bpo-45627: handle OPENSSL_NO_SCRYPT and OPENSSL_NO_BLAKE defines (GH-29237) #29237
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…29237) This follows update https://bugs.python.org/issue43669 Which is present in Python 3.10 Some OpenSSL 1.1.1 can be built without Blake2 support or Scrypt. SHA3 and SHAKE do not seem to have any enable/disable flags. This results in compiler errors where EVP_blake2b512, EVP_blake2s256, EVP_PBE_scrypt and PKCS5_v2_scrypt_keyivgen can be un-defined. This is unfortunate behavior on the part of OpenSSL 1.1.1. So, for BLAKE2 and SCRYPT, we should still check that the OPENSSL_NO_SCRYPT and OPENSSL_NO_BLAKE2 defines are not-define. Looking into the evp.h header of OpenSSL 1.1.1l, we get: ``` ......... # ifndef OPENSSL_NO_BLAKE2 const EVP_MD *EVP_blake2b512(void); const EVP_MD *EVP_blake2s256(void); # endif ......... #ifndef OPENSSL_NO_SCRYPT int EVP_PBE_scrypt(const char *pass, size_t passlen, const unsigned char *salt, size_t saltlen, uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, unsigned char *key, size_t keylen); int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de); #endif ......... ``` Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Contributor
Author
|
oh ; so blurb is still required; will submit one |
Contributor
Author
|
Closing this in light of |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This follows update https://bugs.python.org/issue43669
Which is present in Python 3.10
Some OpenSSL 1.1.1 can be built without Blake2 support or Scrypt.
SHA3 and SHAKE do not seem to have any enable/disable flags.
This results in compiler errors where EVP_blake2b512, EVP_blake2s256,
EVP_PBE_scrypt and PKCS5_v2_scrypt_keyivgen can be un-defined.
This is unfortunate behavior on the part of OpenSSL 1.1.1.
So, for BLAKE2 and SCRYPT, we should still check that the OPENSSL_NO_SCRYPT
and OPENSSL_NO_BLAKE2 defines are not-define.
Looking into the evp.h header of OpenSSL 1.1.1l, we get:
Signed-off-by: Alexandru Ardelean ardeleanalex@gmail.com
https://bugs.python.org/issue45627