When the dataone R package reads the subject from an X.509 cert, it needs to have the value returned in RFC2253 format. Currently

library(openssl)
cert <- read_cert("/tmp/x509up_u501")
as.list(cert)$subject

returns "DC=org, DC=cilogon, C=US, O=Google, CN=Peter Slaughter A10499",
but what we need is "CN=Peter Slaughter A10499,O=Google,C=US,DC=cilogon,DC=org".

The openssl library can format the subject with a call like

(X509_NAME_print_ex(mem, X509_get_subject_name(cert), 0, XN_FLAG_RFC2253)

(see line 616 https://github.com/NCEAS/PKIplus/blob/master/src/pki-x509.c)

Is it possible to add an argument to read_cert or have some other mechanism
to convert the subject to RFC2253 format?

Related to DataONEorg/rdataone#143

End to end crypto between R and browser: https://github.com/diafygi/webcrypto-examples

Hello,

I am trying to install the package from source on Debian testing. My R install is built with the Intel Compiler rather than gcc. Installation of the openssl package fails with many errors (see attached file) in particular this one :
`
In file included from /usr/include/resolv.h(65),
from ssl.c(15):
/usr/include/arpa/nameser.h(115): error: identifier "u_char" is undefined
const u_char *_msg, *_eom;

`

I am not sure what's going on here ...

compil-openssl.log.txt

Attempting to update from 0.9.5 - 0.9.6, I get the following error message at the end of the install process:

** testing if installed package can be loaded
Error in dyn.load(file, DLLpath = DLLpath, ...) :
  unable to load shared object '~/Library/R/3.3/library/openssl/libs/openssl.so':
  dlopen(~/Library/R/3.3/library/openssl/libs/openssl.so, 6): Symbol not found: _DSA_get0_key
  Referenced from: ~/Library/R/3.3/library/openssl/libs/openssl.so
  Expected in: flat namespace
 in ~/Library/R/3.3/library/openssl/libs/openssl.so
Error: loading failed
Execution halted
ERROR: loading failed
* removing ‘~/Library/R/3.3/library/openssl’
* restoring previous ‘~/Library/R/3.3/library/openssl’

Any suggestions? Thanks!

Something like https://wiki.openssl.org/index.php/EVP_Key_Agreement ?

OS suse Linux 11SP2

I am trying to install the openssl package and running into issues. I have setup the Path variable as per the instructions but still getting the same error. Please advise.

Paths:
k2uahp@algrid-ap01:> echo $PKG_CONFIG_PATH
/usr/lib64/pkgconfig/openssl.pc
k2uahp@algrid-ap01:> echo $PATH|grep pkg-config
/usr/bin/pkg-config:/usr/fnma/bin:/bin:/usr/bin:/usr/SYSADM/bin:/appl/tools/R2/bin:/appl/tools/R2/bin:/appl/tools/R2/bin
k2uahp@algrid-ap01:~>

Error:

2016-04-25 17:37:49 (2.63 MB/s) - `/tmp/Rtmpy3rxM0/downloaded_packages/openssl_0.9.2.tar.gz' saved [882041/882041]

• installing source package ‘openssl’ ...
  ** package ‘openssl’ successfully unpacked and MD5 sums checked
  Found pkg-config cflags and libs!
  Using PKG_CFLAGS=
  Using PKG_LIBS=-lssl -lcrypto -ldl -lz
  ------------------------- ANTICONF ERROR ---------------------------
  Configuration failed because openssl was not found. Try installing:
• deb: libssl-dev (Debian, Ubuntu, etc)
• rpm: openssl-devel (Fedora, CentOS, RHEL)
• csw: libssl_dev (Solaris)

• brew: openssl (Mac OSX)
  If openssl is already installed, check that 'pkg-config' is in your
  PATH and PKG_CONFIG_PATH contains a openssl.pc file. If pkg-config
  is unavailable you can set INCLUDE_DIR and LIB_DIR manually via:
  R CMD INSTALL --configure-vars='INCLUDE_DIR=... LIB_DIR=...'

  ERROR: configuration failed for package ‘openssl’
• removing ‘/home/k2uahp/R/x86_64-pc-linux-gnu-library/3.2/openssl’

The downloaded source packages are in
‘/tmp/Rtmpy3rxM0/downloaded_packages’
Warning message:
In install.packages("openssl") :
installation of package ‘openssl’ had non-zero exit status

openssl version -a
OpenSSL 0.9.8j-fips 07 Jan 2009
built on: Wed Jun 4 12:08:22 UTC 2014
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,4,long) blowfish(ptr2)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DMD32_REG_T=int -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall -fstack-protector -Wa,--noexecstack -fprofile-use -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM
OPENSSLDIR: "/etc/ssl"

Support as.character(md5hash)

md5(c("foo","bar"))
[1] "acbd18db4cc2f85cedef654fccc4a4d8" "37b51d194a7513e45b56f6524f2d51f2"
md5(c("foo","bar"),"baz")
[1] "73feffa4b7f6bb68e44cf984c85f6e88"

When I tried to install openssl, I had an error saying openssl is not installed on my machine. So I went to openssl website and install the latest version 1.1.0 from source. However, the error still occurred.

* installing *source* package ‘openssl’ ...
** package ‘openssl’ successfully unpacked and MD5 sums checked
Found pkg-config cflags and libs!
Using PKG_CFLAGS=
Using PKG_LIBS=-lssl -lcrypto
------------------------- ANTICONF ERROR ---------------------------
Configuration failed because openssl was not found. Try installing:
 * deb: libssl-dev (Debian, Ubuntu, etc)
 * rpm: openssl-devel (Fedora, CentOS, RHEL)
 * csw: libssl_dev (Solaris)
 * brew: openssl (Mac OSX)
If openssl is already installed, check that 'pkg-config' is in your
PATH and PKG_CONFIG_PATH contains a openssl.pc file. If pkg-config
is unavailable you can set INCLUDE_DIR and LIB_DIR manually via:
R CMD INSTALL --configure-vars='INCLUDE_DIR=... LIB_DIR=...'
--------------------------------------------------------------------
ERROR: configuration failed for package ‘openssl’
* removing ‘/usr/local/lib/R/site-library/openssl’

$ openssl version
OpenSSL 1.1.0c  10 Nov 2016

$ pkg-config --cflags --libs openssl
 -lssl -lcrypto

I'm attempting to install to a fresh build of R:

> R version 3.3.1 (2016-06-21) -- "Bug in Your Hair"
> Copyright (C) 2016 The R Foundation for Statistical Computing
> Platform: x86_64-pc-linux-gnu (64-bit)

and openssl 1.1.1-dev on CentOS-6.3. It fails on both the release and current master version due to the error below. Due to the nature of the error, I suspected that gcc-4.2 may have been too outdated a compiler; but the error persists in gcc-4.9.1 as well.

Any help would be appreciated.

Thanks!

> > install.packages("https://github.com/jeroenooms/openssl/archive/master.tar.gz", repos = NULL)
> trying URL 'https://github.com/jeroenooms/openssl/archive/master.tar.gz'
> Content type 'application/x-gzip' length 223892 bytes (218 KB)
> ==================================================
> downloaded 218 KB
> 
> Warning in untar2(tarfile, files, list, exdir, restore_times) :
>   skipping pax global extended headers
> * installing *source* package ‘openssl’ ...
> Found INCLUDE_DIR and/or LIB_DIR!
> Using PKG_CFLAGS=-I 
> Using PKG_LIBS=-L/ifshome/chartl/usr/local/lib:/ifshome/chartl/usr/local/lib64 -lssl -lcrypto
> ** libs
> gcc -std=gnu99 -I/ifshome/chartl/usr/local/lib64/R/include -DNDEBUG -I  -I/ifshome/chartl/usr/local/include    -fpic  -g -O2  -c aes.c -o aes.o
> gcc -std=gnu99 -I/ifshome/chartl/usr/local/lib64/R/include -DNDEBUG -I  -I/ifshome/chartl/usr/local/include    -fpic  -g -O2  -c base64.c -o base64.o
> gcc -std=gnu99 -I/ifshome/chartl/usr/local/lib64/R/include -DNDEBUG -I  -I/ifshome/chartl/usr/local/include    -fpic  -g -O2  -c bignum.c -o bignum.o
> gcc -std=gnu99 -I/ifshome/chartl/usr/local/lib64/R/include -DNDEBUG -I  -I/ifshome/chartl/usr/local/include    -fpic  -g -O2  -c cert.c -o cert.o
> cert.c: In function ‘R_cert_info’:
> cert.c:45: error: dereferencing pointer to incomplete type
> cert.c:49: error: dereferencing pointer to incomplete type
> cert.c:50: error: dereferencing pointer to incomplete type
> cert.c:50: error: dereferencing pointer to incomplete type
> cert.c:55: error: dereferencing pointer to incomplete type
> cert.c:62: error: dereferencing pointer to incomplete type
> make: *** [cert.o] Error 1
> ERROR: compilation failed for package ‘openssl’
> * removing ‘/ifshome/chartl/usr/local/lib64/R/library/openssl’
> Warning message:
> In install.packages("https://github.com/jeroenooms/openssl/archive/master.tar.gz",  :
>   installation of package ‘/tmp/Rtmp3rtRhy/downloaded_packages/master.tar.gz’ had non-zero exit status

Relevant lines

> (45)  OBJ_obj2txt(buf, sizeof(buf), cert->sig_alg->algorithm, 0);
> (49)  SET_VECTOR_ELT(out, 3, allocVector(RAWSXP, cert->signature->length));
> (50)  memcpy(RAW(VECTOR_ELT(out, 3)), cert->signature->data, cert->signature->length);
> (55)  bail(ASN1_TIME_print(b, cert->cert_info->validity->notBefore));
> (62)  bail(ASN1_TIME_print(b, cert->cert_info->validity->notAfter));

Note that there are no occurrences of cert->xxx->yyy that are not flagged as errors.

Your openssl::read_key function accepts a string or callback as an argument to unlock a key with a password, perhaps rsa_keygen (and other _keygen functions) could take a similar password argument to generate a password with a phrase?

Hi,

I get this error when I want to run a Rscript on a cluster where R is installed (the script works, and every user on the cluster has personal R libraries) :

Error in dyn.load(file, DLLpath = DLLpath, ...) :
unable to load shared object '/myfilepath/R/x86_64-pc-linux-gnu-library/3.2/openssl/libs/openssl.so':
/myfilepath/R/x86_64-pc-linux-gnu-library/3.2/openssl/libs/openssl.so: symbol EC_KEY_get0_group, version OPENSSL_1.0.1_EC not defined in file libcrypto.so.10 with link time reference
Error: package or namespace load failed for 'missMethyl'

FYI, my version of openssl:

packageVersion("openssl")
[1] ‘0.9.3’

Seems like it works when I manually load a package on R on a master head node of the cluster, but not when I run a job via bash on a cluster node.

Basically, R doesn't want to load any package because it seems there is a problem with incompatible openssl versions. Does that makes any sense? Any idea on how to solve this?
The problem arise after I tried to install ShinyMethyl, a bioconductor package.

