[IMPALA-12211] OpenSSL 3 doesn't provide FIPS_mode() - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: Impala 4.3.0
Fix Version/s: Impala 4.3.0
Component/s: Backend
Labels:
None

Epic Color:
ghx-label-5

Description

OpenSSL 3 doesn't provide FIPS_mode(). Instead, it provides EVP_default_properties_is_fips_enabled(). To compile against OpenSSL 3 (needed for Ubuntu 22 and Redhat 9), the existing references to FIPS_mode() will need to handle this.

Current FIPS_mode() references:

be/src/exprs/expr-test.cc:  if (FIPS_mode()) {
be/src/exprs/expr-test.cc:  if (!FIPS_mode()) {
be/src/exprs/expr-test.cc:  if (FIPS_mode()) {
be/src/exprs/expr-test.cc:  if (FIPS_mode()) {
be/src/exprs/mask-functions-ir.cc:  if (FIPS_mode()) {
be/src/exprs/utility-functions-ir.cc:  if (FIPS_mode()) {
be/src/exprs/utility-functions-ir.cc:  if (FIPS_mode() && (bit_len.val == 224 || bit_len.val == 256)) {
be/src/exprs/utility-functions-ir.cc:  if (UNLIKELY(FIPS_mode())) {
be/src/kudu/util/openssl_util.cc:  auto fips_mode = FIPS_mode();
be/src/util/webserver-test.cc:  if (FIPS_mode()) {
be/src/util/webserver-test.cc:  if (FIPS_mode()) return;
be/src/util/webserver.cc:    if (FIPS_mode()) {

We also need to pull in these two Kudu fixes for the KRPC code:

https://github.com/apache/kudu/commit/c24629083e520614af50d0c4242e3d30f55689b6

https://github.com/apache/kudu/commit/acac73ecda83ec2390b5990cc132ca6968bfefdf

Attachments

Issue Links

is related to

IMPALA-12207 Add support for Redhat 9

Resolved

Activity

People

Assignee:: Joe McDonnell

Reporter:: Joe McDonnell

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 13/Jun/23 21:21

Updated:: 15/Jun/23 17:12

Resolved:: 15/Jun/23 17:12