Skip to content

bpo-38684: haslib: fix build when Blake2 not enabled in OpenSSL #17043

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 4, 2019
Merged

bpo-38684: haslib: fix build when Blake2 not enabled in OpenSSL #17043

merged 1 commit into from
Nov 4, 2019

Conversation

commodo
Copy link
Contributor

@commodo commodo commented Nov 4, 2019
edited by bedevere-bot
Loading

This was caught via OpenWrt's build, when upgrading to 3.8.
By default, Blake2 is not enabled in OpenWrt's OpenSSL.
Not sure if this is an issue in OpenSSL or Python or both.

After digging through the _hashopenssl.c, it seems that the check for
Blake2 being enabled/present in OpenSSL is not consistent with how OpenSSL
does it.

I guess this issue happens when Blake2 is present, but not enabled.
While the previous code was checking whether it is present.

Error is:

Modules/_hashopenssl.c:220:22: error: implicit declaration of function 'EVP_blake2s256'; did you mean 'SN_blake2s256'? [-Werror=implicit-function-declaration]
             digest = EVP_blake2s256();
                      ^~~~~~~~~~~~~~
                      SN_blake2s256
Modules/_hashopenssl.c:220:20: warning: assignment to 'const EVP_MD *' {aka 'const struct evp_md_st *'} from 'int' makes pointer from integer without a cast [-Wint-conversion]
             digest = EVP_blake2s256();
Modules/_hashopenssl.c:223:22: error: implicit declaration of function 'EVP_blake2b512'; did you mean 'LN_blake2b512'? [-Werror=implicit-function-declaration]
             digest = EVP_blake2b512();
                      ^~~~~~~~~~~~~~
Modules/_hashopenssl.c:223:20: warning: assignment to 'const EVP_MD *' {aka 'const struct evp_md_st *'} from 'int' makes pointer from integer without a cast [-Wint-conversion]
             digest = EVP_blake2b512();
                    ^

Signed-off-by: Alexandru Ardelean [email protected]

https://bugs.python.org/issue38684

@commodo commodo requested a review from tiran as a code owner November 4, 2019 12:35
tiran
tiran requested changes Nov 4, 2019
View reviewed changes
Copy link
Member

@tiran tiran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm sure this is not compatible with OpenSSL 1.1.0 and 1.0.2. You need to check for both the presence of NID-blake2b512 and absence of OPENSSL_NO_BLAKE2.

@bedevere-bot
Copy link

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

@commodo
bpo-38684: haslib: fix build when Blake2 not enabled in OpenSSL
6d25be8 
This was caught via OpenWrt's build, when upgrading to 3.8.
By default, Blake2 is not enabled in OpenWrt's OpenSSL.
Not sure if this is an issue in OpenSSL or Python or both.

After digging through the _hashopenssl.c, it seems that the check for
Blake2 being enabled/present in OpenSSL is not consistent with how OpenSSL
does it.

I guess this issue happens when Blake2 is present, but not enabled.
While the previous code was checking whether it is present.

Error is:
```
Modules/_hashopenssl.c:220:22: error: implicit declaration of function 'EVP_blake2s256'; did you mean 'SN_blake2s256'? [-Werror=implicit-function-declaration]
             digest = EVP_blake2s256();
                      ^~~~~~~~~~~~~~
                      SN_blake2s256
Modules/_hashopenssl.c:220:20: warning: assignment to 'const EVP_MD *' {aka 'const struct evp_md_st *'} from 'int' makes pointer from integer without a cast [-Wint-conversion]
             digest = EVP_blake2s256();
Modules/_hashopenssl.c:223:22: error: implicit declaration of function 'EVP_blake2b512'; did you mean 'LN_blake2b512'? [-Werror=implicit-function-declaration]
             digest = EVP_blake2b512();
                      ^~~~~~~~~~~~~~
Modules/_hashopenssl.c:223:20: warning: assignment to 'const EVP_MD *' {aka 'const struct evp_md_st *'} from 'int' makes pointer from integer without a cast [-Wint-conversion]
             digest = EVP_blake2b512();
                    ^
```

Signed-off-by: Alexandru Ardelean <[email protected]>
@commodo
Copy link
Contributor Author

commodo commented Nov 4, 2019

I'm sure this is not compatible with OpenSSL 1.1.0 and 1.0.2. You need to check for both the presence of NID-blake2b512 and absence of OPENSSL_NO_BLAKE2.

good point;
i hadn't thought of that;

@commodo
Copy link
Contributor Author

commodo commented Nov 4, 2019

Changelog v1 ->v2:

  • change check for Blake2 from #ifdef NID_blake2b512 -> #if defined(NID_blake2b512) && !defined(OPENSSL_NO_BLAKE2)

tiran
tiran approved these changes Nov 4, 2019
View reviewed changes
Copy link
Member

@tiran tiran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@tiran tiran merged commit 6552563 into python:master Nov 4, 2019
@bedevere-bot
Copy link

@tiran: Please replace # with GH- in the commit message next time. Thanks!

@miss-islington
Copy link
Contributor

Thanks @commodo for the PR, and @tiran for merging it 🌮🎉.. I'm working now to backport this PR to: 3.8.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Nov 4, 2019
@commodo @miss-islington
bpo-38684: haslib: fix build when Blake2 not enabled in OpenSSL (pyth…
fb5059f 
…onGH-17043)

(cherry picked from commit 6552563)

Co-authored-by: Alexandru Ardelean <[email protected]>
@bedevere-bot
Copy link

GH-17044 is a backport of this pull request to the 3.8 branch.

miss-islington added a commit that referenced this pull request Nov 6, 2019
@miss-islington @commodo
bpo-38684: haslib: fix build when Blake2 not enabled in OpenSSL (GH-1…
7c20888 
…7043)

(cherry picked from commit 6552563)

Co-authored-by: Alexandru Ardelean <[email protected]>
jacobneiltaylor pushed a commit to jacobneiltaylor/cpython that referenced this pull request Dec 5, 2019
@commodo
bpo-38684: haslib: fix build when Blake2 not enabled in OpenSSL (pyth…
f7c5966 
…on#17043)
shihai1991 pushed a commit to shihai1991/cpython that referenced this pull request Jan 31, 2020
@commodo @shihai1991
bpo-38684: haslib: fix build when Blake2 not enabled in OpenSSL (pyth…
8fa9920 
…on#17043)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiran tiran tiran approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@commodo @bedevere-bot @miss-islington @tiran @the-knights-who-say-ni