Closed nmeum closed 1 year ago
There's no need to build r2 with openssl. the benefit is unnoticeable. but i'll fix that asap and will be tested in the CI and fixed for 5.8.2, it's ok to package it without this option enabled for alpine? thanks for the heads up
I've tried to compile with openssl3 and it reports many other errors related to deprecated APIs, so it seems like now we have to support more than one api for "ssl".
What this flag makes is to enable:
The reason for using ssl's crypt/hash implementations is mainly for performance, but it is kind of problematic to maintain. So one option would be to add an option to only add the https thing, but keep the r2 implementations for crypto/hash.
How does it sound? Having so many different ssl implementations is imho an issue, so i would prefer to remove this feature but i understand distros prefer to ship this in this way.
Removal of OpenSSL support is honestly also fine with me personally. I wouldn't mind building the Alpine package without --with-openssl
. I just reported this issue here since prior radare2 releases compiled fine with --with-openssl
.
Fixed as discussed in mastodon:
same goes for meson (use_openssl and use_ssl_crypto options)
I'm leaving the responsability to get the crytpo code to work with more ssl libraries to the distro maintainers as long as they seem to be the only interested in this and i prefer to spend my smol spare time in other things
Going without openssl is fine with packagers as long as the openssl code is not embedded in radare2.
Its not
While upgrading the Alpine Linux radare2 package from 5.7.0 to 5.8.0 I noticed that the 5.8.0 release no longer compiles with the
--with-openssl
configure flag using the following commands:Results in the following error message:
The issue seems to be a refactoring conducted in b2ff7de0f0b2d67e23f3887f63668f2f68271858. Since this commit
rvc_rvc.c
includes../crypto/hash/sha2.c
directly:https://github.com/radareorg/radare2/blob/cd153c0260bc22d6e8ebc16db7557c4bbc9fb55b/libr/util/rvc_rvc.c#L5-L7
The
sha2.c
file seems to be radare2's internal SHA2 implementation. This implementation assumes thatRSha256Context
is defined according to the radare2-specific implementation of this struct inlibr/include/r_hash.h
and not a type-alias forSHA256_CTX
from OpenSSL. If the latter is the case, thensha2.c
attempts to access several fields inRSha256Context
which are not provided by OpenSSL.Also, it is not possible to remove the included of
../crypto/hash/sha2.c
fromrvc_rvc.c
as the file seems to use several functions which are specific to radare2's SHA2 implementation and not supported by OpenSSL (e.g.r_sha256_init
).Removing the
--with-openssl
fixes the build issue.