Closed nunotexbsd closed 11 months ago
This is not caused by openssl 3.0.9 which works fine on Debian and Fedora , but more likely your distro disables the "legacy" algorithms such as md4. Usually this happens when FIPS is enabled, but that does not seem to be the case for you?
We do try to load legacy algorithms by default if possible:
https://github.com/jeroen/openssl/blob/92cf8245a1c25139de6ef547d849997415067e1f/src/onload.c#L27-L30
Perhaps related:
@jeroen
openssl version is: OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023)
and no reference to legacy algos or FIPS.
We do try to load legacy algorithms by default if possible
If legacy algos are not present, can program use newer/available algos?
This looks like a bug in freebsd: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272281 It will probably disappear when FreeBSD fixes their openssl build.
@jeroen
openssl legacy algos seems to be fixed:
Providers:
legacy
name: OpenSSL Legacy Provider
version: 3.0.10
status: active
Full logs at https://people.freebsd.org/~eduardo/logs/openssl.Rcheck/
From https://people.freebsd.org/~eduardo/logs/openssl.Rcheck/tests/testthat.Rout.fail
== Failed tests ================================================================
-- Error ('test_hash_output_length.R:8:3'): MD4 outputs a 32-character hash ----
Error in `stringhash(x, algo, key)`: OpenSSL error: 0020810AF72E0000:error:03000086:digital envelope routines:evp_md_init_internal:initialization error:/usr/src/crypto/openssl/crypto/evp/digest.c:254:
al default library context, Algorithm (MD4 : 71), Properties ()
Backtrace:
x
1. +-testthat::expect_that(nchar(md4(text)), equals(32)) at test_hash_output_length.R:8:2
2. | \-testthat (local) condition(object)
3. | \-testthat::expect_equal(x, expected, ..., expected.label = label)
4. | \-testthat::quasi_label(enquo(object), label, arg = "object")
5. | \-rlang::eval_bare(expr, quo_get_env(quo))
6. +-base::nchar(md4(text))
7. \-openssl::md4(text)
8. \-openssl:::rawstringhash(x, "md4", key)
9. \-openssl:::stringhash(x, algo, key)
-- Error ('test_hash_output_value.R:10:3'): Hash functions match openssl command line tool --
Error in `stringhash(x, algo, key)`: OpenSSL error: 0020810AF72E0000:error:03000086:digital envelope routines:evp_md_init_internal:initialization error:/usr/src/crypto/openssl/crypto/evp/digest.c:254:
al default library context, Algorithm (MD4 : 71), Properties ()
Backtrace:
x
1. +-testthat::expect_that(unclass(md4("foo")), equals("0ac6700c491d70fb8650940b1ca1e4b2")) at test_hash_output_value.R:10:2
2. | \-testthat (local) condition(object)
3. | \-testthat::expect_equal(x, expected, ..., expected.label = label)
4. | \-testthat::quasi_label(enquo(object), label, arg = "object")
5. | \-rlang::eval_bare(expr, quo_get_env(quo))
6. \-openssl::md4("foo")
7. \-openssl:::rawstringhash(x, "md4", key)
8. \-openssl:::stringhash(x, algo, key)
-- Error ('test_hash_output_value.R:22:3'): HMAC functions match openssl command line tool --
Error in `stringhash(x, algo, key)`: OpenSSL error: 0020810AF72E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (MD4 : 71), Properties (<null>)
Backtrace:
x
1. +-testthat::expect_that(unclass(md4("foo", key = "secret")), equals("93e81ded7aec4ec0d73a97bb4792742a")) at test_hash_output_value.R:22:2
2. | \-testthat (local) condition(object)
3. | \-testthat::expect_equal(x, expected, ..., expected.label = label)
4. | \-testthat::quasi_label(enquo(object), label, arg = "object")
5. | \-rlang::eval_bare(expr, quo_get_env(quo))
6. \-openssl::md4("foo", key = "secret")
7. \-openssl:::rawstringhash(x, "md4", key)
8. \-openssl:::stringhash(x, algo, key)
-- Error ('test_pkcs.R:5:3'): reading p12 certificates -------------------------
Error in `parse_pkcs12(buf, password)`: OpenSSL error: 0020810AF72E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
Backtrace:
x
1. \-openssl::read_p12("../google.dk/wildcard-google.dk-chain.p12") at test_pkcs.R:5:2
2. \-openssl:::parse_pkcs12(buf, password)
-- Error ('test_pkcs.R:22:3'): reading p12 keys --------------------------------
Error in `parse_pkcs12(buf, password)`: OpenSSL error: 0020810AF72E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
Backtrace:
x
1. \-openssl::read_p12("../certigo/example-root.p12", password = "password") at test_pkcs.R:22:2
2. \-openssl:::parse_pkcs12(buf, password)
-- Error ('test_pkcs.R:53:5'): roundtrip p12 key and cert ----------------------
Error in `parse_pkcs12(buf, password)`: OpenSSL error: 0020810AF72E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
Backtrace:
x
1. \-openssl::read_p12("../certigo/example-elliptic-sha1.p12", password = "password") at test_pkcs.R:53:4
2. \-openssl:::parse_pkcs12(buf, password)
-- Error ('test_salting.R:5:3'): MD4 salts single values -----------------------
Error in `stringhash(x, algo, key)`: OpenSSL error: 0020810AF72E0000:error:03000086:digital envelope routines:evp_md_init_internal:initialization error:/usr/src/crypto/openssl/crypto/evp/digest.c:254:
al default library context, Algorithm (MD4 : 71), Properties ()
Backtrace:
x
1. +-testthat::expect_false(md4("foo") == md4("foo", "bar")) at test_salting.R:5:2
2. | \-testthat::quasi_label(enquo(object), label, arg = "object")
3. | \-rlang::eval_bare(expr, quo_get_env(quo))
4. \-openssl::md4("foo")
5. \-openssl:::rawstringhash(x, "md4", key)
6. \-openssl:::stringhash(x, algo, key)
-- Error ('test_salting.R:10:3'): MD4 salts multiple values --------------------
Error in `stringhash(x, algo, key)`: OpenSSL error: 0020810AF72E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:/usr/src/crypto/openssl/crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (MD4 : 71), Properties (<null>)
Backtrace:
x
1. \-openssl::md4(c("foo", "bar"), "baz") at test_salting.R:10:2
2. \-openssl:::rawstringhash(x, "md4", key)
3. \-openssl:::stringhash(x, algo, key)
[ FAIL 8 | WARN 0 | SKIP 2 | PASS 528 ]
Error: Test failures
Execution halted
Could you check if missing legacy algos still aplies? Thanks
@jeroen
2.1.1 tests ok on both openssl 1 and 3. Several bug fixes on FreeBSD openssl3 from base have been fixed and it could be a reason test succeed.
Thanks
FreeBSD 14 CURRENT amd64 /R-4.3.1 FreeBSD R-cran-openssl: