hrr_rb_ssh icon indicating copy to clipboard operation
hrr_rb_ssh copied to clipboard

Published 20 hours ago verified publisher icon hirura

Crashes on latest release of Ubuntu 2022 and Ruby 3

Open adfoster-r7 opened this issue 2 years ago • 0 comments

Hi there, just documenting an issue where hrr_rb_ssh currently doesn't load on Ubuntu 2022 with Ruby 3:

$ bundle exec rspec

An error occurred while loading spec_helper.
Failure/Error: cipher = OpenSSL::Cipher.new(klass::CIPHER_NAME)

OpenSSL::Cipher::CipherError:
  unsupported
# ./lib/hrr_rb_ssh/transport/encryption_algorithm/functionable.rb:8:in `initialize'
# ./lib/hrr_rb_ssh/transport/encryption_algorithm/functionable.rb:8:in `new'
# ./lib/hrr_rb_ssh/transport/encryption_algorithm/functionable.rb:8:in `included'
# ./lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:11:in `include'
# ./lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:11:in `<class:BlowfishCbc>'
# ./lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:6:in `<class:EncryptionAlgorithm>'
# ./lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:5:in `<class:Transport>'
# ./lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:4:in `<module:HrrRbSsh>'
# ./lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:3:in `<top (required)>'
# ./lib/hrr_rb_ssh/transport/encryption_algorithm.rb:16:in `require'
# ./lib/hrr_rb_ssh/transport/encryption_algorithm.rb:16:in `<top (required)>'
# ./lib/hrr_rb_ssh/transport/kex_algorithms/iv_computable.rb:1:in `require'
# ./lib/hrr_rb_ssh/transport/kex_algorithms/iv_computable.rb:1:in `<top (required)>'
# ./lib/hrr_rb_ssh/transport/kex_algorithms.rb:29:in `require'
# ./lib/hrr_rb_ssh/transport/kex_algorithms.rb:29:in `<top (required)>'
# ./lib/hrr_rb_ssh/transport.rb:8:in `require'
# ./lib/hrr_rb_ssh/transport.rb:8:in `<top (required)>'
# ./lib/hrr_rb_ssh.rb:28:in `require'
# ./lib/hrr_rb_ssh.rb:28:in `<top (required)>'
# ./spec/spec_helper.rb:10:in `require'
# ./spec/spec_helper.rb:10:in `<top (required)>'
No examples found.
No examples found.


Finished in 0.00003 seconds (files took 0.099 seconds to load)
0 examples, 0 failures, 1 error occurred outside of examples

Finished in 0.00003 seconds (files took 0.099 seconds to load)
0 examples, 0 failures, 1 error occurred outside of examples

I was just taking a quick look into this, and it seems like OpenSSL 3 doesn't initialise BF-CBC:

$ irb
irb(main):001:0> require 'openssl'
=> true
irb(main):002:0> OpenSSL::VERSION
=> "3.0.0"
irb(main):003:0> OpenSSL::Cipher.new('BF-CBC')
(irb):2:in `initialize': unsupported (OpenSSL::Cipher::CipherError)
	from (irb):2:in `new'
	from (irb):2:in `<main>'
	from /var/lib/gems/3.0.0/gems/irb-1.3.6/exe/irb:11:in `<top (required)>'
	from /usr/local/bin/irb:25:in `load'
	from /usr/local/bin/irb:25:in `<main>'

It looks like the BF-CBC cipher is available:

irb(main):008:0> OpenSSL::Cipher.ciphers.grep /bf-/
=> ["bf-cbc", "bf-cfb", "bf-ecb", "bf-ofb"]

I believe this cipher has been marked as deprecated and is now no longer loaded by default: https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html

I'm just investigating if I can load these legacy ciphers by default in Ruby, or if hrr_rb_ssh would need extra error handling to cover this scenario

adfoster-r7 avatar Jul 13 '22 11:07 adfoster-r7