* [PR PATCH] encfs: fix crash with blowfish
@ 2023-09-06 13:28 sgn
2023-09-07 0:42 ` [PR PATCH] [Updated] " sgn
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: sgn @ 2023-09-06 13:28 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1254 bytes --]
There is a new pull request by sgn against master on the void-packages repository
https://github.com/sgn/void-packages encfs-blowfish
https://github.com/void-linux/void-packages/pull/45943
encfs: fix crash with blowfish
Fix #45916
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **NO**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/45943.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-encfs-blowfish-45943.patch --]
[-- Type: text/x-diff, Size: 9156 bytes --]
From 7af941eef521680c30685c412c7d1d84243e85a5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
<congdanhqx@gmail.com>
Date: Wed, 6 Sep 2023 20:27:34 +0700
Subject: [PATCH] encfs: fix crash with blowfish
Fix #45916
---
srcpkgs/encfs/patches/openssl-3.patch | 244 ++++++++++++++++++++++++++
srcpkgs/encfs/template | 2 +-
2 files changed, 245 insertions(+), 1 deletion(-)
create mode 100644 srcpkgs/encfs/patches/openssl-3.patch
diff --git a/srcpkgs/encfs/patches/openssl-3.patch b/srcpkgs/encfs/patches/openssl-3.patch
new file mode 100644
index 0000000000000..7433a275c627b
--- /dev/null
+++ b/srcpkgs/encfs/patches/openssl-3.patch
@@ -0,0 +1,244 @@
+From 56fb686e9991e2448231d21c97c9bb37555bbc7d Mon Sep 17 00:00:00 2001
+From: Philip Molter <philip@hrunting.org>
+Date: Thu, 10 Nov 2022 15:28:44 -0600
+Subject: [PATCH] Support OpenSSL 3.0
+
+---
+encfs v5 use blowfish, which needs legacy_provider
+ encfs/SSL_Cipher.cpp | 83 ++++++++++++++++++++++++++++++++++++++++++++
+ encfs/openssl.cpp | 6 ++--
+ encfs/test.cpp | 4 +--
+ 3 files changed, 88 insertions(+), 5 deletions(-)
+
+diff --git a/encfs/SSL_Cipher.cpp b/encfs/SSL_Cipher.cpp
+index 20dee8bd..5f772b7c 100644
+--- a/encfs/SSL_Cipher.cpp
++++ b/encfs/SSL_Cipher.cpp
+@@ -31,6 +31,11 @@
+ #include <sys/mman.h>
+ #include <sys/time.h>
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++#include <openssl/core_names.h>
++#include <openssl/provider.h>
++#endif
++
+ #include "Cipher.h"
+ #include "Error.h"
+ #include "Interface.h"
+@@ -48,6 +53,13 @@ const int MAX_KEYLENGTH = 32; // in bytes (256 bit)
+ const int MAX_IVLENGTH = 16; // 128 bit (AES block size, Blowfish has 64)
+ const int KEY_CHECKSUM_BYTES = 4;
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++const OSSL_PARAM HMAC_PARAMS[2] = {
++ OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, OSSL_DIGEST_NAME_SHA1, 0),
++ OSSL_PARAM_construct_end()
++};
++#endif
++
+ /**
+ This produces the same result as OpenSSL's EVP_BytesToKey. The difference
+ is that here we can explicitly specify the key size, instead of relying on
+@@ -159,6 +171,11 @@ static Interface BlowfishInterface("ssl/blowfish", 3, 0, 2);
+ static Interface AESInterface("ssl/aes", 3, 0, 2);
+ static Interface CAMELLIAInterface("ssl/camellia", 3, 0, 2);
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++static OSSL_PROVIDER *default_provider = NULL;
++static OSSL_PROVIDER *legacy_provider = NULL;
++#endif
++
+ #ifndef OPENSSL_NO_CAMELLIA
+
+ static Range CAMELLIAKeyRange(128, 256, 64);
+@@ -207,6 +224,23 @@ static Range BFKeyRange(128, 256, 32);
+ static Range BFBlockRange(64, 4096, 8);
+
+ static std::shared_ptr<Cipher> NewBFCipher(const Interface &iface, int keyLen) {
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ /**
++ With OpenSSL 3.0, Blowfish is considered a legacy cipher.
++ The legacy provider is not normally loaded, and loading it
++ also disables the default fallback provider, so we load
++ them both here.
++
++ We should also unload these providers when we finish
++ with them, but for encfs, that happens when the library
++ exits anyway.
