Skip to content

Instantly share code, notes, and snippets.

@jackorp

jackorp/openssl_sha1_failures.txt

Created April 19, 2022 13:42
Show Gist options
  • Save jackorp/bb6e3ff2cfd339f2f65afcdc5c9e4070 to your computer and use it in GitHub Desktop.
Save jackorp/bb6e3ff2cfd339f2f65afcdc5c9e4070 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
openssl_sha1_failures.txt
/usr/bin/gmake install target_prefix=
/usr/bin/install -c -m 0755 openssl.so /opt/src/lib
/usr/bin/ruby -I./lib -ropenssl -ve'puts OpenSSL::OPENSSL_VERSION, OpenSSL::OPENSSL_LIBRARY_VERSION'
cp tmp/x86_64-linux/openssl/3.0.3/openssl.so tmp/x86_64-linux/stage/lib/openssl.so
ruby 3.0.3p157 (2021-11-24 revision 3fb7d2cadc) [x86_64-linux]
OpenSSL 3.0.1 14 Dec 2021
OpenSSL 3.0.1 14 Dec 2021
Loaded suite /usr/share/gems/gems/rake-13.0.6/lib/rake/rake_test_loader
Started
.............E
===============================================================================
Error: test_sign_verify(OpenSSL::TestEC): OpenSSL::PKey::PKeyError: EVP_DigestSignInit: invalid digest
/opt/src/test/openssl/test_pkey_ec.rb:101:in `sign'
/opt/src/test/openssl/test_pkey_ec.rb:101:in `test_sign_verify'
98: def test_sign_verify
99: p256 = Fixtures.pkey("p256")
100: data = "Sign me!"
=> 101: signature = p256.sign("SHA1", data)
102: assert_equal true, p256.verify("SHA1", signature, data)
103:
104: signature0 = (<<~'end;').unpack("m")[0]
===============================================================================
..........................E
===============================================================================
Error: test_sign_verify(OpenSSL::TestPKeyDSA): OpenSSL::PKey::PKeyError: EVP_DigestSignInit: invalid digest
/opt/src/test/openssl/test_pkey_dsa.rb:39:in `sign'
/opt/src/test/openssl/test_pkey_dsa.rb:39:in `test_sign_verify'
36: assert_equal true, dsa512.verify(OpenSSL::Digest.new('DSS1'), signature, data)
37: end
38:
=> 39: signature = dsa512.sign("SHA1", data)
40: assert_equal true, dsa512.verify("SHA1", signature, data)
41:
42: signature0 = (<<~'end;').unpack("m")[0]
===============================================================================
.................E
===============================================================================
Error: test_sign_verify(OpenSSL::TestPKeyRSA): OpenSSL::PKey::PKeyError: EVP_DigestSignInit: invalid digest
/opt/src/test/openssl/test_pkey_rsa.rb:83:in `sign'
/opt/src/test/openssl/test_pkey_rsa.rb:83:in `test_sign_verify'
80: def test_sign_verify
81: rsa1024 = Fixtures.pkey("rsa1024")
82: data = "Sign me!"
=> 83: signature = rsa1024.sign("SHA1", data)
84: assert_equal true, rsa1024.verify("SHA1", signature, data)
85:
86: signature0 = (<<~'end;').unpack("m")[0]
===============================================================================
..E
===============================================================================
Error: test_sign_verify_raw(OpenSSL::TestPKeyRSA): OpenSSL::PKey::PKeyError: EVP_PKEY_CTX_set_signature_md: invalid digest
/opt/src/test/openssl/test_pkey_rsa.rb:117:in `sign_raw'
/opt/src/test/openssl/test_pkey_rsa.rb:117:in `test_sign_verify_raw'
114: key = Fixtures.pkey("rsa-1")
115: data = "Sign me!"
116: hash = OpenSSL::Digest.digest("SHA1", data)
=> 117: signature = key.sign_raw("SHA1", hash)
118: assert_equal true, key.verify_raw("SHA1", signature, hash)
119: assert_equal true, key.verify("SHA1", signature, data)
120:
===============================================================================
...............................................................................
.................E
===============================================================================
Error: test_decode_x509_certificate(OpenSSL::TestASN1): OpenSSL::X509::CertificateError: invalid digest
/opt/src/test/openssl/utils.rb:88:in `sign'
/opt/src/test/openssl/utils.rb:88:in `issue_cert'
/opt/src/test/openssl/test_asn1.rb:18:in `test_decode_x509_certificate'
15: ["subjectKeyIdentifier","hash",false],
16: ]
17: dgst = OpenSSL::Digest.new('SHA1')
=> 18: cert = OpenSSL::TestUtils.issue_cert(
19: subj, key, s, exts, nil, nil, digest: dgst, not_before: now, not_after: now+3600)
20:
21:
===============================================================================
...............................................................................
...............................................P
===============================================================================
Pending: test_dup(OpenSSL::TestHMAC): HMAC#initialize_copy is currently broken on OpenSSL 3.0.0
/opt/src/test/openssl/test_hmac.rb:24:in `test_dup'
21: end
22:
23: def test_dup
=> 24: pend "HMAC#initialize_copy is currently broken on OpenSSL 3.0.0" if openssl?(3, 0, 0)
25: h1 = OpenSSL::HMAC.new("KEY", "MD5")
26: h1.update("DATA")
27: h = h1.dup
===============================================================================
................E
===============================================================================
Error: test_build_data(OpenSSL::TestNSSPI): OpenSSL::Netscape::SPKIError: invalid digest
/opt/src/test/openssl/test_ns_spki.rb:25:in `sign'
/opt/src/test/openssl/test_ns_spki.rb:25:in `test_build_data'
22: spki = OpenSSL::Netscape::SPKI.new
23: spki.challenge = "RandomString"
24: spki.public_key = key1.public_key
=> 25: spki.sign(key1, OpenSSL::Digest.new('SHA1'))
26: assert(spki.verify(spki.public_key))
27: assert(spki.verify(key1.public_key))
28: assert(!spki.verify(key2.public_key))
===============================================================================
...............................................................................
.....................................................E
===============================================================================
Error: test_basic(OpenSSL::TestX509CRL): OpenSSL::X509::CRLError: invalid digest
/opt/src/test/openssl/utils.rb:116:in `sign'
/opt/src/test/openssl/utils.rb:116:in `issue_crl'
/opt/src/test/openssl/test_x509crl.rb:22:in `test_basic'
19: now = Time.at(Time.now.to_i)
20:
21: cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil)
=> 22: crl = issue_crl([], 1, now, now+1600, [],
23: cert, @rsa2048, OpenSSL::Digest.new('SHA1'))
24: assert_equal(1, crl.version)
25: assert_equal(cert.issuer.to_der, crl.issuer.to_der)
===============================================================================
E
===============================================================================
Error: test_crlnumber(OpenSSL::TestX509CRL): OpenSSL::X509::CRLError: invalid digest
/opt/src/test/openssl/utils.rb:116:in `sign'
/opt/src/test/openssl/utils.rb:116:in `issue_crl'
/opt/src/test/openssl/test_x509crl.rb:169:in `test_crlnumber'
166:
167: def test_crlnumber
168: cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil)
=> 169: crl = issue_crl([], 1, Time.now, Time.now+1600, [],
170: cert, @rsa2048, OpenSSL::Digest.new('SHA1'))
171: assert_match(1.to_s, crl.extensions[0].value)
172: assert_match(/X509v3 CRL Number:\s+#{1}/m, crl.to_text)
===============================================================================
.E
===============================================================================
Error: test_extension(OpenSSL::TestX509CRL): OpenSSL::X509::CRLError: invalid digest
/opt/src/test/openssl/utils.rb:116:in `sign'
/opt/src/test/openssl/utils.rb:116:in `issue_crl'
/opt/src/test/openssl/test_x509crl.rb:126:in `test_extension'
123: ]
124:
125: cert = issue_cert(@ca, @rsa2048, 1, cert_exts, nil, nil)
=> 126: crl = issue_crl([], 1, Time.now, Time.now+1600, crl_exts,
127: cert, @rsa2048, OpenSSL::Digest.new('SHA1'))
128: exts = crl.extensions
129: assert_equal(3, exts.size)
===============================================================================
.E
===============================================================================
Error: test_revoked(OpenSSL::TestX509CRL): OpenSSL::X509::CRLError: invalid digest
/opt/src/test/openssl/utils.rb:116:in `sign'
/opt/src/test/openssl/utils.rb:116:in `issue_crl'
/opt/src/test/openssl/test_x509crl.rb:59:in `test_revoked'
56: [5, now, 5],
57: ]
58: cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil)
=> 59: crl = issue_crl(revoke_info, 1, Time.now, Time.now+1600, [],
60: cert, @rsa2048, OpenSSL::Digest.new('SHA1'))
61: revoked = crl.revoked
62: assert_equal(5, revoked.size)
===============================================================================
.E
===============================================================================
Error: test_sign_and_verify(OpenSSL::TestX509CRL): OpenSSL::X509::CRLError: invalid digest
/opt/src/test/openssl/utils.rb:116:in `sign'
/opt/src/test/openssl/utils.rb:116:in `issue_crl'
/opt/src/test/openssl/test_x509crl.rb:187:in `test_sign_and_verify'
184:
185: def test_sign_and_verify
186: cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil)
