Forum: Ruby-core [ruby-trunk - Bug #8384][Open] Cannot build ruby against OpenSSL build with "no-ec2m"

C4c327c418a3182b7f6a30dd1534143a?d=identicon&s=25 Vít Ondruch (vo_x)
on 2013-05-09 13:56
(Received via mailing list)
Issue #8384 has been reported by vo.x (Vit Ondruch).

----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384

Author: vo.x (Vit Ondruch)
Status: Open
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
C4c327c418a3182b7f6a30dd1534143a?d=identicon&s=25 Vít Ondruch (vo_x)
on 2013-05-14 11:45
(Received via mailing list)
Issue #8384 has been updated by vo.x (Vit Ondruch).

File out.patch added

So I made the patch pass the test suite. The test suite is now querying
OpenSSL for builtin curves, instead of explicitly naming just some of
them.
----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384#change-39330

Author: vo.x (Vit Ondruch)
Status: Open
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
1ecef11b3cc6abfda85798858745ef72?d=identicon&s=25 MartinBosslet (Martin Bosslet) (Guest)
on 2013-07-06 00:48
(Received via mailing list)
Issue #8384 has been updated by MartinBosslet (Martin Bosslet).


vo.x (Vit Ondruch) wrote:
> So I made the patch pass the test suite. The test suite is now querying OpenSSL
for built-in curves, instead of explicitly enumerating just some of them.

Thank you, iterating over the built-in curves instead of hard-coding
some of them makes a lot more sense!
----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384#change-40314

Author: vo.x (Vit Ondruch)
Status: Closed
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
C4c327c418a3182b7f6a30dd1534143a?d=identicon&s=25 Vít Ondruch (vo_x)
on 2013-07-06 09:19
(Received via mailing list)
Issue #8384 has been updated by vo.x (Vit Ondruch).


Thanks for applying this patch.

Could this be backported into 2.0.0? Thanks.
----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384#change-40319

Author: vo.x (Vit Ondruch)
Status: Closed
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
9361878d459f1709feec780518946ee5?d=identicon&s=25 naruse (Yui NARUSE) (Guest)
on 2013-07-06 11:16
(Received via mailing list)
Issue #8384 has been updated by naruse (Yui NARUSE).

Status changed from Closed to Assigned

r41808 breaks non-FIPS environments like
http://u32.rubyci.org/~chkbuild/ruby-trunk/log/201...
----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384#change-40320

Author: vo.x (Vit Ondruch)
Status: Assigned
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
1ecef11b3cc6abfda85798858745ef72?d=identicon&s=25 MartinBosslet (Martin Bosslet) (Guest)
on 2013-07-06 15:22
(Received via mailing list)
Issue #8384 has been updated by MartinBosslet (Martin Bosslet).


naruse (Yui NARUSE) wrote:
> r41808 breaks non-FIPS environments like
http://u32.rubyci.org/~chkbuild/ruby-trunk/log/201...

Crap, compatibility is hard :) I'll fix it tomorrow!
----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384#change-40323

Author: vo.x (Vit Ondruch)
Status: Assigned
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
1ecef11b3cc6abfda85798858745ef72?d=identicon&s=25 MartinBosslet (Martin Bosslet) (Guest)
on 2013-07-08 01:34
(Received via mailing list)
Issue #8384 has been updated by MartinBosslet (Martin Bosslet).


The breaking build was related to "Oakley" curves, which are part of the
built-in curves, but a) not suitable for ECDSA and b) their Object
Identifier seems not to be registered with OpenSSL by default. This
caused the tests to fail. Workaround is to simply ignore the tests for
Oakley curves.
----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384#change-40347

Author: vo.x (Vit Ondruch)
Status: Closed
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
C4c327c418a3182b7f6a30dd1534143a?d=identicon&s=25 Vít Ondruch (vo_x)
on 2013-08-21 14:37
(Received via mailing list)
Issue #8384 has been updated by vo.x (Vit Ondruch).

Backport changed from 1.9.3: UNKNOWN, 2.0.0: UNKNOWN to 1.9.3: REQUIRED,
2.0.0: REQUIRED

Is there any chance to get this backported into Ruby 2.0.0 as well as
Ruby 1.9.3 branches? Thanks.
----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384#change-41312

Author: vo.x (Vit Ondruch)
Status: Closed
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: REQUIRED, 2.0.0: REQUIRED


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
C4c327c418a3182b7f6a30dd1534143a?d=identicon&s=25 Vít Ondruch (vo_x)
on 2013-08-22 06:27
(Received via mailing list)
Issue #8384 has been updated by vo.x (Vit Ondruch).

Status changed from Closed to Open


----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384#change-41321

Author: vo.x (Vit Ondruch)
Status: Open
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: REQUIRED, 2.0.0: REQUIRED


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
C4c327c418a3182b7f6a30dd1534143a?d=identicon&s=25 Vít Ondruch (vo_x)
on 2013-10-01 13:27
(Received via mailing list)
Issue #8384 has been updated by vo.x (Vit Ondruch).

