[jira] [Created] (KUDU-3672) Adapt Kudu to OpenSSL 3.x

Thu, 26 Jun 2025 02:43:18 -0700 

Ke Deng created KUDU-3672:
-----------------------------

             Summary: Adapt Kudu to OpenSSL 3.x
                 Key: KUDU-3672
                 URL: https://issues.apache.org/jira/browse/KUDU-3672
             Project: Kudu
          Issue Type: New Feature
            Reporter: Ke Deng


When compiling Kudu on a Rocky Linux 9.5 environment, we encountered the 
following warnings related to deprecated OpenSSL APIs:
{code:java}
// code placeholder
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:117:38: warning: ‘void 
EC_KEY_free(EC_KEY*)’ is deprecated: Since OpenSSL 3.0 
[-Wdeprecated-declarations]   117 |   static constexpr auto kFreeFunc = 
&EC_KEY_free;       |                                      ^~~~~~~~~~~ In file 
included from /data/code/comm/kudu/src/kudu/util/jwt-util.cc:24: 
/usr/include/openssl/ec.h:1022:28: note: declared here  1022 | 
OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key);       |                    
        ^~~~~~~~~~~ /data/code/comm/kudu/src/kudu/util/jwt-util.cc:117:38: 
warning: ‘void EC_KEY_free(EC_KEY*)’ is deprecated: Since OpenSSL 3.0 
[-Wdeprecated-declarations]   117 |   static constexpr auto kFreeFunc = 
&EC_KEY_free;       |                                      ^~~~~~~~~~~ In file 
included from /data/code/comm/kudu/src/kudu/util/jwt-util.cc:24: 
/usr/include/openssl/ec.h:1022:28: note: declared here  1022 | 
OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key);       |                    
        ^~~~~~~~~~~ /data/code/comm/kudu/src/kudu/util/jwt-util.cc:118:42: 
warning: ‘int PEM_write_bio_EC_PUBKEY(BIO*, const EC_KEY*)’ is deprecated: 
Since OpenSSL 3.0 [-Wdeprecated-declarations]   118 |   static constexpr auto 
kWritePemFunc = &PEM_write_bio_EC_PUBKEY;       |                               
           ^~~~~~~~~~~~~~~~~~~~~~~ In file included from 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:26: 
/usr/include/openssl/pem.h:467:1: note: declared here   467 | 
DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, EC_PUBKEY, EC_KEY)       | 
^~~~~~~~~~~~~~~~~~~ /data/code/comm/kudu/src/kudu/util/jwt-util.cc:118:42: 
warning: ‘int PEM_write_bio_EC_PUBKEY(BIO*, const EC_KEY*)’ is deprecated: 
Since OpenSSL 3.0 [-Wdeprecated-declarations]   118 |   static constexpr auto 
kWritePemFunc = &PEM_write_bio_EC_PUBKEY;       |                               
           ^~~~~~~~~~~~~~~~~~~~~~~ In file included from 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:26: 
/usr/include/openssl/pem.h:467:1: note: declared here   467 | 
DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, EC_PUBKEY, EC_KEY)       | 
^~~~~~~~~~~~~~~~~~~ /data/code/comm/kudu/src/kudu/util/jwt-util.cc:128:38: 
warning: ‘void RSA_free(RSA*)’ is deprecated: Since OpenSSL 3.0 
[-Wdeprecated-declarations]   128 |   static constexpr auto kFreeFunc = 
&RSA_free;       |                                      ^~~~~~~~ In file 
included from /usr/include/openssl/x509.h:36,                  from 
/usr/include/openssl/pem.h:23,                  from 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:26: 
/usr/include/openssl/rsa.h:304:28: note: declared here   304 | 
OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);       |                            
^~~~~~~~ /data/code/comm/kudu/src/kudu/util/jwt-util.cc:128:38: warning: ‘void 
RSA_free(RSA*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]   
128 |   static constexpr auto kFreeFunc = &RSA_free;       |                    
                  ^~~~~~~~ In file included from 
/usr/include/openssl/x509.h:36,                  from 
/usr/include/openssl/pem.h:23,                  from 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:26: 
/usr/include/openssl/rsa.h:304:28: note: declared here   304 | 
OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);       |                            
^~~~~~~~ /data/code/comm/kudu/src/kudu/util/jwt-util.cc:129:42: warning: ‘int 
PEM_write_bio_RSA_PUBKEY(BIO*, const RSA*)’ is deprecated: Since OpenSSL 3.0 
[-Wdeprecated-declarations]   129 |   static constexpr auto kWritePemFunc = 
&PEM_write_bio_RSA_PUBKEY;       |                                          
^~~~~~~~~~~~~~~~~~~~~~~~ In file included from 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:26: 
/usr/include/openssl/pem.h:453:1: note: declared here   453 | 
DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSA_PUBKEY, RSA)       | 
^~~~~~~~~~~~~~~~~~~ /data/code/comm/kudu/src/kudu/util/jwt-util.cc:129:42: 
warning: ‘int PEM_write_bio_RSA_PUBKEY(BIO*, const RSA*)’ is deprecated: Since 
OpenSSL 3.0 [-Wdeprecated-declarations]   129 |   static constexpr auto 
kWritePemFunc = &PEM_write_bio_RSA_PUBKEY;       |                              
            ^~~~~~~~~~~~~~~~~~~~~~~~ In file included from 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:26: 
