1 |
commit: 10bdd9eb10ccaecab63972168b3802e6e2f00127 |
2 |
Author: Kenton Groombridge <concord <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Jul 3 02:43:00 2022 +0000 |
4 |
Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jul 3 02:49:19 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10bdd9eb |
7 |
|
8 |
net-voip/mumble: backport crypto thread patch for 1.4.230 |
9 |
|
10 |
The backported patch to migrate to the OpenSSL 3.0-compatible API |
11 |
introduces a sporadic crash. Backport the upstream patch at commit |
12 |
f8d47db318f302f5a7d343f15c9936c7030c49c4 to fix this issue. |
13 |
|
14 |
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> |
15 |
|
16 |
.../mumble/files/mumble-1.4-crypto-threads.patch | 131 +++++++++++++++++++++ |
17 |
...-1.4.230-r1.ebuild => mumble-1.4.230-r2.ebuild} | 1 + |
18 |
2 files changed, 132 insertions(+) |
19 |
|
20 |
diff --git a/net-voip/mumble/files/mumble-1.4-crypto-threads.patch b/net-voip/mumble/files/mumble-1.4-crypto-threads.patch |
21 |
new file mode 100644 |
22 |
index 000000000000..0ad371cd6c63 |
23 |
--- /dev/null |
24 |
+++ b/net-voip/mumble/files/mumble-1.4-crypto-threads.patch |
25 |
@@ -0,0 +1,131 @@ |
26 |
+commit f8d47db318f302f5a7d343f15c9936c7030c49c4 |
27 |
+Author: Terry Geng <terry@×××××××.com> |
28 |
+Date: Sun Dec 12 22:39:38 2021 -0500 |
29 |
+ |
30 |
+ FIX(crypto): Sharing EVP context between threads crushes Mumble |
31 |
+ |
32 |
+ Functions ocb_encrypt and ocb_decrypt share the same set |
33 |
+ of encrypt and decrypt contexts. However, they are invoked |
34 |
+ in different threads (audio input thread and server |
35 |
+ handler thread). |
36 |
+ This may lead to conflicts that would crash Mumble. |
37 |
+ This patch separates contexts used in these two functions |
38 |
+ to avoid such conflicts. |
39 |
+ |
40 |
+ Fixes #5361 |
41 |
+ |
42 |
+diff --git a/src/crypto/CryptStateOCB2.cpp b/src/crypto/CryptStateOCB2.cpp |
43 |
+index 640fdedac..3b3473ffe 100644 |
44 |
+--- a/src/crypto/CryptStateOCB2.cpp |
45 |
++++ b/src/crypto/CryptStateOCB2.cpp |
46 |
+@@ -30,7 +30,9 @@ |
47 |
+ #include <cstring> |
48 |
+ #include <openssl/rand.h> |
49 |
+ |
50 |
+-CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), dec_ctx(EVP_CIPHER_CTX_new()) { |
51 |
++CryptStateOCB2::CryptStateOCB2() |
52 |
++ : CryptState(), enc_ctx_ocb_enc(EVP_CIPHER_CTX_new()), dec_ctx_ocb_enc(EVP_CIPHER_CTX_new()), |
53 |
++ enc_ctx_ocb_dec(EVP_CIPHER_CTX_new()), dec_ctx_ocb_dec(EVP_CIPHER_CTX_new()) { |
54 |
+ for (int i = 0; i < 0x100; i++) |
55 |
+ decrypt_history[i] = 0; |
56 |
+ memset(raw_key, 0, AES_KEY_SIZE_BYTES); |
57 |
+@@ -39,8 +41,10 @@ CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), |
58 |
+ } |
59 |
+ |
60 |
+ CryptStateOCB2::~CryptStateOCB2() noexcept { |
61 |
+- EVP_CIPHER_CTX_free(enc_ctx); |
62 |
+- EVP_CIPHER_CTX_free(dec_ctx); |
63 |
++ EVP_CIPHER_CTX_free(enc_ctx_ocb_enc); |
64 |
++ EVP_CIPHER_CTX_free(dec_ctx_ocb_enc); |
65 |
++ EVP_CIPHER_CTX_free(enc_ctx_ocb_dec); |
66 |
++ EVP_CIPHER_CTX_free(dec_ctx_ocb_dec); |
67 |
+ } |
68 |
+ |
69 |
+ bool CryptStateOCB2::isValid() const { |
70 |
+@@ -257,25 +261,28 @@ static void inline ZERO(keyblock &block) { |
71 |
+ block[i] = 0; |
72 |
+ } |
73 |
+ |
74 |
+-#define AESencrypt(src, dst, key) \ |
75 |
+- { \ |
76 |
+- int outlen = 0; \ |
77 |
+- EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \ |
78 |
+- EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \ |
79 |
+- EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \ |
80 |
+- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \ |
81 |
+- EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \ |
82 |
++#define AESencrypt_ctx(src, dst, key, enc_ctx) \ |
83 |
++ { \ |
84 |
++ int outlen = 0; \ |
85 |
++ EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \ |
86 |
++ EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \ |
87 |
++ EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \ |
88 |
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \ |
89 |
++ EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \ |
90 |
+ } |
91 |
+-#define AESdecrypt(src, dst, key) \ |
92 |
+- { \ |
93 |
+- int outlen = 0; \ |
94 |
+- EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \ |
95 |
+- EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \ |
96 |
+- EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \ |
97 |
+- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \ |
98 |
+- EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \ |
99 |
++#define AESdecrypt_ctx(src, dst, key, dec_ctx) \ |
100 |
++ { \ |
101 |
++ int outlen = 0; \ |
102 |
++ EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \ |
103 |
++ EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \ |
104 |
++ EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \ |
105 |
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \ |
106 |
++ EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \ |
107 |
+ } |
108 |
+ |
109 |
++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_enc) |
110 |
++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_enc) |
111 |
++ |
112 |
+ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encrypted, unsigned int len, |
113 |
+ const unsigned char *nonce, unsigned char *tag, bool modifyPlainOnXEXStarAttack) { |
114 |
+ keyblock checksum, delta, tmp, pad; |
115 |
+@@ -345,6 +352,12 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr |
116 |
+ return success; |
117 |
+ } |
118 |
+ |
119 |
++#undef AESencrypt |
120 |
++#undef AESdecrypt |
121 |
++ |
122 |
++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_dec) |
123 |
++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_dec) |
124 |
++ |
125 |
+ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *plain, unsigned int len, |
126 |
+ const unsigned char *nonce, unsigned char *tag) { |
127 |
+ keyblock checksum, delta, tmp, pad; |
128 |
+@@ -392,9 +405,9 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char * |
129 |
+ return success; |
130 |
+ } |
131 |
+ |
132 |
++#undef AESencrypt |
133 |
++#undef AESdecrypt |
134 |
+ #undef BLOCKSIZE |
135 |
+ #undef SHIFTBITS |
136 |
+ #undef SWAPPED |
137 |
+ #undef HIGHBIT |
138 |
+-#undef AESencrypt |
139 |
+-#undef AESdecrypt |
140 |
+diff --git a/src/crypto/CryptStateOCB2.h b/src/crypto/CryptStateOCB2.h |
141 |
+index cc3f1c0bc..0fd3000ad 100644 |
142 |
+--- a/src/crypto/CryptStateOCB2.h |
143 |
++++ b/src/crypto/CryptStateOCB2.h |
144 |
+@@ -44,8 +44,10 @@ private: |
145 |
+ unsigned char decrypt_iv[AES_BLOCK_SIZE]; |
146 |
+ unsigned char decrypt_history[0x100]; |
147 |
+ |
148 |
+- EVP_CIPHER_CTX *enc_ctx; |
149 |
+- EVP_CIPHER_CTX *dec_ctx; |
150 |
++ EVP_CIPHER_CTX *enc_ctx_ocb_enc; |
151 |
++ EVP_CIPHER_CTX *dec_ctx_ocb_enc; |
152 |
++ EVP_CIPHER_CTX *enc_ctx_ocb_dec; |
153 |
++ EVP_CIPHER_CTX *dec_ctx_ocb_dec; |
154 |
+ }; |
155 |
+ |
156 |
+ |
157 |
|
158 |
diff --git a/net-voip/mumble/mumble-1.4.230-r1.ebuild b/net-voip/mumble/mumble-1.4.230-r2.ebuild |
159 |
similarity index 98% |
160 |
rename from net-voip/mumble/mumble-1.4.230-r1.ebuild |
161 |
rename to net-voip/mumble/mumble-1.4.230-r2.ebuild |
162 |
index 690186d97251..1eb64420e4ac 100644 |
163 |
--- a/net-voip/mumble/mumble-1.4.230-r1.ebuild |
164 |
+++ b/net-voip/mumble/mumble-1.4.230-r2.ebuild |
165 |
@@ -71,6 +71,7 @@ BDEPEND=" |
166 |
|
167 |
PATCHES=( |
168 |
"${WORKDIR}/${PN}-1.4-openssl3.patch" |
169 |
+ "${FILESDIR}/${PN}-1.4-crypto-threads.patch" |
170 |
"${FILESDIR}/${PN}-1.4.230-gcc12-include-memory.patch" |
171 |
"${FILESDIR}/${PN}-1.4.230-poco-link-cmake.patch" |
172 |
) |