0 define new EVP digest routines. We must
+// polyfill used definitions to interact with older OpenSSL versions.
+EVP_MD_CTX* EVP_MD_CTX_new() {
+    void* ret = OPENSSL_malloc(sizeof(EVP_MD_CTX));
+
+    if (ret != NULL) {
+        memset(ret, 0, sizeof(EVP_MD_CTX));
+    }
+    return static_cast<EVP_MD_CTX*>(ret);
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX* ctx) {
+    EVP_MD_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+}
+}  // namespace
+#endif
 
 namespace mongo {
 namespace crypto {
@@ -49,14 +69,13 @@ namespace crypto {
 SHA1Hash sha1(const unsigned char* input, const size_t inputLen) {
     SHA1Hash output;
 
-    EVP_MD_CTX digestCtx;
-    EVP_MD_CTX_init(&digestCtx);
-    ON_BLOCK_EXIT(EVP_MD_CTX_cleanup, &digestCtx);
+    std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_free)> digestCtx(EVP_MD_CTX_new(),
+                                                                      EVP_MD_CTX_free);
 
     fassert(40379,
-            EVP_DigestInit_ex(&digestCtx, EVP_sha1(), NULL) == 1 &&
-                EVP_DigestUpdate(&digestCtx, input, inputLen) == 1 &&
-                EVP_DigestFinal_ex(&digestCtx, output.data(), NULL) == 1);
+            EVP_DigestInit_ex(digestCtx.get(), EVP_sha1(), NULL) == 1 &&
+                EVP_DigestUpdate(digestCtx.get(), input, inputLen) == 1 &&
+                EVP_DigestFinal_ex(digestCtx.get(), output.data(), NULL) == 1);
     return output;
 }
 
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
index ed70d6b96a4..75aaba0394d 100644
--- a/src/mongo/util/net/ssl_manager.cpp
+++ b/src/mongo/util/net/ssl_manager.cpp
@@ -125,6 +125,15 @@ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SET_ANY, ASN
 #endif // MONGO_CONFIG_NEEDS_ASN1_ANY_DEFINITIONS
 // clang-format on
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+// Copies of OpenSSL after 1.1.0 define new functions for interaction with
+// X509 structure. We must polyfill used definitions to interact with older
+// OpenSSL versions.
+const STACK_OF(X509_EXTENSION) * X509_get0_extensions(const X509* peerCert) {
+    return peerCert->cert_info->extensions;
+}
+#endif
+
 /**
  * Multithreaded Support for SSL.
  *
@@ -754,7 +763,7 @@ bool SSLManager::_parseAndValidateCertificate(const std::string& keyFile,
                                               const std::string& keyPassword,
                                               std::string* subjectName,
                                               Date_t* serverCertificateExpirationDate) {
-    BIO* inBIO = BIO_new(BIO_s_file_internal());
+    BIO* inBIO = BIO_new(BIO_s_file());
     if (inBIO == NULL) {
         error() << "failed to allocate BIO object: " << getSSLErrorMessage(ERR_get_error());
         return false;
@@ -813,7 +822,7 @@ bool SSLManager::_setupPEM(SSL_CTX* context,
         return false;
     }
 
-    BIO* inBio = BIO_new(BIO_s_file_internal());
+    BIO* inBio = BIO_new(BIO_s_file());
     if (!inBio) {
         error() << "failed to allocate BIO object: " << getSSLErrorMessage(ERR_get_error());
         return false;
@@ -1291,7 +1300,7 @@ SSLPeerInfo SSLManager::parseAndValidatePeerCertificateDeprecated(const SSLConne
 
 StatusWith<stdx::unordered_set<RoleName>> SSLManager::_parsePeerRoles(X509* peerCert) const {
     // exts is owned by the peerCert
-    STACK_OF(X509_EXTENSION)* exts = peerCert->cert_info->extensions;
+    const STACK_OF(X509_EXTENSION)* exts = X509_get0_extensions(peerCert);
 
     int extCount = 0;
     if (exts) {
author	Marek Skalický <mskalick@redhat.com>	2017-01-11 11:29:51 +0100
committer	Spencer Jackson <spencer.jackson@mongodb.com>	2017-02-08 13:22:27 -0500
commit	f257e51df267110a14b489fbfbfbe07896096ad1 (patch)
tree	b276fd0cd716aaf9126f8a77aeb0365a5fcf1f39
parent	b65f66e20f7ba380b2202947b68db89d42c45931 (diff)
download	mongo-f257e51df267110a14b489fbfbfbe07896096ad1.tar.gz