auth: move Crypto users to use CephContext

Globals are bad news.  Switch all users to get the CryptoHandler from
their cct.

Signed-off-by: Sage Weil <sage@inktank.com>

diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc
index 0e78b8bf35713f5a25164f80352db8226588279e..5db2ff3b72df3a89764d614c838b8b79c57cb4b1 100644 (file)
--- a/src/auth/Crypto.cc
+++ b/src/auth/Crypto.cc
@@ -58,28 +58,24 @@ static int get_random_bytes(int len, bufferlist& bl)
 
 // ---------------------------------------------------
 
-int CryptoNone::
-create(bufferptr& secret)
+int CryptoNone::create(bufferptr& secret)
 {
   return 0;
 }
 
-int CryptoNone::
-validate_secret(bufferptr& secret)
+int CryptoNone::validate_secret(bufferptr& secret)
 {
   return 0;
 }
 
-void CryptoNone::
-encrypt(const bufferptr& secret, const bufferlist& in,
-       bufferlist& out, std::string &error) const
+void CryptoNone::encrypt(const bufferptr& secret, const bufferlist& in,
+                        bufferlist& out, std::string &error) const
 {
   out = in;
 }
 
-void CryptoNone::
-decrypt(const bufferptr& secret, const bufferlist& in,
-       bufferlist& out, std::string &error) const
+void CryptoNone::decrypt(const bufferptr& secret, const bufferlist& in,
+                        bufferlist& out, std::string &error) const
 {
   out = in;
 }
@@ -229,9 +225,8 @@ int CryptoAES::validate_secret(bufferptr& secret)
   return 0;
 }
 
-void CryptoAES::
-encrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out,
-       std::string &error) const
+void CryptoAES::encrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out,
+                       std::string &error) const
 {
   if (secret.length() < AES_KEY_LEN) {
     error = "key is too short";
@@ -271,9 +266,8 @@ encrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out,
 #endif
 }
 
-void CryptoAES::
-decrypt(const bufferptr& secret, const bufferlist& in, 
-       bufferlist& out, std::string &error) const
+void CryptoAES::decrypt(const bufferptr& secret, const bufferlist& in, 
+                       bufferlist& out, std::string &error) const
 {
 #ifdef USE_CRYPTOPP
   const unsigned char *key = (const unsigned char *)secret.c_str();
@@ -348,7 +342,7 @@ int CryptoKey::set_secret(CephContext *cct, int type, bufferptr& s)
   this->type = type;
   created = ceph_clock_now(cct);
 
-  CryptoHandler *h = get_crypto_handler(type);
+  CryptoHandler *h = cct->get_crypto_handler(type);
   if (!h)
     return -EOPNOTSUPP;
   int ret = h->validate_secret(s);
@@ -366,16 +360,15 @@ int CryptoKey::create(CephContext *cct, int t)
   type = t;
   created = ceph_clock_now(cct);
 
-  CryptoHandler *h = get_crypto_handler(type);
+  CryptoHandler *h = cct->get_crypto_handler(type);
   if (!h)
     return -EOPNOTSUPP;
   return h->create(secret);
 }
 
-void CryptoKey::
-encrypt(const bufferlist& in, bufferlist& out, std::string &error) const
+void CryptoKey::encrypt(CephContext *cct, const bufferlist& in, bufferlist& out, std::string &error) const
 {
-  CryptoHandler *h = get_crypto_handler(type);
+  CryptoHandler *h = cct->get_crypto_handler(type);
   if (!h) {
     ostringstream oss;
     oss << "CryptoKey::encrypt: key type " << type << " not supported.";
@@ -384,10 +377,9 @@ encrypt(const bufferlist& in, bufferlist& out, std::string &error) const
   h->encrypt(this->secret, in, out, error);
 }
 
-void CryptoKey::
-decrypt(const bufferlist& in, bufferlist& out, std::string &error) const
+void CryptoKey::decrypt(CephContext *cct, const bufferlist& in, bufferlist& out, std::string &error) const
 {
-  CryptoHandler *h = get_crypto_handler(type);
+  CryptoHandler *h = cct->get_crypto_handler(type);
   if (!h) {
     ostringstream oss;
     oss << "CryptoKey::decrypt: key type " << type << " not supported.";

diff --git a/src/auth/Crypto.h b/src/auth/Crypto.h
index 52fa50e37b7991c8f1cfcb51e9be77cce1b84490..1176fd1c2cc18714683b7ccff8125aabc7a00d1a 100644 (file)
--- a/src/auth/Crypto.h
+++ b/src/auth/Crypto.h
@@ -77,8 +77,8 @@ public:
 