Cheers,

The current configure script unconditionally assumes that OSX users use either homebrew's openssl or outdated one. Homebrew is a major packaging system in OSX, though, still alternative systems are available and actively developed (e.g., macports and fink). Those systems also provide well updated openssl, therefore, unconditional reliance on homebrew may result in unnecessarily download of a bottle.
Here I propose a simple fix on configure. It checks openssl's version if pkg-config is available.
Thank you very much.

--- configure.orig  2016-03-01 22:27:34.000000000 +0100
+++ configure   2016-03-01 22:22:38.000000000 +0100
@@ -14,20 +14,18 @@
 PKG_LIBS="-lssl -lcrypto"
 PKG_CFLAGS=""

+LEAST_ACCEPTABLE_OPENSSL_VERSION=0.9.9
+
 # Use pkg-config if available
 pkg-config --version >/dev/null 2>&1
 if [ $? -eq 0 ]; then
-  PKGCONFIG_CFLAGS=`pkg-config --cflags ${PKG_CONFIG_NAME}`
-  PKGCONFIG_LIBS=`pkg-config --libs ${PKG_CONFIG_NAME}`
+  pkg-config --atleast-version=${LEAST_ACCEPTABLE_OPENSSL_VERSION} ${PKG_CONFIG_NAME}
+  if [ $? -eq 0 ]; then
+    PKGCONFIG_CFLAGS=`pkg-config --cflags ${PKG_CONFIG_NAME}`
+    PKGCONFIG_LIBS=`pkg-config --libs ${PKG_CONFIG_NAME}`
+  fi
 fi

-# Prevent OSX from linking against OpenSSL 0.9.8
-case "$OSTYPE" in "darwin"*)
-  unset PKGCONFIG_CFLAGS
-  unset PKGCONFIG_LIBS
-  ;;
-esac
-
 # Note that cflags may be empty in case of success
 if [ "$INCLUDE_DIR" ] || [ "$LIB_DIR" ]; then
   echo "Found INCLUDE_DIR and/or LIB_DIR!"

We should probably use roxygen2 for docs. I'll make a stab at adding that now.

> install.packages("RPresto")
...
* installing source package ‘openssl’ ...
** package ‘openssl’ successfully unpacked and MD5 sums checked
Using PKG_CFLAGS=
Using PKG_LIBS=-lssl -lcrypto
** libs
...
gcc49 -std=gnu99 -I/usr/local/lib/R/include -DNDEBUG -DLIBICONV_PLUG -I/usr/local/include -isystem /usr/local/include -fpic -O2 -pipe -DLIBICONV_PLUG -fstack-protector -Wl,-rpath=/usr/local/lib/gcc49 -isystem /usr/local/include -fno-strict-aliasing -flto -c ssl.c -o ssl.o
ssl.c: In function 'R_download_cert':
ssl.c:41:21: error: 'PF_UNSPEC' undeclared (first use in this function)
hints.ai_family = PF_UNSPEC;
^
ssl.c:41:21: note: each undeclared identifier is reported only once for each function it appears in
*** Error code 1

Stop.
make: stopped in /tmp/RtmpZaYMEA/R.INSTALL56d129603235/openssl/src
....

So, checking /usr/include/sys/socket.h:
g1-252(11.0-S)[3] grep -nwC 6 PF_UNSPEC /usr/include/sys/socket.h
323-#include <sys/_sockaddr_storage.h>
324-
325-#if __BSD_VISIBLE
326-/*
327- * Protocol families, same as address families for now.
328- /
329:#define PF_UNSPEC AF_UNSPEC
330-#define PF_LOCAL AF_LOCAL
331-#define PF_UNIX PF_LOCAL / backward compatibility */
332-#define PF_INET AF_INET
333-#define PF_IMPLINK AF_IMPLINK
334-#define PF_PUP AF_PUP
335-#define PF_CHAOS AF_CHAOS
g1-252(11.0-S)[4]

So PF_UNSPEC is only defined if __BSD_VISIBLE is true.

Might it be reasonable to define __BSD_VISIBLE as true, at least for BSD environments? Or is there something (obvious) that I am overlooking?

I am running into problems with installing this package in R
I am not sure why this is happening.

install.packages("openssl")

There is a binary version available but the source version is later:
binary source needs_compilation
openssl 0.9.6 0.9.7 TRUE

Do you want to install from sources the package which needs compilation?
y/n: y
installing the source package ‘openssl’

trying URL 'https://cran.rstudio.com/src/contrib/openssl_0.9.7.tar.gz'
Content type 'unknown' length 1243577 bytes (1.2 MB)

downloaded 1.2 MB

• installing source package ‘openssl’ ...
  ** package ‘openssl’ successfully unpacked and MD5 sums checked
  0.9.5
  Using PKG_CFLAGS=-I/usr/local/opt/[email protected]/include -I/usr/local/opt/openssl/include
  ------------------------- ANTICONF ERROR ---------------------------
  Configuration failed because openssl was not found. Try installing:
• deb: libssl-dev (Debian, Ubuntu, etc)
• rpm: openssl-devel (Fedora, CentOS, RHEL)
• csw: libssl_dev (Solaris)
• brew: [email protected] (Mac OSX)
  If openssl is already installed, check that 'pkg-config' is in your
  PATH and PKG_CONFIG_PATH contains a openssl.pc file. If pkg-config
  is unavailable you can set INCLUDE_DIR and LIB_DIR manually via:
  R CMD INSTALL --configure-vars='INCLUDE_DIR=... LIB_DIR=...'

ERROR: configuration failed for package ‘openssl’

• removing ‘/Library/Frameworks/R.framework/Versions/3.3/Resources/library/openssl’
• restoring previous ‘/Library/Frameworks/R.framework/Versions/3.3/Resources/library/openssl’
  Warning in install.packages :
  installation of package ‘openssl’ had non-zero exit status

The downloaded source packages are in
‘/private/var/folders/ll/zscj8q4j7_xb_dmj_cmt5n580000gp/T/Rtmpx9UQEu/downloaded_packages’

sessionInfo()
R version 3.3.3 (2017-03-06)
Platform: x86_64-apple-darwin13.4.0 (64-bit)
Running under: OS X Mavericks 10.9.5

locale:
[1] en_US.UTF-8/en_US.UTF-8/en_US.UTF-8/C/en_US.UTF-8/en_US.UTF-8

attached base packages:
[1] parallel stats4 stats graphics grDevices utils datasets methods base

other attached packages:
[1] devtools_1.13.3 BiocInstaller_1.24.0 biomaRt_2.30.0 methylKit_1.0.0 GenomicRanges_1.26.4
[6] GenomeInfoDb_1.10.3 IRanges_2.8.2 S4Vectors_0.12.2 BiocGenerics_0.20.0

loaded via a namespace (and not attached):
[1] SummarizedExperiment_1.4.0 qvalue_2.6.0 gtools_3.5.0 reshape2_1.4.2
[5] splines_3.3.3 lattice_0.20-35 colorspace_1.3-2 rtracklayer_1.34.2
[9] blob_1.1.0 XML_3.98-1.9 rlang_0.1.2 R.oo_1.21.0
[13] withr_2.1.0 DBI_0.7 R.utils_2.5.0 BiocParallel_1.8.2
[17] fastseg_1.20.0 bit64_0.9-7 plyr_1.8.4 stringr_1.2.0
[21] zlibbioc_1.20.0 Biostrings_2.42.1 munsell_0.4.3 gtable_0.2.0
[25] R.methodsS3_1.7.1 coda_0.19-1 memoise_1.1.0 knitr_1.17
[29] Biobase_2.34.0 curl_3.0 AnnotationDbi_1.36.2 Rcpp_0.12.13
[33] scales_0.5.0 limma_3.30.13 XVector_0.14.1 bit_1.1-12
[37] Rsamtools_1.26.2 ggplot2_2.2.1 digest_0.6.12 stringi_1.1.5
[41] numDeriv_2016.8-1 grid_3.3.3 tools_3.3.3 bitops_1.0-6
[45] bbmle_1.0.20 magrittr_1.5 lazyeval_0.2.1 RCurl_1.95-4.8
[49] tibble_1.3.4 RSQLite_2.0 MASS_7.3-47 Matrix_1.2-11
[53] data.table_1.10.4-3 httr_1.3.1 emdbook_1.3.9 R6_2.2.2
[57] mclust_5.3 git2r_0.19.0 GenomicAlignments_1.10.1

We should probably include testthat suites; while there are few things that can go wrong with rand_* there are a lot of things that can go wrong with cryptographic hash generation.

I am trying to install package openssl and it seems that compilation runs fine, but then I get the following error:

** testing if installed package can be loaded
Error in dyn.load(file, DLLpath = DLLpath, ...) :
  unable to load shared object '/home/tmp/soft/lib64/R/library/openssl/libs/openssl.so':
  /home/tmp/soft/lib64/R/library/openssl/libs/openssl.so: undefined symbol: EVP_PKEY_sign
Error: loading failed
Execution halted
ERROR: loading failed

The compilation seems to go without the errors, i.e. openssl.so is compiled cleanly. I have R (3.3.0) and openssl (1.0.2h) installed into non-standard locations and I am running on quite outdated Debian version 6.0.10, so that is probably the cause of all problems. But I would be grateful to any pointers how to resolve this issue.

Is it possible to write an unencrypted private key to file if it was encrypted when read in? Right now I have to rely on the PKI package to do this, like so:

# using a test p12 cert with password "fred"
p12.encrypted.file <- "fred.p12"

# extract private key
p12 <- openssl::read_p12(file=p12.encrypted.file, password = "fred")
cert_key <- openssl::write_pem(p12$key)

# write encrypted key
ekey.file = tempfile()
write(cert_key, file=ekey.file)

# write decrypted key
key <- PKI::PKI.load.key(file=ekey.file, password="fred")
decrypted_key <- PKI::PKI.save.key(key, format="PEM", private=TRUE)
decrypt.key.file <- tempfile()
write(decrypted_key, file=decrypt.key.file)

When installing the package on a machine where the OpenSSL dev libraries aren't in the expected place, you have to disable the configure script to install correctly.
Ex. on OS X, I had to run:

R CMD INSTALL --configure-args="INCLUDE_DIR=/usr/local/Cellar/openssl/1.0.2d_1/include LIB_DIR=/usr/local/Cellar/openssl/1.0.2d_1/lib" --no-configure ~/Downloads/openssl_0.4.tar.gz

This took a while to troubleshoot so I figured it was worth noting here. May be useful to add it to the README.

...that's my only issue. Seriously, I found this package while searching around for existing bindings to make sure I wasn't duplicating effort.

What would you think of extending it to allow for character string hashing under the various algorithms openSSL supports? At the moment the only thing for this is digest, which isn't vectorised. As a general asset for researchers, "throw the UUIDS in the dataset you want to anonymise into this function and they'll come out very difficult to trace back" would be...useful.

Let me know if you think it's a good idea, and I'll build the necessary code myself - like I said, it's something I've been thinking about for a while.

Use the getPass package or something similar to ask for passwords on terminal systems.

I think the paper should take a high level, applied, introductory view to crypto. The technical details of implementing R bindings to a C library could go in a technical chapter or appendix. Far more interesting to JSS readers to understand how they can use this functionality. For example how you have used crypto hashes to anonymize datasets, and how you can use a random salt to make sure results incomparable to other datasets. Things like that.

Some ideas (feel free to edit/update):

• Concept of a one-way hash
• Explain how to store and verify passwords without storing them in plain text.
• Use of salt for password storage to prevent dictionary attack
• Use of salt for anonymizing (example from Oliver?)
• Show simple private key authorization
• Expose actual openssl key verification
• Eternal battle between cracking and finding better algorithms (i.e why not use md5 anymore)

I don't know if this counts as a bug or a feature request; you be the judge. Also, I apologize for my lack of facility with R; my current role is as a systems integrator, not an end-user.

I'm trying to build openssl on an Alpine Linux system. (As part of producing a Docker image, FWIW.) openssl is one of the dependency packages for an R package I want to install. Alpine recently changed its default OpenSSL API provider from OpenSSL to LibreSSL. This seems to be causing problems when loading your package.

I'm attaching the output of install.packages(... keep_outputs=TRUE), but the crux of the problem seems to be:

Error in dyn.load(file, DLLpath = DLLpath, ...) : 
  unable to load shared object '/usr/lib/R/library/openssl/libs/openssl.so':
  Error relocating /usr/lib/R/library/openssl/libs/openssl.so: RSA_get0_crt_params: symbol not found

(The build output complains about other *_get0_* functions, which I haven't investigated. Being unfamiliar with the codebase, they might be problems, too.)

Looking at the OpenSSL and LibreSSL source code, it seems that RSA_get0_crt_params is, indeed, not present in the LibreSSL codebase. LibreSSL is known to have tried to improve OpenSSL's security by removing code whose risk is deemed to exceed its usefulness; I suspect RSA_get0_crt_params and friends are casualties of that.

First, do you think I'm correct in concluding that your package isn't compatible with LibreSSL? My apologies if I'm misdiagnosing my problem.

Assuming I'm correct, have you thought about supporting LibreSSL (or at least looking into it if you haven't)? From a cursory understanding derived from researching this problem, "LibreSSL support" mostly seems to mean

#ifndef LIBRESSL_VERSION_NUMBER 
<do unsupported openssl thing> 
#else 
<complain and error out>
#endif

Most of the things LibreSSL has disabled are problematic anyway (e.g. SSLv3). Here's an example of a project working with both libraries that I came across.

I'm going to continue trying to work around the problem, but I thought I would bring it to your attention. Thanks for your work on this package.

Does this look familiar? libssl and headers should be installed. I don't see any other errors.

** testing if installed package can be loaded
Error in dyn.load(file, DLLpath = DLLpath, ...) : 
  unable to load shared object '/home/xxx/R/x86_64-pc-linux-gnu-library/3.2/openssl/libs/openssl.so':
  libssl.so.1.0.0: cannot open shared object file: No such file or directory
Error: loading failed

Hi,

I wanted to use install the plotly package in RStudio and had some issues installing the openssl package on my Laptop using Ubuntu 16.04. On my Mac at work, everything worked fine.

install.packages("plotly")
Installing package into ‘/home/johannes/R/x86_64-pc-linux-gnu-library/3.3’
(as ‘lib’ is unspecified)
also installing the dependencies ‘curl’, ‘openssl’, ‘httr’
trying URL 'https://cran.rstudio.com/src/contrib/curl_2.3.tar.gz'
Content type 'application/x-gzip' length 400460 bytes (391 KB)
==================================================
downloaded 391 KB

trying URL 'https://cran.rstudio.com/src/contrib/openssl_0.9.5.tar.gz'
Content type 'application/x-gzip' length 1236042 bytes (1.2 MB)
==================================================
downloaded 1.2 MB

trying URL 'https://cran.rstudio.com/src/contrib/httr_1.2.1.tar.gz'
Content type 'application/x-gzip' length 133398 bytes (130 KB)
==================================================
downloaded 130 KB

trying URL 'https://cran.rstudio.com/src/contrib/plotly_4.5.6.tar.gz'
Content type 'application/x-gzip' length 735400 bytes (718 KB)
==================================================
downloaded 718 KB

installing source package ‘curl’ ...
** package ‘curl’ successfully unpacked and MD5 sums checked
Package libcurl was not found in the pkg-config search path.
Perhaps you should add the directory containing libcurl.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libcurl' found
Package libcurl was not found in the pkg-config search path.
Perhaps you should add the directory containinglibcurl.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libcurl' found
Using PKG_CFLAGS=
Using PKG_LIBS=-lcurl
------------------------- ANTICONF ERROR ---------------------------
Configuration failed because libcurl was not found. Try installing:
deb: libcurl4-openssl-dev (Debian, Ubuntu, etc)
rpm: libcurl-devel (Fedora, CentOS, RHEL)
csw: libcurl_dev (Solaris)
If libcurl is already installed, check that 'pkg-config' is in your
PATH and PKG_CONFIG_PATH contains a libcurl.pc file. If pkg-config
is unavailable you can set INCLUDE_DIR and LIB_DIR manually via:
R CMD INSTALL --configure-vars='INCLUDE_DIR=... LIB_DIR=...'
ERROR: configuration failed for package ‘curl’
* removing ‘/home/johannes/R/x86_64-pc-linux-gnu-library/3.3/curl’
Warning in install.packages :
installation of package ‘curl’ had non-zero exit status
* installing source package ‘openssl’ ...
** package ‘openssl’ successfully unpacked and MD5 sums checked
Using PKG_CFLAGS=
Using PKG_LIBS=-lssl -lcrypto
------------------------- ANTICONF ERROR ---------------------------
Configuration failed because openssl was not found. Try installing:
* deb: libssl-dev (Debian, Ubuntu, etc)
* rpm: openssl-devel (Fedora, CentOS, RHEL)
* csw: libssl_dev (Solaris)
* brew: openssl (Mac OSX)
If openssl is already installed, check that 'pkg-config' is in your
PATH and PKG_CONFIG_PATH contains a openssl.pc file. If pkg-config
is unavailable you can set INCLUDE_DIR and LIB_DIR manually via:
R CMD INSTALL --configure-vars='INCLUDE_DIR=... LIB_DIR=...'

ERROR: configuration failed for package ‘openssl’
* removing ‘/home/johannes/R/x86_64-pc-linux-gnu-library/3.3/openssl’
Warning in install.packages :
installation of package ‘openssl’ had non-zero exit status
ERROR: dependencies ‘curl’, ‘openssl’ are not available for package ‘httr’
* removing ‘/home/johannes/R/x86_64-pc-linux-gnu-library/3.3/httr’
Warning in install.packages :
installation of package ‘httr’ had non-zero exit status
ERROR: dependency ‘httr’ is not available for package ‘plotly’
* removing ‘/home/johannes/R/x86_64-pc-linux-gnu-library/3.3/plotly’
Warning in install.packages :
installation of package ‘plotly’ had non-zero exit status

The downloaded source packages are in
‘/tmp/RtmpRovpJi/downloaded_packages’`

Do you have an idea how to solve this?

I'm getting a strange error from openssl after updating it and it's dependencies to the latest version. (R 3.4.1)

install.packages("openssl", dependencies=TRUE)
# Necessary to restart R at this point before continuing to see the error
data <- serialize("Secret Text", connection=NULL)
key <- openssl::sha256(charToRaw("password"))
openssl::aes_gcm_encrypt(data, key)

Error in aes_any(data, key, iv, TRUE, mode) :
aes-gcm requires an iv of length 12

It's fixable by overriding the default IV length of 16 with 12:
openssl::aes_gcm_encrypt(data, key, iv=openssl::rand_bytes(12))

However, I have a large database of encrypted objects that were created with IVs of length 16. Is it possible to get backwards-compatibility working?

Thanks!
~ Dan

To prevent #10 and similar from reoccurring.

Any chance you could export the fingerprint function? I have a use case where being able to get the hash of a public key would be useful.

What it says on the tin. Starting point is an example (say, MD5) in pure C; I'll port the rest after that.

It could be good to register some of the functions as callable so that other libraries can use them. In particular I'm thinking of the random value/hash generation code.

I'm currently writing an R package for the Backblaze B2 API (https://github.com/phillc73/backblazer)

When uploading a file, B2 expects an SHA1 hash of the file content (https://www.backblaze.com/b2/docs/b2_upload_file.html).

As per hash.R man page:
"When passing a connection object, the contents will be stream-hashed which minimizes the amount of required memory. This is recommended for hashing files from disk or network."

B2 will not validate the uploaded file with a stream-hash, instead requiring a character hash string.

Is there any reason why there isn't an option to generate a character hash from connection objects? Or rather perhaps a better question might be, is there a straightforward way to convert a stream-hash to a character hash (besides judicious use of sub)?

I should also note that using the example on the B2 docs page, and generating a hash directly via terminal and opensssl does in fact return the correct character hash.

openssl dgst -sha1 $FILE_TO_UPLOAD

Ideally I'd like to replicate this exact functionality within R.

Any thoughts on this most appreciated.

R crashes when hashing large data. Probably need to feed it to openssl in smaller pieces.

Using the module under Linux(CentOS7) work fine.
But using it under Windows will fail with:
error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Here some sample code:

require('opal')
require('datashieldclient')
require('openssl')
server        <- c("test") 
url             <- c("https://foo.example.com")
user            <- c("")
password     <- c("")
table           <- c("test.active")
logindata <- data.frame(server,url,user,password,table)
opals <- datashield.login(logins=logindata,assign=TRUE)

Sometimes we seem to get random (old) error messages. This probably means we forgot to call ERR_clear_error() somewhere.

To do:

• parser
• writer / generator
• debug cert bundle reader
• verify certs
• add unit tests

See also NCEAS/PKIplus#3. Resources:

• Example code
• Test certs
• UseR video

With the functionality expansion, we should throw the new version up on CRAN so people can start using it. I need to go through and check all the documentation and tests first, just to be sure it's spiffy. This is a note to me to do this.

Perhaps this is not meant to work, or perhaps it's (another!) different format, but:

I would like to, using the openssl package, generate an ssh key that could be readable by ssh-add. With the current versions of rsa_keygen and write_pem that is not possible (it's also possible that this should not be a pem format - I don't know - but that's the only format that permitted a password).

This is what I have done:

path <- tempfile()
dir.create(path)
dest_key <- file.path(path, "id_rsa")
dest_pub <- file.path(path, "id_rsa.pub")

password <- "secret"

key <- openssl::rsa_keygen()
pubkey <- as.list(key)$pubkey

openssl::write_ssh(pubkey, dest_pub)
openssl::write_pem(key, dest_key, password = password)

So far so good. This keypair can be read with openssl::read_key and openssl::read_pubkey.

If I run ssh-add I first get an error indicating that the permissions on the written file are too lax:

dyn1158-191:file6b3e535ee350 rich$ ssh-add id_rsa
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.

That's easily solved with Sys.chmod(dest_key, "600"). After that, I still cannot load the key:

dyn1158-191:file6b3e535ee350 rich$ ssh-add id_rsa
Enter passphrase for id_rsa: 
Bad passphrase, try again for id_rsa: 
Bad passphrase, try again for id_rsa: 
Bad passphrase, try again for id_rsa: 

If I create a key without a password I am still prompted by ssh-add for one.

I have an Yosemite 10.10.4 system which reports a very old version of ssh:

dyn1158-191:file6b3e535ee350 rich$ ssh -V
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011

In a more recent version of ssh on linux (OpenSSH_7.2p2) I can load the key. In both versions though the header generated by the openssl package differs. It contains

-----BEGIN ENCRYPTED PRIVATE KEY-----

but my ~/.ssh/id_rsa starts with

Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,4922...

This is unfortunate:

x <- bignum(12356789)
as.integer(x)

the package getPass seems to have a good way of handling this, is this something that could integrated into openssl?

Hi, I was trying to "devtools"

 install.packages("devtools")
   ...
    *** installing help indices
    ** building package indices
    ** testing if installed package can be loaded
    Error in dyn.load(file, DLLpath = DLLpath, ...) : 
      unable to load shared object '/host/somewhere/Jun/Programme/R-3.3.1/lib64/R/library/git2r/libs/git2r.so':
      libssl.so.1.0.0: cannot open shared object file: No such file or directory

It seemed that I need to install "libssl.so.1.0.0", so I installed "openssl"

Jun@host ~]$ which openssl
~/Programme/openssl/bin/openssl
[Jun@host ~]$ ldd ~/Programme/openssl/bin/openssl
	linux-vdso.so.1 =>  (0x00007fffc3ead000)
	libssl.so.1.0.0 => /somewhere/Jun/Programme/openssl/lib/libssl.so.1.0.0 (0x00002b8027af9000)
	libcrypto.so.1.0.0 => /somewhere/Jun/Programme/openssl/lib/libcrypto.so.1.0.0 (0x00002b8027d5e000)
	libdl.so.2 => /lib64/libdl.so.2 (0x0000003cae000000)
	libc.so.6 => /lib64/libc.so.6 (0x0000003cad800000)
	/lib64/ld-linux-x86-64.so.2 (0x0000003cad400000)

Then tried in to install "devtools" again:

install.packages("devtools", dependencies = TRUE)
but the issue persisted:

 ...
 ** R
** inst
** preparing package for lazy loading
** help
*** installing help indices
** building package indices
** installing vignettes
** testing if installed package can be loaded
Error in dyn.load(file, DLLpath = DLLpath, ...) : 
  unable to load shared object '/misc/somewhere/Jun/Programme/R-3.3.1/lib64/R/library/openssl/libs/openssl.so':
  /misc/somewhere/Jun/Programme/R-3.3.1/lib64/R/library/openssl/libs/openssl.so: undefined symbol: EVP_PKEY_sign
Error: loading failed
Execution halted
...

Then I noticed the post here
I tried:

Sys.setenv(PKG_CONFIG_PATH= "/somewhere/Jun/Programme/openssl/lib/pkgconfig")
install.packages("openssl")

installing to /misc/somewhere/Jun/Programme/R-3.3.1/lib64/R/library/openssl/libs
** R
** inst
** preparing package for lazy loading
** help
*** installing help indices
** building package indices
** installing vignettes
** testing if installed package can be loaded
Error in dyn.load(file, DLLpath = DLLpath, ...) : 
  unable to load shared object '/misc/somewhere/Jun/Programme/R-3.3.1/lib64/R/library/openssl/libs/openssl.so':
  /misc/somewhere/Jun/Programme/R-3.3.1/lib64/R/library/openssl/libs/openssl.so: undefined symbol: EC_KEY_set_public_key_affine_coordinates
Error: loading failed

Then tried:

install.packages("openssl", configure.vars = "INCLUDE_DIR=/somewhere/Jun/Programme/openssl/include LIB_DIR=/somewhere/Jun/Programme/openssl/lib")
...
installing to /misc/somewhere/Jun/Programme/R-3.3.1/lib64/R/library/openssl/libs
** R
** inst
** preparing package for lazy loading
** help
*** installing help indices
** building package indices
** installing vignettes
** testing if installed package can be loaded
Error in dyn.load(file, DLLpath = DLLpath, ...) : 
  unable to load shared object '/misc/somewhere/Jun/Programme/R-3.3.1/lib64/R/library/openssl/libs/openssl.so':
  /misc/somewhere/Jun/Programme/R-3.3.1/lib64/R/library/openssl/libs/openssl.so: undefined symbol: EC_KEY_set_public_key_affine_coordinates
Error: loading failed
...

wget https://cran.r-project.org/src/contrib/openssl_0.9.6.tar.gz
R CMD INSTALL openssl_0.9.6.tar.gz \
   --configure-vars='INCLUDE_DIR=/somewhere/Jun/Programme/openssl/include LIB_DIR=/somewhere/Jun/Programme/openssl/lib'

installing to /misc/somewhere/Jun/Programme/R-3.3.1/lib64/R/library/openssl/libs
** R
** inst
** preparing package for lazy loading
** help
*** installing help indices
** building package indices
** installing vignettes
** testing if installed package can be loaded
Error in dyn.load(file, DLLpath = DLLpath, ...) : 
  unable to load shared object '/misc/somewhere/Jun/Programme/R-3.3.1/lib64/R/library/openssl/libs/openssl.so':
  /misc/somewhere/Jun/Programme/R-3.3.1/lib64/R/library/openssl/libs/openssl.so: undefined symbol: EC_KEY_set_public_key_affine_coordinates

but without luck.
When I checked

pkg-config --cflags openssl
-I/usr/kerberos/include  
 pkg-config --libs openssl
-L/usr/kerberos/lib64 -lssl -lcrypto -ldl -lz 

"pkg-config" seems to pointing wrong directory, when I checked "/usr/kerberos/" there are even no "/usr/kerberos/include " nor "/usr/kerberos/lib64"

cd /usr/kerberos/
/usr/kerberos]$ ls 
bin  man  sbin	share

there areno "/usr/kerberos/include " nor "/usr/kerberos/lib64", I assumed "libssl" installed in my directory would be used, it seemed that was not the case.
the issue there seemed to be resolved.
so this might be my personal issue. If any suggestion, please let me know. Thanks!
PS:

$ cat /etc/*-release
CentOS release 5.10 (Final)

Got a somewhat off-label use case here. I'm trying to encode large cardinality categorical features (that come as character columns) into hash buckets. This involves calling bignum() then %% on the hash output. Would it be possible to vectorize bignum() to make this more efficient or is there a better way I overlooked?

