Thread: pgsql: Fix contrib/pgcrypto to autoconfigure for OpenSSL when
pgsql: Fix contrib/pgcrypto to autoconfigure for OpenSSL when
From
tgl@svr1.postgresql.org (Tom Lane)
Date:
Log Message:
-----------
Fix contrib/pgcrypto to autoconfigure for OpenSSL when --with-openssl
is used in the toplevel configure. Per Marko Kreen.
Modified Files:
--------------
pgsql:
configure (r1.442 -> r1.443)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/configure.diff?r1=1.442&r2=1.443)
configure.in (r1.415 -> r1.416)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/configure.in.diff?r1=1.415&r2=1.416)
pgsql/contrib/pgcrypto:
Makefile (r1.14 -> r1.15)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/pgcrypto/Makefile.diff?r1=1.14&r2=1.15)
pgsql/src:
Makefile.global.in (r1.215 -> r1.216)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/Makefile.global.in.diff?r1=1.215&r2=1.216)
On Tue, 5 Jul 2005, Tom Lane wrote: > Log Message: > ----------- > Fix contrib/pgcrypto to autoconfigure for OpenSSL when --with-openssl > is used in the toplevel configure. Per Marko Kreen. > This seems to have broken the canary buildfarm member: http://www.pgbuildfarm.org/cgi-bin/show_log.pl?nm=canary&dt=2005-07-06%2002:30:01 ldd on pgcrypto.so shows: -lc.12 => /usr/lib/libc.so.12 -lcrypto.300 => /usr/pkg/lib/libcrypto.so.300 -lssl.300 => /usr/pkg/lib/libssl.so.300 -lcrypt.0 => /usr/lib/libcrypt.so.0 if that's any help. Kris Jurka
Kris Jurka <books@ejurka.com> writes: > This seems to have broken the canary buildfarm member: > http://www.pgbuildfarm.org/cgi-bin/show_log.pl?nm=canary&dt=2005-07-06%2002:30:01 Not a lot of help there: ERROR: could not load library "/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so": dlopen (/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so)failed ERROR: could not load library "/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so": dlopen (/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so)failed ERROR: could not load library "/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so": dlopen (/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so)failed On most Unixen that I've dealt with, this sort of shared-library load failure is accompanied by some actually-useful detail messages on stderr. It looks like the buildfarm infrastructure is losing that detail :-( regards, tom lane
On Wed, 6 Jul 2005, Tom Lane wrote: > Not a lot of help there: > > ERROR: could not load library "/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so": dlopen (/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so)failed > > On most Unixen that I've dealt with, this sort of shared-library load > failure is accompanied by some actually-useful detail messages on > stderr. It looks like the buildfarm infrastructure is losing that > detail :-( > Actually it looks like the netbsd dynloader code is at fault. The attached patch gives me: ERROR: could not load library "/usr/home/jurka/tmp/pg81/lib/postgresql/pgcrypto.so": dlopen '/usr/home/jurka/tmp/pg81/lib/postgresql/pgcrypto.so' failed. (/usr/home/jurka/tmp/pg81/lib/postgresql/pgcrypto.so: Undefined PLT symbol "DES_set_key" (reloc type = 7, symnum = 75)) Note also that openbsd's dynloader is missing this error reporting. Kris Jurka
Attachment
Kris Jurka <books@ejurka.com> writes:
> Actually it looks like the netbsd dynloader code is at fault. The
> attached patch gives me:
Patch applied, thanks.
> ERROR: could not load library "/usr/home/jurka/tmp/pg81/lib/postgresql/pgcrypto.so":
> dlopen '/usr/home/jurka/tmp/pg81/lib/postgresql/pgcrypto.so' failed.
> (/usr/home/jurka/tmp/pg81/lib/postgresql/pgcrypto.so: Undefined PLT
> symbol "DES_set_key" (reloc type = 7, symnum = 75))
Hm, so it seems that libssl or libcrypto isn't getting loaded in
properly. What does ldd (or local equivalent) say about pgcrypto.so's
dependencies? Are these libraries properly mentioned on the command
line when pgcrypto.so is linked?
regards, tom lane
On Wed, 6 Jul 2005, Tom Lane wrote: > Hm, so it seems that libssl or libcrypto isn't getting loaded in > properly. What does ldd (or local equivalent) say about pgcrypto.so's > dependencies? Are these libraries properly mentioned on the command > line when pgcrypto.so is linked? > Actually looks like a compile time problem: gcc -O2 -Wall -Wmissing-prototypes -Wpointer-arith -fno-strict-aliasing -g -fpic -DPIC -DRAND_OPENSSL -I. -I../../src/include -I/usr/pkg/include -c -o openssl.o openssl.c openssl.c: In function `ossl_des3_init': openssl.c:403: warning: implicit declaration of function `DES_set_key' openssl.c: In function `ossl_des3_ecb_encrypt': openssl.c:426: warning: implicit declaration of function `DES_ecb3_encrypt' openssl.c: In function `ossl_des3_cbc_encrypt': openssl.c:451: warning: implicit declaration of function `DES_ede3_cbc_encrypt' <openssl/des.h> has entries for des_set_key (and lowercase versions of others), but not DES_set_key. Adjusting the code to use the lowercase versions results in compile warnings, but the regression tests pass (except for rijndael which fails with 'ERROR: Cannot use "aes": No such cipher algorithm'. I've got OpenSSL 0.9.6g 9 Aug 2002, is that just too old? Kris Jurka gcc -O2 -Wall -Wmissing-prototypes -Wpointer-arith -fno-strict-aliasing -g -fpic -DPIC -DRAND_OPENSSL -I. -I../../src/include -I/usr/pkg/include -c -o openssl.o openssl.c openssl.c: In function `ossl_des3_init': openssl.c:403: warning: passing arg 2 of `des_set_key' from incompatible pointer type openssl.c:404: warning: passing arg 2 of `des_set_key' from incompatible pointer type openssl.c:405: warning: passing arg 2 of `des_set_key' from incompatible pointer type openssl.c: In function `ossl_des3_ecb_encrypt': openssl.c:427: warning: passing arg 1 of `des_ecb3_encrypt' from incompatible pointer type openssl.c:427: warning: passing arg 2 of `des_ecb3_encrypt' from incompatible pointer type openssl.c:427: warning: passing arg 3 of `des_ecb3_encrypt' from incompatible pointer type openssl.c:427: warning: passing arg 4 of `des_ecb3_encrypt' from incompatible pointer type openssl.c:427: warning: passing arg 5 of `des_ecb3_encrypt' from incompatible pointer type openssl.c: In function `ossl_des3_ecb_decrypt': openssl.c:441: warning: passing arg 1 of `des_ecb3_encrypt' from incompatible pointer type openssl.c:441: warning: passing arg 2 of `des_ecb3_encrypt' from incompatible pointer type openssl.c:441: warning: passing arg 3 of `des_ecb3_encrypt' from incompatible pointer type openssl.c:441: warning: passing arg 4 of `des_ecb3_encrypt' from incompatible pointer type openssl.c:441: warning: passing arg 5 of `des_ecb3_encrypt' from incompatible pointer type openssl.c: In function `ossl_des3_cbc_encrypt': openssl.c:453: warning: passing arg 4 of `des_ede3_cbc_encrypt' from incompatible pointer type openssl.c:453: warning: passing arg 5 of `des_ede3_cbc_encrypt' from incompatible pointer type openssl.c:453: warning: passing arg 6 of `des_ede3_cbc_encrypt' from incompatible pointer type openssl.c: In function `ossl_des3_cbc_decrypt': openssl.c:465: warning: passing arg 4 of `des_ede3_cbc_encrypt' from incompatible pointer type openssl.c:465: warning: passing arg 5 of `des_ede3_cbc_encrypt' from incompatible pointer type openssl.c:465: warning: passing arg 6 of `des_ede3_cbc_encrypt' from incompatible pointer type ,
Kris Jurka <books@ejurka.com> writes: > I've got OpenSSL 0.9.6g 9 Aug 2002, is that just too old? Not sure --- I forwarded your message to Marko for comment. According to http://www.openssl.org/news/ you're short at least two security fixes, so I don't feel any strong need to support 0.9.6g per se. But if the same API issue exists in 0.9.6-current then we probably ought to think about whether we can cope. It looks to me like 0.9.6 is still considered a supported branch by the OpenSSL community. regards, tom lane