Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Kenton Groombridge <concord@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-voip/mumble/files/, net-voip/mumble/
Date: Sun, 03 Jul 2022 02:49:40
Message-Id: 1656816559.10bdd9eb10ccaecab63972168b3802e6e2f00127.concord@gentoo
1 commit: 10bdd9eb10ccaecab63972168b3802e6e2f00127
2 Author: Kenton Groombridge <concord <AT> gentoo <DOT> org>
3 AuthorDate: Sun Jul 3 02:43:00 2022 +0000
4 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org>
5 CommitDate: Sun Jul 3 02:49:19 2022 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10bdd9eb
7
8 net-voip/mumble: backport crypto thread patch for 1.4.230
9
10 The backported patch to migrate to the OpenSSL 3.0-compatible API
11 introduces a sporadic crash. Backport the upstream patch at commit
12 f8d47db318f302f5a7d343f15c9936c7030c49c4 to fix this issue.
13
14 Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
15
16 .../mumble/files/mumble-1.4-crypto-threads.patch | 131 +++++++++++++++++++++
17 ...-1.4.230-r1.ebuild => mumble-1.4.230-r2.ebuild} | 1 +
18 2 files changed, 132 insertions(+)
19
20 diff --git a/net-voip/mumble/files/mumble-1.4-crypto-threads.patch b/net-voip/mumble/files/mumble-1.4-crypto-threads.patch
21 new file mode 100644
22 index 000000000000..0ad371cd6c63
23 --- /dev/null
24 +++ b/net-voip/mumble/files/mumble-1.4-crypto-threads.patch
25 @@ -0,0 +1,131 @@
26 +commit f8d47db318f302f5a7d343f15c9936c7030c49c4
27 +Author: Terry Geng <terry@×××××××.com>
28 +Date: Sun Dec 12 22:39:38 2021 -0500
29 +
30 + FIX(crypto): Sharing EVP context between threads crushes Mumble
31 +
32 + Functions ocb_encrypt and ocb_decrypt share the same set
33 + of encrypt and decrypt contexts. However, they are invoked
34 + in different threads (audio input thread and server
35 + handler thread).
36 + This may lead to conflicts that would crash Mumble.
37 + This patch separates contexts used in these two functions
38 + to avoid such conflicts.
39 +
40 + Fixes #5361
41 +
42 +diff --git a/src/crypto/CryptStateOCB2.cpp b/src/crypto/CryptStateOCB2.cpp
43 +index 640fdedac..3b3473ffe 100644
44 +--- a/src/crypto/CryptStateOCB2.cpp
45 ++++ b/src/crypto/CryptStateOCB2.cpp
46 +@@ -30,7 +30,9 @@
47 + #include <cstring>
48 + #include <openssl/rand.h>
49 +
50 +-CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), dec_ctx(EVP_CIPHER_CTX_new()) {
51 ++CryptStateOCB2::CryptStateOCB2()
52 ++ : CryptState(), enc_ctx_ocb_enc(EVP_CIPHER_CTX_new()), dec_ctx_ocb_enc(EVP_CIPHER_CTX_new()),
53 ++ enc_ctx_ocb_dec(EVP_CIPHER_CTX_new()), dec_ctx_ocb_dec(EVP_CIPHER_CTX_new()) {
54 + for (int i = 0; i < 0x100; i++)
55 + decrypt_history[i] = 0;
56 + memset(raw_key, 0, AES_KEY_SIZE_BYTES);
57 +@@ -39,8 +41,10 @@ CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()),
58 + }
59 +
60 + CryptStateOCB2::~CryptStateOCB2() noexcept {
61 +- EVP_CIPHER_CTX_free(enc_ctx);
62 +- EVP_CIPHER_CTX_free(dec_ctx);
63 ++ EVP_CIPHER_CTX_free(enc_ctx_ocb_enc);
64 ++ EVP_CIPHER_CTX_free(dec_ctx_ocb_enc);
65 ++ EVP_CIPHER_CTX_free(enc_ctx_ocb_dec);
66 ++ EVP_CIPHER_CTX_free(dec_ctx_ocb_dec);
67 + }
68 +
69 + bool CryptStateOCB2::isValid() const {
70 +@@ -257,25 +261,28 @@ static void inline ZERO(keyblock &block) {
71 + block[i] = 0;
72 + }
73 +
74 +-#define AESencrypt(src, dst, key) \
75 +- { \
76 +- int outlen = 0; \
77 +- EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
78 +- EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
79 +- EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
80 +- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
81 +- EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