The second clause states that "The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software."

Though I suspect it's not there because of CRAN, but I'm opening this issue so I can point my reviewer at it.

CRAN metadata lists this package as having an MIT license. However, the LICENSE file just lists the year and author. To clarify this, would it be possible to include the text of the MIT license in the LICENSE file or perhaps in a COPYING file?

(I note that CRAN says that LICENSE should just be a template. However, if you download this package from CRAN, the template isn't expanded.)

I'm looking into porting Google's C++ library s2-geometry to R from this GitHub fork. It requires the openssl library to compile and I was wondering whether I could benefit from depending on your openssl package?
If I know the user has your package installed it means that openssl is somewhere on their system. Is there then an easy way to for me to link against the library or do I still have to basically copy your configure script and Makevars files and add my own stuff to that? I've never tried to include an existing C++ library in an R package, so I'm a bit in the dark here, and any advice you can give is highly appreciated.

Hello,

I am trying to update "openssl", but I have found that in my Gentoo Linux the elliptic ec modules are not activated due to some licensing issues and therefore "openssl" complains:

bignum.c:4:24: fatal error: openssl/ec.h: File or directory does not exist
 #include <openssl/ec.h>
                        ^

Would it be possible to make elliptic module optional?

Thank you,

Hello,

I'd like to register an impassioned plea for you to move away from using stopifnot in package functions - especially non-exported functions such as read_input, which is the cause of my use case today.

The reason for this is that stopifnot sets call = FALSE on its call to stop with no way to override that default, and this is extremely annoying when the function in question is used at the bottom of a very long call chain. and most especially when the function call involves cross-package usage.

In my use case, I was using the package secret, which uses openssl::read_key to read in keys. But because the path I was supplying to read_key was a directory and not a key (I had misunderstood the documentation for secret::local_key) the call to read_key of course failed.

secret::local_key()
Error: !info$isdir is not TRUE

Because there is no stack trace thanks to call = FALSE, it wasn't immediately obvious what execution path had led to this situation or where the stopifnot that led to this message was being generated. This led to a several-minute spelunking expedition into the two packages and eventually into the non-exported function openssl::read_input to understand what the cause of the error was.

So, I implore you - please move away from triggering errors with no call attached in general, and move away from using stopifnot in particular, because it will make life much easier on your users who encounter those error messages.

I wanted to install the openssl via R. Here is the output of it. It was not able to install it.

R CMD INSTALL -d -l /home/ehadhai/R/x86_64-unknown-linux-gnu-library/3.1 openssl_0.9.4.tar.gz
processing 'openssl_0.9.4.tar.gz'
a file
* build_help_types=
* DBG: 'R CMD INSTALL' now doing do_install()
* created lock directory '/home/ehadhai/R/x86_64-unknown-linux-gnu-library/3.1/00LOCK-openssl'
* installing *source* package 'openssl' ...
** package 'openssl' successfully unpacked and MD5 sums checked
configure command: ' ./configure '
Found pkg-config cflags and libs!
Using PKG_CFLAGS= 
Using PKG_LIBS=-Wl,-z,relro -lssl -lcrypto -ldl -lz  
** libs
about to run R CMD SHLIB -o openssl.so aes.c base64.c bignum.c cert.c diffie.c envelope.c error.c hash.c info.c keygen.c onload.c openssh.c rand.c read.c rsa.c signing.c ssl.c stream.c write.c
gcc -std=gnu99 -I/app/vbuild/RHEL6-x86_64/R/3.1.2/lib/R/include -DNDEBUG  -I/usr/local/include    -fpic  -g -O2  -c aes.c -o aes.o
aes.c: In function 'R_aes_any':
aes.c:22: error: 'EVP_CIPH_GCM_MODE' undeclared (first use in this function)
aes.c:22: error: (Each undeclared identifier is reported only once
aes.c:22: error: for each function it appears in.)
aes.c:24: error: 'EVP_CTRL_GCM_SET_IVLEN' undeclared (first use in this function)
make: *** [aes.o] Error 1
ERROR: compilation failed for package 'openssl'
* removing '/home/ehadhai/R/x86_64-unknown-linux-gnu-library/3.1/openssl'

Futher useful things:

cat /etc/system-release
Red Hat Enterprise Linux Server release 6.4 (Santiago)

cat /proc/version
Linux version 2.6.32-358.6.2.el6.x86_64 ([email protected]) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Tue May 14 15:48:21 EDT 2013

ldconfig -p | grep libssl
libssl3.so (libc6,x86-64) => /usr/lib64/libssl3.so
libssl3.so (libc6) => /usr/lib/libssl3.so
libssl.so.10 (libc6,x86-64) => /usr/lib64/libssl.so.10
libssl.so.10 (libc6) => /usr/lib/libssl.so.10
libssl.so.6 (libc6,x86-64) => /usr/lib64/libssl.so.6
libssl.so (libc6,x86-64) => /usr/lib64/libssl.so

pkg-config --cflags --libs openssl
-Wl,-z,relro -lssl -lcrypto -ldl -lz

Discovered while rebuilding the test suite:

mdc2("foo")
Error in stringhash(x, algo, salt) : Unknown cryptographic algorithm mdc2