SHA1 signatures are being disabled in Fedora 41

[QuLogic]

As of Fedora 41, the SHA1 signatures are going to be treated as invalid due to https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer

This causes 5 tests to fail:

── Error ('test_keys_dsa.R:56:3'): signatures ──────────────────────────────────
Error in `hash_verify(md, sig, pk)`: OpenSSL error: 00929525C87F0000:error:03000098:digital envelope routines:evp_pkey_ctx_set_md:invalid digest:crypto/evp/pmeth_lib.c:966:

Backtrace:
    ▆
 1. ├─testthat::expect_true(signature_verify(msg, sig, sha1, pk1)) at test_keys_dsa.R:56:3
 2. │ └─testthat::quasi_label(enquo(object), label, arg = "object")
 3. │   └─rlang::eval_bare(expr, quo_get_env(quo))
 4. └─openssl::signature_verify(msg, sig, sha1, pk1)
 5.   └─openssl:::hash_verify(md, sig, pk)
── Error ('test_keys_ecdsa.R:58:3'): signatures ────────────────────────────────
Error in `hash_verify(md, sig, pk)`: OpenSSL error: 00929525C87F0000:error:03000098:digital envelope routines:evp_pkey_ctx_set_md:invalid digest:crypto/evp/pmeth_lib.c:966:

Backtrace:
    ▆
 1. ├─testthat::expect_true(signature_verify(msg, sig, sha1, pk1)) at test_keys_ecdsa.R:58:3
 2. │ └─testthat::quasi_label(enquo(object), label, arg = "object")
 3. │   └─rlang::eval_bare(expr, quo_get_env(quo))
 4. └─openssl::signature_verify(msg, sig, sha1, pk1)
 5.   └─openssl:::hash_verify(md, sig, pk)
── Error ('test_keys_ecdsa384.R:53:3'): signatures ─────────────────────────────
Error in `hash_verify(md, sig, pk)`: OpenSSL error: 00929525C87F0000:error:03000098:digital envelope routines:evp_pkey_ctx_set_md:invalid digest:crypto/evp/pmeth_lib.c:966:

Backtrace:
    ▆
 1. ├─testthat::expect_true(signature_verify(msg, sig, sha1, pk1)) at test_keys_ecdsa384.R:53:3
 2. │ └─testthat::quasi_label(enquo(object), label, arg = "object")
 3. │   └─rlang::eval_bare(expr, quo_get_env(quo))
 4. └─openssl::signature_verify(msg, sig, sha1, pk1)
 5.   └─openssl:::hash_verify(md, sig, pk)
── Error ('test_keys_ecdsa521.R:53:3'): signatures ─────────────────────────────
Error in `hash_verify(md, sig, pk)`: OpenSSL error: 00929525C87F0000:error:03000098:digital envelope routines:evp_pkey_ctx_set_md:invalid digest:crypto/evp/pmeth_lib.c:966:

Backtrace:
    ▆
 1. ├─testthat::expect_true(signature_verify(msg, sig, sha1, pk1)) at test_keys_ecdsa521.R:53:3
 2. │ └─testthat::quasi_label(enquo(object), label, arg = "object")
 3. │   └─rlang::eval_bare(expr, quo_get_env(quo))
 4. └─openssl::signature_verify(msg, sig, sha1, pk1)
 5.   └─openssl:::hash_verify(md, sig, pk)
── Error ('test_keys_rsa.R:57:3'): signatures ──────────────────────────────────
Error in `hash_sign(md, sk)`: OpenSSL error: 00929525C87F0000:error:03000098:digital envelope routines:evp_pkey_ctx_set_md:invalid digest:crypto/evp/pmeth_lib.c:966:

Backtrace:
    ▆
 1. ├─testthat::expect_equal(signature_create(msg, sha1, sk1), sig) at test_keys_rsa.R:57:3
 2. │ └─testthat::quasi_label(enquo(object), label, arg = "object")
 3. │   └─rlang::eval_bare(expr, quo_get_env(quo))
 4. └─openssl::signature_create(msg, sha1, sk1)
 5.   └─openssl:::hash_sign(md, sk)

At the moment, I am following this guidance to temporarily enable SHA1 signatures during package builds. However, this workaround may go away at any point in the future.

It would be nice if the tests that used SHA1 signatures were made independent and marked somehow so that they could be skipped.

[jeroen]

So is this not part of the the FIPS restrictions but something Fedora has patched? We typically use skip_if(fips_mode()) on a tests to skip legacy algorithms.

If this is really a fedora feature, I guess we'll need to use skip_if(grepl("Fedora", osVersion)) or maybe skip_if(grepl("redhat", R.version$platform))

[jeroen]

@QuLogic could confirm if the problems are fixed on the master branch?

[QuLogic]

So is this not part of the the FIPS restrictions but something Fedora has patched? We typically use skip_if(fips_mode()) on a tests to skip legacy algorithms.

I don't believe it has to do with FIPS, just a change in Fedora. But also note that the change page says that RHEL9 has disabled SHA1 signatures for 2 years already.

@QuLogic could confirm if the problems are fixed on the master branch?

Yes, it all works; thanks for also fixing the engine.h header problem that I didn't get around to reporting.

[jeroen]

OK I have released a new version to CRAN now.