search

btcpayserver / odoo

BTCPay Server addon for Odoo
4 stars 4 forks source link

[17.0] OpenSSL 3 unsupported hash type ripemd160 #11

Closed ljsalvatierra closed 1 month ago

ljsalvatierra commented 1 month ago

OS: Ubuntu 22.04.4 LTS OpenSSL: OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) Python version: 3.10

Steps to reproduce:

  1. Add a new pairing code

Traceback:

Traceback (most recent call last):
  File "/mnt/code/odoo/odoo/http.py", line 1770, in _serve_db
    return service_model.retrying(self._serve_ir_http, self.env)
  File "/mnt/code/odoo/odoo/service/model.py", line 133, in retrying
    result = func()
  File "/mnt/code/odoo/odoo/http.py", line 1797, in _serve_ir_http
    response = self.dispatcher.dispatch(rule.endpoint, args)
  File "/mnt/code/odoo/odoo/http.py", line 2001, in dispatch
    result = self.request.registry['ir.http']._dispatch(endpoint)
  File "/mnt/code/odoo/addons/website/models/ir_http.py", line 235, in _dispatch
    response = super()._dispatch(endpoint)
  File "/mnt/code/odoo/odoo/addons/base/models/ir_http.py", line 222, in _dispatch
    result = endpoint(**request.params)
  File "/mnt/code/odoo/odoo/http.py", line 725, in route_wrapper
    result = endpoint(self, *args, **params_ok)
  File "/mnt/code/odoo/addons/web/controllers/dataset.py", line 24, in call_kw
    return self._call_kw(model, method, args, kwargs)
  File "/mnt/code/odoo/addons/web/controllers/dataset.py", line 20, in _call_kw
    return call_kw(request.env[model], method, args, kwargs)
  File "/mnt/code/odoo/odoo/api.py", line 468, in call_kw
    result = _call_kw_multi(method, model, args, kwargs)
  File "/mnt/code/odoo/odoo/api.py", line 453, in _call_kw_multi
    result = method(recs, *args, **kwargs)
  File "/mnt/code/odoo/addons/web/models/models.py", line 1063, in onchange
    record._apply_onchange_methods(field_name, result)
  File "/mnt/code/odoo/odoo/models.py", line 6932, in _apply_onchange_methods
    res = method(self)
  File "/mnt/code/btcpayserver-addons/payment_btcpay/models/payment_provider.py", line 34, in _onchange_pairingCode
    client = BTCPayClient(host=self.btcpay_location, pem=self.btcpay_privateKey)
  File "/mnt/code/btcpayserver-addons/payment_btcpay/models/libs/client.py", line 22, in __init__
    self.client_id = crypto.get_sin_from_pem(pem)
  File "/mnt/code/btcpayserver-addons/payment_btcpay/models/libs/crypto.py", line 23, in get_sin_from_pem
    version = get_version_from_compressed_key(public_key)
  File "/mnt/code/btcpayserver-addons/payment_btcpay/models/libs/crypto.py", line 65, in get_version_from_compressed_key
    rphash = hashlib.new('ripemd160')
  File "/usr/lib/python3.10/hashlib.py", line 166, in __hash_new
    return __get_builtin_constructor(name)(data)
  File "/usr/lib/python3.10/hashlib.py", line 123, in __get_builtin_constructor
    raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type ripemd160

You are using a deprecated repository from bitpay.

"""btcpay.crypto

These are various crytography related utility functions borrowed from:
  bitpay-python: https://github.com/bitpay/bitpay-python
"""

Should use instead https://github.com/bitpay/python-bitpay-client

Although the new repository is still using ripemd160.

For what I've seen in this discussion https://github.com/openssl/openssl/issues/16994

They (openssl dev team) discourage the use of ripemd160, but the Bitcoin project still uses it.

ndeet commented 1 month ago

Hi, thanks for reporting back.

I can't reproduce your error using the same system and installed odoo 17 via Ubuntu repository. All works normal and no ripemd160 error when pairing.

No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.4 LTS
Release:        22.04
Codename:       jammy
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022

For the python-bitpay-client library, this is their new sdk and is incompatible with their old legacy api that was covered by the bitpay-python library. The odoo module still uses that old api. When we upgrade we would not upgrade to new bitpay sdk but to our own Greenfield API like we do with all new integrations.

For the ripemd160 issues, as written above it works for me with the same system. Ripemd160 is used for legacy address formats and it is also not broken or has been exploited afaics. Maybe your system is missing some copatibilty setting that is in place by default?

Here the installed openssl related packages, not sure if it helps though:

dpkg -l | grep openssl
ii  libxmlsec1-openssl:amd64         1.2.33-1build2                          amd64        Openssl engine for the XML security library
ii  openssl                          3.0.2-0ubuntu1.16                       amd64        Secure Sockets Layer toolkit - cryptographic utility
ii  python3-openssl                  21.0.0-1                                all          Python 3 wrapper around the OpenSSL library
ljsalvatierra commented 1 month ago

Here the installed openssl related packages

Thank you for the info.

My openssl related packages:

pip show pyOpenSSL
Name: pyOpenSSL
Version: 21.0.0

dpkg -l|grep openssl
ii  libgnutls-openssl27:amd64        3.7.3-4ubuntu1.5                        amd64        GNU TLS library - OpenSSL wrapper
ii  libxmlsec1-openssl:amd64         1.2.33-1build2                          amd64        Openssl engine for the XML security library
ii  openssl                          3.0.2-0ubuntu1.15                       amd64        Secure Sockets Layer toolkit - cryptographic utility

The only difference I see is openssl version 3.0.2-0ubuntu1.16 vs 3.0.2-0ubuntu1.15. I've updated the package but the error persists.

  File "/usr/lib/python3.10/hashlib.py", line 166, in __hash_new
    return __get_builtin_constructor(name)(data)
  File "/usr/lib/python3.10/hashlib.py", line 123, in __get_builtin_constructor
    raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type ripemd160

Are you using Python 3.10?

ndeet commented 1 month ago

Sorry for the late reply, missed the notification.

Not sure why you also have that different libgnutls and not the python3-openssl installed like on my server and if it would cause the problem you face.

python3 --version
Python 3.10.12

pip show pyOpenSSL
Name: pyOpenSSL
Version: 21.0.0
ljsalvatierra commented 1 month ago

Sorry for the late reply, missed the notification.

Not sure why you also have that different libgnutls and not the python3-openssl installed like on my server and if it would cause the problem you face.

python3 --version
Python 3.10.12

pip show pyOpenSSL
Name: pyOpenSSL
Version: 21.0.0

Thank you for the help and info :)