Bug#1023884: vtun: patch for libssl3

Fri, 11 Nov 2022 18:27:15 -0800 

Package: vtun
Version: 3.0.4-2+b1
Severity: important

Dear Maintainer,

gdb:
  Program received signal SIGSEGV, Segmentation fault.
  0x00007ffff7c063a2 in EVP_CIPHER_CTX_set_key_length () from 
/lib/x86_64-linux-gnu/libcrypto.so.3

OpenSSL 3.0 introduced providers, legacy algorithms such as RC4 or Blowfish 
must now be explicitely enabled before using them.

See #1014193.

Here is a patch loading the legacy and default provider.

-- System Information:
Debian Release: bookworm/sid
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldoldstable'), (500, 
'unstable'), (500, 'testing'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.0.0-3-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages vtun depends on:
ii  libc6                      2.36-4
ii  liblzo2-2                  2.10-2
ii  libssl3                    3.0.7-1
ii  lsb-base                   11.5
ii  sysvinit-utils [lsb-base]  3.05-7
ii  udev                       252.1-1
ii  zlib1g                     1:1.2.13.dfsg-1

vtun recommends no packages.

vtun suggests no packages.

-- Configuration Files:
/etc/vtund.conf [Errno 13] Permission denied: '/etc/vtund.conf'

-- no debconf information

diff -Nru vtun-3.0.4.orig/lfd_encrypt.c vtun-3.0.4/lfd_encrypt.c
--- vtun-3.0.4.orig/lfd_encrypt.c       2022-11-12 01:29:21.000000000 +0100
+++ vtun-3.0.4/lfd_encrypt.c    2022-11-12 01:28:45.525976893 +0100
@@ -154,9 +154,23 @@
    const EVP_CIPHER *cipher_type;
    char tmpstr[64];
    char cipher_name[32];
+   OSSL_PROVIDER *legacy;
+   OSSL_PROVIDER *deflt;
    EVP_CIPHER_CTX *pctx_enc;
    EVP_CIPHER_CTX *pctx_dec;
 
+   legacy = OSSL_PROVIDER_load(NULL, "legacy");
+   if (legacy == NULL) {
+      vtun_syslog(LOG_ERR, "Failed to load OpenSSL Legacy provider");
+      return -1;
+   }
+
+   deflt = OSSL_PROVIDER_load(NULL, "default");
+   if (deflt == NULL) {
+      vtun_syslog(LOG_ERR, "Failed to load OpenSSL Default provider");
+      return -1;
+   }
+
    ctx_enc = EVP_CIPHER_CTX_new();
    ctx_dec = EVP_CIPHER_CTX_new();
    ctx_enc_ecb = EVP_CIPHER_CTX_new();

Reply via email to