   // --
   int create(CephContext *cct, int type);
-  void encrypt(const bufferlist& in, bufferlist& out, std::string &error) const;
-  void decrypt(const bufferlist& in, bufferlist& out, std::string &error) const;
+  void encrypt(CephContext *cct, const bufferlist& in, bufferlist& out, std::string &error) const;
+  void decrypt(CephContext *cct, const bufferlist& in, bufferlist& out, std::string &error) const;
 
   void to_str(std::string& s) const;
 };

diff --git a/src/auth/cephx/CephxClientHandler.cc b/src/auth/cephx/CephxClientHandler.cc
index c8898bd26396e9f8b8a4b11a3e53ef5de345717f..afad79ce7f3f2c4da528b0f1e588d9477d817b45 100644 (file)
--- a/src/auth/cephx/CephxClientHandler.cc
+++ b/src/auth/cephx/CephxClientHandler.cc
@@ -50,7 +50,7 @@ int CephxClientHandler::build_request(bufferlist& bl)
     CephXAuthenticate req;
     get_random_bytes((char *)&req.client_challenge, sizeof(req.client_challenge));
     std::string error;
-    cephx_calc_client_server_challenge(secret, server_challenge,
+    cephx_calc_client_server_challenge(cct, secret, server_challenge,
                                       req.client_challenge, &req.key, error);
     if (!error.empty()) {
       ldout(cct, 20) << "cephx_calc_client_server_challenge error: " << error << dendl;
@@ -156,7 +156,7 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata)
        CryptoKey secret_key;
        keyring->get_secret(cct->_conf->name, secret_key);
        std::string error;
-       decode_decrypt(secrets, secret_key, indata, error);
+       decode_decrypt(cct, secrets, secret_key, indata, error);
        if (error.empty()) {
          rotating_secrets->set_secrets(secrets);
        } else {

diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc
index edda1f7b4d2dd3fd0bb21ebe0fb7fd7fe45b9e19..b82de9dbbf91e9fcfb5b397e283f3f0c40920c63 100644 (file)
--- a/src/auth/cephx/CephxKeyServer.cc
+++ b/src/auth/cephx/CephxKeyServer.cc
@@ -258,7 +258,7 @@ bool KeyServer::get_service_secret(uint32_t service_id,
 bool KeyServer::generate_secret(CryptoKey& secret)
 {
   bufferptr bp;
-  CryptoHandler *crypto = get_crypto_handler(CEPH_CRYPTO_AES);
+  CryptoHandler *crypto = cct->get_crypto_handler(CEPH_CRYPTO_AES);
   if (!crypto)
     return false;
 
@@ -359,7 +359,7 @@ bool KeyServer::get_rotating_encrypted(const EntityName& name,
   RotatingSecrets secrets = rotate_iter->second;
 
   std::string error;
-  encode_encrypt(secrets, specific_key, enc_bl, error);
+  encode_encrypt(cct, secrets, specific_key, enc_bl, error);
   if (!error.empty())
     return false;
 

diff --git a/src/auth/cephx/CephxProtocol.cc b/src/auth/cephx/CephxProtocol.cc
index c023c7ae3bc4d4293583df724b1ff942b8ce9712..937ad0bc0a54972071823519154fa88371d7fb91 100644 (file)
--- a/src/auth/cephx/CephxProtocol.cc
+++ b/src/auth/cephx/CephxProtocol.cc
@@ -24,7 +24,7 @@
 
 
 
-void cephx_calc_client_server_challenge(CryptoKey& secret, uint64_t server_challenge, 
+void cephx_calc_client_server_challenge(CephContext *cct, CryptoKey& secret, uint64_t server_challenge, 
                  uint64_t client_challenge, uint64_t *key, std::string &ret)
 {
   CephXChallengeBlob b;
@@ -33,7 +33,7 @@ void cephx_calc_client_server_challenge(CryptoKey& secret, uint64_t server_chall
 
   bufferlist enc;
   std::string error;
-  encode_encrypt(b, secret, enc, error);
+  encode_encrypt(cct, b, secret, enc, error);
   if (!error.empty())
     return;
 
