Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test failure for tests 'blowfish', 'file_blowfish' and 'foreign' #26

Open
carnil opened this issue Feb 25, 2024 · 1 comment
Open

Test failure for tests 'blowfish', 'file_blowfish' and 'foreign' #26

carnil opened this issue Feb 25, 2024 · 1 comment

Comments

@carnil
Copy link
Contributor

carnil commented Feb 25, 2024

Hi

In Debian after a archive rebuild, yapet 2.6 fails the testsuite for 3 tests causing a failure in building the package.

The report is at https://bugs.debian.org/1064724 and full quoting for reference:

Source: yapet
Version: 2.6-1
Severity: serious
Justification: FTBFS
Tags: trixie sid ftbfs
User: lucas@debian.org
Usertags: ftbfs-20240224 ftbfs-trixie

Hi,

During a rebuild of all packages in sid, your package failed to build
on amd64.


Relevant part (hopefully):
> make[5]: Entering directory '/<<PKGBUILDDIR>>/tests/crypt'
> FAIL: blowfish
> PASS: key448
> PASS: blowfishfactory
> FAIL: file_blowfish
> FAIL: foreign
> PASS: cryptofactoryhelper
> PASS: aes256
> PASS: key256
> PASS: aes256factory
> PASS: file_aes256
> ===========================================
>    YAPET 2.6: tests/crypt/test-suite.log
> ===========================================
> 
> # TOTAL: 10
> # PASS:  7
> # SKIP:  0
> # XFAIL: 0
> # FAIL:  3
> # XPASS: 0
> # ERROR: 0
> 
> .. contents:: :depth: 2
> 
> FAIL: blowfish
> ==============
> 
> .E.E.E.
> 
> 
> !!!FAILURES!!!
> Test Results:
> Run:  4   Failures: 0   Errors: 3
> 
> 
> 1) test: should encrypt and decrypt (E) 
> uncaught exception of type std::exception (or derived).
> - Error encrypting data
> 
> 
> 2) test: should throw on decrypting corrupted data (E) 
> uncaught exception of type std::exception (or derived).
> - Error encrypting data
> 
> 
> 3) test: should throw on decrypting with wrong password (E) 
> uncaught exception of type std::exception (or derived).
> - Error encrypting data
> 
> 
> FAIL blowfish (exit status: 1)
> 
> FAIL: file_blowfish
> ===================
> 
> .E.E.E.E.E.E.E.E.E.E
> 
> 
> !!!FAILURES!!!
> Test Results:
> Run:  10   Failures: 0   Errors: 10
> 
> 
> 1) test: should correctly read empty file (E) 
> uncaught exception of type std::exception (or derived).
> - Error encrypting data
> 
> 
> 2) test: should correctly read empty file (E) 
> uncaught exception of type std::exception (or derived).
> - Error encrypting data
> 
> 
> 3) test: should throw expected exception on invalid password (E) 
> uncaught exception of type std::exception (or derived).
> - Error encrypting data
> 
> 
> 4) test: should write passwords (E) 
> uncaught exception of type std::exception (or derived).
> - Error encrypting data
> 
> 
> 5) test: should detect file modification on password save (E) 
> uncaught exception of type std::exception (or derived).
> - Error encrypting data
> 
> 
> 6) test: should force password save on modified file (E) 
> uncaught exception of type std::exception (or derived).
> - Error encrypting data
> 
> 
> 7) test: should get the correct time when the master password was set (E) 
> uncaught exception of type std::exception (or derived).
> - Error encrypting data
> 
> 
> 8) test: should properly set new password (E) 
> uncaught exception of type std::exception (or derived).
> - Error encrypting data
> 
> 
> 9) test: should allow saving passwords after password change (E) 
> uncaught exception of type std::exception (or derived).
> - Error encrypting data
> 
> 
> 10) test: should throw exception on reading corrupt file (E) 
> uncaught exception of type std::exception (or derived).
> - Invalid password
> 
> 
> FAIL file_blowfish (exit status: 1)
> 
> FAIL: foreign
> =============
> 
> .E.E.E.E.E.E.E.E
> 
> 
> !!!FAILURES!!!
> Test Results:
> Run:  8   Failures: 0   Errors: 8
> 
> 
> 1) test: 32bit little endian pre 0.6 (E) 
> uncaught exception of type std::exception (or derived).
> - Invalid password
> 
> 
> 2) test: 32bit big endian pre 0.6 (E) 
> uncaught exception of type std::exception (or derived).
> - Invalid password
> 
> 
> 3) test: 64bit little endian pre 0.6 (E) 
> uncaught exception of type std::exception (or derived).
> - Invalid password
> 
> 
> 4) test: 64bit big endian pre 0.6 (E) 
> uncaught exception of type std::exception (or derived).
> - Invalid password
> 
> 
> 5) test: 32bit little endian 0.6 (E) 
> uncaught exception of type std::exception (or derived).
> - Invalid password
> 
> 
> 6) test: 32bit big endian 0.6 (E) 
> uncaught exception of type std::exception (or derived).
> - Invalid password
> 
> 
> 7) test: 64bit little endian 0.6 (E) 
> uncaught exception of type std::exception (or derived).
> - Invalid password
> 
> 
> 8) test: 64bit big endian 0.6 (E) 
> uncaught exception of type std::exception (or derived).
> - Invalid password
> 
> 
> FAIL foreign (exit status: 1)
> 
> ============================================================================
> Testsuite summary for YAPET 2.6
> ============================================================================
> # TOTAL: 10
> # PASS:  7
> # SKIP:  0
> # XFAIL: 0
> # FAIL:  3
> # XPASS: 0
> # ERROR: 0
> ============================================================================
> See tests/crypt/test-suite.log
> Please report to https://github.com/RafaelOstertag/yapet/issues
> ============================================================================
> make[5]: *** [Makefile:901: test-suite.log] Error 1
> make[5]: Leaving directory '/<<PKGBUILDDIR>>/tests/crypt'
> make[4]: *** [Makefile:1009: check-TESTS] Error 2
> make[4]: Leaving directory '/<<PKGBUILDDIR>>/tests/crypt'
> make[3]: *** [Makefile:1145: check-am] Error 2
> make[3]: Leaving directory '/<<PKGBUILDDIR>>/tests/crypt'
> make[2]: *** [Makefile:390: check-recursive] Error 1
> make[2]: Leaving directory '/<<PKGBUILDDIR>>/tests'
> make[1]: *** [Makefile:540: check-recursive] Error 1
> make[1]: Leaving directory '/<<PKGBUILDDIR>>'
> dh_auto_test: error: make -j8 check "TESTSUITEFLAGS=-j8 --verbose" VERBOSE=1 returned exit code 2


