Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tests fail with OpenSSL 3.0.9 #119

Closed
nunotexbsd opened this issue Aug 8, 2023 · 5 comments
Closed

Tests fail with OpenSSL 3.0.9 #119

nunotexbsd opened this issue Aug 8, 2023 · 5 comments

Comments

@nunotexbsd
Copy link

FreeBSD 14 CURRENT amd64 /R-4.3.1
FreeBSD R-cran-openssl:

CRAN_DEPENDS=   R-cran-askpass>0:security/R-cran-askpass
BUILD_DEPENDS=  bash:shells/bash \
                ${CRAN_DEPENDS}
RUN_DEPENDS=    ${CRAN_DEPENDS}
TEST_DEPENDS=   R-cran-testthat>0:devel/R-cran-testthat \
                R-cran-sodium>0:security/R-cran-sodium

* checking examples ... OK
* checking for unstated dependencies in 'tests' ... OK
* checking tests ... ERROR
  Running 'engine.R'
  Comparing 'engine.Rout' to 'engine.Rout.save' ...4d3
< Linking to: OpenSSL 3.0.9 30 May 2023
  Running 'testthat.R'
Running the tests in 'tests/testthat.R' failed.
Last 13 lines of output:
   4. \-openssl::md4("foo")
   5.   \-openssl:::rawstringhash(x, "md4", key)
   6.     \-openssl:::stringhash(x, algo, key)
  -- Error ('test_salting.R:10:3'): MD4 salts multiple values --------------------
  Error in `stringhash(x, algo, key)`: OpenSSL error: 0020616C81120000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global defaul
t library context, Algorithm (MD4 : 71), Properties (<null>)

  Backtrace:
      x
   1. \-openssl::md4(c("foo", "bar"), "baz") at test_salting.R:10:2
   2.   \-openssl:::rawstringhash(x, "md4", key)
   3.     \-openssl:::stringhash(x, algo, key)

  [ FAIL 8 | WARN 0 | SKIP 2 | PASS 528 ]
  Error: Test failures
  Execution halted
* checking for unstated dependencies in vignettes ... OK
* checking package vignettes in 'inst/doc' ... OK
* checking running R code from vignettes ... NONE
  'bignum.Rmd' using 'UTF-8'... OK
  'crypto_hashing.Rmd' using 'UTF-8'... OK
  'keys.Rmd' using 'UTF-8'... OK
  'secure_rng.Rmd' using 'UTF-8'... OK
* checking re-building of vignette outputs ... SKIPPED
* DONE
Status: 1 ERROR, 4 NOTEs
@nunotexbsd nunotexbsd changed the title Tests fail with OpenSSL 2.0.9 Tests fail with OpenSSL 3.0.9 Aug 9, 2023
@jeroen
Copy link
Owner

jeroen commented Aug 9, 2023
edited

This is not caused by openssl 3.0.9 which works fine on Debian and Fedora , but more likely your distro disables the "legacy" algorithms such as md4. Usually this happens when FIPS is enabled, but that does not seem to be the case for you?

We do try to load legacy algorithms by default if possible:

openssl/src/onload.c

Lines 27 to 30 in 92cf824

#ifdef HAS_OPENSSL3_API
OSSL_PROVIDER_load(NULL, "legacy");
OSSL_PROVIDER_load(NULL, "default");
#endif

Perhaps related:

@nunotexbsd
Copy link
Author

nunotexbsd commented Aug 11, 2023
edited

@jeroen

openssl version is: OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023) and no reference to legacy algos or FIPS.

We do try to load legacy algorithms by default if possible

If legacy algos are not present, can program use newer/available algos?

@jeroen
Copy link
Owner

jeroen commented Aug 11, 2023
edited

This looks like a bug in freebsd: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272281
It will probably disappear when FreeBSD fixes their openssl build.

@jeroen jeroen closed this as completed Aug 11, 2023
@nunotexbsd
Copy link
Author

@jeroen

openssl legacy algos seems to be fixed:

Providers:
  legacy
    name: OpenSSL Legacy Provider
    version: 3.0.10
    status: active

Full logs at https://people.freebsd.org/~eduardo/logs/openssl.Rcheck/

From https://people.freebsd.org/~eduardo/logs/openssl.Rcheck/tests/testthat.Rout.fail

== Failed tests ================================================================
-- Error ('test_hash_output_length.R:8:3'): MD4 outputs a 32-character hash ----
Error in `stringhash(x, algo, key)`: OpenSSL error: 0020810AF72E0000:error:03000086:digital envelope routines:evp_md_init_internal:initialization error:/usr/src/crypto/openssl/crypto/evp/digest.c:254:
al default library context, Algorithm (MD4 : 71), Properties ()