@@ -62,7 +62,7 @@ bool cephx_build_service_ticket_blob(CephContext *cct, CephXSessionAuthInfo& inf
           << " ticket_info.ticket.name=" << ticket_info.ticket.name.to_str() << dendl;
   blob.secret_id = info.secret_id;
   std::string error;
-  encode_encrypt_enc_bl(ticket_info, info.service_secret, blob.blob, error);
+  encode_encrypt_enc_bl(cct, ticket_info, info.service_secret, blob.blob, error);
   if (!error.empty()) {
     ldout(cct, -1) << "cephx_build_service_ticket_blob failed with error "
          << error << dendl;
@@ -107,7 +107,7 @@ bool cephx_build_service_ticket_reply(CephContext *cct,
     msg_a.session_key = info.session_key;
     msg_a.validity = info.validity;
     std::string error;
-    encode_encrypt(msg_a, principal_secret, reply, error);
+    encode_encrypt(cct, msg_a, principal_secret, reply, error);
     if (!error.empty()) {
       ldout(cct, -1) << "error encoding encrypted: " << error << dendl;
       return false;
@@ -126,7 +126,7 @@ bool cephx_build_service_ticket_reply(CephContext *cct,
 
     ::encode((__u8)should_encrypt_ticket, reply);
     if (should_encrypt_ticket) {
-      encode_encrypt(service_ticket_bl, ticket_enc_key, reply, error);
+      encode_encrypt(cct, service_ticket_bl, ticket_enc_key, reply, error);
       if (!error.empty()) {
        ldout(cct, -1) << "error encoding encrypted ticket: " << error << dendl;
         return false;
@@ -150,7 +150,7 @@ bool CephXTicketHandler::verify_service_ticket_reply(CryptoKey& secret,
 
   CephXServiceTicket msg_a;
   std::string error;
-  decode_decrypt(msg_a, secret, indata, error);
+  decode_decrypt(cct, msg_a, secret, indata, error);
   if (!error.empty()) {
     ldout(cct, 0) << "verify_service_ticket_reply: failed decode_decrypt with secret "
            << secret << ": " << error << dendl;
@@ -164,7 +164,7 @@ bool CephXTicketHandler::verify_service_ticket_reply(CryptoKey& secret,
   if (ticket_enc) {
     ldout(cct, 10) << " got encrypted ticket" << dendl;
     std::string error;
-    decode_decrypt(service_ticket_bl, session_key, indata, error);
+    decode_decrypt(cct, service_ticket_bl, session_key, indata, error);
     if (!error.empty()) {
       ldout(cct, 10) << "verify_service_ticket_reply: decode_decrypt failed "
            << "with " << error << dendl;
@@ -314,7 +314,7 @@ CephXAuthorizer *CephXTicketHandler::build_authorizer(uint64_t global_id)
   msg.nonce = a->nonce;
 
   std::string error;
-  encode_encrypt(msg, session_key, a->bl, error);
+  encode_encrypt(cct, msg, session_key, a->bl, error);
   if (!error.empty()) {
     ldout(cct, 0) << "failed to encrypt authorizer: " << error << dendl;
     delete a;
@@ -379,7 +379,7 @@ bool cephx_decode_ticket(CephContext *cct, KeyStore *keys, uint32_t service_id,
   }
 
   std::string error;
-  decode_decrypt_enc_bl(ticket_info, service_secret, ticket_blob.blob, error);
+  decode_decrypt_enc_bl(cct, ticket_info, service_secret, ticket_blob.blob, error);
   if (!error.empty()) {
     ldout(cct, 0) << "ceph_decode_ticket could not decrypt ticket info. error:" 
        << error << dendl;
@@ -435,7 +435,7 @@ bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
     }
   }
   std::string error;
-  decode_decrypt_enc_bl(ticket_info, service_secret, ticket.blob, error);
+  decode_decrypt_enc_bl(cct, ticket_info, service_secret, ticket.blob, error);
   if (!error.empty()) {
     ldout(cct, 0) << "verify_authorizer could not decrypt ticket info: error: "
       << error << dendl;
@@ -452,7 +452,7 @@ bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
 