82 ++#define AESencrypt_ctx(src, dst, key, enc_ctx) \
83 ++ { \
84 ++ int outlen = 0; \
85 ++ EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
86 ++ EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
87 ++ EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
88 ++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
89 ++ EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \
90 + }
91 +-#define AESdecrypt(src, dst, key) \
92 +- { \
93 +- int outlen = 0; \
94 +- EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
95 +- EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
96 +- EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
97 +- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
98 +- EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
99 ++#define AESdecrypt_ctx(src, dst, key, dec_ctx) \
100 ++ { \
101 ++ int outlen = 0; \
102 ++ EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
103 ++ EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
104 ++ EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
105 ++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
106 ++ EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \
107 + }
108 +
109 ++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_enc)
110 ++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_enc)
111 ++
112 + bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encrypted, unsigned int len,
113 + const unsigned char *nonce, unsigned char *tag, bool modifyPlainOnXEXStarAttack) {
114 + keyblock checksum, delta, tmp, pad;
115 +@@ -345,6 +352,12 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
116 + return success;
117 + }
118 +
119 ++#undef AESencrypt
120 ++#undef AESdecrypt
121 ++
122 ++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_dec)
123 ++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_dec)
124 ++
125 + bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *plain, unsigned int len,
126 + const unsigned char *nonce, unsigned char *tag) {
127 + keyblock checksum, delta, tmp, pad;
128 +@@ -392,9 +405,9 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
129 + return success;
130 + }
131 +
132 ++#undef AESencrypt
133 ++#undef AESdecrypt
134 + #undef BLOCKSIZE
135 + #undef SHIFTBITS
136 + #undef SWAPPED
137 + #undef HIGHBIT
138 +-#undef AESencrypt
139 +-#undef AESdecrypt
140 +diff --git a/src/crypto/CryptStateOCB2.h b/src/crypto/CryptStateOCB2.h
141 +index cc3f1c0bc..0fd3000ad 100644
142 +--- a/src/crypto/CryptStateOCB2.h
143 ++++ b/src/crypto/CryptStateOCB2.h
144 +@@ -44,8 +44,10 @@ private:
145 + unsigned char decrypt_iv[AES_BLOCK_SIZE];
146 + unsigned char decrypt_history[0x100];
147 +
148 +- EVP_CIPHER_CTX *enc_ctx;
149 +- EVP_CIPHER_CTX *dec_ctx;
150 ++ EVP_CIPHER_CTX *enc_ctx_ocb_enc;
151 ++ EVP_CIPHER_CTX *dec_ctx_ocb_enc;
152 ++ EVP_CIPHER_CTX *enc_ctx_ocb_dec;
153 ++ EVP_CIPHER_CTX *dec_ctx_ocb_dec;
154 + };
155 +
156 +
157
158 diff --git a/net-voip/mumble/mumble-1.4.230-r1.ebuild b/net-voip/mumble/mumble-1.4.230-r2.ebuild
159 similarity index 98%
160 rename from net-voip/mumble/mumble-1.4.230-r1.ebuild
161 rename to net-voip/mumble/mumble-1.4.230-r2.ebuild
162 index 690186d97251..1eb64420e4ac 100644
163 --- a/net-voip/mumble/mumble-1.4.230-r1.ebuild
164 +++ b/net-voip/mumble/mumble-1.4.230-r2.ebuild
165 @@ -71,6 +71,7 @@ BDEPEND="
166
167 PATCHES=(
168 "${WORKDIR}/${PN}-1.4-openssl3.patch"
169 + "${FILESDIR}/${PN}-1.4-crypto-threads.patch"
170 "${FILESDIR}/${PN}-1.4.230-gcc12-include-memory.patch"
171 "${FILESDIR}/${PN}-1.4.230-poco-link-cmake.patch"
172 )
Report Message
Find on MARC Find on Google Groups