=> 187: crl = issue_crl([], 1, Time.now, Time.now+1600, [],
188: cert, @rsa2048, OpenSSL::Digest.new('SHA1'))
189: assert_equal(false, crl.verify(@rsa1024))
190: assert_equal(true, crl.verify(@rsa2048))
===============================================================================
.E
===============================================================================
Error: test_dsa_with_sha2(OpenSSL::TestX509Certificate): OpenSSL::X509::CertificateError: invalid digest
/opt/src/test/openssl/utils.rb:88:in `sign'
/opt/src/test/openssl/utils.rb:88:in `issue_cert'
/opt/src/test/openssl/test_x509cert.rb:230:in `test_dsa_with_sha2'
227: # TODO: need more tests for dsa + sha2
228:
229: # SHA1 is allowed from OpenSSL 1.0.0 (0.9.8 requires DSS1)
=> 230: cert = issue_cert(@ca, @dsa256, 1, [], nil, nil, digest: "sha1")
231: assert_equal("dsaWithSHA1", cert.signature_algorithm)
232: end
233:
===============================================================================
...............E
===============================================================================
Error: test_sign_and_verify_rsa_sha1(OpenSSL::TestX509Certificate): OpenSSL::X509::CertificateError: invalid digest
/opt/src/test/openssl/utils.rb:88:in `sign'
/opt/src/test/openssl/utils.rb:88:in `issue_cert'
/opt/src/test/openssl/test_x509cert.rb:176:in `test_sign_and_verify_rsa_sha1'
173: end
174:
175: def test_sign_and_verify_rsa_sha1
=> 176: cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil, digest: "sha1")
177: assert_equal(false, cert.verify(@rsa1024))
178: assert_equal(true, cert.verify(@rsa2048))
179: assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) })
===============================================================================
.......................E
===============================================================================
Error: test_attr(OpenSSL::TestX509Request): OpenSSL::X509::RequestError: invalid digest
/opt/src/test/openssl/test_x509req.rb:21:in `sign'
/opt/src/test/openssl/test_x509req.rb:21:in `issue_csr'
/opt/src/test/openssl/test_x509req.rb:81:in `test_attr'
78: OpenSSL::X509::Attribute.new("msExtReq", attrval),
79: ]
80:
=> 81: req0 = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest.new('SHA1'))
82: attrs.each{|attr| req0.add_attribute(attr) }
83: req1 = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest.new('SHA1'))
84: req1.attributes = attrs
===============================================================================
E
===============================================================================
Error: test_dup(OpenSSL::TestX509Request): OpenSSL::X509::RequestError: invalid digest
/opt/src/test/openssl/test_x509req.rb:21:in `sign'
/opt/src/test/openssl/test_x509req.rb:21:in `issue_csr'
/opt/src/test/openssl/test_x509req.rb:140:in `test_dup'
137: end
138:
139: def test_dup
=> 140: req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest.new('SHA1'))
141: assert_equal(req.to_der, req.dup.to_der)
142: end
143:
===============================================================================
E
===============================================================================
Error: test_eq(OpenSSL::TestX509Request): OpenSSL::X509::RequestError: invalid digest
/opt/src/test/openssl/test_x509req.rb:21:in `sign'
/opt/src/test/openssl/test_x509req.rb:21:in `issue_csr'
/opt/src/test/openssl/test_x509req.rb:145:in `test_eq'
142: end
143:
144: def test_eq
=> 145: req1 = issue_csr(0, @dn, @rsa1024, "sha1")
146: req2 = issue_csr(0, @dn, @rsa1024, "sha1")
147: req3 = issue_csr(0, @dn, @rsa1024, "sha256")
148:
===============================================================================
.E
===============================================================================
Error: test_public_key(OpenSSL::TestX509Request): OpenSSL::X509::RequestError: invalid digest
/opt/src/test/openssl/test_x509req.rb:21:in `sign'
/opt/src/test/openssl/test_x509req.rb:21:in `issue_csr'
/opt/src/test/openssl/test_x509req.rb:26:in `test_public_key'
23: end
24:
25: def test_public_key
=> 26: req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest.new('SHA1'))
27: assert_equal(@rsa1024.public_key.to_der, req.public_key.to_der)
28: req = OpenSSL::X509::Request.new(req.to_der)
29: assert_equal(@rsa1024.public_key.to_der, req.public_key.to_der)
===============================================================================
E
===============================================================================
Error: test_sign_and_verify_dsa(OpenSSL::TestX509Request): OpenSSL::X509::RequestError: invalid digest