Backtrace:
    x
 1. +-testthat::expect_that(nchar(md4(text)), equals(32)) at test_hash_output_length.R:8:2
 2. | \-testthat (local) condition(object)
 3. |   \-testthat::expect_equal(x, expected, ..., expected.label = label)
 4. |     \-testthat::quasi_label(enquo(object), label, arg = "object")
 5. |       \-rlang::eval_bare(expr, quo_get_env(quo))
 6. +-base::nchar(md4(text))
 7. \-openssl::md4(text)
 8.   \-openssl:::rawstringhash(x, "md4", key)
 9.     \-openssl:::stringhash(x, algo, key)
-- Error ('test_hash_output_value.R:10:3'): Hash functions match openssl command line tool --
Error in `stringhash(x, algo, key)`: OpenSSL error: 0020810AF72E0000:error:03000086:digital envelope routines:evp_md_init_internal:initialization error:/usr/src/crypto/openssl/crypto/evp/digest.c:254:
al default library context, Algorithm (MD4 : 71), Properties ()

Backtrace:
    x
 1. +-testthat::expect_that(unclass(md4("foo")), equals("0ac6700c491d70fb8650940b1ca1e4b2")) at test_hash_output_value.R:10:2
 2. | \-testthat (local) condition(object)
 3. |   \-testthat::expect_equal(x, expected, ..., expected.label = label)
 4. |     \-testthat::quasi_label(enquo(object), label, arg = "object")
 5. |       \-rlang::eval_bare(expr, quo_get_env(quo))
 6. \-openssl::md4("foo")
 7.   \-openssl:::rawstringhash(x, "md4", key)
 8.     \-openssl:::stringhash(x, algo, key)
-- Error ('test_hash_output_value.R:22:3'): HMAC functions match openssl command line tool --
Error in `stringhash(x, algo, key)`: OpenSSL error: 0020810AF72E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (MD4 : 71), Properties (<null>)

Backtrace:
    x
 1. +-testthat::expect_that(unclass(md4("foo", key = "secret")), equals("93e81ded7aec4ec0d73a97bb4792742a")) at test_hash_output_value.R:22:2
 2. | \-testthat (local) condition(object)
 3. |   \-testthat::expect_equal(x, expected, ..., expected.label = label)
 4. |     \-testthat::quasi_label(enquo(object), label, arg = "object")
 5. |       \-rlang::eval_bare(expr, quo_get_env(quo))
 6. \-openssl::md4("foo", key = "secret")
 7.   \-openssl:::rawstringhash(x, "md4", key)
 8.     \-openssl:::stringhash(x, algo, key)
-- Error ('test_pkcs.R:5:3'): reading p12 certificates -------------------------
Error in `parse_pkcs12(buf, password)`: OpenSSL error: 0020810AF72E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

Backtrace:
    x
 1. \-openssl::read_p12("../google.dk/wildcard-google.dk-chain.p12") at test_pkcs.R:5:2
 2.   \-openssl:::parse_pkcs12(buf, password)
-- Error ('test_pkcs.R:22:3'): reading p12 keys --------------------------------
Error in `parse_pkcs12(buf, password)`: OpenSSL error: 0020810AF72E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

Backtrace:
    x
 1. \-openssl::read_p12("../certigo/example-root.p12", password = "password") at test_pkcs.R:22:2
 2.   \-openssl:::parse_pkcs12(buf, password)
-- Error ('test_pkcs.R:53:5'): roundtrip p12 key and cert ----------------------
Error in `parse_pkcs12(buf, password)`: OpenSSL error: 0020810AF72E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

Backtrace:
    x
 1. \-openssl::read_p12("../certigo/example-elliptic-sha1.p12", password = "password") at test_pkcs.R:53:4
 2.   \-openssl:::parse_pkcs12(buf, password)
-- Error ('test_salting.R:5:3'): MD4 salts single values -----------------------
Error in `stringhash(x, algo, key)`: OpenSSL error: 0020810AF72E0000:error:03000086:digital envelope routines:evp_md_init_internal:initialization error:/usr/src/crypto/openssl/crypto/evp/digest.c:254:
al default library context, Algorithm (MD4 : 71), Properties ()

Backtrace:
    x
 1. +-testthat::expect_false(md4("foo") == md4("foo", "bar")) at test_salting.R:5:2
 2. | \-testthat::quasi_label(enquo(object), label, arg = "object")
 3. |   \-rlang::eval_bare(expr, quo_get_env(quo))
 4. \-openssl::md4("foo")
 5.   \-openssl:::rawstringhash(x, "md4", key)
 6.     \-openssl:::stringhash(x, algo, key)
-- Error ('test_salting.R:10:3'): MD4 salts multiple values --------------------
Error in `stringhash(x, algo, key)`: OpenSSL error: 0020810AF72E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (MD4 : 71), Properties (<null>)

Backtrace:
    x
 1. \-openssl::md4(c("foo", "bar"), "baz") at test_salting.R:10:2
 2.   \-openssl:::rawstringhash(x, "md4", key)
 3.     \-openssl:::stringhash(x, algo, key)

[ FAIL 8 | WARN 0 | SKIP 2 | PASS 528 ]
Error: Test failures
Execution halted

Could you check if missing legacy algos still aplies?
Thanks

@nunotexbsd
Copy link
Author

@jeroen

2.1.1 tests ok on both openssl 1 and 3.
Several bug fixes on FreeBSD openssl3 from base have been fixed and it could be a reason test succeed.

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jeroen @nunotexbsd