   // CephXAuthorize
   CephXAuthorize auth_msg;
-  decode_decrypt(auth_msg, ticket_info.session_key, indata, error);
+  decode_decrypt(cct, auth_msg, ticket_info.session_key, indata, error);
   if (!error.empty()) {
     ldout(cct, 0) << "verify_authorizercould not decrypt authorize request: error: "
       << error << dendl;
@@ -466,7 +466,7 @@ bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
   CephXAuthorizeReply reply;
   // reply.trans_id = auth_msg.trans_id;
   reply.nonce_plus_one = auth_msg.nonce + 1;
-  encode_encrypt(reply, ticket_info.session_key, reply_bl, error);
+  encode_encrypt(cct, reply, ticket_info.session_key, reply_bl, error);
   if (!error.empty()) {
     ldout(cct, 10) << "verify_authorizer: encode_encrypt error: " << error << dendl;
     return false;
@@ -483,7 +483,7 @@ bool CephXAuthorizer::verify_reply(bufferlist::iterator& indata)
 
   try {
     std::string error;
-    decode_decrypt(reply, session_key, indata, error);
+    decode_decrypt(cct, reply, session_key, indata, error);
     if (!error.empty()) {
       ldout(cct, 0) << "verify_authorizer_reply coudln't decrypt with " << session_key 
           << ": error: " << error << dendl;

diff --git a/src/auth/cephx/CephxProtocol.h b/src/auth/cephx/CephxProtocol.h
index 7dfda77788b86e30d7824f7ffaa69150b87519fe..31f256146c9c080f6400e793475fcc65dd020383 100644 (file)
--- a/src/auth/cephx/CephxProtocol.h
+++ b/src/auth/cephx/CephxProtocol.h
@@ -201,8 +201,9 @@ struct CephXChallengeBlob {
 };
 WRITE_CLASS_ENCODER(CephXChallengeBlob)
 
-void cephx_calc_client_server_challenge(CryptoKey& secret, uint64_t server_challenge, uint64_t client_challenge,
-                                      uint64_t *key, std::string &error);
+void cephx_calc_client_server_challenge(CephContext *cct, 
+                                       CryptoKey& secret, uint64_t server_challenge, uint64_t client_challenge,
+                                       uint64_t *key, std::string &error);
 
 
 /*
@@ -219,10 +220,11 @@ struct CephXSessionAuthInfo {
 
 
 extern bool cephx_build_service_ticket_blob(CephContext *cct,
-                 CephXSessionAuthInfo& ticket_info, CephXTicketBlob& blob);
+                                           CephXSessionAuthInfo& ticket_info, CephXTicketBlob& blob);
 
-extern void cephx_build_service_ticket_request(uint32_t keys,
-                                        bufferlist& request);
+extern void cephx_build_service_ticket_request(CephContext *cct, 
+                                              uint32_t keys,
+                                              bufferlist& request);
 
 extern bool cephx_build_service_ticket_reply(CephContext *cct,
                                             CryptoKey& principal_secret,
@@ -425,13 +427,13 @@ extern bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
 #define AUTH_ENC_MAGIC 0xff009cad8826aa55ull
 
 template <typename T>
-void decode_decrypt_enc_bl(T& t, CryptoKey key, bufferlist& bl_enc, 
+void decode_decrypt_enc_bl(CephContext *cct, T& t, CryptoKey key, bufferlist& bl_enc, 
                           std::string &error)
 {
   uint64_t magic;
   bufferlist bl;
 
-  key.decrypt(bl_enc, bl, error);
+  key.decrypt(cct, bl_enc, bl, error);
   if (!error.empty())
     return;
 
@@ -450,7 +452,7 @@ void decode_decrypt_enc_bl(T& t, CryptoKey key, bufferlist& bl_enc,
 }
 
 template <typename T>
-void encode_encrypt_enc_bl(const T& t, const CryptoKey& key,
+void encode_encrypt_enc_bl(CephContext *cct, const T& t, const CryptoKey& key,
                           bufferlist& out, std::string &error)
 {
   bufferlist bl;
@@ -460,24 +462,24 @@ void encode_encrypt_enc_bl(const T& t, const CryptoKey& key,
   ::encode(magic, bl);
   ::encode(t, bl);
 
