Re: pgsql: Fix contrib/pgcrypto to autoconfigure for OpenSSL when

Log Message:
-----------
Fix contrib/pgcrypto to autoconfigure for OpenSSL when --with-openssl
is used in the toplevel configure. Per Marko Kreen.

Modified Files:
--------------
pgsql:
configure (r1.442 -> r1.443)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/configure.diff?r1=1.442&r2=1.443)
configure.in (r1.415 -> r1.416)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/configure.in.diff?r1=1.415&r2=1.416)
pgsql/contrib/pgcrypto:
Makefile (r1.14 -> r1.15)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/pgcrypto/Makefile.diff?r1=1.14&r2=1.15)
pgsql/src:
Makefile.global.in (r1.215 -> r1.216)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/Makefile.global.in.diff?r1=1.215&r2=1.216)

On Tue, 5 Jul 2005, Tom Lane wrote:

> Log Message:
> -----------
> Fix contrib/pgcrypto to autoconfigure for OpenSSL when --with-openssl
> is used in the toplevel configure. Per Marko Kreen.
>

This seems to have broken the canary buildfarm member:

http://www.pgbuildfarm.org/cgi-bin/show_log.pl?nm=canary&dt=2005-07-06%2002:30:01

ldd on pgcrypto.so shows:

-lc.12 => /usr/lib/libc.so.12
-lcrypto.300 => /usr/pkg/lib/libcrypto.so.300
-lssl.300 => /usr/pkg/lib/libssl.so.300
-lcrypt.0 => /usr/lib/libcrypt.so.0

if that's any help.

Kris Jurka

Kris Jurka <books(at)ejurka(dot)com> writes:
> This seems to have broken the canary buildfarm member:

> http://www.pgbuildfarm.org/cgi-bin/show_log.pl?nm=canary&dt=2005-07-06%2002:30:01

Not a lot of help there:

ERROR: could not load library "/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so": dlopen (/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so) failed
ERROR: could not load library "/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so": dlopen (/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so) failed
ERROR: could not load library "/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so": dlopen (/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so) failed

On most Unixen that I've dealt with, this sort of shared-library load
failure is accompanied by some actually-useful detail messages on
stderr. It looks like the buildfarm infrastructure is losing that
detail :-(

regards, tom lane

On Wed, 6 Jul 2005, Tom Lane wrote:

> Not a lot of help there:
>
> ERROR: could not load library "/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so": dlopen (/usr/home/pgfarm/netbsd/HEAD/inst/lib/postgresql/pgcrypto.so) failed
>
> On most Unixen that I've dealt with, this sort of shared-library load
> failure is accompanied by some actually-useful detail messages on
> stderr. It looks like the buildfarm infrastructure is losing that
> detail :-(
>

Actually it looks like the netbsd dynloader code is at fault. The
attached patch gives me:

ERROR: could not load library "/usr/home/jurka/tmp/pg81/lib/postgresql/pgcrypto.so":
dlopen '/usr/home/jurka/tmp/pg81/lib/postgresql/pgcrypto.so' failed.
(/usr/home/jurka/tmp/pg81/lib/postgresql/pgcrypto.so: Undefined PLT
symbol "DES_set_key" (reloc type = 7, symnum = 75))

Note also that openbsd's dynloader is missing this error reporting.

Kris Jurka

Kris Jurka <books(at)ejurka(dot)com> writes:
> Actually it looks like the netbsd dynloader code is at fault. The
> attached patch gives me:

Patch applied, thanks.

> ERROR: could not load library "/usr/home/jurka/tmp/pg81/lib/postgresql/pgcrypto.so":
> dlopen '/usr/home/jurka/tmp/pg81/lib/postgresql/pgcrypto.so' failed.
> (/usr/home/jurka/tmp/pg81/lib/postgresql/pgcrypto.so: Undefined PLT
> symbol "DES_set_key" (reloc type = 7, symnum = 75))

Hm, so it seems that libssl or libcrypto isn't getting loaded in
properly. What does ldd (or local equivalent) say about pgcrypto.so's
dependencies? Are these libraries properly mentioned on the command
line when pgcrypto.so is linked?

regards, tom lane

On Wed, 6 Jul 2005, Tom Lane wrote:

> Hm, so it seems that libssl or libcrypto isn't getting loaded in
> properly. What does ldd (or local equivalent) say about pgcrypto.so's
> dependencies? Are these libraries properly mentioned on the command
> line when pgcrypto.so is linked?
>

Actually looks like a compile time problem:

gcc -O2 -Wall -Wmissing-prototypes -Wpointer-arith -fno-strict-aliasing -g
-fpic -DPIC -DRAND_OPENSSL -I. -I../../src/include -I/usr/pkg/include -c
-o openssl.o openssl.c
openssl.c: In function `ossl_des3_init':
openssl.c:403: warning: implicit declaration of function `DES_set_key'
openssl.c: In function `ossl_des3_ecb_encrypt':
openssl.c:426: warning: implicit declaration of function
`DES_ecb3_encrypt'
openssl.c: In function `ossl_des3_cbc_encrypt':
openssl.c:451: warning: implicit declaration of function
`DES_ede3_cbc_encrypt'

<openssl/des.h> has entries for des_set_key (and lowercase versions of
others), but not DES_set_key. Adjusting the code to use the lowercase
versions results in compile warnings, but the regression tests pass
(except for rijndael which fails with 'ERROR: Cannot use "aes": No such
cipher algorithm'. I've got OpenSSL 0.9.6g 9 Aug 2002, is that just too
old?

Kris Jurka

gcc -O2 -Wall -Wmissing-prototypes -Wpointer-arith -fno-strict-aliasing
-g -fpic -DPIC -DRAND_OPENSSL -I. -I../../src/include -I/usr/pkg/include
-c -o openssl.o openssl.c
openssl.c: In function `ossl_des3_init':
openssl.c:403: warning: passing arg 2 of `des_set_key' from incompatible
pointer type
openssl.c:404: warning: passing arg 2 of `des_set_key' from incompatible
pointer type
openssl.c:405: warning: passing arg 2 of `des_set_key' from incompatible
pointer type
openssl.c: In function `ossl_des3_ecb_encrypt':
openssl.c:427: warning: passing arg 1 of `des_ecb3_encrypt' from
incompatible pointer type
openssl.c:427: warning: passing arg 2 of `des_ecb3_encrypt' from
incompatible pointer type
openssl.c:427: warning: passing arg 3 of `des_ecb3_encrypt' from
incompatible pointer type
openssl.c:427: warning: passing arg 4 of `des_ecb3_encrypt' from
incompatible pointer type
openssl.c:427: warning: passing arg 5 of `des_ecb3_encrypt' from
incompatible pointer type
openssl.c: In function `ossl_des3_ecb_decrypt':
openssl.c:441: warning: passing arg 1 of `des_ecb3_encrypt' from
incompatible pointer type
openssl.c:441: warning: passing arg 2 of `des_ecb3_encrypt' from
incompatible pointer type
openssl.c:441: warning: passing arg 3 of `des_ecb3_encrypt' from
incompatible pointer type
openssl.c:441: warning: passing arg 4 of `des_ecb3_encrypt' from
incompatible pointer type
openssl.c:441: warning: passing arg 5 of `des_ecb3_encrypt' from
incompatible pointer type
openssl.c: In function `ossl_des3_cbc_encrypt':
openssl.c:453: warning: passing arg 4 of `des_ede3_cbc_encrypt' from
incompatible pointer type
openssl.c:453: warning: passing arg 5 of `des_ede3_cbc_encrypt' from
incompatible pointer type
openssl.c:453: warning: passing arg 6 of `des_ede3_cbc_encrypt' from
incompatible pointer type
openssl.c: In function `ossl_des3_cbc_decrypt':
openssl.c:465: warning: passing arg 4 of `des_ede3_cbc_encrypt' from
incompatible pointer type
openssl.c:465: warning: passing arg 5 of `des_ede3_cbc_encrypt' from
incompatible pointer type
openssl.c:465: warning: passing arg 6 of `des_ede3_cbc_encrypt' from
incompatible pointer type
,

Kris Jurka <books(at)ejurka(dot)com> writes:
> I've got OpenSSL 0.9.6g 9 Aug 2002, is that just too old?

Not sure --- I forwarded your message to Marko for comment.

According to http://www.openssl.org/news/ you're short at least two
security fixes, so I don't feel any strong need to support 0.9.6g per se.
But if the same API issue exists in 0.9.6-current then we probably ought
to think about whether we can cope. It looks to me like 0.9.6 is still
considered a supported branch by the OpenSSL community.

regards, tom lane