Thread: contrib/pgcrypto patch for OpenSSL 0.9.8
This patch allows contrib/pgcrypto to build with OpenSSL 0.9.8 (currently in beta) when cryptolib = openssl. According to the following checkin message from several years ago, OpenSSL application developers should no longer rely on <openssl/evp.h> to include everything they need: http://cvs.openssl.org/chngview?cn=9888 This patch adds the necessary header files. It doesn't appear to break anything when building against OpenSSL 0.9.7. BTW, core appears to build and work fine with OpenSSL 0.9.8. I've built 7.3 through HEAD against 0.9.8-beta6 without noticing any problems. -- Michael Fuhr http://www.fuhr.org/~mfuhr/
Attachment
Patch applied. Thanks. --------------------------------------------------------------------------- Michael Fuhr wrote: > This patch allows contrib/pgcrypto to build with OpenSSL 0.9.8 > (currently in beta) when cryptolib = openssl. According to the > following checkin message from several years ago, OpenSSL application > developers should no longer rely on <openssl/evp.h> to include > everything they need: > > http://cvs.openssl.org/chngview?cn=9888 > > This patch adds the necessary header files. It doesn't appear to > break anything when building against OpenSSL 0.9.7. > > BTW, core appears to build and work fine with OpenSSL 0.9.8. I've > built 7.3 through HEAD against 0.9.8-beta6 without noticing any > problems. > > -- > Michael Fuhr > http://www.fuhr.org/~mfuhr/ [ Attachment, skipping... ] > > ---------------------------(end of broadcast)--------------------------- > TIP 3: if posting/reading through Usenet, please send an appropriate > subscribe-nomail command to majordomo@postgresql.org so that your > message can get through to the mailing list cleanly -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
On Sat, Jul 02, 2005 at 10:33:05PM -0400, Bruce Momjian wrote: > Patch applied. Thanks. > --------------------------------------------------------------------------- > Michael Fuhr wrote: > > This patch allows contrib/pgcrypto to build with OpenSSL 0.9.8 > > (currently in beta) when cryptolib = openssl. According to the > > following checkin message from several years ago, OpenSSL application > > developers should no longer rely on <openssl/evp.h> to include > > everything they need: > > > > http://cvs.openssl.org/chngview?cn=9888 > > > > This patch adds the necessary header files. It doesn't appear to > > break anything when building against OpenSSL 0.9.7. > > > > BTW, core appears to build and work fine with OpenSSL 0.9.8. I've > > built 7.3 through HEAD against 0.9.8-beta6 without noticing any > > problems. Thanks for the patch. Bruce, please apply this additional patch, that fixes the auto-detection of AES. Now openssl.c just checks OpenSSL version. Whoever compiles newer OpenSSL without AES is on his own. -- marko
Attachment
Patch applied. Thanks. --------------------------------------------------------------------------- Marko Kreen wrote: > On Sat, Jul 02, 2005 at 10:33:05PM -0400, Bruce Momjian wrote: > > Patch applied. Thanks. > > --------------------------------------------------------------------------- > > Michael Fuhr wrote: > > > This patch allows contrib/pgcrypto to build with OpenSSL 0.9.8 > > > (currently in beta) when cryptolib = openssl. According to the > > > following checkin message from several years ago, OpenSSL application > > > developers should no longer rely on <openssl/evp.h> to include > > > everything they need: > > > > > > http://cvs.openssl.org/chngview?cn=9888 > > > > > > This patch adds the necessary header files. It doesn't appear to > > > break anything when building against OpenSSL 0.9.7. > > > > > > BTW, core appears to build and work fine with OpenSSL 0.9.8. I've > > > built 7.3 through HEAD against 0.9.8-beta6 without noticing any > > > problems. > > Thanks for the patch. > > Bruce, please apply this additional patch, that fixes the > auto-detection of AES. > > Now openssl.c just checks OpenSSL version. Whoever compiles > newer OpenSSL without AES is on his own. > > -- > marko > [ Attachment, skipping... ] > > ---------------------------(end of broadcast)--------------------------- > TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
Bruce Momjian wrote: > Patch applied. Thanks. Should either or both of these patches be applied to back branches? -Neil
On Mon, Jul 04, 2005 at 12:22:03PM +1000, Neil Conway wrote: > > Should either or both of these patches be applied to back branches? Considering that OpenSSL 0.9.8 is supposed to be final "very soon"[1], probably much sooner than PostgreSQL 8.1, some people will probably install it and have pgcrypto build problems. Any chance of applying the patches to at least REL8_0_STABLE? [1] http://www.mail-archive.com/openssl-announce@openssl.org/msg00062.html -- Michael Fuhr http://www.fuhr.org/~mfuhr/
On Mon, Jul 04, 2005 at 12:22:03PM +1000, Neil Conway wrote: > Bruce Momjian wrote: > >Patch applied. Thanks. > > Should either or both of these patches be applied to back branches? That would be a good idea. -- marko
Marko Kreen wrote: > On Mon, Jul 04, 2005 at 12:22:03PM +1000, Neil Conway wrote: > > Bruce Momjian wrote: > > >Patch applied. Thanks. > > > > Should either or both of these patches be applied to back branches? > > That would be a good idea. OK, I have applied the last two diffs for pgcrypto includes to 8.0.X, attached. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 Index: contrib/pgcrypto/openssl.c =================================================================== RCS file: /cvsroot/pgsql/contrib/pgcrypto/openssl.c,v retrieving revision 1.13.4.1 diff -c -c -r1.13.4.1 openssl.c *** contrib/pgcrypto/openssl.c 12 Mar 2005 06:54:31 -0000 1.13.4.1 --- contrib/pgcrypto/openssl.c 4 Jul 2005 14:30:12 -0000 *************** *** 35,40 **** --- 35,54 ---- #include <openssl/evp.h> + #include <openssl/evp.h> + #include <openssl/blowfish.h> + #include <openssl/cast.h> + #include <openssl/des.h> + + /* + * Does OpenSSL support AES? + */ + #undef GOT_AES + #if OPENSSL_VERSION_NUMBER >= 0x00907000L + #define GOT_AES + #include <openssl/aes.h> + #endif + /* * Hashes */
On Mon, Jul 04, 2005 at 10:31:21AM -0400, Bruce Momjian wrote: > OK, I have applied the last two diffs for pgcrypto includes to 8.0.X, > attached. > *** contrib/pgcrypto/openssl.c 12 Mar 2005 06:54:31 -0000 1.13.4.1 > --- contrib/pgcrypto/openssl.c 4 Jul 2005 14:30:12 -0000 > *************** > *** 35,40 **** > --- 35,54 ---- > > #include <openssl/evp.h> > > + #include <openssl/evp.h> Why second time? -- marko
Marko Kreen wrote: > On Mon, Jul 04, 2005 at 10:31:21AM -0400, Bruce Momjian wrote: > > OK, I have applied the last two diffs for pgcrypto includes to 8.0.X, > > attached. > > > *** contrib/pgcrypto/openssl.c 12 Mar 2005 06:54:31 -0000 1.13.4.1 > > --- contrib/pgcrypto/openssl.c 4 Jul 2005 14:30:12 -0000 > > *************** > > *** 35,40 **** > > --- 35,54 ---- > > > > #include <openssl/evp.h> > > > > + #include <openssl/evp.h> > > Why second time? Oh, I see, yea, got duplicated. That is fixed in the committed version. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073