Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Outdated Openssl Algorithm in unit test #409

Open
mambelli opened this issue May 12, 2024 · 1 comment
Open

Outdated Openssl Algorithm in unit test #409

mambelli opened this issue May 12, 2024 · 1 comment
Assignees
@mambelli
Labels
BUG For BUGS ci-testing for affected component documentation for affected component factory for affected component frontend for affected component High High priority

Comments

@mambelli
Copy link
Contributor

mambelli commented May 12, 2024
edited
Loading

Describe the bug
Unit tests are failing on EL9 (openssl3) due to the use of algorithms moved to the legacy section.
Specifically, the test failing is unittests/test_lib_symCrypto.py
Should the fix be reflected also in the code or only the unit test?
Triage should evaluate if the code is affected first. If not skipping the tests may be acceptable

Running tests...
----------------------------------------------------------------------
.......S.....E.E
======================================================================
ERROR [0.859s]: test_symmetric (__main__.TestSymBlowfishKey)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/glideinwms-ci/glideinwms/unittests/././test_lib_symCrypto.py", line 153, in test_symmetric
    def test_symmetric(self, data):
  File "/home/glideinwms-ci/venv-3.9.18/lib64/python3.9/site-packages/hypothesis/core.py", line 1638, in wrapped_test
    raise the_error_hypothesis_found
  File "/home/glideinwms-ci/glideinwms/unittests/././test_lib_symCrypto.py", line 156, in test_symmetric
    self.assertEqual(data, sk2.decrypt(self.key.encrypt(data)))
  File "/home/glideinwms-ci/glideinwms/lib/symCrypto.py", line 200, in encrypt
    e = b.read()
  File "/usr/lib64/python3.9/site-packages/M2Crypto/BIO.py", line 204, in read
    return m2.bio_read(self.bio, m2.bio_ctrl_pending(self.bio))
M2Crypto.BIO.BIOError: unsupported (Global default library context, Algorithm (BF-CBC : 13), Properties ())
Falsifying example: test_symmetric(
    self=<__main__.TestSymBlowfishKey testMethod=test_symmetric>,
    data='0',  # or any other generated value
)

======================================================================
ERROR [0.659s]: test_symmetric (__main__.TestSymDESKey)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/glideinwms-ci/glideinwms/unittests/././test_lib_symCrypto.py", line 206, in test_symmetric
    def test_symmetric(self, data):
  File "/home/glideinwms-ci/venv-3.9.18/lib64/python3.9/site-packages/hypothesis/core.py", line 1638, in wrapped_test
    raise the_error_hypothesis_found
  File "/home/glideinwms-ci/glideinwms/unittests/././test_lib_symCrypto.py", line 209, in test_symmetric
    self.assertEqual(data, sk2.decrypt(self.key.encrypt(data)))
  File "/home/glideinwms-ci/glideinwms/lib/symCrypto.py", line 200, in encrypt
    e = b.read()
  File "/usr/lib64/python3.9/site-packages/M2Crypto/BIO.py", line 204, in read
    return m2.bio_read(self.bio, m2.bio_ctrl_pending(self.bio))
M2Crypto.BIO.BIOError: unsupported (Global default library context, Algorithm (DES-CBC : 11), Properties ())
Falsifying example: test_symmetric(
    self=<__main__.TestSymDESKey testMethod=test_symmetric>,
    data='0',  # or any other generated value
)

----------------------------------------------------------------------
Ran 16 tests in 2.096s

FAILED (errors=2, skipped=1)

To Reproduce
On an AlmaLinux9 container, e.g. gwms-ci-el9 run the unit tests:
glideinwms/build/ci/runtest.sh -vI pyunittest -a

Expected behavior
No failures in unit tests.
Maybe some tests should be platform dependent depending on what openssl supports

Screenshots
NA

Info (please complete the following information):
Stakeholders and components can be a comma separated list or on multiple lines.
If you add a new stakeholder or component, not on the sample list, add it on a line by its own.

  • GlideinWMS version: 3.10.6
  • Python version: 3.9
  • OS version: AlmaLinux9 (gwms-ci-el9)
  • HTCondor version: NA
  • Priority: high
  • Stakeholders:
  • Components: frontend, factory, documentation, CI, testing

Additional context
Some links:
https://help.heroku.com/88GYDTB2/how-do-i-configure-openssl-to-allow-the-use-of-legacy-cryptographic-algorithms
https://stackoverflow.com/questions/70064335/des-command-on-openssl-3-0-unsupported-crypto-error
@github-actions github-actions bot added BUG For BUGS ci-testing for affected component documentation for affected component factory for affected component frontend for affected component High High priority labels May 12, 2024
@namrathaurs namrathaurs self-assigned this Jul 22, 2024
@mambelli
Copy link
Contributor Author

mambelli commented Aug 1, 2024
edited
Loading

SymBlowfishKey, bf_cbc and SymDESKey, des_cbc, were removed in PR #408 because not supported in openssl3 (EL9):
[[https://github.com//pull/408/files#diff-601b5f7ed69cd9a4431ea0eba55bfa3e9c2ff3a32969ed028fae3875fdd61b3c]]

There is only to doublecheck w/ Bruno who revised the credentials if there is any reference to these credentials or if new ones should be introduced and tested. Email sent

@mambelli mambelli self-assigned this Aug 1, 2024
@namrathaurs namrathaurs assigned mambelli and unassigned mambelli and namrathaurs Aug 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mambelli mambelli

Labels
BUG For BUGS ci-testing for affected component documentation for affected component factory for affected component frontend for affected component High High priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mambelli @namrathaurs