Skip to content

Add support for computing hashes using OpenSSL >= 3.1.0#627

Open
ppisar wants to merge 1 commit into
openSUSE:masterfrom
ppisar:openssl
Open

Add support for computing hashes using OpenSSL >= 3.1.0#627
ppisar wants to merge 1 commit into
openSUSE:masterfrom
ppisar:openssl

Conversation

@ppisar

@ppisar ppisar commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

It adds WITH_OPENSSL build option, defaulting to OFF. If it is ON, OpenSSL will be used for computing hashes (MD5, SHA1, SHA224, SHA256, SHA384, SHA512) instead of the internal implementation.

This patch intentionally uses OpenSSL API which has not been deprecated in OpenSSL 3 and 4. It calls these functions added in these OpenSSL version:

EVP_MD_CTX_dup()        since 3.1.0
EVP_DigestInit_ex2()    since 3.0.0
EVP_MD_CTX_new()        since 1.1.0
EVP_sha512()            since 1.1.0
EVP_DigestFinal_ex()    since 1.0.0

The EVP_MD_CTX_dup() could be trivialy reimplemented, but since 3.0.0 users can easily upgrade to 3.1.0, I set a minimal required OpenSSL version to 3.1.0.

This patch is based on Jaroslav Rohel jrohel@redhat.com and Jonathan Wright jonathan@almalinux.org work
#598 which used the deprecated OpenSSL API.

@mlschroe

Copy link
Copy Markdown
Member

You also need to implement SOLV_CHKSUMP_IMPL_FREE

It adds WITH_OPENSSL build option, defaulting to OFF.  If it is ON,
OpenSSL will be used for computing hashes (MD5, SHA1, SHA224, SHA256,
SHA384, SHA512) instead of the internal implementation.

This patch intentionally uses OpenSSL API which has not been
deprecated in OpenSSL 3 and 4. It calls these functions added in these
OpenSSL version:

    EVP_MD_CTX_dup()        since 3.1.0
    EVP_DigestInit_ex2()    since 3.0.0
    EVP_MD_CTX_new()        since 1.1.0
    EVP_sha512()            since 1.1.0
    EVP_DigestFinal_ex()    since 1.0.0

The EVP_MD_CTX_dup() could be trivialy reimplemented, but since
3.0.0 users can easily upgrade to 3.1.0, I set a minimal required
OpenSSL version to 3.1.0.

This patch is based on Jaroslav Rohel <jrohel@redhat.com> and Jonathan
Wright <jonathan@almalinux.org> work
<openSUSE#598> which used the
deprecated OpenSSL API.
@ppisar

ppisar commented Jun 18, 2026

Copy link
Copy Markdown
Contributor Author

You are right. I added handling for SOLV_CHKSUMP_IMPL_FREE.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants