Project

General

Profile

Actions

Bug #6089

closed

Bug #6036: Test failures in Fedora Rawhide/17

Test suite fails with OpenSSL 1.0.1

Added by vo.x (Vit Ondruch) over 12 years ago. Updated over 12 years ago.

Status:
Closed
Target version:
-
ruby -v:
ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-linux]
Backport:
[ruby-core:42949]

Description

It seems that the patch [1] changes the behavior of openssl and makes the test_x509cert.rb fail:

  1. Failure:
    test_dsig_algorithm_mismatch(OpenSSL::TestX509Certificate) [test/openssl/test_x509cert.rb:175]:
    OpenSSL::X509::CertificateError expected but nothing was raised.

I also notified Fedora's openssl maintainer about these issues [2].

[1] http://cvs.openssl.org/filediff?f=openssl/crypto/asn1/a_sign.c&v1=1.21.4.1&v2=1.21.4.2
[2] https://bugzilla.redhat.com/show_bug.cgi?id=797217

Updated by MartinBosslet (Martin Bosslet) over 12 years ago

Thanks for reporting this. I guess we shouldn't
take any actions until 1.0.1 gets officially
released.

If it should continue to break things then, we'll
have to find a way working around it. In the
meantime, I could try to find out what the change
on OpenSSL's part is supposed to do and why it
alters behavior.

Do you already know more about the intention
of this change?

Updated by MartinBosslet (Martin Bosslet) over 12 years ago

  • Status changed from Open to Assigned

Updated by vo.x (Vit Ondruch) over 12 years ago

I don't know yet why it was changed. However, it already breaks Ruby on Fedora 17/Rawhide, so for me, it is quite high priority to solve it.

Updated by MartinBosslet (Martin Bosslet) over 12 years ago

Vit Ondruch wrote:

However, it already breaks Ruby on Fedora 17/Rawhide, so for me, it is quite high priority to solve it.

Sure, I'll try to find out how it can be circumvented. Did you try to contact OpenSSL about this? I
haven't looked into it in detail yet, so I can't tell whether it's a bug or not - just saying that if
it is, they'd probably want to know about it before releasing 1.0.1 :)

Updated by vo.x (Vit Ondruch) over 12 years ago

I contacted openssl's Fedora maintainer, but since he was on holidays last week, I expect some explanation tomorrow.

Updated by MartinBosslet (Martin Bosslet) over 12 years ago

Vit Ondruch wrote:

I contacted openssl's Fedora maintainer, but since he was on holidays last week, I expect some explanation tomorrow.

Great, please let me know if you find out something!

Updated by vo.x (Vit Ondruch) over 12 years ago

Unfortunately, I didn't get very helpful response :/

Tomas Mraz 2012-02-29 11:03:26 CET

The change adds support for new types of signatures - namely PSS signatures.
I suppose in the first case the DSS1 signature is handled as SHA1 signature.
I'd probably simply skip this test.

Actions #8

Updated by Anonymous over 12 years ago

Hi Martin,
so OpenSSL v 1.0.1 is now public [1] and the problem seems to stay. I myself am not SSL expert, but why exactly should signing DSS1 with RSA2048 be a mismatch? I think that it's actually the right behaviour that it doesn't.

[1] http://www.openssl.org//source/openssl-1.0.1.tar.gz

Updated by Anonymous over 12 years ago

Also, this new OpenSSL is breaking the drb test suite:
$ make test-all TESTS="test/drb/test_drbssl.rb"
/builddir/build/BUILD/ruby-1.9.3-p125/lib/drb/ssl.rb:185: warning: SSL_accept returned=1 errno=0 state=SSLv3 write key exchange A: EVP lib (OpenSSL::SSL::SSLError)

(I previously set config[:verbose] = true in ut_array_drbssl.rb, to see this message.)

Updated by MartinBosslet (Martin Bosslet) over 12 years ago

Hi Martin,
so OpenSSL v 1.0.1 is now public [1] and the problem seems to stay. I myself am not SSL expert, but why exactly should signing DSS1 with RSA2048 be a mismatch? I think that it's actually the right behaviour that it doesn't.

[1] http://www.openssl.org//source/openssl-1.0.1.tar.gz

Hi Bohuslav, hi Vit,

thanks for the info. OK, if the problem remains, I'll look into it now that 1.0.1 is released. The problem with DSS1 and RSA is probably that DSS1 was defined in combination with DSA signatures. So the notion of DSS1 formally only makes sense in combination with DSA.

It's really confusing, since DSS1 is actually the exact same algorithm as SHA-1. But it could be that behavior of accepting/rejecting it in places where SHA-1 would be expected normally (such as RSA signatures) has changed now. I'll investigate.

Updated by MartinBosslet (Martin Bosslet) over 12 years ago

bkabrda (Bohuslav Kabrda) wrote:

Hi Martin,
so OpenSSL v 1.0.1 is now public [1] and the problem seems to stay. I myself am not SSL expert, but why exactly should signing DSS1 with RSA2048 be a mismatch? I think that it's actually the right behaviour that it doesn't.

Sorry, I didn't respond clearly to your question. The only reason why DSS1 is not a match with RSA is that OpenSSL aliased SHA-1 as DSS1 and initially only allowed DSS1 to be used within contexts of DSA signatures. The DSA standard seems to state something along those lines, although DSS1 is really exactly the same thing. So in a way, yes, we were asserting quirky behavior of OpenSSL with those tests rather than asserting "bare truths" :)

@Vit: To fix this quickly, I will only enable those tests for OpenSSL versions strictly smaller than 1.0.1.

@Bohuslav: As for drb, Masatoshi Seki is the maintainer, could you please open a separate ticket and assign it to him, while probably referencing this one?

Actions #12

Updated by Anonymous over 12 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r35162.
Vit, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • test/openssl/test_x509cert.rb: Exclude test that fails when issuing
    a certificate with RSA signature and DSS1 digest for earlier
    OpenSSL versions when used in conjunction with OpenSSL 1.0.1.
    Thanks, Vit Ondruch, for reporting the issue.
    [ruby-core:42949][Bug #6089]

Updated by Anonymous over 12 years ago

MartinBosslet (Martin Bosslet) wrote:

bkabrda (Bohuslav Kabrda) wrote:

Hi Martin,
so OpenSSL v 1.0.1 is now public [1] and the problem seems to stay. I myself am not SSL expert, but why exactly should signing DSS1 with RSA2048 be a mismatch? I think that it's actually the right behaviour that it doesn't.

Sorry, I didn't respond clearly to your question. The only reason why DSS1 is not a match with RSA is that OpenSSL aliased SHA-1 as DSS1 and initially only allowed DSS1 to be used within contexts of DSA signatures. The DSA standard seems to state something along those lines, although DSS1 is really exactly the same thing. So in a way, yes, we were asserting quirky behavior of OpenSSL with those tests rather than asserting "bare truths" :)

@Vit: To fix this quickly, I will only enable those tests for OpenSSL versions strictly smaller than 1.0.1.

@Bohuslav: As for drb, Masatoshi Seki is the maintainer, could you please open a separate ticket and assign it to him, while probably referencing this one?

David, thank you very much. I opened the issue for drb: https://bugs.ruby-lang.org/issues/6221.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0