From: "nagachika (Tomoyuki Chikanaga)" Date: 2013-10-31T22:42:43+09:00 Subject: [ruby-core:58098] [ruby-trunk - Bug #8384] Cannot build ruby against OpenSSL build with "no-ec2m" Issue #8384 has been updated by nagachika (Tomoyuki Chikanaga). Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED to 1.9.3: REQUIRED, 2.0.0: DONE r41808 and 41829 are backported to ruby_2_0_0 at r43481. ---------------------------------------- Bug #8384: Cannot build ruby against OpenSSL build with "no-ec2m" https://bugs.ruby-lang.org/issues/8384#change-42682 Author: vo.x (Vit Ondruch) Status: Open Priority: Normal Assignee: nagachika (Tomoyuki Chikanaga) Category: Target version: ruby -v: ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux] Backport: 1.9.3: REQUIRED, 2.0.0: DONE =begin Due to recent changes in OpenSSL configuration options for Red Hat Enterprise Linux, I cannot build Ruby anymore. These are the relevant changes in OpenSSL configuration: @@ -227,7 +234,7 @@ sslarch=linux-ppc64 ./Configure \ --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \ - enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh no-ecdsa no-srp \ + enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \ --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \ --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips} I see that the "no-ec" was removed. So if I understand it correctly, the "OPENSSL_NO_EC" used to be defined, while it is not anymore and hence the whole ossl_pkey_ec.c file used to be ignored, while it is not anymore, Therefore, I observe following error: ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared (first use in this function) new_curve = EC_GROUP_new_curve_GF2m; I was suggested by our OpenSSL maintainer to just #ifndef OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with this naive patch: diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index 8e6d88f..29e28ca 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self) method = EC_GFp_mont_method(); } else if (id == s_GFp_nist) { method = EC_GFp_nist_method(); +#if !defined(OPENSSL_NO_EC2M) } else if (id == s_GF2m_simple) { method = EC_GF2m_simple_method(); +#endif } if (method) { @@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self) if (id == s_GFp) { new_curve = EC_GROUP_new_curve_GFp; +#if !defined(OPENSSL_NO_EC2M) } else if (id == s_GF2m) { new_curve = EC_GROUP_new_curve_GF2m; +#endif } else { ossl_raise(rb_eArgError, "unknown symbol, must be :GFp or :GF2m"); } which fixes the build issues, but the leaves the test suite failing: 7) Error: test_read_private_key_pem_pw(OpenSSL::TestEC): OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1): unknown group /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in `initialize' /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in `new' /builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in `setup' and there are remaining references to :GF2m in exception messages, etc. Is there any chance to support this set of OpenSSL configuration options properly, i.e. make the OpenSSL work better with such fine grained configuration options? Thanks =end -- http://bugs.ruby-lang.org/