[pgpool-hackers: 2467] Re: Dealing with OpenSSL 1.1

Muhammad Usama m.usama at gmail.com
Sat Jul 29 00:58:06 JST 2017 

Hi Ishii-San

I don't have the proper setup with openssl 1.1 at the moment so couldn't
test the changes.
But I have made the required changes as per the changelog of openssl 1.1
Can you please check the attached patch if it works.

Please note that the patch is generated over your patch.


Thanks
Best Regards
Muhammad Usama

On Fri, Jul 28, 2017 at 11:55 AM, Muhammad Usama <m.usama at gmail.com> wrote:

> Hi Ishii-San,
>
> Apparently HMAC_CTX_init and HMAC_CTX_cleanup are also removed from new
> openssl API. I am looking into the replacements for these functions will
> update on this thread.
>
> Thanks
> Best Regards
> Muhammad Usama
>
> On Fri, Jul 28, 2017 at 7:29 AM, Tatsuo Ishii <ishii at sraoss.co.jp> wrote:
>
>> Hi Usama,
>>
>> While working on $subject, I get compile errors while compiling
>> watchdog:
>>
>> make[2]: Entering directory '/home/t-ishii/src/pgpool2/src/watchdog'
>> depbase=`echo wd_utils.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
>> gcc -DHAVE_CONFIG_H -I. -I../../src/include  -D_GNU_SOURCE -I
>> /usr/include   -g -O2 -Wall -Wmissing-prototypes -Wmissing-declarations
>> -fno-strict-aliasing -MT wd_utils.o -MD -MP -MF $depbase.Tpo -c -o
>> wd_utils.o wd_utils.c &&\
>> mv -f $depbase.Tpo $depbase.Po
>> wd_utils.c: In function 'calculate_hmac_sha256':
>> wd_utils.c:157:11: error: storage size of 'ctx' isn't known
>>   HMAC_CTX ctx;
>>            ^~~
>> wd_utils.c:158:2: warning: implicit declaration of function
>> 'HMAC_CTX_init'; did you mean 'HMAC_CTX_new'? [-Wimplicit-function-declarati
>> on]
>>   HMAC_CTX_init(&ctx);
>>   ^~~~~~~~~~~~~
>>   HMAC_CTX_new
>> wd_utils.c:162:2: warning: implicit declaration of function
>> 'HMAC_CTX_cleanup'; did you mean 'HMAC_CTX_get_md'?
>> [-Wimplicit-function-declaration]
>>   HMAC_CTX_cleanup(&ctx);
>>   ^~~~~~~~~~~~~~~~
>>   HMAC_CTX_get_md
>> wd_utils.c:157:11: warning: unused variable 'ctx' [-Wunused-variable]
>>   HMAC_CTX ctx;
>>            ^~~
>> make[2]: *** [Makefile:400: wd_utils.o] Error 1
>>
>> Any idea how to fix them?
>>
>> This is Fedora 26. Attached is the patch I'm working on.
>>
>> Best regards,
>> --
>> Tatsuo Ishii
>> SRA OSS, Inc. Japan
>> English: http://www.sraoss.co.jp/index_en.php
>> Japanese:http://www.sraoss.co.jp
>>
>> diff --git a/configure.ac b/configure.ac
>> index 38c8611..1b7fb4a 100644
>> --- a/configure.ac
>> +++ b/configure.ac
>> @@ -325,7 +325,7 @@ if test "$with_openssl" = yes || test "$with_openssl"
>> = auto; then
>>          ])
>>
>>     AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library
>> 'crypto' is required for OpenSSL])])
>> -   AC_CHECK_LIB(ssl,    SSL_library_init, [], [AC_MSG_ERROR([library
>> 'ssl' is required for OpenSSL])])
>> +   AC_CHECK_LIB(ssl,    SSL_new, [], [AC_MSG_ERROR([library 'ssl' is
>> required for OpenSSL])])
>>  fi
>>
>>  AC_ARG_WITH(pam,
>> diff --git a/src/main/main.c b/src/main/main.c
>> index 9dd0cc3..f33eec5 100644
>> --- a/src/main/main.c
>> +++ b/src/main/main.c
>> @@ -5,7 +5,7 @@
>>   * pgpool: a language independent connection pool server for PostgreSQL
>>   * written by Tatsuo Ishii
>>   *
>> - * Copyright (c) 2003-2016     PgPool Global Development Group
>> + * Copyright (c) 2003-2017     PgPool Global Development Group
>>   *
>>   * Permission to use, copy, modify, and distribute this software and
>>   * its documentation for any purpose and without fee is hereby
>> @@ -185,7 +185,11 @@ int main(int argc, char **argv)
>>         }
>>  #ifdef USE_SSL
>>         /* global ssl init */
>> +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
>> +       OPENSSL_init_ssl(0, NULL);
>> +#else
>>         SSL_library_init();
>> +#endif
>>         SSL_load_error_strings();
>>  #endif /* USE_SSL */
>>
>>
>> _______________________________________________
>> pgpool-hackers mailing list
>> pgpool-hackers at pgpool.net
>> http://www.pgpool.net/mailman/listinfo/pgpool-hackers
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20170728/e78df49a/attachment.html>
-------------- next part --------------
diff --git a/configure.ac b/configure.ac
index 38c86112..1b7fb4a5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -325,7 +325,7 @@ if test "$with_openssl" = yes || test "$with_openssl" = auto; then
         ])
 
    AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])])
-   AC_CHECK_LIB(ssl,    SSL_library_init, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])])
+   AC_CHECK_LIB(ssl,    SSL_new, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])])
 fi
 
 AC_ARG_WITH(pam,
diff --git a/src/main/main.c b/src/main/main.c
index 9dd0cc30..f33eec59 100644
--- a/src/main/main.c
+++ b/src/main/main.c
@@ -5,7 +5,7 @@
  * pgpool: a language independent connection pool server for PostgreSQL
  * written by Tatsuo Ishii
  *
- * Copyright (c) 2003-2016	PgPool Global Development Group
+ * Copyright (c) 2003-2017	PgPool Global Development Group
  *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
@@ -185,7 +185,11 @@ int main(int argc, char **argv)
 	}
 #ifdef USE_SSL
 	/* global ssl init */
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+	OPENSSL_init_ssl(0, NULL);
+#else
 	SSL_library_init();
+#endif
 	SSL_load_error_strings();
 #endif /* USE_SSL */
 
diff --git a/src/watchdog/wd_utils.c b/src/watchdog/wd_utils.c
index b65acb06..f0c63ee3 100644
--- a/src/watchdog/wd_utils.c
+++ b/src/watchdog/wd_utils.c
@@ -151,18 +151,30 @@ static void calculate_hmac_sha256(const char *data, int len, char *buf)
 {
 	char* key = pool_config->wd_authkey;
 	char str[WD_AUTH_HASH_LEN/2];
-
 	unsigned int res_len = WD_AUTH_HASH_LEN;
+	HMAC_CTX *ctx = NULL;
 
-	HMAC_CTX ctx;
-	HMAC_CTX_init(&ctx);
-	HMAC_Init_ex(&ctx, key, strlen(key), EVP_sha256(), NULL);
-	HMAC_Update(&ctx, (unsigned char*)data, len);
-	HMAC_Final(&ctx, (unsigned char*)str, &res_len);
-	HMAC_CTX_cleanup(&ctx);
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+	ctx = HMAC_CTX_new();
+	HMAC_CTX_reset(ctx);
+#else
+	HMAC_CTX ctx_obj;
+	ctx = &ctx_obj;
+	HMAC_CTX_init(ctx);
+#endif
+	HMAC_Init_ex(ctx, key, strlen(key), EVP_sha256(), NULL);
+	HMAC_Update(ctx, (unsigned char*)data, len);
+	HMAC_Final(ctx, (unsigned char*)str, &res_len);
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+	HMAC_CTX_reset(ctx);
+	HMAC_CTX_free(ctx);
+#else
+	HMAC_CTX_cleanup(ctx);
+#endif
 	bytesToHex(str,32,buf);
 	buf[WD_AUTH_HASH_LEN] = '\0';
 }
+
 void
 wd_calc_hash(const char *str, int len, char *buf)
 {

More information about the pgpool-hackers mailing list