++ */
++ if (legacy_provider == NULL) {
++ default_provider = OSSL_PROVIDER_load(NULL, "default");
++ legacy_provider = OSSL_PROVIDER_load(NULL, "legacy");
++ }
++#endif
++
+ if (keyLen <= 0) {
+ keyLen = 160;
+ }
+@@ -286,7 +320,12 @@ class SSLKey : public AbstractCipherKey {
+ EVP_CIPHER_CTX *stream_enc;
+ EVP_CIPHER_CTX *stream_dec;
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC *evp_mac;
++ EVP_MAC_CTX *evp_mac_ctx;
++#else
+ HMAC_CTX *mac_ctx;
++#endif
+
+ SSLKey(int keySize, int ivLength);
+
+@@ -318,8 +357,14 @@ SSLKey::SSLKey(int keySize_, int ivLength_) {
+ EVP_CIPHER_CTX_init(stream_enc);
+ stream_dec = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_init(stream_dec);
++
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ evp_mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_HMAC, NULL);
++ evp_mac_ctx = EVP_MAC_CTX_new(evp_mac);
++#else
+ mac_ctx = HMAC_CTX_new();
+ HMAC_CTX_reset(mac_ctx);
++#endif
+ }
+
+ SSLKey::~SSLKey() {
+@@ -336,7 +381,13 @@ SSLKey::~SSLKey() {
+ EVP_CIPHER_CTX_free(block_dec);
+ EVP_CIPHER_CTX_free(stream_enc);
+ EVP_CIPHER_CTX_free(stream_dec);
++
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_CTX_free(evp_mac_ctx);
++ EVP_MAC_free(evp_mac);
++#else
+ HMAC_CTX_free(mac_ctx);
++#endif
+
+ pthread_mutex_destroy(&mutex);
+ }
+@@ -373,7 +424,11 @@ void initKey(const std::shared_ptr<SSLKey> &key, const EVP_CIPHER *_blockCipher,
+ EVP_EncryptInit_ex(key->stream_enc, nullptr, nullptr, KeyData(key), nullptr);
+ EVP_DecryptInit_ex(key->stream_dec, nullptr, nullptr, KeyData(key), nullptr);
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_init(key->evp_mac_ctx, KeyData(key), _keySize, HMAC_PARAMS);
++#else
+ HMAC_Init_ex(key->mac_ctx, KeyData(key), _keySize, EVP_sha1(), nullptr);
++#endif
+ }
+
+ SSL_Cipher::SSL_Cipher(const Interface &iface_, const Interface &realIface_,
+@@ -515,8 +570,17 @@ static uint64_t _checksum_64(SSLKey *key, const unsigned char *data,
+ unsigned char md[EVP_MAX_MD_SIZE];
+ unsigned int mdLen = EVP_MAX_MD_SIZE;
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++#if OPENSSL_VERSION_NUMBER >= 0x30000030L
++ EVP_MAC_init(key->evp_mac_ctx, NULL, 0, NULL);
++#else
++ EVP_MAC_init(key->evp_mac_ctx, key->buffer, key->keySize, HMAC_PARAMS);
++#endif
++ EVP_MAC_update(key->evp_mac_ctx, data, dataLen);
++#else
+ HMAC_Init_ex(key->mac_ctx, nullptr, 0, nullptr, nullptr);
+ HMAC_Update(key->mac_ctx, data, dataLen);
++#endif
+ if (chainedIV != nullptr) {
+ // toss in the chained IV as well
+ uint64_t tmp = *chainedIV;
+@@ -526,10 +590,18 @@ static uint64_t _checksum_64(SSLKey *key, const unsigned char *data,
+ tmp >>= 8;
+ }
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_update(key->evp_mac_ctx, h, 8);
++#else
+ HMAC_Update(key->mac_ctx, h, 8);
++#endif
+ }
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_final(key->evp_mac_ctx, md, (size_t *)&mdLen, sizeof(md));
++#else
+ HMAC_Final(key->mac_ctx, md, &mdLen);
++#endif
+
+ rAssert(mdLen >= 8);
+
+@@ -698,10 +770,21 @@ void SSL_Cipher::setIVec(unsigned char *ivec, uint64_t seed,
+ }
+
+ // combine ivec and seed with HMAC
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++#if OPENSSL_VERSION_NUMBER >= 0x30000030L
++ EVP_MAC_init(key->evp_mac_ctx, NULL, 0, NULL);
++#else
++ EVP_MAC_init(key->evp_mac_ctx, key->buffer, key->keySize, HMAC_PARAMS);
++#endif
++ EVP_MAC_update(key->evp_mac_ctx, ivec, _ivLength);
++ EVP_MAC_update(key->evp_mac_ctx, md, 8);
++ EVP_MAC_final(key->evp_mac_ctx, md, (size_t *)&mdLen, sizeof(md));
++#else
+ HMAC_Init_ex(key->mac_ctx, nullptr, 0, nullptr, nullptr);
+ HMAC_Update(key->mac_ctx, ivec, _ivLength);
+ HMAC_Update(key->mac_ctx, md, 8);
+ HMAC_Final(key->mac_ctx, md, &mdLen);
++#endif
+ rAssert(mdLen >= _ivLength);
+
+ memcpy(ivec, md, _ivLength);
+diff --git a/encfs/openssl.cpp b/encfs/openssl.cpp
+index 3b0f1b3b..8411b75d 100644
+--- a/encfs/openssl.cpp
++++ b/encfs/openssl.cpp
+@@ -27,7 +27,7 @@
+ #define NO_DES
+ #include <openssl/rand.h>
+ #include <openssl/ssl.h>
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ #include <openssl/engine.h>
+ #endif
+
+@@ -77,7 +77,7 @@ void openssl_init(bool threaded) {
+ RAND_bytes((unsigned char *)&randSeed, sizeof(randSeed));
+ srand(randSeed);
+
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ /* Load all bundled ENGINEs into memory and make them visible */
+ ENGINE_load_builtin_engines();
+ /* Register all of them for every algorithm they collectively implement */
+@@ -93,7 +93,7 @@ void openssl_init(bool threaded) {
+ }
+
+ void openssl_shutdown(bool threaded) {
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ ENGINE_cleanup();
+ #endif
+
+diff --git a/encfs/test.cpp b/encfs/test.cpp
+index 8da058e6..f138be87 100644
+--- a/encfs/test.cpp
++++ b/encfs/test.cpp
+@@ -42,7 +42,7 @@
+
+ #define NO_DES
+ #include <openssl/ssl.h>
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ #include <openssl/engine.h>
+ #endif
+
+@@ -402,7 +402,7 @@ int main(int argc, char *argv[]) {
+ SSL_load_error_strings();
+ SSL_library_init();
+
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_ciphers();
+ ENGINE_register_all_digests();
diff --git a/srcpkgs/encfs/template b/srcpkgs/encfs/template
