From owner-freebsd-python@freebsd.org Mon Sep 24 19:03:52 2018 Return-Path: Delivered-To: freebsd-python@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8D37D10B4CC2 for ; Mon, 24 Sep 2018 19:03:52 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org) Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 484B58E94B for ; Mon, 24 Sep 2018 19:03:51 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org) Received: by straasha.imrryr.org (Postfix, from userid 1001) id 84E78304828; Mon, 24 Sep 2018 15:03:50 -0400 (EDT) Date: Mon, 24 Sep 2018 15:03:50 -0400 From: Viktor Dukhovni To: freebsd-python@freebsd.org Subject: One more tweak to py-m2crypto (ideally also upstream) Message-ID: <20180924190350.GM3589@straasha.imrryr.org> Reply-To: freebsd-python@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-BeenThere: freebsd-python@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: FreeBSD-specific Python issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Sep 2018 19:03:52 -0000 On my system OpenSSL 1.1.0 is configured with no RIPEMD160 support. $ egrep '^OPT' /var/db/ports/security_openssl-devel/options | sort OPTIONS_FILE_SET+=ASM OPTIONS_FILE_SET+=DH OPTIONS_FILE_SET+=EC OPTIONS_FILE_SET+=MAN3 OPTIONS_FILE_SET+=SHARED OPTIONS_FILE_SET+=SSE2 OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_SET+=TLS1 OPTIONS_FILE_SET+=TLS1_1 OPTIONS_FILE_UNSET+=ASYNC OPTIONS_FILE_UNSET+=IDEA OPTIONS_FILE_UNSET+=JPAKE OPTIONS_FILE_UNSET+=MD2 OPTIONS_FILE_UNSET+=MD4 OPTIONS_FILE_UNSET+=MDC2 OPTIONS_FILE_UNSET+=NEXTPROTONEG OPTIONS_FILE_UNSET+=RC2 OPTIONS_FILE_UNSET+=RC4 OPTIONS_FILE_UNSET+=RC5 OPTIONS_FILE_UNSET+=RFC3779 OPTIONS_FILE_UNSET+=RMD160 OPTIONS_FILE_UNSET+=SCTP OPTIONS_FILE_UNSET+=SSL3 OPTIONS_FILE_UNSET+=ZLIB This results in a non-working M2Crypto build, which compiles and with a warning about a missing prototype, installs, but fails to load with an unresolved symbol. The solution was to change SWIG/_evp.i, to take compile-time algorithm disablement into account. For me, just the below was sufficient: #ifndef OPENSSL_NO_RMD160 %rename(ripemd160) EVP_ripemd160; extern const EVP_MD *EVP_ripemd160(void); #endif M2Crypto really should not be using the direct EVP algorithm accessors, rather it should be using EVP_get_digestbyname(3). -- Viktor.