[jira] [Commented] (IMPALA-14807) Replace MD5 and SHA1 hashing in squeasel for OpenSSL 3.0

Thu, 26 Mar 2026 11:24:31 -0700 


    [ 
https://issues.apache.org/jira/browse/IMPALA-14807?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18068793#comment-18068793
 ] 

ASF subversion and git services commented on IMPALA-14807:
----------------------------------------------------------

Commit 096707022d4afdc9da80a459993492a8deeb0ff3 in impala's branch 
refs/heads/master from Yida Wu
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=096707022 ]

IMPALA-14807: Fix squeasel MD5 issue in OpenSSL 3.0

OpenSSL 3.0 deprecates low-level hashing APIs such as MD5_Init() and
SHA1_Init(). Building in FIPS-compliant environments would fail.

This change replaces both MD5 and SHA1 implementations in squeasel.c
with the EVP digest interface using EVP APIs. This ensures the
compatibility with OpenSSL 3.0 to support FIPS 140-3.

Also, because the new EVP_MD_CTX_new() and EVP_MD_CTX_free() were
introduced in OpenSSL 1.1.0, this patch adds macros to map these
calls to old EVP_MD_CTX_create() and EVP_MD_CTX_destroy() on older
OpenSSL versions.

Tests:
Passed exhaustive build.
Tests the old interface also working in RHEL 7 with OpenSSL 1.0.2.

Change-Id: I806394633eaa73d973c27988fd303004487ddb4a
Reviewed-on: http://gerrit.cloudera.org:8080/24110
Reviewed-by: Joe McDonnell <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>
Reviewed-by: Michael Smith <[email protected]>


> Replace MD5 and SHA1 hashing in squeasel for OpenSSL 3.0
> --------------------------------------------------------
>
>                 Key: IMPALA-14807
>                 URL: https://issues.apache.org/jira/browse/IMPALA-14807
>             Project: IMPALA
>          Issue Type: Task
>          Components: Backend
>            Reporter: Yida Wu
>            Assignee: Yida Wu
>            Priority: Major
>             Fix For: Impala 5.0.0
>
>
> Impala uses squeasel for its debug web UI. The code uses low-level hashing 
> functions such as MD5_Init(), MD5_Update(), MD5_Final(), and SHA1, which are 
> deprecated in OpenSSL 3.0, causing the build to fail in the FIPS 140-3 
> compliance environment. We should update the code to use the high-level EVP 
> hashing functions to fix this.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to