Compatible with OpenSSL 3.0.

huiguangjun · huiguangjun · commit c7d31b332a47 · 2023-07-25T10:49:11.000+08:00
diff --git a/configure.ac b/configure.ac
@@ -61,6 +61,7 @@ dnl Choice SSL library
 dnl ----------------------------------------------
 auth_lib=na
 nettle_lib=no
+use_openssl_30=no
 
 dnl
 dnl nettle library
@@ -189,6 +190,14 @@ case "${auth_lib}" in
 openssl)
   AC_MSG_RESULT(OpenSSL)
   PKG_CHECK_MODULES([DEPS], [fuse >= ${min_fuse_version} libcurl >= 7.0 libxml-2.0 >= 2.6 libcrypto >= 0.9 ])
+  AC_MSG_CHECKING([openssl 3.0 or later])
+  AC_COMPILE_IFELSE(
+    [AC_LANG_PROGRAM([[#include <openssl/opensslv.h>
+                       #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+                         #error "found openssl is 3.0 or later(so compiling is stopped with error)"
+                       #endif]], [[]])],
+    [AC_MSG_RESULT(no)],
+    [AC_MSG_RESULT(yes); use_openssl_30=yes])
   ;;
 gnutls)
   AC_MSG_RESULT(GnuTLS-gcrypt)
@@ -228,6 +237,7 @@ nss)
 esac
 
 AM_CONDITIONAL([USE_SSL_OPENSSL], [test "$auth_lib" = openssl])
+AM_CONDITIONAL([USE_SSL_OPENSSL_30], [test "$use_openssl_30" = yes])
 AM_CONDITIONAL([USE_SSL_GNUTLS], [test "$auth_lib" = gnutls -o "$auth_lib" = nettle])
 AM_CONDITIONAL([USE_GNUTLS_NETTLE], [test "$auth_lib" = nettle])
 AM_CONDITIONAL([USE_SSL_NSS], [test "$auth_lib" = nss])
diff --git a/src/Makefile.am b/src/Makefile.am
@@ -23,6 +23,9 @@ AM_CPPFLAGS = $(DEPS_CFLAGS)
 if USE_GNUTLS_NETTLE
     AM_CPPFLAGS += -DUSE_GNUTLS_NETTLE
 endif
+if USE_SSL_OPENSSL_30
+    AM_CPPFLAGS += -DUSE_OPENSSL_30
+endif
 
 ossfs_SOURCES = \
     s3fs.cpp \
diff --git a/src/openssl_auth.cpp b/src/openssl_auth.cpp
@@ -58,7 +58,14 @@ const char* s3fs_crypt_lib_name()
 bool s3fs_init_global_ssl()
 {
     ERR_load_crypto_strings();
+
+    // [NOTE]
+    // OpenSSL 3.0 loads error strings automatically so these functions are not needed.
+    //
+    #ifndef USE_OPENSSL_30
     ERR_load_BIO_strings();
+    #endif
+
     OpenSSL_add_all_algorithms();
     return true;
 }
@@ -245,8 +252,67 @@ bool s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, siz
     return s3fs_HMAC_RAW(key, keylen, data, datalen, digest, digestlen, true);
 }
 
+#ifdef USE_OPENSSL_30
 //-------------------------------------------------------------------
-// Utility Function for MD5
+// Utility Function for MD5 (OpenSSL >= 3.0)
+//-------------------------------------------------------------------
+// [NOTE]
+// OpenSSL 3.0 deprecated the MD5_*** low-level encryption functions,
+// so we should use the high-level EVP API instead.
+//
+size_t get_md5_digest_length()
+{
+    return EVP_MD_size(EVP_md5());
+}
+
+unsigned char* s3fs_md5_fd(int fd, off_t start, off_t size)
+{
+    EVP_MD_CTX*    mdctx;
+    unsigned char* md5_digest;
+    unsigned int   md5_digest_len = get_md5_digest_length();
+    off_t          bytes;
+
+    if(-1 == size){
+        struct stat st;
+        if(-1 == fstat(fd, &st)){
+            return NULL;
+        }
+        size = st.st_size;
+    }
+
+    // instead of MD5_Init
+    mdctx = EVP_MD_CTX_new();
+    EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
+
+    for(off_t total = 0; total < size; total += bytes){
+        const off_t len = 512;
+        char        buf[len];
+        bytes = len < (size - total) ? len : (size - total);
+        bytes = pread(fd, buf, bytes, start + total);
+        if(0 == bytes){
+            // end of file
+            break;
+        }else if(-1 == bytes){
+            // error
+            S3FS_PRN_ERR("file read error(%d)", errno);
+            EVP_MD_CTX_free(mdctx);
+            return NULL;
+        }
+        // instead of MD5_Update
+        EVP_DigestUpdate(mdctx, buf, bytes);
+    }
+
+    // instead of MD5_Final
+    md5_digest = new unsigned char[md5_digest_len];
+    EVP_DigestFinal_ex(mdctx, md5_digest, &md5_digest_len);
+    EVP_MD_CTX_free(mdctx);
+
+    return md5_digest;
+}
+
+#else
+//-------------------------------------------------------------------
+// Utility Function for MD5 (OpenSSL < 3.0)
 //-------------------------------------------------------------------
 size_t get_md5_digest_length()
 {
@@ -290,6 +356,7 @@ unsigned char* s3fs_md5_fd(int fd, off_t start, off_t size)
 
     return result;
 }
+#endif
 
 //-------------------------------------------------------------------
 // Utility Function for SHA256
