[R-pkg-team] Bug#1007172: r-cran-pki incompatible with OpenSSL 3

Steve Langasek steve.langasek at canonical.com
Sat Mar 12 18:37:24 GMT 2022 

Package: r-cran-pki
Version: 0.1-9-1
Severity: serious
Tags: patch experimental
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu jammy ubuntu-patch

Hi Andreas,

r-cran-pki is incompatible with OpenSSL 3, which is currently in
experimental.  This shows up as an autopkgtest failure:

[...]
>  -- Ciphers
info("Ciphers")
> skey <- PKI.random(256)
> for (cipher in c("aes256ecb", "aes256ofb", "bfcbc", "bfecb", "bfofb", "bfcfb"))
+     assert(cipher, all(PKI.decrypt(PKI.encrypt(charToRaw("foo!"), skey, cipher), skey, cipher)[1:4] == charToRaw("foo!")))
   .  aes256ecb 
   .  aes256ofb 
   .  bfcbc 
Error in PKI.encrypt(charToRaw("foo!"), skey, cipher) : 
  error:0308010C:digital envelope routines::unsupported
Calls: assert -> stopifnot -> PKI.decrypt -> PKI.encrypt
Execution halted
autopkgtest [09:48:31]: test run-unit-test: -----------------------]
[...]

  (https://autopkgtest.ubuntu.com/results/autopkgtest-jammy/jammy/amd64/r/r-cran-pki/20220223_094913_a5969@/log.gz)

The issue is that r-cran-pki exposes use of various older, insecure
algorithms which are no longer available in the default crypto provider in
openssl, so additional steps are required in the code in order to enable use
of these algorithms.

I've prepared the attached patch which fixes the issue, and have uploaded it
to Ubuntu, since we are shipping OpenSSL 3 for the upcoming release.  Please
consider including it in Debian as well (and forwarding upstream).

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                   https://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
diff -Nru r-cran-pki-0.1-9/debian/patches/openssl3-compat.patch r-cran-pki-0.1-9/debian/patches/openssl3-compat.patch
--- r-cran-pki-0.1-9/debian/patches/openssl3-compat.patch	1969-12-31 16:00:00.000000000 -0800
+++ r-cran-pki-0.1-9/debian/patches/openssl3-compat.patch	2022-03-12 00:09:19.000000000 -0800
@@ -0,0 +1,85 @@
+Description: Fix compatibility with OpenSSL 3
+ Some algorithms exposed by PKI are now 'legacy' in OpenSSL and require
+ explicit enablement.
+Author: Steve Langasek <steve.langasek at ubuntu.com>
+Last-Update: 2022-03-12
+Forwarded: no
+
+Index: r-cran-pki-0.1-9/src/pki.h
+===================================================================
+--- r-cran-pki-0.1-9.orig/src/pki.h
++++ r-cran-pki-0.1-9/src/pki.h
+@@ -20,6 +20,10 @@
+ #include <openssl/x509_vfy.h>
+ #include <openssl/x509v3.h>
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++#include <openssl/provider.h>
++#endif
++
+ #if __APPLE__
+ #if defined MAC_OS_X_VERSION_10_7 && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070
+ /* use accelerated crypto on OS X instead of OpenSSL crypto */
+Index: r-cran-pki-0.1-9/src/pki-x509.c
+===================================================================
+--- r-cran-pki-0.1-9.orig/src/pki-x509.c
++++ r-cran-pki-0.1-9/src/pki-x509.c
+@@ -225,6 +225,28 @@
+ static EVP_CIPHER_CTX *get_cipher(SEXP sKey, SEXP sCipher, int enc, int *transient, SEXP sIV) {
+     EVP_CIPHER_CTX *ctx;
+     PKI_init();
++
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++    static OSSL_PROVIDER *legacy_provider = NULL;
++    static OSSL_PROVIDER *default_provider = NULL;
++    static OSSL_LIB_CTX *ossl_ctx = NULL;
++
++    if (!ossl_ctx)
++	ossl_ctx = OSSL_LIB_CTX_new();
++    if (!ossl_ctx)
++	Rf_error("OSSL_LIB_CTX_new failed\n");
++
++    if (!legacy_provider)
++	legacy_provider = OSSL_PROVIDER_load(ossl_ctx, "legacy");
++    if (!legacy_provider)
++	Rf_error("OSSL_PROVIDER_load(legacy) failed\n");
++
++    if (!default_provider)
++	default_provider = OSSL_PROVIDER_load(ossl_ctx, "default");
++    if (!default_provider)
++	Rf_error("OSSL_PROVIDER_load(default) failed\n");
++#endif
++
+     if (inherits(sKey, "symmeric.cipher")) {
+ 	if (transient) transient[0] = 0;
+ 	return (EVP_CIPHER_CTX*) R_ExternalPtrAddr(sCipher);
+@@ -265,13 +287,29 @@
+ 	else if (!strcmp(cipher, "aes256ofb"))
+ 	    type = EVP_aes_256_ofb();
+ 	else if (!strcmp(cipher, "blowfish") || !strcmp(cipher, "bfcbc"))
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++	    type = EVP_CIPHER_fetch(ossl_ctx, "BF-CBC", NULL);
++#else
+ 	    type = EVP_bf_cbc();
++#endif
+ 	else if (!strcmp(cipher, "bfecb"))
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++	    type = EVP_CIPHER_fetch(ossl_ctx, "BF-ECB", NULL);
++#else
+ 	    type = EVP_bf_ecb();
++#endif
+ 	else if (!strcmp(cipher, "bfofb"))
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++	    type = EVP_CIPHER_fetch(ossl_ctx, "BF-OFB", NULL);
++#else
+ 	    type = EVP_bf_ofb();
++#endif
+ 	else if (!strcmp(cipher, "bfcfb"))
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++	    type = EVP_CIPHER_fetch(ossl_ctx, "BF-CFB", NULL);
++#else
+ 	    type = EVP_bf_cfb();
++#endif
+ 	else Rf_error("unknown cipher `%s'", CHAR(STRING_ELT(sCipher, 0)));
+ 
+ 	if (TYPEOF(sIV) == STRSXP) {
diff -Nru r-cran-pki-0.1-9/debian/patches/series r-cran-pki-0.1-9/debian/patches/series
--- r-cran-pki-0.1-9/debian/patches/series	1969-12-31 16:00:00.000000000 -0800
+++ r-cran-pki-0.1-9/debian/patches/series	2022-03-12 00:09:19.000000000 -0800
@@ -0,0 +1 @@
+openssl3-compat.patch

More information about the R-pkg-team mailing list