/opt/src/test/openssl/test_x509req.rb:21:in `sign'
/opt/src/test/openssl/test_x509req.rb:21:in `issue_csr'
/opt/src/test/openssl/test_x509req.rb:125:in `test_sign_and_verify_dsa'
122: end
123:
124: def test_sign_and_verify_dsa
=> 125: req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest.new('SHA1'))
126: assert_equal(false, request_error_returns_false { req.verify(@rsa1024) })
127: assert_equal(false, request_error_returns_false { req.verify(@rsa2048) })
128: assert_equal(false, req.verify(@dsa256))
===============================================================================
..E
===============================================================================
Error: test_sign_and_verify_rsa_sha1(OpenSSL::TestX509Request): OpenSSL::X509::RequestError: invalid digest
/opt/src/test/openssl/test_x509req.rb:21:in `sign'
/opt/src/test/openssl/test_x509req.rb:21:in `issue_csr'
/opt/src/test/openssl/test_x509req.rb:104:in `test_sign_and_verify_rsa_sha1'
101: end
102:
103: def test_sign_and_verify_rsa_sha1
=> 104: req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest.new('SHA1'))
105: assert_equal(true, req.verify(@rsa1024))
106: assert_equal(false, req.verify(@rsa2048))
107: assert_equal(false, request_error_returns_false { req.verify(@dsa256) })
===============================================================================
E
===============================================================================
Error: test_subject(OpenSSL::TestX509Request): OpenSSL::X509::RequestError: invalid digest
/opt/src/test/openssl/test_x509req.rb:21:in `sign'
/opt/src/test/openssl/test_x509req.rb:21:in `issue_csr'
/opt/src/test/openssl/test_x509req.rb:50:in `test_subject'
47: end
48:
49: def test_subject
=> 50: req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest.new('SHA1'))
51: assert_equal(@dn.to_der, req.subject.to_der)
52: req = OpenSSL::X509::Request.new(req.to_der)
53: assert_equal(@dn.to_der, req.subject.to_der)
===============================================================================
E
===============================================================================
Error: test_version(OpenSSL::TestX509Request): OpenSSL::X509::RequestError: invalid digest
/opt/src/test/openssl/test_x509req.rb:21:in `sign'
/opt/src/test/openssl/test_x509req.rb:21:in `issue_csr'
/opt/src/test/openssl/test_x509req.rb:38:in `test_version'
35: end
36:
37: def test_version
=> 38: req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest.new('SHA1'))
39: assert_equal(0, req.version)
40: req = OpenSSL::X509::Request.new(req.to_der)
41: assert_equal(0, req.version)
===============================================================================
..........<internal:ractor>:267: warning: Ractor is experimental, and the behavior may change in future versions of Ruby! Also there are many implementation issues.
.
Finished in 12.795403984 seconds.
-------------------------------------------------------------------------------
506 tests, 3651 assertions, 0 failures, 21 errors, 1 pendings, 0 omissions, 0 notifications
95.6522% passed
-------------------------------------------------------------------------------
39.55 tests/s, 285.34 assertions/s
rake aborted!
Command failed with status (1)
/usr/share/gems/gems/rake-13.0.6/exe/rake:27:in `<top (required)>'
/usr/share/gems/gems/bundler-2.2.32/lib/bundler/cli/exec.rb:58:in `load'
/usr/share/gems/gems/bundler-2.2.32/lib/bundler/cli/exec.rb:58:in `kernel_load'
/usr/share/gems/gems/bundler-2.2.32/lib/bundler/cli/exec.rb:23:in `run'
/usr/share/gems/gems/bundler-2.2.32/lib/bundler/cli.rb:478:in `exec'
/usr/share/gems/gems/bundler-2.2.32/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/usr/share/gems/gems/bundler-2.2.32/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command'
/usr/share/gems/gems/bundler-2.2.32/lib/bundler/vendor/thor/lib/thor.rb:392:in `dispatch'
/usr/share/gems/gems/bundler-2.2.32/lib/bundler/cli.rb:31:in `dispatch'
/usr/share/gems/gems/bundler-2.2.32/lib/bundler/vendor/thor/lib/thor/base.rb:485:in `start'
/usr/share/gems/gems/bundler-2.2.32/lib/bundler/cli.rb:25:in `start'
/usr/share/gems/gems/bundler-2.2.32/libexec/bundle:49:in `block in <top (required)>'
/usr/share/gems/gems/bundler-2.2.32/lib/bundler/friendly_errors.rb:103:in `with_friendly_errors'
/usr/share/gems/gems/bundler-2.2.32/libexec/bundle:37:in `<top (required)>'
/usr/bin/bundle:23:in `load'
/usr/bin/bundle:23:in `<main>'
Tasks: TOP => test
(See full trace by running task with --trace)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment