Bug #8384

Cannot build ruby against OpenSSL build with "no-ec2m"

Added by vo.x (Vit Ondruch) over 7 years ago. Updated over 6 years ago.

Target version:
ruby -v:
ruby -v: ruby 2.0.0p0 (2013-02-24) [x86_64-linux]


Due to recent changes in OpenSSL configuration options for Red Hat Enterprise Linux, I cannot build Ruby anymore.

These are the relevant changes in OpenSSL configuration:

@@ -227,7 +234,7 @@ sslarch=linux-ppc64
./Configure \
--prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \

  • enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh no-ecdsa no-srp \
  • enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-srp \ --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \ --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

I see that the "no-ec" was removed. So if I understand it correctly, the "OPENSSL_NO_EC" used to be defined, while it is not anymore and hence the whole ossl_pkey_ec.c file used to be ignored, while it is not anymore, Therefore, I observe following error:

ossl_pkey_ec.c:821:29: error: 'EC_GROUP_new_curve_GF2m' undeclared (first use in this function)
new_curve = EC_GROUP_new_curve_GF2m;

I was suggested by our OpenSSL maintainer to just #ifndef OPENSSL_NO_EC2M all the calls that contain GF2m. So I went ahead with this naive patch:

diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index 8e6d88f..29e28ca 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
method = EC_GFp_mont_method();
} else if (id == s_GFp_nist) {
method = EC_GFp_nist_method();
+#if !defined(OPENSSL_NO_EC2M)
} else if (id == s_GF2m_simple) {
method = EC_GF2m_simple_method();

          if (method) {

@@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)

          if (id == s_GFp) {
              new_curve = EC_GROUP_new_curve_GFp;

+#if !defined(OPENSSL_NO_EC2M)
} else if (id == s_GF2m) {
new_curve = EC_GROUP_new_curve_GF2m;
} else {
ossl_raise(rb_eArgError, "unknown symbol, must be :GFp or :GF2m");

which fixes the build issues, but the leaves the test suite failing:

7) Error:
OpenSSL::PKey::EC::Group::Error: unable to create curve (secp112r1): unknown group
/builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in initialize'
/builddir/build/BUILD/ruby-2.0.0-p0/test/openssl/test_pkey_ec.rb:10:in `setup'

and there are remaining references to :GF2m in exception messages, etc. Is there any chance to support this set of OpenSSL configuration options properly, i.e. make the OpenSSL work better with such fine grained configuration options?



out.patch (2.3 KB) out.patch vo.x (Vit Ondruch), 05/14/2013 06:45 PM

Also available in: Atom PDF