Bug 465515

Summary: QCA-2.3.4/5: Test "PublicKeyInfrastructure" fails after updating OpenSSL to 3.0.8
Product: [Frameworks and Libraries] qca Reporter: imaginator
Component: generalAssignee: Ivan Romanov <drizt72>
Status: RESOLVED FIXED    
Severity: normal CC: aacid, bradh, justin, nate
Priority: NOR    
Version First Reported In: 2.3.4   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description imaginator 2023-02-09 18:13:16 UTC 
After updating OpenSSL to 3.0.8 (from 3.0.7), test "PublicKeyInfrastructure" fails when building/testing QCA-2.3.4 and -2.3.5.  The other tests are OK.  Going back to OpenSSL-3.0.7 fixes the issue.

From the test-log:
[...]
20/25 Testing: PublicKeyInfrastructure
20/25 Test: PublicKeyInfrastructure
Command:
"/home/user/Downloads/LFS/BLFS/BLFS-11.1/qca-2.3.4/build/bin/pkits"
Directory: /home/user/Downloads/LFS/BLFS/BLFS-11.1/qca-2.3.4/build/bin
"PublicKeyInfrastructure" start time: Feb 09 12:16 CET
Output:
----------------------------------------------------------
********* Start testing of Pkits *********
Config: Using QtTest library 5.15.2, Qt 5.15.2
(x86_64-little_endian-lp64 shared (dynamic) release build; by GCC
11.2.0), unknown unknown
PASS   : Pkits::initTestCase()
PASS   : Pkits::pkits4_1_1()
PASS   : Pkits::pkits4_1_2()
PASS   : Pkits::pkits4_1_3()
PASS   : Pkits::pkits4_1_4()
FAIL!  : Pkits::pkits4_1_5() Compared values are not the same
   Loc:
[/home/user/Downloads/LFS/BLFS/BLFS-11.1/qca-2.3.4/unittest/pkits/pkits.cpp(298)]
PASS   : Pkits::pkits4_1_6()
[...]


System is Linux From Scratch. I hope this is the right place to report this. Let me know if you need more information.
Thanks.
Comment 1 imaginator 2023-02-11 11:02:36 UTC 
Perhaps this may help you:

When I configure qca-2.3.4/5 with the not recommended
	
	-DQCA_SUFFIX=OFF

then all tests succeed for qca-2.3.4 but for qca-2.3.5 test "Hashing" fails while "PublicKeyInfrastructure" passes:

[...]
      Start  8: Hashing
8/25 Test  #8: Hashing ..........................Subprocess aborted***Exception:   0.34 sec
 [...]
      Start 19: PublicKeyInfrastructure
19/25 Test #19: PublicKeyInfrastructure ..........   Passed    0.00 sec
[...]
 

The question that bothers me a bit is whether the test-failures indicate a security risk when using qca-2.3.4/5 with OpenSSL-3.0.8 or whether just the tests need to be adapted.
BTW: the problem has been confirmed by an other LFS-user. 
Thanks.
Comment 2 Albert Astals Cid 2023-02-13 22:07:45 UTC 
looks like an openssl regression to me https://github.com/openssl/openssl/commit/fab4973801bdc11c29c4c8ccf65cf39cbc63ce9b
Comment 3 imaginator 2023-02-14 08:03:16 UTC 
(In reply to Albert Astals Cid from comment #2)
> looks like an openssl regression to me
> https://github.com/openssl/openssl/commit/
> fab4973801bdc11c29c4c8ccf65cf39cbc63ce9b

Thanks. Shows that the tests are important. I hope OpenSSL respond soon.
Comment 4 imaginator 2023-02-14 15:31:30 UTC 
This may be related: https://github.com/openssl/openssl/issues/20233
Comment 5 Albert Astals Cid 2023-02-19 23:20:42 UTC 
https://invent.kde.org/libraries/qca/-/merge_requests/93
Comment 6 imaginator 2023-02-20 08:57:43 UTC 
(In reply to Albert Astals Cid from comment #5)
> https://invent.kde.org/libraries/qca/-/merge_requests/93

Thanks. I'll let the LFS-editors know, so that they can add a note for qca that one test is known to fail for qca-2.3.5 and OpenSSL-3.0.8. Or patch the sources according to your commit.
Thanks again.