search

gettalong / hexapdf

Versatile PDF creation and manipulation for Ruby
https://hexapdf.gettalong.org
Other
1.21k stars 69 forks source link

Some tests not passing on OpenBSD/adJ #223

Closed vtamara closed 1 year ago

vtamara commented 1 year ago

Hi, thank you for hexapdf.

After setting up a development environment on OpenBSD/adJ 7.2 on a amd64, doing rake test passes almost all the tests except 6:

Finished in 8.436492s, 348.3676 runs/s, 3764.4795 assertions/s.                                                                                                 

  1) Failure:                                                                                                                                                   
HexaPDF::Document::Signatures::DefaultHandler::sign#test_0001_can sign the data using PKCS7 [/home/vtamara/comp/ruby/hexapdf/test/hexapdf/document/test_signatur
es.rb:89]:                                                                                                                                                      
Expected false                                                                                                                                                  
 to be truthy.                                                                                                                                                  

  2) Failure:                                                                                                                                                   
HexaPDF::Document::Signatures::TimestampHandler#test_0003_returns the size of serialized signature [/home/vtamara/comp/ruby/hexapdf/test/hexapdf/document/test_s
ignatures.rb:186]:                                                                                                                                              
--- expected                                                                                                                                                    
+++ actual                                                                                                                                                      
@@ -1 +1 @@                                                                                                                                                     
-1420                                                                                                                                                           
+1390                                                                                                                                                           

  3) Failure:                                                                                                                                                   
HexaPDF::Document::Signatures::add#test_0003_sets the needed information on the signature dictionary [/home/vtamara/comp/ruby/hexapdf/test/hexapdf/document/test
_signatures.rb:281]:                                                                                                                                            
--- expected                                                                                                                                                    
+++ actual                                                                                                                                                      
@@ -1 +1 @@                             
-[0, 996, 3618, 2501]                   
+[0, 996, 3714, 2501]                                                                                                                                           

  4) Failure:                           
HexaPDF::Document::Signatures::add#test_0008_handles different xref section types correctly when determing the offsets [/home/vtamara/comp/ruby/hexapdf/test/hex
apdf/document/test_signatures.rb:322]:  
--- expected                                                                                                                                                    
+++ actual                              
@@ -1 +1 @@                             
-[0, 988, 3610, 2483]                   
+[0, 988, 3706, 2483]                   

  5) Failure:                                                                                                                                   07:59:02 [7/811]
HexaPDF::Document::Signatures::add#test_0009_works if the signature object is the last object of the xref section [/home/vtamara/comp/ruby/hexapdf/test/hexapdf/
document/test_signatures.rb:329]:                                                                                                                               
--- expected                                                                                                                                                    
+++ actual                                                                                                                                                      
@@ -1 +1 @@                                                                                                                                                     
-[0, 3095, 5717, 380]                                                                                                                                           
+[0, 3095, 5813, 380]                                                                                                                                           

  6) Failure:                                                                                                                                                   
HexaPDF::Document::Signatures::DefaultHandler#test_0001_returns the size of serialized signature [/home/vtamara/comp/ruby/hexapdf/test/hexapdf/document/test_sig
natures.rb:50]:                                                                                                                                                 
--- expected                                                                                                                                                    
+++ actual                                                                                                                                                      
@@ -1 +1 @@                                                                                                                                                     
-1310                                                                                                                                                           
+1358                                                                                                                                                           

2939 runs, 31759 assertions, 6 failures, 0 errors, 1 skips
gettalong commented 1 year ago

These should all be non-serious failures, showing that the size of the embedded digital signature is not what was expected.

This might be due to different OpenSSL versions. Did you install the latest openssl Rubygem? And which version of openssl are you using?

vtamara commented 1 year ago

Thank you.

gem openssl: 3.1.0 Ruby: 3.2 OS: adJ/OpenBSD 7.2b1 openssl used by ruby : LibreSSL 3.6.0

gettalong commented 1 year ago

Thanks! My guess is that LibreSSL does a few things differently and includes other data in the generated PCKS#7 structures. I will adjust the tests so that this difference isn't an issue.

gettalong commented 1 year ago

The next version of HexaPDF won't use OpenSSL for creating the CMS signed data binary object anymore and I have adjusted the test code to be more forgiving in terms of changes it.

gettalong commented 1 year ago

@vtamara I have pushed the latest changes including the fix to the devel branch. Please let me know if that branch now passes all the tests.

vtamara commented 1 year ago

Thank you. After updating and running rake test it fails only in one test:

Finished in 8.572258s, 342.8502 runs/s, 3705.5581 assertions/s.                                                                                                 

  1) Failure:                                                                                                                                                   
HexaPDF::DigitalSignature::Signing::DefaultHandler::sign#test_0001_can sign the data using PKCS7 [/home/vtamara/comp/ruby/hexapdf/test/hexapdf/digital_signature
/signing/test_default_handler.rb:57]:                                                                                                                           
Expected false                                                                                                                                                  
 to be truthy.                          

2939 runs, 31765 assertions, 1 failures, 0 errors, 1 skips
gettalong commented 1 year ago

Thanks for getting back to me!

I'm not sure why it fails there but I'm guessing there is a difference in the verification implementation between OpenSSL and LibreSSL. I will have to see if I can compile Ruby to use libressl instead of openssl to find the difference.

gettalong commented 1 year ago

@vtamara I looked at the error and it seems that libressl thinks that the (manually) created PKCS#7/CMS structure is not a detached signature. As far as I can determine, however, it is a detached signature.

gettalong commented 1 year ago

@vtamara I will close this issue since HexaPDF with OpenSSL works fine.