Assignee changed from MartinBosslet (Martin Bosslet) to nagachika
(Tomoyuki Chikanaga)


----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384#change-42159

Author: vo.x (Vit Ondruch)
Status: Open
Priority: Normal
Assignee: nagachika (Tomoyuki Chikanaga)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: REQUIRED, 2.0.0: REQUIRED


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
5cf8f058a4c094bb708174fb43e7a387?d=identicon&s=25 nagachika (Tomoyuki Chikanaga) (Guest)
on 2013-10-31 14:36
(Received via mailing list)
Issue #8384 has been updated by nagachika (Tomoyuki Chikanaga).


sorry, I've overlooked this ticket. I'll try to backport r41808 and
41829.
----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384#change-42680

Author: vo.x (Vit Ondruch)
Status: Open
Priority: Normal
Assignee: nagachika (Tomoyuki Chikanaga)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: REQUIRED, 2.0.0: REQUIRED


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
5cf8f058a4c094bb708174fb43e7a387?d=identicon&s=25 nagachika (Tomoyuki Chikanaga) (Guest)
on 2013-10-31 14:43
(Received via mailing list)
Issue #8384 has been updated by nagachika (Tomoyuki Chikanaga).

Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED to 1.9.3:
REQUIRED, 2.0.0: DONE

r41808 and 41829 are backported to ruby_2_0_0 at r43481.
----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384#change-42682

Author: vo.x (Vit Ondruch)
Status: Open
Priority: Normal
Assignee: nagachika (Tomoyuki Chikanaga)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: REQUIRED, 2.0.0: DONE


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
5cf8f058a4c094bb708174fb43e7a387?d=identicon&s=25 nagachika (Tomoyuki Chikanaga) (Guest)
on 2013-10-31 14:43
(Received via mailing list)
Issue #8384 has been updated by nagachika (Tomoyuki Chikanaga).

Status changed from Open to Assigned
Assignee changed from nagachika (Tomoyuki Chikanaga) to usa (Usaku
NAKAMURA)


----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384#change-42683

Author: vo.x (Vit Ondruch)
Status: Assigned
Priority: Normal
Assignee: usa (Usaku NAKAMURA)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: REQUIRED, 2.0.0: DONE


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
8cbb39dadafaf2287a83a13ee4981ec9?d=identicon&s=25 usa (Usaku NAKAMURA) (Guest)
on 2013-10-31 16:10
(Received via mailing list)
Issue #8384 has been updated by usa (Usaku NAKAMURA).

Backport changed from 1.9.3: REQUIRED, 2.0.0: DONE to 1.9.3: DONE,
2.0.0: DONE

Backported to ruby_1_9_3 at r43486 and r43494.
----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384#change-42697

Author: vo.x (Vit Ondruch)
Status: Assigned
Priority: Normal
Assignee: usa (Usaku NAKAMURA)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: DONE, 2.0.0: DONE


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
C4c327c418a3182b7f6a30dd1534143a?d=identicon&s=25 Vít Ondruch (vo_x)
on 2013-10-31 18:29
(Received via mailing list)
Issue #8384 has been updated by vo.x (Vit Ondruch).


Thank you!
----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384#change-42699

Author: vo.x (Vit Ondruch)
Status: Assigned
Priority: Normal
Assignee: usa (Usaku NAKAMURA)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: DONE, 2.0.0: DONE


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
8cbb39dadafaf2287a83a13ee4981ec9?d=identicon&s=25 usa (Usaku NAKAMURA) (Guest)
on 2013-12-01 17:08
(Received via mailing list)
Issue #8384 has been updated by usa (Usaku NAKAMURA).

Status changed from Assigned to Closed

(already finished)
----------------------------------------
Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m"
https://bugs.ruby-lang.org/issues/8384#change-43315

Author: vo.x (Vit Ondruch)
Status: Closed
Priority: Normal
Assignee: usa (Usaku NAKAMURA)
Category:
Target version:
ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]
Backport: 1.9.3: DONE, 2.0.0: DONE


=begin
Due to recent changes in OpenSSL configuration options for Red Hat
Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

 @@ -227,7 +234,7 @@ sslarch=linux-ppc64
  ./Configure \
         --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 -       enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh
no-ecdsa no-srp \
 +       enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \
         --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines
\
         --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the
"OPENSSL_NO_EC" used to be defined, while it is not anymore and hence
the whole ossl_pkey_ec.c file used to be ignored, while it is not
anymore, Therefore, I observe following error:

 ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared
(first use in this function)
                  new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef
OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with
this naive patch:

 diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
 index 8e6d88f..29e28ca 100644
 --- a/ext/openssl/ossl_pkey_ec.c
 +++ b/ext/openssl/ossl_pkey_ec.c
 @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)
                  method = EC_GFp_mont_method();
              } else if (id == s_GFp_nist) {
                  method = EC_GFp_nist_method();
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m_simple) {
                  method = EC_GF2m_simple_method();
 +#endif
              }

              if (method) {
 @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc,
VALUE *argv, VALUE self)

              if (id == s_GFp) {
                  new_curve = EC_GROUP_new_curve_GFp;
 +#if !defined(OPENSSL_NO_EC2M)
              } else if (id == s_GF2m) {
                  new_curve = EC_GROUP_new_curve_GF2m;
 +#endif
              } else {
                  ossl_raise(rb_eArgError, "unknown symbol, must be :GFp
or :GF2m");
              }

which fixes the build issues, but the leaves the test suite failing:

   7) Error:
 test_read_private_key_pem_pw(OpenSSL::TestEC):
 OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1):
unknown group
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`initialize'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`new'
     /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in
`setup'

and there are remaining references to :GF2m in exception messages, etc.
Is there any chance to support this set of OpenSSL configuration options
properly, i.e. make the OpenSSL work better with such fine grained
configuration options?

Thanks
=end
This topic is locked and can not be replied to.