The full build log is available from:
http://qa-logs.debian.net/2024/02/24/yapet_2.6-1_unstable.log

All bugs filed during this archive rebuild are listed at:
https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ftbfs-20240224;users=lucas@debian.org
or:
https://udd.debian.org/bugs/?release=na&merged=ign&fnewerval=7&flastmodval=7&fusertag=only&fusertagtag=ftbfs-20240224&fusertaguser=lucas@debian.org&allbugs=1&cseverity=1&ctags=1&caffected=1#results

A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

If you reassign this bug to another package, please mark it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects

If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.
@vpa1977
Copy link

vpa1977 commented Mar 21, 2024

This issue may be related to https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363

sebastianas added a commit to sebastianas/yapet that referenced this issue Apr 8, 2024
@sebastianas
crypt/blowfish: Remove EVP_CIPHER_CTX_set_key_length().
9a95d19 
yapet did for blowfish:

|     EVP_CipherInit_ex(ctx, cipher, NULL, KEY, iv, mode);
|     EVP_CIPHER_CTX_set_key_length(ctx, KEY_LENGTH);
|     EVP_CipherUpdate(ctx, …);

this worked in earlier OpenSSL versions and stopped working in
openssl-3.0.13. The problem here is that the
EVP_CIPHER_CTX_set_key_length() is ignored and the later OpenSSL version
returns rightfully an error "Provider routines::no key set" here.

Blowfish does support variable key lenghts but the key length has to be
set first followed by the actual key. Otherwise the blocksize (16) will
be used.
The correct way to deal with this would be:
|     EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, mode);
|     EVP_CIPHER_CTX_set_key_length(ctx, KEY_LENGTH);
|     EVP_CipherInit_ex(ctx, NULL, NULL, KEY, IV, mode);
|     EVP_CipherUpdate(ctx, …);

Using now the proper way will break earlier databases because in the
blowfish case, always the default blocksize / 16 has been used.

In order to keep compatibility with earlier versions of the database and
openssl remove the EVP_CIPHER_CTX_set_key_length() invocation.

Fixes RafaelOstertag#26
Fixes RafaelOstertag#24

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
sebastianas added a commit to sebastianas/yapet that referenced this issue Apr 8, 2024
@sebastianas
crypt/blowfish: Remove EVP_CIPHER_CTX_set_key_length().
a54b5e8 
yapet did for blowfish:

|     EVP_CipherInit_ex(ctx, cipher, NULL, KEY, iv, mode);
|     EVP_CIPHER_CTX_set_key_length(ctx, KEY_LENGTH);
|     EVP_CipherUpdate(ctx, …);

this worked in earlier OpenSSL versions and stopped working in
openssl-3.0.13. The problem here is that the
EVP_CIPHER_CTX_set_key_length() is ignored and the later OpenSSL version
returns rightfully an error "Provider routines::no key set" here.

Blowfish does support variable key lenghts but the key length has to be
set first followed by the actual key. Otherwise the blocksize (16) will
be used.
The correct way to deal with this would be:
|     EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, mode);
|     EVP_CIPHER_CTX_set_key_length(ctx, KEY_LENGTH);
|     EVP_CipherInit_ex(ctx, NULL, NULL, KEY, IV, mode);
|     EVP_CipherUpdate(ctx, …);

Using now the proper way will break earlier databases because in the
blowfish case, always the default blocksize / 16 has been used.

In order to keep compatibility with earlier versions of the database and
openssl remove the EVP_CIPHER_CTX_set_key_length() invocation.

Fixes RafaelOstertag#26
Fixes RafaelOstertag#24

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@carnil @vpa1977