Announcement

Collapse
No announcement yet.

C++ client core in SHA1_Final (voltdb-client-cpp-x86_64-2.5, CentOS 6.3)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • C++ client core in SHA1_Final (voltdb-client-cpp-x86_64-2.5, CentOS 6.3)

    We see this stack:
    #0 0x00007f97af8ea80b in SHA1_Final () from [...]/Product/lib/libssl.so
    #1 0x00007f9760714fbf in voltdb::ClientImpl::ClientImpl (this=0x7f973401fd50, config=...) at src/ClientImpl.cpp:211
    #2 0x00007f976071280e in voltdb::Client::create (config=<value optimized out>) at src/Client.cpp:30
    ...
    From: https://github.com/VoltDB/voltdb-cli...ter/src/sha1.c - Eliminate usage of open ssl. (2 years ago).

    Workaround is to LD_PRELOAD the voltdbcpp shared library (so that SHA1_Final in libssl.so is not used). Anything better welcome.

    There doesn't appear to be much reported on the C++ client at issues.voltdb.com (all fixed) - anyone using it much?

    Thanks,

    Paul

  • #2
    Originally posted by phealy View Post
    We see this stack:
    #0 0x00007f97af8ea80b in SHA1_Final () from [...]/Product/lib/libssl.so
    #1 0x00007f9760714fbf in voltdb::ClientImpl::ClientImpl (this=0x7f973401fd50, config=...) at src/ClientImpl.cpp:211
    #2 0x00007f976071280e in voltdb::Client::create (config=<value optimized out>) at src/Client.cpp:30
    ...
    From: https://github.com/VoltDB/voltdb-cli...ter/src/sha1.c - Eliminate usage of open ssl. (2 years ago).

    Workaround is to LD_PRELOAD the voltdbcpp shared library (so that SHA1_Final in libssl.so is not used). Anything better welcome.

    There doesn't appear to be much reported on the C++ client at issues.voltdb.com (all fixed) - anyone using it much?

    Paul
    Paul,

    The C++ driver(s) are used in production - and are also the basis of the PHP client which is one of the more popular VoltDB client drivers. Are you linking the application that uses the CPP driver against openssl? Not sure offhand which part of the driver needs the SHA1_Final symbol and if we can namespace that more defensively. Will follow-up.

    Ryan.

    Comment


    • #3
      Hi Ryan,

      Yes, we link against openssl - the sha1 calls are there for password hashing, and avoiding collisions would be good:
      src/ClientImpl.cpp: SHA1_CTX context;
      src/ClientImpl.cpp: SHA1_Init(&context);
      src/ClientImpl.cpp: SHA1_Update( &context, reinterpret_cast<const unsigned char*>(config.m_password.data()), config.m_password.size());
      src/ClientImpl.cpp: SHA1_Final ( &context, m_passwordHash);

      Thanks,

      Paul

      Comment


      • #4
        Originally posted by phealy View Post
        Hi Ryan,

        Yes, we link against openssl - the sha1 calls are there for password hashing, and avoiding collisions would be good:
        src/ClientImpl.cpp: SHA1_CTX context;
        src/ClientImpl.cpp: SHA1_Init(&context);
        src/ClientImpl.cpp: SHA1_Update( &context, reinterpret_cast<const unsigned char*>(config.m_password.data()), config.m_password.size());
        src/ClientImpl.cpp: SHA1_Final ( &context, m_passwordHash);

        Thanks,

        Paul
        Looks like the patch for this is present on a separate version of the client - but not merged to the version that owns master.

        https://github.com/VoltDB/voltdb-cli...b5bf02e14ac0a4

        We will make this change universal - sorry for the troubles.

        Ryan.

        Comment


        • #5
          Hi Ryan,

          Thanks - that looks good here.

          Picked/rebuilt with:
          $ git cherry-pick cdc7dc2804c7d9355a51f75ee2b5bf02e14ac0a4
          Finished one cherry-pick.
          [master 74a4cc6] Fix symbol collision on Solaris with SHA1 and libcrypto
          Author: Ariel Weisberg <aweisberg@voltdb.com>
          3 files changed, 32 insertions(+), 32 deletions(-)
          $

          Paul

          Comment


          • #6
            Thanks - that looks good here.
            Will Glee Season 4 DVD joined into Oscars Ceremony?

            Comment

            Working...
            X