-  key.encrypt(bl, out, error);
+  key.encrypt(cct, bl, out, error);
 }
 
 template <typename T>
-void decode_decrypt(T& t, const CryptoKey key,
+void decode_decrypt(CephContext *cct, T& t, const CryptoKey key,
                    bufferlist::iterator& iter, std::string &error)
 {
   bufferlist bl_enc;
   ::decode(bl_enc, iter);
-  decode_decrypt_enc_bl(t, key, bl_enc, error);
+  decode_decrypt_enc_bl(cct, t, key, bl_enc, error);
 }
 
 template <typename T>
-void encode_encrypt(const T& t, const CryptoKey& key,
+void encode_encrypt(CephContext *cct, const T& t, const CryptoKey& key,
                    bufferlist& out, std::string &error)
 {
   bufferlist bl_enc;
-  encode_encrypt_enc_bl(t, key, bl_enc, error);
+  encode_encrypt_enc_bl(cct, t, key, bl_enc, error);
   if (!error.empty())
     return;
   ::encode(bl_enc, out);

diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc
index da7dbf17de7ae8d8d862818da30bcfdb9549c6e4..c5d91d98bcac067ea759af0414d31c259d49b106 100644 (file)
--- a/src/auth/cephx/CephxServiceHandler.cc
+++ b/src/auth/cephx/CephxServiceHandler.cc
@@ -75,7 +75,7 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist
 
       uint64_t expected_key;
       std::string error;
-      cephx_calc_client_server_challenge(secret, server_challenge,
+      cephx_calc_client_server_challenge(cct, secret, server_challenge,
                                         req.client_challenge, &expected_key, error);
       if (!error.empty()) {
        ldout(cct, 0) << " cephx_calc_client_server_challenge error: " << error << dendl;

diff --git a/src/common/ceph_context.cc b/src/common/ceph_context.cc
index 97005ac77cfe58d2ef0776d6970bcf796130f1fa..e4345e64d5b711122550656182ec2297b2ad9013 100644 (file)
--- a/src/common/ceph_context.cc
+++ b/src/common/ceph_context.cc
@@ -25,6 +25,7 @@
 #include "common/lockdep.h"
 #include "common/Formatter.h"
 #include "log/Log.h"
+#include "auth/Crypto.h"
 
 #include <iostream>
 #include <pthread.h>
@@ -228,7 +229,9 @@ CephContext::CephContext(uint32_t module_type_)
     _admin_socket(NULL),
     _perf_counters_collection(NULL),
     _perf_counters_conf_obs(NULL),
-    _heartbeat_map(NULL)
+    _heartbeat_map(NULL),
+    _crypto_none(NULL),
+    _crypto_aes(NULL)
 {
   pthread_spin_init(&_service_thread_lock, PTHREAD_PROCESS_SHARED);
 
@@ -254,6 +257,9 @@ CephContext::CephContext(uint32_t module_type_)
   _admin_socket->register_command("log flush", _admin_hook, "flush log entries to log file");
   _admin_socket->register_command("log dump", _admin_hook, "dump recent log entries to log file");
   _admin_socket->register_command("log reopen", _admin_hook, "reopen log file");
+
+  _crypto_none = new CryptoNone;
+  _crypto_aes = new CryptoAES;
 }
 
 CephContext::~CephContext()
@@ -297,6 +303,8 @@ CephContext::~CephContext()
   delete _conf;
   pthread_spin_destroy(&_service_thread_lock);
 
+  delete _crypto_none;
+  delete _crypto_aes;
 }
 
 void CephContext::start_service_thread()
@@ -362,3 +370,15 @@ AdminSocket *CephContext::get_admin_socket()
 {
   return _admin_socket;
 }
+
+CryptoHandler *CephContext::get_crypto_handler(int type)
+{
+  switch (type) {
+  case CEPH_CRYPTO_NONE:
+    return _crypto_none;
+  case CEPH_CRYPTO_AES:
+    return _crypto_aes;
+  default:
+    return NULL;
+  }
+}

diff --git a/src/common/ceph_context.h b/src/common/ceph_context.h
index bb38053c49a8afc76a6288d614217180bdd0e159..7ace17fa9bd9e86a1a25c263f08789d91a3cb5d9 100644 (file)
--- a/src/common/ceph_context.h
+++ b/src/common/ceph_context.h
@@ -27,6 +27,9 @@ class PerfCountersCollection;
 class md_config_obs_t;
 class md_config_t;
 class CephContextHook;
+class CryptoNone;
+class CryptoAES;
+class CryptoHandler;
 
 namespace ceph {
   class HeartbeatMap;
@@ -96,6 +99,11 @@ public:
    */
   void do_command(std::string command, std::string args, bufferlist *out);
 
