search

gluster / glusterfs

Gluster Filesystem : Build your distributed storage in minutes
https://www.gluster.org
GNU General Public License v2.0
4.53k stars 1.07k forks source link

Replace SHA deprecated functions with newer ones #2916

Open mykaul opened 2 years ago

mykaul commented 2 years ago

See https://www.openssl.org/docs/manmaster/man3/SHA256.html : SHA256_Init() and others are deprecated in newer versions of OpenSSL (3.0 and above). RHEL 9 is going to use it, which will break Gluster. [Update - it won't break Gluster, you'll get a deprecation warning. In some configurations with more strict hardening, it will not work]. Overall, worth moving to newer APIs.

black-dragon74 commented 2 years ago

@mykaul You working on this or should I go ahead and start implementing the newer APIs?

mykaul commented 2 years ago

@mykaul You working on this or should I go ahead and start implementing the newer APIs?

I am not - I think OpenSSL 3.0 is only available from Fedora 36 and RHEL 9, I have neither right now. Go ahead and take it if you can.

black-dragon74 commented 2 years ago

Alright, I will take care of it.

mykaul commented 2 years ago

This is how it looks like with OpenSSL 3.0:

common-utils.c: In function ‘glusterfs_compute_sha256’:
common-utils.c:4209:5: warning: ‘SHA256_Init’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 4209 |     SHA256_Init(&sha256);
      |     ^~~~~~~~~~~
In file included from ./glusterfs/glusterfs.h:27,
                 from ./glusterfs/mem-pool.h:18,
                 from glusterfs/common-utils.h:48,
                 from common-utils.c:46:
/usr/include/openssl/sha.h:73:27: note: declared here
   73 | OSSL_DEPRECATEDIN_3_0 int SHA256_Init(SHA256_CTX *c);
      |                           ^~~~~~~~~~~
common-utils.c:4210:5: warning: ‘SHA256_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 4210 |     SHA256_Update(&sha256, (const unsigned char *)(content), size);
      |     ^~~~~~~~~~~~~
/usr/include/openssl/sha.h:74:27: note: declared here
   74 | OSSL_DEPRECATEDIN_3_0 int SHA256_Update(SHA256_CTX *c,
      |                           ^~~~~~~~~~~~~
common-utils.c:4211:5: warning: ‘SHA256_Final’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 4211 |     SHA256_Final((unsigned char *)sha256_hash, &sha256);
      |     ^~~~~~~~~~~~
/usr/include/openssl/sha.h:76:27: note: declared here
   76 | OSSL_DEPRECATEDIN_3_0 int SHA256_Final(unsigned char *md, SHA256_CTX *c);
stale[bot] commented 1 year ago

Thank you for your contributions. Noticed that this issue is not having any activity in last ~6 months! We are marking this issue as stale because it has not had recent activity. It will be closed in 2 weeks if no one responds with a comment here.

black-dragon74 commented 1 year ago

Commenting to keep this open as it is still a WIP.

Ref: #3149, #3853

Regards

stale[bot] commented 1 year ago

Closing this issue as there was no update since my last update on issue. If this is an issue which is still valid, feel free to open it.

neetesshhr commented 1 year ago

i am new to this getting ning: ‘int SHA256_Init(SHA256_CTX*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 40 | SHA256_Init(&sha256); | ~~~~~~~~~~~^~~~~~~~~

neetesshhr commented 1 year ago

any solution to this

Zprime137 commented 9 months ago

Nothing?

mykaul commented 9 months ago

@HazemMonir - some of the changes to support OpenSSL 3 and beyond were not completed (personally, I cannot devote more time to complete this work). Your contribution will be greatly appreciated !

Zprime137 commented 9 months ago

@mykaul I used the link in your first comment, and after using the new methods, it resolved all the issues. And thank you for your great work :)

alexismailov2 commented 6 months ago

//////////////////////////////////////////////////// // Deprecated examples //////////////////////////////////////////////////// memset(dst, 0, sizeof(dst)); t = clock(); for (long i = 0; i < N; i++) { SHA256_CTX ctx;

    SHA256_Init(&ctx);
    SHA256_Update(&ctx, src, sizeof(src));
    SHA256_Final(dst, &ctx);
}
cout << "\nB: SHA256_xxx " << (float)(clock()-t)/CLOCKS_PER_SEC << 's' << endl;
cout << "check " << ((unsigned long*)dst)[0] << endl;

////////////////////////////////////////////////////
// Suggested by OpenSSL 3.0 documentation
////////////////////////////////////////////////////
memset(dst, 0, sizeof(dst));
t = clock();
EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
const EVP_MD *md = EVP_sha256();

for (long i = 0; i < N; i++) {
    EVP_DigestInit_ex(mdctx, md, NULL); // ex or ex2
    EVP_DigestUpdate(mdctx, src, sizeof(src));
    EVP_DigestFinal_ex(mdctx, dst, 0);
}

EVP_MD_CTX_destroy(mdctx);
cout << "\nC: EVP_xxx " << (float)(clock()-t)/CLOCKS_PER_SEC << 's' << endl;
cout << "check " << ((unsigned long*)dst)[0] << endl;
barsnick commented 2 months ago

for (long i = 0; i < N; i++) { EVP_DigestInit_ex(mdctx, md, NULL); // ex or ex2 EVP_DigestUpdate(mdctx, src, sizeof(src)); EVP_DigestFinal_ex(mdctx, dst, 0); }

EVP_MD_CTX_destroy(mdctx);

You can do it even more simply with non-deprecated EVP_* functions available since OpenSSL 0.9.7. No need for conditional #ifdef code (like in PR https://github.com/gluster/glusterfs/pull/3149).

Something like

EVP_Digest(src, sizeof(src), dst, NULL, EVP_sha256(), NULL);
barsnick commented 2 months ago

BTW, this particular SHA256 code was fixed (albeit with keeping the unnecessary legacy code) in https://github.com/gluster/glusterfs/commit/8742a8d3d3d5d571d99e886ef84548b4cb443be1.