Skip to content

Update access_control to OpenSSL 1.1.1 HMAC API #11467

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JosiahWI merged 3 commits into from
Jun 25, 2024
Merged

Update access_control to OpenSSL 1.1.1 HMAC API #11467

JosiahWI merged 3 commits into from
Jun 25, 2024

Conversation

@JosiahWI
Copy link
Contributor

@JosiahWI JosiahWI commented Jun 21, 2024
edited
Loading

This updates the cryptoMessageDigestGet implementation for OpenSSL 1.1.1 and removes the unused outLen parameter.

@JosiahWI JosiahWI added this to the 10.1.0 milestone Jun 21, 2024
@JosiahWI JosiahWI self-assigned this Jun 21, 2024
@JosiahWI JosiahWI marked this pull request as draft June 21, 2024 11:22
@JosiahWI
Copy link
Contributor Author

JosiahWI commented Jun 21, 2024

Waiting to rebase this on #11466.

@JosiahWI
Copy link
Contributor Author

JosiahWI commented Jun 21, 2024

The HAVE_HMAC_CTX_NEW define can't be removed yet because the s3_auth plugin also uses it. After that plugin is updated it can be removed.

bneradt
bneradt reviewed Jun 21, 2024
View reviewed changes
bneradt
bneradt reviewed Jun 21, 2024
View reviewed changes
Copy link
Contributor

@bneradt bneradt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice cleanup.

@maskit
Copy link
Member

maskit commented Jun 21, 2024

We may actually want to keep outlen. Although HMAC() is available on OpenSSL 3.x, we will want to use EVP_Q_mac() instead to use LIBCTX.

HMAC() uses the default OSSL_LIB_CTX. Use EVP_Q_mac(3) instead if a library context is required.

And EVP_Q_mac receives outsize.

unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
                         const char *subalg, const OSSL_PARAM *params,
                         const void *key, size_t keylen,
                         const unsigned char *data, size_t datalen,
                         unsigned char *out, size_t outsize, size_t *outlen);

@JosiahWI
Copy link
Contributor Author

JosiahWI commented Jun 21, 2024

Good foresight. Thanks for pointing this out, @maskit. I won't take this out of draft until I've put the parameter back.

JosiahWI added 3 commits June 24, 2024 05:15
@JosiahWI
Update access_control to OpenSSL 1.1.1 HMAC API
ca856de 
This updates the `cryptoMessageDigestGet` implementation for OpenSSL 1.1.1 and
removes the unused `outLen` parameter.
@JosiahWI
Fix unit test to call updated signature
353cce8
@JosiahWI
Implement changes suggested by Masakazu Kitajo
89183b8 
 * Restore outLen parameter that may be needed for OpenSSL 3
@JosiahWI JosiahWI force-pushed the refactor/access_control_ssl branch from 234f5b6 to 89183b8 Compare June 24, 2024 10:16
@JosiahWI JosiahWI marked this pull request as ready for review June 24, 2024 11:21
@bryancall bryancall requested a review from maskit June 24, 2024 22:13
@JosiahWI JosiahWI merged commit b23514c into apache:master Jun 25, 2024
@JosiahWI JosiahWI deleted the refactor/access_control_ssl branch June 25, 2024 01:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bneradt bneradt bneradt left review comments

@maskit maskit maskit approved these changes

Assignees

@JosiahWI JosiahWI

Labels

access_control Cleanup

Projects

None yet

Milestone

10.1.0

Development

Successfully merging this pull request may close these issues.

3 participants

@JosiahWI @maskit @bneradt