Error decrypting signature: unexpected decrypted size 512 (expected 256)

[mmokrejs]

Hi Davide, would you please have a look into the testing suite and see why it fails?

make -j1   test
./test-crypto test/sig_data.bin test/dec_data.bin test/ca_list.pem \
    test/cert3.pem test/cert2.pem test/cert1.pem 
Error decrypting signature: unexpected decrypted size 512 (expected 256)
Makefile:117: recipe for target 'test' failed
make: *** [test] Error 1
 * ERROR: net-misc/vpnc-0.5.3_p550::gentoo failed (test phase):
 *   Make test failed. See above for details.

https://vpnc-devel.unix-ag.uni-kl.narkive.com/qR70FPOS/test-failure-error-decrypting-signature-unexpected-decrypted-size-512-expected-256 https://bugs.gentoo.org/show_bug.cgi?id=541982

[streambinder]

Can you please try now? I don't seem to be able to reproduce the issue.

➜  vpnc git:(master) make -j1 test     
[...]
./src/makeman.pl
./bin/test-crypto test/sig_data.bin test/dec_data.bin test/ca_list.pem \
    test/cert3.pem test/cert2.pem test/cert1.pem test/cert0.pem
Success
➜  vpnc git:(master)

[mmokrejs]

Weird, I cannot reproduce it with 'git master' but it still happens with vpnc-0.5.3_p550.

[mmokrejs]

So current git master works in these two cases:

1a. -DCRYPTO_GNUTLS ... -lgcrypt -lgpg-error -lgnutls

$ ldd bin/test-crypto 
    linux-vdso.so.1 (0x00007ffe3398a000)
    libgcrypt.so.20 => /usr/lib64/libgcrypt.so.20 (0x00007f23a77f7000)
    libgpg-error.so.0 => /usr/lib64/libgpg-error.so.0 (0x00007f23a75d7000)
    libgnutls.so.30 => /usr/lib64/libgnutls.so.30 (0x00007f23a7229000)
    libc.so.6 => /lib64/libc.so.6 (0x00007f23a6e58000)
    libp11-kit.so.0 => /usr/lib64/libp11-kit.so.0 (0x00007f23a6b3b000)
    libtasn1.so.6 => /usr/lib64/libtasn1.so.6 (0x00007f23a6928000)
    libnettle.so.6 => /usr/lib64/libnettle.so.6 (0x00007f23a66ef000)
    libhogweed.so.4 => /usr/lib64/libhogweed.so.4 (0x00007f23a64b7000)
    libgmp.so.10 => /usr/lib64/libgmp.so.10 (0x00007f23a6234000)
    libidn2.so.4 => /usr/lib64/libidn2.so.4 (0x00007f23a6017000)
    libunistring.so.2 => /usr/lib64/libunistring.so.2 (0x00007f23a5c92000)
    libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f23a5a71000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f23a7d21000)
    libffi.so.7 => /usr/lib64/libffi.so.7 (0x00007f23a5867000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007f23a5663000)

2a. -DOPENSSL_GPL_VIOLATION -DCRYPTO_OPENSSL ... -lgcrypt -lgpg-error -lcrypto

$ ldd bin/test-crypto 
    linux-vdso.so.1 (0x00007ffd726ff000)
    libgcrypt.so.20 => /usr/lib64/libgcrypt.so.20 (0x00007fcfdf677000)
    libgpg-error.so.0 => /usr/lib64/libgpg-error.so.0 (0x00007fcfdf457000)
    libcrypto.so.1.0.0 => /usr/lib64/libcrypto.so.1.0.0 (0x00007fcfdf016000)
    libc.so.6 => /lib64/libc.so.6 (0x00007fcfdec45000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007fcfdea41000)
    libz.so.1 => /lib64/libz.so.1 (0x00007fcfde829000)
    /lib64/ld-linux-x86-64.so.2 (0x00007fcfdfba0000)

The Gentoo build system ends up with failing tests in both cases (with the vpnc-0.5.3_p550, though):

1b. -DCRYPTO_GNUTLS ... -lgcrypt -lgpg-error -lgnutls

...
x86_64-pc-linux-gnu-gcc -Wl,-O1 -Wl,--as-needed -o test-crypto sysdep.o test-crypto.o crypto.o crypto-gnutls.o -lgcrypt -lgpg-error -lgnutls
...
>>> Test phase: net-vpn/vpnc-0.5.3_p550
make -j2   test
./test-crypto test/sig_data.bin test/dec_data.bin test/ca_list.pem \
    test/cert3.pem test/cert2.pem test/cert1.pem 
Error decrypting signature: unexpected decrypted size 512 (expected 256)
make: *** [Makefile:117: test] Error 1
...
# ldd /scratch/var/tmp/portage/net-vpn/vpnc-0.5.3_p550/work/vpnc-0.5.3_p550/test-crypto
    linux-vdso.so.1 (0x00007ffdba3e3000)
    libgcrypt.so.20 => /usr/lib64/libgcrypt.so.20 (0x00007fe544503000)
    libgnutls.so.30 => /usr/lib64/libgnutls.so.30 (0x00007fe544155000)
    libc.so.6 => /lib64/libc.so.6 (0x00007fe543d84000)
    libgpg-error.so.0 => /usr/lib64/libgpg-error.so.0 (0x00007fe543b64000)
    libp11-kit.so.0 => /usr/lib64/libp11-kit.so.0 (0x00007fe543847000)
    libtasn1.so.6 => /usr/lib64/libtasn1.so.6 (0x00007fe543634000)
    libnettle.so.6 => /usr/lib64/libnettle.so.6 (0x00007fe5433fb000)
    libhogweed.so.4 => /usr/lib64/libhogweed.so.4 (0x00007fe5431c3000)
    libgmp.so.10 => /usr/lib64/libgmp.so.10 (0x00007fe542f40000)
    libidn2.so.4 => /usr/lib64/libidn2.so.4 (0x00007fe542d23000)
    libunistring.so.2 => /usr/lib64/libunistring.so.2 (0x00007fe54299e000)
    libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fe54277d000)
    /lib64/ld-linux-x86-64.so.2 (0x00007fe544a2c000)
    libffi.so.7 => /usr/lib64/libffi.so.7 (0x00007fe542573000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007fe54236f000)

build.log.gnutls.txt

2b. -DOPENSSL_GPL_VIOLATION -DCRYPTO_OPENSSL ... -lgcrypt -lgpg-error -lcrypto

...
x86_64-pc-linux-gnu-gcc -Wl,-O1 -Wl,--as-needed -o test-crypto sysdep.o test-crypto.o crypto.o crypto-openssl.o -lgcrypt -lgpg-error -lcrypto
...
>>> Test phase: net-vpn/vpnc-0.5.3_p550
make -j2   test
./test-crypto test/sig_data.bin test/dec_data.bin test/ca_list.pem \
    test/cert3.pem test/cert2.pem test/cert1.pem 
Error verifying chain: error verifying the certificate chain
make: *** [Makefile:117: test] Error 2
...
# ldd /scratch/var/tmp/portage/net-vpn/vpnc-0.5.3_p550/work/vpnc-0.5.3_p550/test-crypto
    linux-vdso.so.1 (0x00007ffda13a1000)
    libcrypto.so.1.0.0 => /usr/lib64/libcrypto.so.1.0.0 (0x00007fbc60e37000)
    libc.so.6 => /lib64/libc.so.6 (0x00007fbc60a66000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007fbc60862000)
    libz.so.1 => /lib64/libz.so.1 (0x00007fbc6064a000)
    /lib64/ld-linux-x86-64.so.2 (0x00007fbc6147d000)

build.log.openssl.txt

I would say in the 2b case it is failing (with a different error message) because gcrypt and gpg-error were not linked in due to --as-needed. But that not explain the 1b case having a failing test in a different way.

[streambinder]

Weird, I cannot reproduce it with git master but it still happens with vpnc-0.5.3_p550.

What do you mean? How are you testing if not on master branch?

[streambinder]

Closing due to inactivity.