+  /**
+   * get a crypto handler
+   */
+  CryptoHandler *get_crypto_handler(int type);
+
 private:
   CephContext(const CephContext &rhs);
   CephContext &operator=(const CephContext &rhs);
@@ -126,6 +134,10 @@ private:
   CephContextHook *_admin_hook;
 
   ceph::HeartbeatMap *_heartbeat_map;
+
+  // crypto
+  CryptoNone *_crypto_none;
+  CryptoAES *_crypto_aes;
 };
 
 #endif

diff --git a/src/test/crypto.cc b/src/test/crypto.cc
index 7c56260b31063922d11e388bef15d582d98bedca..85150ef80a96614a09d0ce0094cb9bd99df77894 100644 (file)
--- a/src/test/crypto.cc
+++ b/src/test/crypto.cc
@@ -17,7 +17,7 @@ public:
 ::testing::Environment* const crypto_env = ::testing::AddGlobalTestEnvironment(new CryptoEnvironment);
 
 TEST(AES, ValidateSecret) {
-  CryptoHandler *h = get_crypto_handler(CEPH_CRYPTO_AES);
+  CryptoHandler *h = g_ceph_context->get_crypto_handler(CEPH_CRYPTO_AES);
   int l;
 
   for (l=0; l<16; l++) {
@@ -36,7 +36,7 @@ TEST(AES, ValidateSecret) {
 }
 
 TEST(AES, Encrypt) {
-  CryptoHandler *h = get_crypto_handler(CEPH_CRYPTO_AES);
+  CryptoHandler *h = g_ceph_context->get_crypto_handler(CEPH_CRYPTO_AES);
   char secret_s[] = {
     0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
     0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
@@ -72,7 +72,7 @@ TEST(AES, Encrypt) {
 }
 
 TEST(AES, Decrypt) {
-  CryptoHandler *h = get_crypto_handler(CEPH_CRYPTO_AES);
+  CryptoHandler *h = g_ceph_context->get_crypto_handler(CEPH_CRYPTO_AES);
   char secret_s[] = {
     0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
     0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
@@ -125,7 +125,7 @@ TEST(AES, Loop) {
   for (int i=0; i<10000; i++) {
     bufferlist cipher;
     {
-      CryptoHandler *h = get_crypto_handler(CEPH_CRYPTO_AES);
+      CryptoHandler *h = g_ceph_context->get_crypto_handler(CEPH_CRYPTO_AES);
 
       std::string error;
       h->encrypt(secret, plaintext, cipher, error);
@@ -134,7 +134,7 @@ TEST(AES, Loop) {
     plaintext.clear();
 
     {
-      CryptoHandler *h = get_crypto_handler(CEPH_CRYPTO_AES);
+      CryptoHandler *h = g_ceph_context->get_crypto_handler(CEPH_CRYPTO_AES);
       std::string error;
       h->decrypt(secret, cipher, plaintext, error);
       ASSERT_EQ(error, "");

diff --git a/src/testcrypto.cc b/src/testcrypto.cc
index 3237f3c8b835824a50c04fb301ad3869c51442f2..0b7a9d5474250ae5b9125ea4f975f22629b9c4ad 100644 (file)
--- a/src/testcrypto.cc
+++ b/src/testcrypto.cc
@@ -25,7 +25,7 @@ int main(int argc, char *argv[])
 
   bufferlist enc_out;
   std::string error;
-  key.encrypt(enc_in, enc_out, error);
+  key.encrypt(g_ceph_context, enc_in, enc_out, error);
   if (!error.empty()) {
     dout(0) << "couldn't encode! error " << error << dendl;
     exit(1);
@@ -42,7 +42,7 @@ int main(int argc, char *argv[])
 
   dec_in = enc_out;
 
-  key.decrypt(dec_in, dec_out, error);
+  key.decrypt(g_ceph_context, dec_in, dec_out, error);
   if (!error.empty()) {
     dout(0) << "couldn't decode! error " << error << dendl;
     exit(1);