Date: Mon, 24 Sep 2018 15:03:50 -0400 From: Viktor Dukhovni <ietf-dane@dukhovni.org> To: freebsd-python@freebsd.org Subject: One more tweak to py-m2crypto (ideally also upstream) Message-ID: <20180924190350.GM3589@straasha.imrryr.org>
next in thread | raw e-mail | index | archive | help
On my system OpenSSL 1.1.0 is configured with no RIPEMD160 support.
$ egrep '^OPT' /var/db/ports/security_openssl-devel/options | sort
OPTIONS_FILE_SET+=ASM
OPTIONS_FILE_SET+=DH
OPTIONS_FILE_SET+=EC
OPTIONS_FILE_SET+=MAN3
OPTIONS_FILE_SET+=SHARED
OPTIONS_FILE_SET+=SSE2
OPTIONS_FILE_SET+=THREADS
OPTIONS_FILE_SET+=TLS1
OPTIONS_FILE_SET+=TLS1_1
OPTIONS_FILE_UNSET+=ASYNC
OPTIONS_FILE_UNSET+=IDEA
OPTIONS_FILE_UNSET+=JPAKE
OPTIONS_FILE_UNSET+=MD2
OPTIONS_FILE_UNSET+=MD4
OPTIONS_FILE_UNSET+=MDC2
OPTIONS_FILE_UNSET+=NEXTPROTONEG
OPTIONS_FILE_UNSET+=RC2
OPTIONS_FILE_UNSET+=RC4
OPTIONS_FILE_UNSET+=RC5
OPTIONS_FILE_UNSET+=RFC3779
OPTIONS_FILE_UNSET+=RMD160
OPTIONS_FILE_UNSET+=SCTP
OPTIONS_FILE_UNSET+=SSL3
OPTIONS_FILE_UNSET+=ZLIB
This results in a non-working M2Crypto build, which compiles and
with a warning about a missing prototype, installs, but fails to
load with an unresolved symbol.
The solution was to change SWIG/_evp.i, to take compile-time algorithm
disablement into account. For me, just the below was sufficient:
#ifndef OPENSSL_NO_RMD160
%rename(ripemd160) EVP_ripemd160;
extern const EVP_MD *EVP_ripemd160(void);
#endif
M2Crypto really should not be using the direct EVP algorithm
accessors, rather it should be using EVP_get_digestbyname(3).
--
Viktor.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180924190350.GM3589>