Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for openssl 1.0.1 #159

Closed
pshipton opened this issue Apr 16, 2019 · 8 comments
Closed

Support for openssl 1.0.1 #159

pshipton opened this issue Apr 16, 2019 · 8 comments
Assignees
@groeges
Labels
enhancement New feature or request

Comments

@pshipton
Copy link
Member

pshipton commented Apr 16, 2019
edited
Loading

Support was added for openssl 1.0.2, however some older OSes like RHEL 6 and Debian 8 are still using the 1.0.1 version. When OpenJDK + OpenJ9 runs on these older OSes, a supported version of openssl is unlikely to be found. The crypto will revert to the java implementation which doesn't perform well with OpenJ9.

There is a version check in the openssl support code. This can be modified to accept the 1.0.1 version as well, and then run testing to confirm if it is working.

openj9-openjdk-jdk11/closed/src/java.base/share/native/libjncrypto/NativeCrypto.c

Line 196 in 5c13382

if (strncmp(openssl_version, "OpenSSL 1.0.2", 13) != 0) {

See also adoptium/temurin-build#1039
@pshipton
Copy link
Member Author

pshipton commented Apr 16, 2019
edited
Loading

@groeges @andrew-m-leonard @sxa555 @ashbm5 @jerrylui803

@pshipton
Copy link
Member Author

@vij-singh

@groeges
Copy link
Member

groeges commented Apr 16, 2019
edited
Loading

@pshipton How urgent is it to get the support for OpenSSL 1.0.1 added?
Does it need to be resolved before we do the quarterly release?
Do we just want to support OpenSSL 1.0.1 at runtime or also at build time?

@sxa
Copy link

sxa commented Apr 16, 2019

1.0.1 appears to work ok if I disable the version checks in NativeCrypto.cpp:

[jenkins@build-joyent-centos69-x64-1 sxa]$ openj9-openjdk-jdk11/build/linux-x86_64-normal-server-release/jdk/bin/java -Djdk.nativeCryptoTrace=true CryptoTest
MessageDigest load - using Native crypto library.
CipherCore Load - using native crypto library.
Crypto test COMPLETED

@pshipton
Copy link
Member Author

@groeges It's too late to be adding features to the quarterly release, it should go into the next release. However the change seems simple, we should try it asap to determine the effort involved.

Supporting 1.0.1 only at runtime is fine with me.

@sxa555 note the CryptoTest just ensures the library can load, it doesn't actually do any crypto operations.

@pshipton pshipton mentioned this issue Apr 16, 2019
Closed
@groeges
Copy link
Member

groeges commented Apr 17, 2019

The fact that the library was loaded does indicate that all the symbols have been found and the crypto operations should be OK. Will await any testing from Shelley to determine if this is working as expected.

@groeges
Copy link
Member

groeges commented Apr 29, 2019

This is also needed for JDK8, 12 and next (13).

PR's for each of these releases are:
JDK8: ibmruntimes/openj9-openjdk-jdk8#289
JDK11: #162
JDK12: ibmruntimes/openj9-openjdk-jdk12#43
JDK13: ibmruntimes/openj9-openjdk-jdk#96

@groeges groeges self-assigned this Apr 29, 2019
@groeges groeges added the enhancement New feature or request label Apr 29, 2019
@groeges
Copy link
Member

groeges commented Apr 29, 2019

These PRs have all been merged now, so closing the issue.
Any problems that arise from this will need to be raised in separate issues.

@groeges groeges mentioned this issue Apr 29, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@groeges groeges

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sxa @pshipton @groeges