index cbeafbb0f0ac4..796d5a7c170c3 100644
--- a/srcpkgs/encfs/template
+++ b/srcpkgs/encfs/template
@@ -1,7 +1,7 @@
# Template file for 'encfs'
pkgname=encfs
version=1.9.5
-revision=6
+revision=7
build_style=cmake
hostmakedepends="gettext pkg-config perl"
makedepends="fuse-devel openssl-devel gettext-devel"
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PR PATCH] [Updated] encfs: fix crash with blowfish
2023-09-06 13:28 [PR PATCH] encfs: fix crash with blowfish sgn
@ 2023-09-07 0:42 ` sgn
2023-09-07 2:12 ` sgn
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: sgn @ 2023-09-07 0:42 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1259 bytes --]
There is an updated pull request by sgn against master on the void-packages repository
https://github.com/sgn/void-packages encfs-blowfish
https://github.com/void-linux/void-packages/pull/45943
encfs: fix crash with blowfish
Fix #45916
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **NO**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/45943.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-encfs-blowfish-45943.patch --]
[-- Type: text/x-diff, Size: 9221 bytes --]
From 935195a16a52395a95ba895548be94fc2a7915f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
<congdanhqx@gmail.com>
Date: Wed, 6 Sep 2023 20:27:34 +0700
Subject: [PATCH] encfs: fix crash with blowfish
Fix #45916
---
srcpkgs/encfs/patches/openssl-3.patch | 244 ++++++++++++++++++++++++++
srcpkgs/encfs/template | 3 +-
2 files changed, 246 insertions(+), 1 deletion(-)
create mode 100644 srcpkgs/encfs/patches/openssl-3.patch
diff --git a/srcpkgs/encfs/patches/openssl-3.patch b/srcpkgs/encfs/patches/openssl-3.patch
new file mode 100644
index 0000000000000..7433a275c627b
--- /dev/null
+++ b/srcpkgs/encfs/patches/openssl-3.patch
@@ -0,0 +1,244 @@
+From 56fb686e9991e2448231d21c97c9bb37555bbc7d Mon Sep 17 00:00:00 2001
+From: Philip Molter <philip@hrunting.org>
+Date: Thu, 10 Nov 2022 15:28:44 -0600
+Subject: [PATCH] Support OpenSSL 3.0
+
+---
+encfs v5 use blowfish, which needs legacy_provider
+ encfs/SSL_Cipher.cpp | 83 ++++++++++++++++++++++++++++++++++++++++++++
+ encfs/openssl.cpp | 6 ++--
+ encfs/test.cpp | 4 +--
+ 3 files changed, 88 insertions(+), 5 deletions(-)
+
+diff --git a/encfs/SSL_Cipher.cpp b/encfs/SSL_Cipher.cpp
+index 20dee8bd..5f772b7c 100644
+--- a/encfs/SSL_Cipher.cpp
++++ b/encfs/SSL_Cipher.cpp
+@@ -31,6 +31,11 @@
+ #include <sys/mman.h>
+ #include <sys/time.h>
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++#include <openssl/core_names.h>
++#include <openssl/provider.h>
++#endif
++
+ #include "Cipher.h"
+ #include "Error.h"
+ #include "Interface.h"
+@@ -48,6 +53,13 @@ const int MAX_KEYLENGTH = 32; // in bytes (256 bit)
+ const int MAX_IVLENGTH = 16; // 128 bit (AES block size, Blowfish has 64)
+ const int KEY_CHECKSUM_BYTES = 4;
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++const OSSL_PARAM HMAC_PARAMS[2] = {
++ OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, OSSL_DIGEST_NAME_SHA1, 0),
++ OSSL_PARAM_construct_end()
++};
++#endif
++
+ /**
+ This produces the same result as OpenSSL's EVP_BytesToKey. The difference
+ is that here we can explicitly specify the key size, instead of relying on
+@@ -159,6 +171,11 @@ static Interface BlowfishInterface("ssl/blowfish", 3, 0, 2);
+ static Interface AESInterface("ssl/aes", 3, 0, 2);
+ static Interface CAMELLIAInterface("ssl/camellia", 3, 0, 2);
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++static OSSL_PROVIDER *default_provider = NULL;
++static OSSL_PROVIDER *legacy_provider = NULL;
++#endif
++
+ #ifndef OPENSSL_NO_CAMELLIA
+
+ static Range CAMELLIAKeyRange(128, 256, 64);
+@@ -207,6 +224,23 @@ static Range BFKeyRange(128, 256, 32);
+ static Range BFBlockRange(64, 4096, 8);
+
+ static std::shared_ptr<Cipher> NewBFCipher(const Interface &iface, int keyLen) {
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ /**
++ With OpenSSL 3.0, Blowfish is considered a legacy cipher.
++ The legacy provider is not normally loaded, and loading it
++ also disables the default fallback provider, so we load
++ them both here.
++
++ We should also unload these providers when we finish
++ with them, but for encfs, that happens when the library
++ exits anyway.
++ */
++ if (legacy_provider == NULL) {
++ default_provider = OSSL_PROVIDER_load(NULL, "default");
++ legacy_provider = OSSL_PROVIDER_load(NULL, "legacy");
++ }
++#endif
++
+ if (keyLen <= 0) {
+ keyLen = 160;
+ }
+@@ -286,7 +320,12 @@ class SSLKey : public AbstractCipherKey {
+ EVP_CIPHER_CTX *stream_enc;
+ EVP_CIPHER_CTX *stream_dec;
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC *evp_mac;
++ EVP_MAC_CTX *evp_mac_ctx;
++#else
+ HMAC_CTX *mac_ctx;
++#endif
+
+ SSLKey(int keySize, int ivLength);
+
+@@ -318,8 +357,14 @@ SSLKey::SSLKey(int keySize_, int ivLength_) {
+ EVP_CIPHER_CTX_init(stream_enc);
+ stream_dec = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_init(stream_dec);
++
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ evp_mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_HMAC, NULL);
++ evp_mac_ctx = EVP_MAC_CTX_new(evp_mac);
++#else
+ mac_ctx = HMAC_CTX_new();
+ HMAC_CTX_reset(mac_ctx);
++#endif
+ }
+
+ SSLKey::~SSLKey() {
+@@ -336,7 +381,13 @@ SSLKey::~SSLKey() {
+ EVP_CIPHER_CTX_free(block_dec);
+ EVP_CIPHER_CTX_free(stream_enc);
+ EVP_CIPHER_CTX_free(stream_dec);
++
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_CTX_free(evp_mac_ctx);
++ EVP_MAC_free(evp_mac);
++#else
+ HMAC_CTX_free(mac_ctx);
++#endif
+
+ pthread_mutex_destroy(&mutex);
+ }
+@@ -373,7 +424,11 @@ void initKey(const std::shared_ptr<SSLKey> &key, const EVP_CIPHER *_blockCipher,
+ EVP_EncryptInit_ex(key->stream_enc, nullptr, nullptr, KeyData(key), nullptr);
+ EVP_DecryptInit_ex(key->stream_dec, nullptr, nullptr, KeyData(key), nullptr);
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_init(key->evp_mac_ctx, KeyData(key), _keySize, HMAC_PARAMS);
++#else
+ HMAC_Init_ex(key->mac_ctx, KeyData(key), _keySize, EVP_sha1(), nullptr);
++#endif
+ }
+
+ SSL_Cipher::SSL_Cipher(const Interface &iface_, const Interface &realIface_,
+@@ -515,8 +570,17 @@ static uint64_t _checksum_64(SSLKey *key, const unsigned char *data,
+ unsigned char md[EVP_MAX_MD_SIZE];
+ unsigned int mdLen = EVP_MAX_MD_SIZE;
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++#if OPENSSL_VERSION_NUMBER >= 0x30000030L
++ EVP_MAC_init(key->evp_mac_ctx, NULL, 0, NULL);
++#else
++ EVP_MAC_init(key->evp_mac_ctx, key->buffer, key->keySize, HMAC_PARAMS);
++#endif
++ EVP_MAC_update(key->evp_mac_ctx, data, dataLen);
++#else
+ HMAC_Init_ex(key->mac_ctx, nullptr, 0, nullptr, nullptr);
+ HMAC_Update(key->mac_ctx, data, dataLen);
++#endif
+ if (chainedIV != nullptr) {
+ // toss in the chained IV as well
+ uint64_t tmp = *chainedIV;
+@@ -526,10 +590,18 @@ static uint64_t _checksum_64(SSLKey *key, const unsigned char *data,
+ tmp >>= 8;
+ }
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_update(key->evp_mac_ctx, h, 8);
++#else
+ HMAC_Update(key->mac_ctx, h, 8);
++#endif
+ }
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_final(key->evp_mac_ctx, md, (size_t *)&mdLen, sizeof(md));
++#else
+ HMAC_Final(key->mac_ctx, md, &mdLen);
++#endif
+
+ rAssert(mdLen >= 8);
+
+@@ -698,10 +770,21 @@ void SSL_Cipher::setIVec(unsigned char *ivec, uint64_t seed,
+ }
+
+ // combine ivec and seed with HMAC
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++#if OPENSSL_VERSION_NUMBER >= 0x30000030L
++ EVP_MAC_init(key->evp_mac_ctx, NULL, 0, NULL);
++#else
++ EVP_MAC_init(key->evp_mac_ctx, key->buffer, key->keySize, HMAC_PARAMS);
++#endif
++ EVP_MAC_update(key->evp_mac_ctx, ivec, _ivLength);
++ EVP_MAC_update(key->evp_mac_ctx, md, 8);
++ EVP_MAC_final(key->evp_mac_ctx, md, (size_t *)&mdLen, sizeof(md));
++#else
+ HMAC_Init_ex(key->mac_ctx, nullptr, 0, nullptr, nullptr);
+ HMAC_Update(key->mac_ctx, ivec, _ivLength);
+ HMAC_Update(key->mac_ctx, md, 8);
+ HMAC_Final(key->mac_ctx, md, &mdLen);
++#endif
+ rAssert(mdLen >= _ivLength);
+
+ memcpy(ivec, md, _ivLength);
+diff --git a/encfs/openssl.cpp b/encfs/openssl.cpp
+index 3b0f1b3b..8411b75d 100644
+--- a/encfs/openssl.cpp
++++ b/encfs/openssl.cpp
+@@ -27,7 +27,7 @@
+ #define NO_DES
+ #include <openssl/rand.h>
+ #include <openssl/ssl.h>
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ #include <openssl/engine.h>
+ #endif
+
+@@ -77,7 +77,7 @@ void openssl_init(bool threaded) {
+ RAND_bytes((unsigned char *)&randSeed, sizeof(randSeed));
+ srand(randSeed);
+
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ /* Load all bundled ENGINEs into memory and make them visible */
+ ENGINE_load_builtin_engines();
+ /* Register all of them for every algorithm they collectively implement */
+@@ -93,7 +93,7 @@ void openssl_init(bool threaded) {
+ }
+
+ void openssl_shutdown(bool threaded) {
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ ENGINE_cleanup();
+ #endif
+
+diff --git a/encfs/test.cpp b/encfs/test.cpp
+index 8da058e6..f138be87 100644
+--- a/encfs/test.cpp
++++ b/encfs/test.cpp
+@@ -42,7 +42,7 @@
+
+ #define NO_DES
+ #include <openssl/ssl.h>
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ #include <openssl/engine.h>
+ #endif
+
+@@ -402,7 +402,7 @@ int main(int argc, char *argv[]) {
+ SSL_load_error_strings();
+ SSL_library_init();
+
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_ciphers();
+ ENGINE_register_all_digests();
diff --git a/srcpkgs/encfs/template b/srcpkgs/encfs/template
index cbeafbb0f0ac4..c6d62aa878eed 100644
--- a/srcpkgs/encfs/template
+++ b/srcpkgs/encfs/template
@@ -1,8 +1,9 @@
# Template file for 'encfs'
pkgname=encfs
version=1.9.5
-revision=6
+revision=7
build_style=cmake
+make_build_target="all unittests"
hostmakedepends="gettext pkg-config perl"
makedepends="fuse-devel openssl-devel gettext-devel"
depends="perl" # for encfssh
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PR PATCH] [Updated] encfs: fix crash with blowfish
2023-09-06 13:28 [PR PATCH] encfs: fix crash with blowfish sgn
2023-09-07 0:42 ` [PR PATCH] [Updated] " sgn
@ 2023-09-07 2:12 ` sgn
2023-09-07 2:16 ` sgn
2023-09-07 6:21 ` [PR PATCH] [Merged]: " sgn
3 siblings, 0 replies; 5+ messages in thread
From: sgn @ 2023-09-07 2:12 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1259 bytes --]
There is an updated pull request by sgn against master on the void-packages repository
https://github.com/sgn/void-packages encfs-blowfish
https://github.com/void-linux/void-packages/pull/45943
encfs: fix crash with blowfish
Fix #45916
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **NO**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/45943.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-encfs-blowfish-45943.patch --]
[-- Type: text/x-diff, Size: 9700 bytes --]
From 46bcc17b2f0f90c4d107fa12a04616e6c6854939 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
<congdanhqx@gmail.com>
Date: Wed, 6 Sep 2023 20:27:34 +0700
Subject: [PATCH] encfs: fix crash with blowfish
Fix #45916
---
srcpkgs/encfs/patches/openssl-3.patch | 244 ++++++++++++++++++++++++++
srcpkgs/encfs/template | 10 +-
2 files changed, 248 insertions(+), 6 deletions(-)
create mode 100644 srcpkgs/encfs/patches/openssl-3.patch
diff --git a/srcpkgs/encfs/patches/openssl-3.patch b/srcpkgs/encfs/patches/openssl-3.patch
new file mode 100644
index 0000000000000..7433a275c627b
--- /dev/null
+++ b/srcpkgs/encfs/patches/openssl-3.patch
@@ -0,0 +1,244 @@
+From 56fb686e9991e2448231d21c97c9bb37555bbc7d Mon Sep 17 00:00:00 2001
+From: Philip Molter <philip@hrunting.org>
+Date: Thu, 10 Nov 2022 15:28:44 -0600
+Subject: [PATCH] Support OpenSSL 3.0
+
+---
+encfs v5 use blowfish, which needs legacy_provider
+ encfs/SSL_Cipher.cpp | 83 ++++++++++++++++++++++++++++++++++++++++++++
+ encfs/openssl.cpp | 6 ++--
+ encfs/test.cpp | 4 +--
+ 3 files changed, 88 insertions(+), 5 deletions(-)
+
+diff --git a/encfs/SSL_Cipher.cpp b/encfs/SSL_Cipher.cpp
+index 20dee8bd..5f772b7c 100644
+--- a/encfs/SSL_Cipher.cpp
++++ b/encfs/SSL_Cipher.cpp
+@@ -31,6 +31,11 @@
+ #include <sys/mman.h>
+ #include <sys/time.h>
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++#include <openssl/core_names.h>
++#include <openssl/provider.h>
++#endif
++
+ #include "Cipher.h"
+ #include "Error.h"
+ #include "Interface.h"
+@@ -48,6 +53,13 @@ const int MAX_KEYLENGTH = 32; // in bytes (256 bit)
+ const int MAX_IVLENGTH = 16; // 128 bit (AES block size, Blowfish has 64)
+ const int KEY_CHECKSUM_BYTES = 4;
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++const OSSL_PARAM HMAC_PARAMS[2] = {
++ OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, OSSL_DIGEST_NAME_SHA1, 0),
++ OSSL_PARAM_construct_end()
++};
++#endif
++
+ /**
+ This produces the same result as OpenSSL's EVP_BytesToKey. The difference
+ is that here we can explicitly specify the key size, instead of relying on
+@@ -159,6 +171,11 @@ static Interface BlowfishInterface("ssl/blowfish", 3, 0, 2);
+ static Interface AESInterface("ssl/aes", 3, 0, 2);
+ static Interface CAMELLIAInterface("ssl/camellia", 3, 0, 2);
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++static OSSL_PROVIDER *default_provider = NULL;
++static OSSL_PROVIDER *legacy_provider = NULL;
++#endif
++
+ #ifndef OPENSSL_NO_CAMELLIA
+
+ static Range CAMELLIAKeyRange(128, 256, 64);
+@@ -207,6 +224,23 @@ static Range BFKeyRange(128, 256, 32);
+ static Range BFBlockRange(64, 4096, 8);
+
+ static std::shared_ptr<Cipher> NewBFCipher(const Interface &iface, int keyLen) {
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ /**
++ With OpenSSL 3.0, Blowfish is considered a legacy cipher.
++ The legacy provider is not normally loaded, and loading it
++ also disables the default fallback provider, so we load
++ them both here.
++
++ We should also unload these providers when we finish
++ with them, but for encfs, that happens when the library
++ exits anyway.
++ */
++ if (legacy_provider == NULL) {
++ default_provider = OSSL_PROVIDER_load(NULL, "default");
++ legacy_provider = OSSL_PROVIDER_load(NULL, "legacy");
++ }
++#endif
++
+ if (keyLen <= 0) {
+ keyLen = 160;
+ }
+@@ -286,7 +320,12 @@ class SSLKey : public AbstractCipherKey {
+ EVP_CIPHER_CTX *stream_enc;
+ EVP_CIPHER_CTX *stream_dec;
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC *evp_mac;
++ EVP_MAC_CTX *evp_mac_ctx;
++#else
+ HMAC_CTX *mac_ctx;
++#endif
+
+ SSLKey(int keySize, int ivLength);
+
+@@ -318,8 +357,14 @@ SSLKey::SSLKey(int keySize_, int ivLength_) {
+ EVP_CIPHER_CTX_init(stream_enc);
+ stream_dec = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_init(stream_dec);
++
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ evp_mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_HMAC, NULL);
++ evp_mac_ctx = EVP_MAC_CTX_new(evp_mac);
++#else
+ mac_ctx = HMAC_CTX_new();
+ HMAC_CTX_reset(mac_ctx);
++#endif
+ }
+
+ SSLKey::~SSLKey() {
+@@ -336,7 +381,13 @@ SSLKey::~SSLKey() {
+ EVP_CIPHER_CTX_free(block_dec);
+ EVP_CIPHER_CTX_free(stream_enc);
+ EVP_CIPHER_CTX_free(stream_dec);
++
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_CTX_free(evp_mac_ctx);
++ EVP_MAC_free(evp_mac);
++#else
+ HMAC_CTX_free(mac_ctx);
++#endif
+
+ pthread_mutex_destroy(&mutex);
+ }
+@@ -373,7 +424,11 @@ void initKey(const std::shared_ptr<SSLKey> &key, const EVP_CIPHER *_blockCipher,
+ EVP_EncryptInit_ex(key->stream_enc, nullptr, nullptr, KeyData(key), nullptr);
+ EVP_DecryptInit_ex(key->stream_dec, nullptr, nullptr, KeyData(key), nullptr);
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_init(key->evp_mac_ctx, KeyData(key), _keySize, HMAC_PARAMS);
++#else
+ HMAC_Init_ex(key->mac_ctx, KeyData(key), _keySize, EVP_sha1(), nullptr);
++#endif
+ }
+
+ SSL_Cipher::SSL_Cipher(const Interface &iface_, const Interface &realIface_,
+@@ -515,8 +570,17 @@ static uint64_t _checksum_64(SSLKey *key, const unsigned char *data,
+ unsigned char md[EVP_MAX_MD_SIZE];
+ unsigned int mdLen = EVP_MAX_MD_SIZE;
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++#if OPENSSL_VERSION_NUMBER >= 0x30000030L
++ EVP_MAC_init(key->evp_mac_ctx, NULL, 0, NULL);
++#else
++ EVP_MAC_init(key->evp_mac_ctx, key->buffer, key->keySize, HMAC_PARAMS);
++#endif
++ EVP_MAC_update(key->evp_mac_ctx, data, dataLen);
++#else
+ HMAC_Init_ex(key->mac_ctx, nullptr, 0, nullptr, nullptr);
+ HMAC_Update(key->mac_ctx, data, dataLen);
++#endif
+ if (chainedIV != nullptr) {
+ // toss in the chained IV as well
+ uint64_t tmp = *chainedIV;
+@@ -526,10 +590,18 @@ static uint64_t _checksum_64(SSLKey *key, const unsigned char *data,
+ tmp >>= 8;
+ }
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_update(key->evp_mac_ctx, h, 8);
++#else
+ HMAC_Update(key->mac_ctx, h, 8);
++#endif
+ }
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_final(key->evp_mac_ctx, md, (size_t *)&mdLen, sizeof(md));
++#else
+ HMAC_Final(key->mac_ctx, md, &mdLen);
++#endif
+
+ rAssert(mdLen >= 8);
+
+@@ -698,10 +770,21 @@ void SSL_Cipher::setIVec(unsigned char *ivec, uint64_t seed,
+ }
+
+ // combine ivec and seed with HMAC
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++#if OPENSSL_VERSION_NUMBER >= 0x30000030L
++ EVP_MAC_init(key->evp_mac_ctx, NULL, 0, NULL);
++#else
++ EVP_MAC_init(key->evp_mac_ctx, key->buffer, key->keySize, HMAC_PARAMS);
++#endif
++ EVP_MAC_update(key->evp_mac_ctx, ivec, _ivLength);
++ EVP_MAC_update(key->evp_mac_ctx, md, 8);
++ EVP_MAC_final(key->evp_mac_ctx, md, (size_t *)&mdLen, sizeof(md));
++#else
+ HMAC_Init_ex(key->mac_ctx, nullptr, 0, nullptr, nullptr);
+ HMAC_Update(key->mac_ctx, ivec, _ivLength);
+ HMAC_Update(key->mac_ctx, md, 8);
+ HMAC_Final(key->mac_ctx, md, &mdLen);
++#endif
+ rAssert(mdLen >= _ivLength);
+
+ memcpy(ivec, md, _ivLength);
+diff --git a/encfs/openssl.cpp b/encfs/openssl.cpp
+index 3b0f1b3b..8411b75d 100644
+--- a/encfs/openssl.cpp
++++ b/encfs/openssl.cpp
+@@ -27,7 +27,7 @@
+ #define NO_DES
+ #include <openssl/rand.h>
+ #include <openssl/ssl.h>
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ #include <openssl/engine.h>
+ #endif
+
+@@ -77,7 +77,7 @@ void openssl_init(bool threaded) {
+ RAND_bytes((unsigned char *)&randSeed, sizeof(randSeed));
+ srand(randSeed);
+
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ /* Load all bundled ENGINEs into memory and make them visible */
+ ENGINE_load_builtin_engines();
+ /* Register all of them for every algorithm they collectively implement */
+@@ -93,7 +93,7 @@ void openssl_init(bool threaded) {
+ }
+
+ void openssl_shutdown(bool threaded) {
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ ENGINE_cleanup();
+ #endif
+
+diff --git a/encfs/test.cpp b/encfs/test.cpp
+index 8da058e6..f138be87 100644
+--- a/encfs/test.cpp
++++ b/encfs/test.cpp
+@@ -42,7 +42,7 @@
+
+ #define NO_DES
+ #include <openssl/ssl.h>
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ #include <openssl/engine.h>
+ #endif
+
+@@ -402,7 +402,7 @@ int main(int argc, char *argv[]) {
+ SSL_load_error_strings();
+ SSL_library_init();
+
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_ciphers();
+ ENGINE_register_all_digests();
diff --git a/srcpkgs/encfs/template b/srcpkgs/encfs/template
index cbeafbb0f0ac4..02d327a8047eb 100644
--- a/srcpkgs/encfs/template
+++ b/srcpkgs/encfs/template
@@ -1,8 +1,9 @@
# Template file for 'encfs'
pkgname=encfs
version=1.9.5
-revision=6
+revision=7
build_style=cmake
+make_build_target="all"
hostmakedepends="gettext pkg-config perl"
makedepends="fuse-devel openssl-devel gettext-devel"
depends="perl" # for encfssh
@@ -13,13 +14,10 @@ homepage="http://www.arg0.net/encfs"
distfiles="https://github.com/vgough/encfs/releases/download/v${version}/${pkgname}-${version}.tar.gz"
checksum=4709f05395ccbad6c0a5b40a4619d60aafe3473b1a79bafb3aa700b1f756fd63
-# Can't run test programs when cross compiling
if [ "$CROSS_BUILD" ]; then
configure_args="-DBUILD_UNIT_TESTS=0"
-fi
-
-if [ "$XBPS_TARGET_NO_ATOMIC8" ]; then
- LDFLAGS+=" -latomic"
+else
+ make_build_target+=" unittests"
fi
post_install() {
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PR PATCH] [Updated] encfs: fix crash with blowfish
2023-09-06 13:28 [PR PATCH] encfs: fix crash with blowfish sgn
2023-09-07 0:42 ` [PR PATCH] [Updated] " sgn
2023-09-07 2:12 ` sgn
@ 2023-09-07 2:16 ` sgn
2023-09-07 6:21 ` [PR PATCH] [Merged]: " sgn
3 siblings, 0 replies; 5+ messages in thread
From: sgn @ 2023-09-07 2:16 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1259 bytes --]
There is an updated pull request by sgn against master on the void-packages repository
https://github.com/sgn/void-packages encfs-blowfish
https://github.com/void-linux/void-packages/pull/45943
encfs: fix crash with blowfish
Fix #45916
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **NO**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/45943.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-encfs-blowfish-45943.patch --]
[-- Type: text/x-diff, Size: 9953 bytes --]
From aa87abc6a4be6074a5937631cbbaab1154ef21a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
<congdanhqx@gmail.com>
Date: Wed, 6 Sep 2023 20:27:34 +0700
Subject: [PATCH] encfs: fix crash with blowfish
Fix #45916
---
srcpkgs/encfs/patches/openssl-3.patch | 244 ++++++++++++++++++++++++++
srcpkgs/encfs/template | 15 +-
2 files changed, 251 insertions(+), 8 deletions(-)
create mode 100644 srcpkgs/encfs/patches/openssl-3.patch
diff --git a/srcpkgs/encfs/patches/openssl-3.patch b/srcpkgs/encfs/patches/openssl-3.patch
new file mode 100644
index 0000000000000..7433a275c627b
--- /dev/null
+++ b/srcpkgs/encfs/patches/openssl-3.patch
@@ -0,0 +1,244 @@
+From 56fb686e9991e2448231d21c97c9bb37555bbc7d Mon Sep 17 00:00:00 2001
+From: Philip Molter <philip@hrunting.org>
+Date: Thu, 10 Nov 2022 15:28:44 -0600
+Subject: [PATCH] Support OpenSSL 3.0
+
+---
+encfs v5 use blowfish, which needs legacy_provider
+ encfs/SSL_Cipher.cpp | 83 ++++++++++++++++++++++++++++++++++++++++++++
+ encfs/openssl.cpp | 6 ++--
+ encfs/test.cpp | 4 +--
+ 3 files changed, 88 insertions(+), 5 deletions(-)
+
+diff --git a/encfs/SSL_Cipher.cpp b/encfs/SSL_Cipher.cpp
+index 20dee8bd..5f772b7c 100644
+--- a/encfs/SSL_Cipher.cpp
++++ b/encfs/SSL_Cipher.cpp
+@@ -31,6 +31,11 @@
+ #include <sys/mman.h>
+ #include <sys/time.h>
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++#include <openssl/core_names.h>
++#include <openssl/provider.h>
++#endif
++
+ #include "Cipher.h"
+ #include "Error.h"
+ #include "Interface.h"
+@@ -48,6 +53,13 @@ const int MAX_KEYLENGTH = 32; // in bytes (256 bit)
+ const int MAX_IVLENGTH = 16; // 128 bit (AES block size, Blowfish has 64)
+ const int KEY_CHECKSUM_BYTES = 4;
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++const OSSL_PARAM HMAC_PARAMS[2] = {
++ OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, OSSL_DIGEST_NAME_SHA1, 0),
++ OSSL_PARAM_construct_end()
++};
++#endif
++
+ /**
+ This produces the same result as OpenSSL's EVP_BytesToKey. The difference
+ is that here we can explicitly specify the key size, instead of relying on
+@@ -159,6 +171,11 @@ static Interface BlowfishInterface("ssl/blowfish", 3, 0, 2);
+ static Interface AESInterface("ssl/aes", 3, 0, 2);
+ static Interface CAMELLIAInterface("ssl/camellia", 3, 0, 2);
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++static OSSL_PROVIDER *default_provider = NULL;
++static OSSL_PROVIDER *legacy_provider = NULL;
++#endif
++
+ #ifndef OPENSSL_NO_CAMELLIA
+
+ static Range CAMELLIAKeyRange(128, 256, 64);
+@@ -207,6 +224,23 @@ static Range BFKeyRange(128, 256, 32);
+ static Range BFBlockRange(64, 4096, 8);
+
+ static std::shared_ptr<Cipher> NewBFCipher(const Interface &iface, int keyLen) {
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ /**
++ With OpenSSL 3.0, Blowfish is considered a legacy cipher.
++ The legacy provider is not normally loaded, and loading it
++ also disables the default fallback provider, so we load
++ them both here.
++
++ We should also unload these providers when we finish
++ with them, but for encfs, that happens when the library
++ exits anyway.
++ */
++ if (legacy_provider == NULL) {
++ default_provider = OSSL_PROVIDER_load(NULL, "default");
++ legacy_provider = OSSL_PROVIDER_load(NULL, "legacy");
++ }
++#endif
++
+ if (keyLen <= 0) {
+ keyLen = 160;
+ }
+@@ -286,7 +320,12 @@ class SSLKey : public AbstractCipherKey {
+ EVP_CIPHER_CTX *stream_enc;
+ EVP_CIPHER_CTX *stream_dec;
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC *evp_mac;
++ EVP_MAC_CTX *evp_mac_ctx;
++#else
+ HMAC_CTX *mac_ctx;
++#endif
+
+ SSLKey(int keySize, int ivLength);
+
+@@ -318,8 +357,14 @@ SSLKey::SSLKey(int keySize_, int ivLength_) {
+ EVP_CIPHER_CTX_init(stream_enc);
+ stream_dec = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_init(stream_dec);
++
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ evp_mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_HMAC, NULL);
++ evp_mac_ctx = EVP_MAC_CTX_new(evp_mac);
++#else
+ mac_ctx = HMAC_CTX_new();
+ HMAC_CTX_reset(mac_ctx);
++#endif
+ }
+
+ SSLKey::~SSLKey() {
+@@ -336,7 +381,13 @@ SSLKey::~SSLKey() {
+ EVP_CIPHER_CTX_free(block_dec);
+ EVP_CIPHER_CTX_free(stream_enc);
+ EVP_CIPHER_CTX_free(stream_dec);
++
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_CTX_free(evp_mac_ctx);
++ EVP_MAC_free(evp_mac);
++#else
+ HMAC_CTX_free(mac_ctx);
++#endif
+
+ pthread_mutex_destroy(&mutex);
+ }
+@@ -373,7 +424,11 @@ void initKey(const std::shared_ptr<SSLKey> &key, const EVP_CIPHER *_blockCipher,
+ EVP_EncryptInit_ex(key->stream_enc, nullptr, nullptr, KeyData(key), nullptr);
+ EVP_DecryptInit_ex(key->stream_dec, nullptr, nullptr, KeyData(key), nullptr);
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_init(key->evp_mac_ctx, KeyData(key), _keySize, HMAC_PARAMS);
++#else
+ HMAC_Init_ex(key->mac_ctx, KeyData(key), _keySize, EVP_sha1(), nullptr);
++#endif
+ }
+
+ SSL_Cipher::SSL_Cipher(const Interface &iface_, const Interface &realIface_,
+@@ -515,8 +570,17 @@ static uint64_t _checksum_64(SSLKey *key, const unsigned char *data,
+ unsigned char md[EVP_MAX_MD_SIZE];
+ unsigned int mdLen = EVP_MAX_MD_SIZE;
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++#if OPENSSL_VERSION_NUMBER >= 0x30000030L
++ EVP_MAC_init(key->evp_mac_ctx, NULL, 0, NULL);
++#else
++ EVP_MAC_init(key->evp_mac_ctx, key->buffer, key->keySize, HMAC_PARAMS);
++#endif
++ EVP_MAC_update(key->evp_mac_ctx, data, dataLen);
++#else
+ HMAC_Init_ex(key->mac_ctx, nullptr, 0, nullptr, nullptr);
+ HMAC_Update(key->mac_ctx, data, dataLen);
++#endif
+ if (chainedIV != nullptr) {
+ // toss in the chained IV as well
+ uint64_t tmp = *chainedIV;
+@@ -526,10 +590,18 @@ static uint64_t _checksum_64(SSLKey *key, const unsigned char *data,
+ tmp >>= 8;
+ }
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_update(key->evp_mac_ctx, h, 8);
++#else
+ HMAC_Update(key->mac_ctx, h, 8);
++#endif
+ }
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ EVP_MAC_final(key->evp_mac_ctx, md, (size_t *)&mdLen, sizeof(md));
++#else
+ HMAC_Final(key->mac_ctx, md, &mdLen);
++#endif
+
+ rAssert(mdLen >= 8);
+
+@@ -698,10 +770,21 @@ void SSL_Cipher::setIVec(unsigned char *ivec, uint64_t seed,
+ }
+
+ // combine ivec and seed with HMAC
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++#if OPENSSL_VERSION_NUMBER >= 0x30000030L
++ EVP_MAC_init(key->evp_mac_ctx, NULL, 0, NULL);
++#else
++ EVP_MAC_init(key->evp_mac_ctx, key->buffer, key->keySize, HMAC_PARAMS);
++#endif
++ EVP_MAC_update(key->evp_mac_ctx, ivec, _ivLength);
++ EVP_MAC_update(key->evp_mac_ctx, md, 8);
++ EVP_MAC_final(key->evp_mac_ctx, md, (size_t *)&mdLen, sizeof(md));
++#else
+ HMAC_Init_ex(key->mac_ctx, nullptr, 0, nullptr, nullptr);
+ HMAC_Update(key->mac_ctx, ivec, _ivLength);
+ HMAC_Update(key->mac_ctx, md, 8);
+ HMAC_Final(key->mac_ctx, md, &mdLen);
++#endif
+ rAssert(mdLen >= _ivLength);
+
+ memcpy(ivec, md, _ivLength);
+diff --git a/encfs/openssl.cpp b/encfs/openssl.cpp
+index 3b0f1b3b..8411b75d 100644
+--- a/encfs/openssl.cpp
++++ b/encfs/openssl.cpp
+@@ -27,7 +27,7 @@
+ #define NO_DES
+ #include <openssl/rand.h>
+ #include <openssl/ssl.h>
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ #include <openssl/engine.h>
+ #endif
+
+@@ -77,7 +77,7 @@ void openssl_init(bool threaded) {
+ RAND_bytes((unsigned char *)&randSeed, sizeof(randSeed));
+ srand(randSeed);
+
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ /* Load all bundled ENGINEs into memory and make them visible */
+ ENGINE_load_builtin_engines();
+ /* Register all of them for every algorithm they collectively implement */
+@@ -93,7 +93,7 @@ void openssl_init(bool threaded) {
+ }
+
+ void openssl_shutdown(bool threaded) {
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ ENGINE_cleanup();
+ #endif
+
+diff --git a/encfs/test.cpp b/encfs/test.cpp
+index 8da058e6..f138be87 100644
+--- a/encfs/test.cpp
++++ b/encfs/test.cpp
+@@ -42,7 +42,7 @@
+
+ #define NO_DES
+ #include <openssl/ssl.h>
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ #include <openssl/engine.h>
+ #endif
+
+@@ -402,7 +402,7 @@ int main(int argc, char *argv[]) {
+ SSL_load_error_strings();
+ SSL_library_init();
+
+-#ifndef OPENSSL_NO_ENGINE
++#if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_ENGINE)
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_ciphers();
+ ENGINE_register_all_digests();
diff --git a/srcpkgs/encfs/template b/srcpkgs/encfs/template
index cbeafbb0f0ac4..63de673cf6601 100644
--- a/srcpkgs/encfs/template
+++ b/srcpkgs/encfs/template
@@ -1,10 +1,12 @@
# Template file for 'encfs'
pkgname=encfs
version=1.9.5
-revision=6
+revision=7
build_style=cmake
+configure_args="-DUSE_INTERNAL_TINYXML=OFF"
+make_build_target="all"
hostmakedepends="gettext pkg-config perl"
-makedepends="fuse-devel openssl-devel gettext-devel"
+makedepends="fuse-devel openssl-devel gettext-devel tinyxml2-devel"
depends="perl" # for encfssh
short_desc="Encrypted filesystem in user-space"
maintainer="Orphaned <orphan@voidlinux.org>"
@@ -13,13 +15,10 @@ homepage="http://www.arg0.net/encfs"
distfiles="https://github.com/vgough/encfs/releases/download/v${version}/${pkgname}-${version}.tar.gz"
checksum=4709f05395ccbad6c0a5b40a4619d60aafe3473b1a79bafb3aa700b1f756fd63
-# Can't run test programs when cross compiling
if [ "$CROSS_BUILD" ]; then
- configure_args="-DBUILD_UNIT_TESTS=0"
-fi
-
-if [ "$XBPS_TARGET_NO_ATOMIC8" ]; then
- LDFLAGS+=" -latomic"
+ configure_args+=" -DBUILD_UNIT_TESTS=0"
+else
+ make_build_target+=" unittests"
fi
post_install() {
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PR PATCH] [Merged]: encfs: fix crash with blowfish
2023-09-06 13:28 [PR PATCH] encfs: fix crash with blowfish sgn
` (2 preceding siblings ...)
2023-09-07 2:16 ` sgn
@ 2023-09-07 6:21 ` sgn
3 siblings, 0 replies; 5+ messages in thread
From: sgn @ 2023-09-07 6:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1104 bytes --]
There's a merged pull request on the void-packages repository
encfs: fix crash with blowfish
https://github.com/void-linux/void-packages/pull/45943
Description:
Fix #45916
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **NO**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-09-07 6:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-06 13:28 [PR PATCH] encfs: fix crash with blowfish sgn
2023-09-07 0:42 ` [PR PATCH] [Updated] " sgn
2023-09-07 2:12 ` sgn
2023-09-07 2:16 ` sgn
2023-09-07 6:21 ` [PR PATCH] [Merged]: " sgn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).