Closed nunotexbsd closed 11 months ago
jeroen
commented
11 months ago This is not caused by openssl 3.0.9 which works fine on Debian and Fedora , but more likely your distro disables the "legacy" algorithms such as md4. Usually this happens when FIPS is enabled, but that does not seem to be the case for you?
We do try to load legacy algorithms by default if possible:
https://github.com/jeroen/openssl/blob/92cf8245a1c25139de6ef547d849997415067e1f/src/onload.c#L27-L30
Perhaps related:
nunotexbsd
commented
11 months ago @jeroen
openssl version is: OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023) and no reference to legacy algos or FIPS.
We do try to load legacy algorithms by default if possible
If legacy algos are not present, can program use newer/available algos?
jeroen
commented
11 months ago This looks like a bug in freebsd: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272281 It will probably disappear when FreeBSD fixes their openssl build.
nunotexbsd
commented
11 months ago @jeroen
openssl legacy algos seems to be fixed:
Providers:
legacy
name: OpenSSL Legacy Provider
version: 3.0.10
status: activeFull logs at https://people.freebsd.org/~eduardo/logs/openssl.Rcheck/
From https://people.freebsd.org/~eduardo/logs/openssl.Rcheck/tests/testthat.Rout.fail
== Failed tests ================================================================
-- Error ('test_hash_output_length.R:8:3'): MD4 outputs a 32-character hash ----
Error in `stringhash(x, algo, key)`: OpenSSL error: 0020810AF72E0000:error:03000086:digital envelope routines:evp_md_init_internal:initialization error:/usr/src/crypto/openssl/crypto/evp/digest.c:254:
al default library context, Algorithm (MD4 : 71), Properties ()
Backtrace:
x
1. +-testthat::expect_that(nchar(md4(text)), equals(32)) at test_hash_output_length.R:8:2
2. | \-testthat (local) condition(object)
3. | \-testthat::expect_equal(x, expected, ..., expected.label = label)
4. | \-testthat::quasi_label(enquo(object), label, arg = "object")
5. | \-rlang::eval_bare(expr, quo_get_env(quo))
6. +-base::nchar(md4(text))
7. \-openssl::md4(text)
8. \-openssl:::rawstringhash(x, "md4", key)
9. \-openssl:::stringhash(x, algo, key)
-- Error ('test_hash_output_value.R:10:3'): Hash functions match openssl command line tool --
Error in `stringhash(x, algo, key)`: OpenSSL error: 0020810AF72E0000:error:03000086:digital envelope routines:evp_md_init_internal:initialization error:/usr/src/crypto/openssl/crypto/evp/digest.c:254:
al default library context, Algorithm (MD4 : 71), Properties ()
Backtrace:
x
1. +-testthat::expect_that(unclass(md4("foo")), equals("0ac6700c491d70fb8650940b1ca1e4b2")) at test_hash_output_value.R:10:2
2. | \-testthat (local) condition(object)
3. | \-testthat::expect_equal(x, expected, ..., expected.label = label)
4. | \-testthat::quasi_label(enquo(object), label, arg = "object")
5. | \-rlang::eval_bare(expr, quo_get_env(quo))
6. \-openssl::md4("foo")
7. \-openssl:::rawstringhash(x, "md4", key)
8. \-openssl:::stringhash(x, algo, key)
-- Error ('test_hash_output_value.R:22:3'): HMAC functions match openssl command line tool --
Error in `stringhash(x, algo, key)`: OpenSSL error: 0020810AF72E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (MD4 : 71), Properties (<null>)
Backtrace:
x
1. +-testthat::expect_that(unclass(md4("foo", key = "secret")), equals("93e81ded7aec4ec0d73a97bb4792742a")) at test_hash_output_value.R:22:2
2. | \-testthat (local) condition(object)
3. | \-testthat::expect_equal(x, expected, ..., expected.label = label)
4. | \-testthat::quasi_label(enquo(object), label, arg = "object")
5. | \-rlang::eval_bare(expr, quo_get_env(quo))
6. \-openssl::md4("foo", key = "secret")
7. \-openssl:::rawstringhash(x, "md4", key)
8. \-openssl:::stringhash(x, algo, key)
-- Error ('test_pkcs.R:5:3'): reading p12 certificates -------------------------
Error in `parse_pkcs12(buf, password)`: OpenSSL error: 0020810AF72E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
Backtrace:
x
1. \-openssl::read_p12("../google.dk/wildcard-google.dk-chain.p12") at test_pkcs.R:5:2
2. \-openssl:::parse_pkcs12(buf, password)
-- Error ('test_pkcs.R:22:3'): reading p12 keys --------------------------------
Error in `parse_pkcs12(buf, password)`: OpenSSL error: 0020810AF72E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
Backtrace:
x
1. \-openssl::read_p12("../certigo/example-root.p12", password = "password") at test_pkcs.R:22:2
2. \-openssl:::parse_pkcs12(buf, password)
-- Error ('test_pkcs.R:53:5'): roundtrip p12 key and cert ----------------------
Error in `parse_pkcs12(buf, password)`: OpenSSL error: 0020810AF72E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
Backtrace:
x
1. \-openssl::read_p12("../certigo/example-elliptic-sha1.p12", password = "password") at test_pkcs.R:53:4
2. \-openssl:::parse_pkcs12(buf, password)
-- Error ('test_salting.R:5:3'): MD4 salts single values -----------------------
Error in `stringhash(x, algo, key)`: OpenSSL error: 0020810AF72E0000:error:03000086:digital envelope routines:evp_md_init_internal:initialization error:/usr/src/crypto/openssl/crypto/evp/digest.c:254:
al default library context, Algorithm (MD4 : 71), Properties ()
Backtrace:
x
1. +-testthat::expect_false(md4("foo") == md4("foo", "bar")) at test_salting.R:5:2
2. | \-testthat::quasi_label(enquo(object), label, arg = "object")
3. | \-rlang::eval_bare(expr, quo_get_env(quo))
4. \-openssl::md4("foo")
5. \-openssl:::rawstringhash(x, "md4", key)
6. \-openssl:::stringhash(x, algo, key)
-- Error ('test_salting.R:10:3'): MD4 salts multiple values --------------------
Error in `stringhash(x, algo, key)`: OpenSSL error: 0020810AF72E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (MD4 : 71), Properties (<null>)
Backtrace:
x
1. \-openssl::md4(c("foo", "bar"), "baz") at test_salting.R:10:2
2. \-openssl:::rawstringhash(x, "md4", key)
3. \-openssl:::stringhash(x, algo, key)
[ FAIL 8 | WARN 0 | SKIP 2 | PASS 528 ]
Error: Test failures
Execution haltedCould you check if missing legacy algos still aplies? Thanks
nunotexbsd
commented
9 months ago @jeroen
2.1.1 tests ok on both openssl 1 and 3. Several bug fixes on FreeBSD openssl3 from base have been fixed and it could be a reason test succeed.
Thanks
FreeBSD 14 CURRENT amd64 /R-4.3.1 FreeBSD R-cran-openssl: