|
| 1 | +From baa7ec826f3f6d044f5307efe4b5d3bdd111bf4e Mon Sep 17 00:00:00 2001 |
| 2 | +From: Sebastian Klemke < [email protected]> |
| 3 | +Date: Thu, 7 Nov 2024 19:14:13 +0100 |
| 4 | +Subject: HADOOP-18583. Fix loading of OpenSSL 3.x symbols (#5256) (#7149) |
| 5 | + |
| 6 | +Contributed by Sebastian Klemke |
| 7 | +--- |
| 8 | + .../org/apache/hadoop/crypto/OpensslCipher.c | 68 +++++++++++++++++-- |
| 9 | + 1 file changed, 64 insertions(+), 4 deletions(-) |
| 10 | + |
| 11 | +diff --git a/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/crypto/OpensslCipher.c b/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/crypto/OpensslCipher.c |
| 12 | +index abff7ea5f1..f17169dec2 100644 |
| 13 | +--- a/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/crypto/OpensslCipher.c |
| 14 | ++++ b/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/crypto/OpensslCipher.c |
| 15 | +@@ -24,6 +24,57 @@ |
| 16 | + |
| 17 | + #include "org_apache_hadoop_crypto_OpensslCipher.h" |
| 18 | + |
| 19 | ++/* |
| 20 | ++ # OpenSSL ABI Symbols |
| 21 | ++ |
| 22 | ++ Available on all OpenSSL versions: |
| 23 | ++ |
| 24 | ++ | Function | 1.0 | 1.1 | 3.0 | |
| 25 | ++ |--------------------------------|-----|-----|-----| |
| 26 | ++ | EVP_CIPHER_CTX_new | YES | YES | YES | |
| 27 | ++ | EVP_CIPHER_CTX_free | YES | YES | YES | |
| 28 | ++ | EVP_CIPHER_CTX_set_padding | YES | YES | YES | |
| 29 | ++ | EVP_CIPHER_CTX_test_flags | YES | YES | YES | |
| 30 | ++ | EVP_CipherInit_ex | YES | YES | YES | |
| 31 | ++ | EVP_CipherUpdate | YES | YES | YES | |
| 32 | ++ | EVP_CipherFinal_ex | YES | YES | YES | |
| 33 | ++ | ENGINE_by_id | YES | YES | YES | |
| 34 | ++ | ENGINE_free | YES | YES | YES | |
| 35 | ++ | EVP_aes_256_ctr | YES | YES | YES | |
| 36 | ++ | EVP_aes_128_ctr | YES | YES | YES | |
| 37 | ++ |
| 38 | ++ Available on old versions: |
| 39 | ++ |
| 40 | ++ | Function | 1.0 | 1.1 | 3.0 | |
| 41 | ++ |--------------------------------|-----|-----|-----| |
| 42 | ++ | EVP_CIPHER_CTX_cleanup | YES | --- | --- | |
| 43 | ++ | EVP_CIPHER_CTX_init | YES | --- | --- | |
| 44 | ++ | EVP_CIPHER_CTX_block_size | YES | YES | --- | |
| 45 | ++ | EVP_CIPHER_CTX_encrypting | --- | YES | --- | |
| 46 | ++ |
| 47 | ++ Available on new versions: |
| 48 | ++ |
| 49 | ++ | Function | 1.0 | 1.1 | 3.0 | |
| 50 | ++ |--------------------------------|-----|-----|-----| |
| 51 | ++ | OPENSSL_init_crypto | --- | YES | YES | |
| 52 | ++ | EVP_CIPHER_CTX_reset | --- | YES | YES | |
| 53 | ++ | EVP_CIPHER_CTX_get_block_size | --- | --- | YES | |
| 54 | ++ | EVP_CIPHER_CTX_is_encrypting | --- | --- | YES | |
| 55 | ++ |
| 56 | ++ Optionally available on new versions: |
| 57 | ++ |
| 58 | ++ | Function | 1.0 | 1.1 | 3.0 | |
| 59 | ++ |--------------------------------|-----|-----|-----| |
| 60 | ++ | EVP_sm4_ctr | --- | opt | opt | |
| 61 | ++ |
| 62 | ++ Name changes: |
| 63 | ++ |
| 64 | ++ | < 3.0 name | >= 3.0 name | |
| 65 | ++ |----------------------------|--------------------------------| |
| 66 | ++ | EVP_CIPHER_CTX_block_size | EVP_CIPHER_CTX_get_block_size | |
| 67 | ++ | EVP_CIPHER_CTX_encrypting | EVP_CIPHER_CTX_is_encrypting | |
| 68 | ++ */ |
| 69 | ++ |
| 70 | + #ifdef UNIX |
| 71 | + static EVP_CIPHER_CTX * (*dlsym_EVP_CIPHER_CTX_new)(void); |
| 72 | + static void (*dlsym_EVP_CIPHER_CTX_free)(EVP_CIPHER_CTX *); |
| 73 | +@@ -87,6 +138,15 @@ static __dlsym_EVP_aes_128_ctr dlsym_EVP_aes_128_ctr; |
| 74 | + static HMODULE openssl; |
| 75 | + #endif |
| 76 | + |
| 77 | ++// names changed in OpenSSL 3 ABI - see History section in EVP_EncryptInit(3) |
| 78 | ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L |
| 79 | ++#define CIPHER_CTX_BLOCK_SIZE "EVP_CIPHER_CTX_get_block_size" |
| 80 | ++#define CIPHER_CTX_ENCRYPTING "EVP_CIPHER_CTX_is_encrypting" |
| 81 | ++#else |
| 82 | ++#define CIPHER_CTX_BLOCK_SIZE "EVP_CIPHER_CTX_block_size" |
| 83 | ++#define CIPHER_CTX_ENCRYPTING "EVP_CIPHER_CTX_encrypting" |
| 84 | ++#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ |
| 85 | ++ |
| 86 | + static void loadAesCtr(JNIEnv *env) |
| 87 | + { |
| 88 | + #ifdef UNIX |
| 89 | +@@ -142,10 +202,10 @@ JNIEXPORT void JNICALL Java_org_apache_hadoop_crypto_OpensslCipher_initIDs |
| 90 | + LOAD_DYNAMIC_SYMBOL(dlsym_EVP_CIPHER_CTX_test_flags, env, openssl, \ |
| 91 | + "EVP_CIPHER_CTX_test_flags"); |
| 92 | + LOAD_DYNAMIC_SYMBOL(dlsym_EVP_CIPHER_CTX_block_size, env, openssl, \ |
| 93 | +- "EVP_CIPHER_CTX_block_size"); |
| 94 | ++ CIPHER_CTX_BLOCK_SIZE); |
| 95 | + #if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 96 | + LOAD_DYNAMIC_SYMBOL(dlsym_EVP_CIPHER_CTX_encrypting, env, openssl, \ |
| 97 | +- "EVP_CIPHER_CTX_encrypting"); |
| 98 | ++ CIPHER_CTX_ENCRYPTING); |
| 99 | + #endif |
| 100 | + LOAD_DYNAMIC_SYMBOL(dlsym_EVP_CipherInit_ex, env, openssl, \ |
| 101 | + "EVP_CipherInit_ex"); |
| 102 | +@@ -173,11 +233,11 @@ JNIEXPORT void JNICALL Java_org_apache_hadoop_crypto_OpensslCipher_initIDs |
| 103 | + openssl, "EVP_CIPHER_CTX_test_flags"); |
| 104 | + LOAD_DYNAMIC_SYMBOL(__dlsym_EVP_CIPHER_CTX_block_size, \ |
| 105 | + dlsym_EVP_CIPHER_CTX_block_size, env, \ |
| 106 | +- openssl, "EVP_CIPHER_CTX_block_size"); |
| 107 | ++ openssl, CIPHER_CTX_BLOCK_SIZE); |
| 108 | + #if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 109 | + LOAD_DYNAMIC_SYMBOL(__dlsym_EVP_CIPHER_CTX_encrypting, \ |
| 110 | + dlsym_EVP_CIPHER_CTX_encrypting, env, \ |
| 111 | +- openssl, "EVP_CIPHER_CTX_encrypting"); |
| 112 | ++ openssl, CIPHER_CTX_ENCRYPTING); |
| 113 | + #endif |
| 114 | + LOAD_DYNAMIC_SYMBOL(__dlsym_EVP_CipherInit_ex, dlsym_EVP_CipherInit_ex, \ |
| 115 | + env, openssl, "EVP_CipherInit_ex"); |
0 commit comments