Bug 1939427

Summary: perl-Dancer-Session-Cookie-0.30-11.fc35 FTBFS: WARNING: The key derivation method "opensslv1" is deprecated. Using -pbkdf=>'pbkdf2' would be better.
Product: [Fedora] Fedora Reporter: Petr Pisar <ppisar>
Component: perl-Session-Storage-SecureAssignee: Petr Pisar <ppisar>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 34CC: jplesnik, perl-devel, ppisar
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://koschei.fedoraproject.org/package/perl-Dancer-Session-Cookie
Whiteboard:
Fixed In Version: perl-Session-Storage-Secure-0.011-11.fc35 perl-Session-Storage-Secure-0.011-11.fc34 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-03-23 00:15:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1927309    

Description Petr Pisar 2021-03-16 11:57:08 UTC 
perl-Dancer-Session-Cookie-0.30-11.fc35 fails to build in Fedora 35 because a test fails:

t/00-report-prereqs.t ........ ok
#   Failed test 'no warnings'
#   at /usr/share/perl5/vendor_perl/Test/Builder.pm line 193.
# There were 2 warning(s)
# 	Previous test 5 'Dancer::Session::Cookie->can(...)'
# 	WARNING: The key derivation method "opensslv1" is deprecated. Using -pbkdf=>'pbkdf2' would be better.
# Pass -nodeprecate=>1 to inhibit this message.
#  at /usr/share/perl5/vendor_perl/Session/Storage/Secure.pm line 213.
#  at /usr/share/perl5/vendor_perl/Crypt/CBC.pm line 455.
# 	Crypt::CBC::_deprecation_warning(Crypt::CBC=HASH(0x15fbcf2b0)) called at /usr/share/perl5/vendor_perl/Crypt/CBC.pm line 158
# 	Crypt::CBC::start(Crypt::CBC=HASH(0x15fbcf2b0), "encrypting") called at /usr/share/perl5/vendor_perl/Crypt/CBC.pm line 125
# 	Crypt::CBC::encrypt(Crypt::CBC=HASH(0x15fbcf2b0), "=\x{f3}rl\x{4}\x{0}(*\x{1}bid&\$372223686496908815687397255954065325") called at /usr/share/perl5/vendor_perl/Session/Storage/Secure.pm line 213
# 	eval {...} called at /usr/share/perl5/vendor_perl/Session/Storage/Secure.pm line 212
# 	Session::Storage::Secure::encode(Session::Storage::Secure=HASH(0x15fb59f68), HASH(0x15e3e23f8)) called at /builddir/build/BUILD/Dancer-Session-Cookie-0.30/lib/Dancer/Session/Cookie.pm line 159
# 	Dancer::Session::Cookie::_cookie_value(Dancer::Session::Cookie=HASH(0x15e3dc7f0)) called at t/01-session.t line 32
# 
# ----------
# 	Previous test 6 'cookie value is defined'
# 	WARNING: The key derivation method "opensslv1" is deprecated. Using -pbkdf=>'pbkdf2' would be better.
# Pass -nodeprecate=>1 to inhibit this message.
#  at /usr/share/perl5/vendor_perl/Session/Storage/Secure.pm line 213.
#  at /usr/share/perl5/vendor_perl/Crypt/CBC.pm line 455.
# 	Crypt::CBC::_deprecation_warning(Crypt::CBC=HASH(0x15fbddfd0)) called at /usr/share/perl5/vendor_perl/Crypt/CBC.pm line 158
# 	Crypt::CBC::start(Crypt::CBC=HASH(0x15fbddfd0), "encrypting") called at /usr/share/perl5/vendor_perl/Crypt/CBC.pm line 125
# 	Crypt::CBC::encrypt(Crypt::CBC=HASH(0x15fbddfd0), "=\x{f3}rl\x{4}\x{0}(*\x{2}cbarcbazbid&\$372223686496908815687397255954065325") called at /usr/share/perl5/vendor_perl/Session/Storage/Secure.pm line 213
# 	eval {...} called at /usr/share/perl5/vendor_perl/Session/Storage/Secure.pm line 212
# 	Session::Storage::Secure::encode(Session::Storage::Secure=HASH(0x15fb59f68), HASH(0x15fc17708)) called at /builddir/build/BUILD/Dancer-Session-Cookie-0.30/lib/Dancer/Session/Cookie.pm line 159
# 	Dancer::Session::Cookie::_cookie_value(Dancer::Session::Cookie=HASH(0x15e3dc7f0)) called at t/01-session.t line 35
# 
# Looks like you failed 1 test of 11.
t/01-session.t ............... 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/11 subtests 

A difference between passing and failing build root is at <https://koschei.fedoraproject.org/build/9922722>. An upgrade of perl-Crypt-CBC from 2.33-30.fc34 to 3.01-1.fc35
Comment 1 Petr Pisar 2021-03-16 13:39:35 UTC 
This is triggered by a change in Crypt-CBC-3.01:

  Revision history for Perl extension Crypt::CBC.
  3.01
    - Warn when the deprecated opensslv1 PBKDF (key derivation function) is used
      for encryption. Turn off with -nodeprecate=>1 or by choosing a different
      PBKDF, such as -pbkdf=>'pbkdf2'.

and caused by Session::Storage::Secure->encode() which does not override the default Crypt::CBC->new() -pbkdf argument:

    my $cbc = Crypt::CBC->new( -key => $key, -cipher => 'Rijndael' );
    my ( $ciphertext, $mac );
    eval {
        $ciphertext = $self->transport_encoder->( $cbc->encrypt( $self->_freeze($data) ) );
        $mac = $self->transport_encoder->( hmac_sha256( "$expires$sep$ciphertext", $key ) );
    };

Reproducer:

$ perl -MSession::Storage::Secure -e 'Session::Storage::Secure->new(secret_key=>1)->encode()'
WARNING: The key derivation method "opensslv1" is deprecated. Using -pbkdf=>'pbkdf2' would be better.
Pass -nodeprecate=>1 to inhibit this message.
 at /usr/share/perl5/vendor_perl/Session/Storage/Secure.pm line 213.

The new CBC::Encrypt defaults to -pbkdf => 'opensslv1' to preserve compatibility and warns about that at the same time.
Session::Storage::Secure can either pass -nodeprecate=>1 to silent the warning, or pass -pbkdf => 'pbkdf2' to use stronger encryption key.
pbkdf2.

Since changing -pkbkdf makes the encrypted data nondecryptable, Session::Storage::Secure should come up with a transition plan how to move to the stronger PBKDF (e.g with using an old_secrets-like argument). Please note that -pbkdf => 'opensslv1' uses MD5 underneath and that could become unavailable in the future because of the system-wide crypto-policy enforced by Fedora or OpenSSL upstream decision.

I know that Session::Storage::Secure uses Digest::SHA::hmac_sha256() to populate the -key argument. And that is currently strong enough. Thus I recommend patching Fedora with -nodeprecate=>1 until upstream resolves it.
Comment 2 Fedora Update System 2021-03-16 14:15:21 UTC 
FEDORA-2021-ed3306a0fe has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-ed3306a0fe
Comment 3 Fedora Update System 2021-03-16 23:30:12 UTC 
FEDORA-2021-ed3306a0fe has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-ed3306a0fe`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-ed3306a0fe

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 4 Fedora Update System 2021-03-23 00:15:40 UTC 
FEDORA-2021-ed3306a0fe has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.