[issue45627] OpenSSL 1.1.1 still implements some disable-flags for Blake2, Scrypt

[Alexandru Ardelean]

Alexandru Ardelean <ardeleanalex at gmail.com> added the comment:

Apologies for the slow reply.

It was the end of work-day when I submitted the bug & patch.
I know, not a good method, but I do what I can :)

So, OpenWrt's OpenSSL does not build BLAKE2 by default.
See: https://github.com/openwrt/openwrt/blob/master/package/libs/openssl/Makefile#L190

Scrypt is on by default. In the sense that there is no disable flag.

I only care about BLAKE2, but I was trying not to half-ass the implementation, given that Scrypt is also disable-able.

Now there are 2 options that I feel could be reasonable (anyone is free to disagree with me here):
1. this is patch upstream as I'm trying here
2. keep this patch downstream (i.e. just in our tree for OpenWrt's Python) until OpenSSL (or OpenWrt) enables BLAKE2 by default

There are several options that feel a bit more difficult (to me):
3. Enable OpenSSL BLAKE2 on by default in OpenWrt core; this may also work, but requires some discussion with the OpenWrt core-team that handles OpenSSL; though usually OpenWrt tries to be minimal, so I'm feeling there would be some resistance 
4. Not build hashlib (in Python) if BLAKE2 is not enabled in OpenSSL ; this is doable, but maybe a bit too complicated (for what is worth); it can cause support issues (in OpenWrt) like "hey, where did hashlib go?"

I may have missed a few possible options. But these are the more obvious ones.

Moving forward, I am fine with either of the first 2 options.
I am feeling that option 2 is closer to what is desired by upstream Python (which I am fine to do).

Thank you :)
Alex

----------

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue45627>
_______________________________________