[MacPorts] #71760: openssl3 @3.4.0: legacy provider improperly built/configured (was: OpenSSL-3.4.0 legacy provider improperly built/configured)

MacPorts noreply at macports.org
Mon Jan 6 09:13:10 UTC 2025 

#71760: openssl3 @3.4.0: legacy provider improperly built/configured
-------------------------+--------------------
  Reporter:  mouse07410  |      Owner:  (none)
      Type:  defect      |     Status:  new
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:
Resolution:              |   Keywords:
      Port:  openssl3    |
-------------------------+--------------------
Description changed by ryandesign:

Old description:

> Apple Silicon M2 Max, Sequoia 15.2, Xcode-16.2.
>
> Installed OpenSSL-3 using
> {{{
> $ sudo port install openssl3 +legacy +rfc3779
> }}}
>
> Installation went OK, OpenSSL works fine. **But** - {{{legacy}}} provider
> is partially broken: it advertises algorithms that it fails to actually
> support (see also https://trac.macports.org/ticket/71730#comment:28).
>
> {{{
> $ port installed -v openssl3
> The following ports are currently installed:
>   openssl3 @3.4.0_0+legacy+rfc3779 (active)
> requested_variants='+legacy+rfc3779' platform='darwin 24' archs='arm64'
> date='2025-01-05T09:53:51-0500'
> $ openssl version
> OpenSSL 3.4.0 22 Oct 2024 (Library: OpenSSL 3.4.0 22 Oct 2024)
> $ openssl list -providers
> Providers:
>   default
>     name: OpenSSL Default Provider
>     version: 3.4.0
>     status: active
>   legacy
>     name: OpenSSL Legacy Provider
>     version: 3.4.0
>     status: active
>   oqs
>     name: OpenSSL OQS Provider
>     version: 0.8.1-dev
>     status: active
>   pkcs11
>     name: PKCS#11 Provider
>     version: 3.4.0
>     status: active
> $ openssl list -provider legacy -digest-algorithms | grep whirlpool
>   whirlpool
> $ openssl list -digest-algorithms | grep legacy
>   { 1.3.36.3.2.1, RIPEMD, RIPEMD-160, RIPEMD160, RMD160 } @ legacy
> $ openssl dgst -whirlpool -hex ~/.zshrc
> Error setting digest
> 40024EF101000000:error:0308010C:digital envelope
> routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:355:Global
> default library context, Algorithm (whirlpool : 108), Properties ()
> 40024EF101000000:error:03000086:digital envelope
> routines:evp_md_init_internal:initialization
> error:crypto/evp/digest.c:271:
> $
> $ openssl dgst -provider legacy -whirlpool -hex ~/.zshrc
> dgst: Unknown option or message digest: whirlpool
> dgst: Use -help for summary.
> 40024EF101000000:error:0308010C:digital envelope
> routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:355:Global
> default library context, Algorithm (whirlpool : 108), Properties (<null>)
> $
> }}}
>
> On the other hand, OpenSSL that I build myself from the sources, seems to
> work fine:
>
> {{{
> $ openssl3 version
> OpenSSL 3.5.0-dev  (Library: OpenSSL 3.5.0-dev )
> $ openssl3 list -providers
> Providers:
>   default
>     name: OpenSSL Default Provider
>     version: 3.5.0
>     status: active
>   gost
>     name: OpenSSL GOST Provider
>     status: active
>   legacy
>     name: OpenSSL Legacy Provider
>     version: 3.4.0
>     status: active
>   oqs
>     name: OpenSSL OQS Provider
>     version: 0.8.1-dev
>     status: active
>   pkcs11
>     name: PKCS#11 Provider
>     version: 3.4.0
>     status: active
> $ openssl3 list -digest-algorithms | grep legacy
>   { 1.3.36.3.2.1, RIPEMD, RIPEMD-160, RIPEMD160, RMD160 } @ legacy
>   { 1.0.10118.3.0.55, whirlpool } @ legacy
>   { 2.5.8.3.101, MDC2 } @ legacy
>   { 1.2.840.113549.2.4, MD4 } @ legacy
> $
> $ openssl3 dgst -whirlpool -hex ~/.zshrc
> WHIRLPOOL(/Users/ur20980/.zshrc)=
> 2714940724676c37e299b639c811c678faa93b581c75fc5e85c78f50939835de117a855146248a61e7a7f04cd980f97e20ebc699ee53275b15608a53c41e33ac
> $
> }}}

New description:

 Apple Silicon M2 Max, Sequoia 15.2, Xcode-16.2.

 Installed OpenSSL-3 using
 {{{
 $ sudo port install openssl3 +legacy +rfc3779
 }}}

 Installation went OK, OpenSSL works fine. **But** - {{{legacy}}} provider
 is partially broken: it advertises algorithms that it fails to actually
 support (see also comment:ticket:71730:28).

 {{{
 $ port installed -v openssl3
 The following ports are currently installed:
   openssl3 @3.4.0_0+legacy+rfc3779 (active)
 requested_variants='+legacy+rfc3779' platform='darwin 24' archs='arm64'
 date='2025-01-05T09:53:51-0500'
 $ openssl version
 OpenSSL 3.4.0 22 Oct 2024 (Library: OpenSSL 3.4.0 22 Oct 2024)
 $ openssl list -providers
 Providers:
   default
     name: OpenSSL Default Provider
     version: 3.4.0
     status: active
   legacy
     name: OpenSSL Legacy Provider
     version: 3.4.0
     status: active
   oqs
     name: OpenSSL OQS Provider
     version: 0.8.1-dev
     status: active
   pkcs11
     name: PKCS#11 Provider
     version: 3.4.0
     status: active
 $ openssl list -provider legacy -digest-algorithms | grep whirlpool
   whirlpool
 $ openssl list -digest-algorithms | grep legacy
   { 1.3.36.3.2.1, RIPEMD, RIPEMD-160, RIPEMD160, RMD160 } @ legacy
 $ openssl dgst -whirlpool -hex ~/.zshrc
 Error setting digest
 40024EF101000000:error:0308010C:digital envelope
 routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:355:Global
 default library context, Algorithm (whirlpool : 108), Properties ()
 40024EF101000000:error:03000086:digital envelope
 routines:evp_md_init_internal:initialization
 error:crypto/evp/digest.c:271:
 $
 $ openssl dgst -provider legacy -whirlpool -hex ~/.zshrc
 dgst: Unknown option or message digest: whirlpool
 dgst: Use -help for summary.
 40024EF101000000:error:0308010C:digital envelope
 routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:355:Global
 default library context, Algorithm (whirlpool : 108), Properties (<null>)
 $
 }}}

 On the other hand, OpenSSL that I build myself from the sources, seems to
 work fine:

 {{{
 $ openssl3 version
 OpenSSL 3.5.0-dev  (Library: OpenSSL 3.5.0-dev )
 $ openssl3 list -providers
 Providers:
   default
     name: OpenSSL Default Provider
     version: 3.5.0
     status: active
   gost
     name: OpenSSL GOST Provider
     status: active
   legacy
     name: OpenSSL Legacy Provider
     version: 3.4.0
     status: active
   oqs
     name: OpenSSL OQS Provider
     version: 0.8.1-dev
     status: active
   pkcs11
     name: PKCS#11 Provider
     version: 3.4.0
     status: active
 $ openssl3 list -digest-algorithms | grep legacy
   { 1.3.36.3.2.1, RIPEMD, RIPEMD-160, RIPEMD160, RMD160 } @ legacy
   { 1.0.10118.3.0.55, whirlpool } @ legacy
   { 2.5.8.3.101, MDC2 } @ legacy
   { 1.2.840.113549.2.4, MD4 } @ legacy
 $
 $ openssl3 dgst -whirlpool -hex ~/.zshrc
 WHIRLPOOL(/Users/ur20980/.zshrc)=
 2714940724676c37e299b639c811c678faa93b581c75fc5e85c78f50939835de117a855146248a61e7a7f04cd980f97e20ebc699ee53275b15608a53c41e33ac
 $
 }}}

--

-- 
Ticket URL: <https://trac.macports.org/ticket/71760#comment:8>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list