https://bugs.kde.org/show_bug.cgi?id=482819
Fabian Vogt <fab...@ritter-vogt.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REPORTED |NEEDSINFO Resolution|--- |WAITINGFORINFO --- Comment #27 from Fabian Vogt <fab...@ritter-vogt.de> --- (In reply to Matt Fagnani from comment #26) > I switched /etc/pki/tls/openssl.cnf back to the old config and rebooted. I > closed the wallet and ran killall kwalletd6 twice. I ran ltrace -fCe > 'DH_*+OSSL_*' kwalletd6 I opened the wallet. I ran protonvpn-app which > crashed. kwalletd6 crashed after some of the DH functions as shown in the > output. > > ltrace -fCe 'DH_*+OSSL_*' kwalletd6 ... > [pid 3603] libQt6Core.so.6->OSSL_PROVIDER_load(0, 0x7fb30e297499, > 0x55d4cee99010, 1) = 0x7fb2e8001ff0 > [pid 3682] +++ exited (status 0) +++ > [pid 3603] --- SIGCHLD (Child exited) --- > [pid 3683] --- Called exec() --- > [pid 3683] +++ exited (status 0) +++ > [pid 3603] libQt6Core.so.6->OSSL_PROVIDER_unload(0x7fb2e8001ff0, > 0x55d4cf2530c0, 0xfffffffa, 0x7fb30d9f3b20) = 1 This caught my attention now, I don't get this here. Looking at the code, this is only in Qt since https://github.com/qt/qtbase/commit/ddb1c75afe474e399fe9f5f839a9ac3873dee247 and would actually explain what happens. By default, OpenSSL loads the "DEFAULT" provider, but only if no other provider was loaded. That disables this logic: https://www.openssl.org/docs/manmaster/man7/OSSL_PROVIDER-default.html: > Automatic loading of the default provider only occurs a maximum of once; if > the default provider is explicitly unloaded then the default provider will > not be automatically loaded again. It appears like Fedora backported the linked Qt commit, so Qt itself loads and unloads the DEFAULT provider. > [pid 3603] libqca-ossl.so->OSSL_PROVIDER_try_load(0, 0x7fb2f19a10f1, 1, > 0x7fb30d9f3ac0 <unfinished ...> > [pid 3603] legacy.so->OSSL_LIB_CTX_new_child(0x55d4cf2504b0, 0x7fb30c89f300, > 24, 0x55d4cf26ac60) = 0x55d4cf25cfb0 > [pid 3603] <... OSSL_PROVIDER_try_load resumed> ) = > 0x55d4cf2504b0 > [pid 3603] libqca-ossl.so->DH_new(0x55d4cf205910, 0x55d4cf2059f0, > 0x55d4cf25a630, 0) = 0x7fb2f400bd30 > [pid 3603] libqca-ossl.so->DH_set0_pqg(0x7fb2f400bd30, 0x55d4cf24a2b0, 0, > 0x55d4cf24a2d0) = 1 > [pid 3603] libqca-ossl.so->DH_generate_key(0x7fb2f400bd30, 0x7fb30c8511c0, > 16, 0xb10b8f96a080e01d) = 0 As expected, DH_generate_key fails, causing the returned key to be null. The Qt behavior also explains why it works with the config in comments 20 and 22, those load the default provider explicitly. I'll leave a comment on https://bugreports.qt.io/browse/QTBUG-118227. I'm not sure whether this is the right fix, but this should work: diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp index f41fcbb5..0176da3b 100644 --- a/plugins/qca-ossl/qca-ossl.cpp +++ b/plugins/qca-ossl/qca-ossl.cpp @@ -6637,6 +6637,8 @@ public: if (OSSL_PROVIDER_try_load(nullptr, "legacy", 1)) { s_legacyProviderAvailable = true; } + // No idea how to report failure here... + OSSL_PROVIDER_try_load(nullptr, "default", 1); #else s_legacyProviderAvailable = true; #endif -- You are receiving this mail because: You are watching all bug changes.