/usr/include/openssl/pem.h:453:1: note: declared here   453 | 
DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSA_PUBKEY, RSA)       | 
^~~~~~~~~~~~~~~~~~~ /data/code/comm/kudu/src/kudu/util/jwt-util.cc: In static 
member function ‘static kudu::Status 
kudu::RSAJWTPublicKeyBuilder::ConvertJwkToPem(const string&, const string&, 
std::string&)’: /data/code/comm/kudu/src/kudu/util/jwt-util.cc:449:37: warning: 
‘RSA* RSA_new()’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]   
449 |   auto rsa = ssl_make_unique(RSA_new());       |                          
    ~~~~~~~^~ In file included from /usr/include/openssl/x509.h:36,             
     from /usr/include/openssl/pem.h:23,                  from 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:26: 
/usr/include/openssl/rsa.h:212:28: note: declared here   212 | 
OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);       |                            
^~~~~~~ In file included from 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:66: 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:455:34: warning: ‘int 
RSA_set0_key(RSA*, BIGNUM*, BIGNUM*, BIGNUM*)’ is deprecated: Since OpenSSL 3.0 
[-Wdeprecated-declarations]   455 |   OPENSSL_RET_NOT_OK(RSA_set0_key(       |  
                    ~~~~~~~~~~~~^   456 |       rsa.get(), mod.release(), 
exp.release(), nullptr), "failed to set RSA key");       |       
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
/data/code/comm/kudu/src/kudu/util/openssl_util.h:59:8: note: in definition of 
macro ‘OPENSSL_RET_NOT_OK’    59 |   if ((call) <= 0) { \       |        ^~~~ 
In file included from /usr/include/openssl/x509.h:36,                  from 
/usr/include/openssl/pem.h:23,                  from 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:26: 
/usr/include/openssl/rsa.h:218:27: note: declared here   218 | 
OSSL_DEPRECATEDIN_3_0 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM 
*d);       |                           ^~~~~~~~~~~~ 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc: In static member function 
‘static kudu::Status kudu::ECJWTPublicKeyBuilder::ConvertJwkToPem(int, const 
string&, const string&, std::string&)’: 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:568:57: warning: ‘EC_KEY* 
EC_KEY_new_by_curve_name(int)’ is deprecated: Since OpenSSL 3.0 
[-Wdeprecated-declarations]   568 |   auto ec_key = 
ssl_make_unique(EC_KEY_new_by_curve_name(eccgrp));       |                      
           ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~ In file included from 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:24: 
/usr/include/openssl/ec.h:1017:31: note: declared here  1017 | 
OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid);       |        
                       ^~~~~~~~~~~~~~~~~~~~~~~~ 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:570:23: warning: ‘void 
EC_KEY_set_asn1_flag(EC_KEY*, int)’ is deprecated: Since OpenSSL 3.0 
[-Wdeprecated-declarations]   570 |   EC_KEY_set_asn1_flag(ec_key.get(), 
OPENSSL_EC_NAMED_CURVE);       |   
~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included 
from /data/code/comm/kudu/src/kudu/util/jwt-util.cc:24: 
/usr/include/openssl/ec.h:1106:28: note: declared here  1106 | 
OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);  
     |                            ^~~~~~~~~~~~~~~~~~~~ In file included from 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:66: 
/data/code/comm/kudu/src/kudu/util/jwt-util.cc:571:62: warning: ‘int 
EC_KEY_set_public_key_affine_coordinates(EC_KEY*, BIGNUM*, BIGNUM*)’ is 
deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]   571 |   
OPENSSL_RET_NOT_OK(EC_KEY_set_public_key_affine_coordinates(       |            
          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^   572 |       ec_key.get(), 
x.get(), y.get()), "failed to set public key");       |       
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                          
/data/code/comm/kudu/src/kudu/util/openssl_util.h:59:8: note: in definition of 
macro ‘OPENSSL_RET_NOT_OK’    59 |   if ((call) <= 0) { \       |        ^~~~ 
In file included from /data/code/comm/kudu/src/kudu/util/jwt-util.cc:24: 
/usr/include/openssl/ec.h:1141:27: note: declared here  1141 | 
OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, 
      |                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 {code}
This appears to be caused by the fact that Rocky Linux 9.5 includes OpenSSL 3.x 
by default, while Kudu currently uses a number of APIs that were deprecated in 
OpenSSL 3.0 (but were commonly used in OpenSSL 1.x).

I would like to ask if there are any plans in the Kudu community to adapt to 
OpenSSL 3.0+ in future releases, or if a migration or compatibility path is 
currently under discussion.

Let me know if I can help gather more details or contribute a patch.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to