Hi Bernhard, Am Mo den 18. Jul 2022 um 10:50 schrieb Bernhard Übelacker: > And upstream seems to track this in following issue: > https://github.com/vgough/encfs/issues/651 > There is also another workaround by modifying the openssl > configuration if the package rebuild is not wanted.
I read that and tried the config setting in /etc/ssl/openssl.cnf. But it
didn't work for me. I get the same segfault.
I had to also add `providers = provider_sect` in openssl_init section.
to let it work.
> --- encfs-1.9.5.orig/encfs/SSL_Cipher.cpp
> +++ encfs-1.9.5/encfs/SSL_Cipher.cpp
> @@ -25,6 +25,7 @@
> #include <openssl/evp.h>
> #include <openssl/hmac.h>
> #include <openssl/ossl_typ.h>
> +#include <openssl/provider.h>
> #include <openssl/rand.h>
> #include <pthread.h>
> #include <string>
> @@ -355,6 +356,9 @@ inline unsigned char *IVData(const std::
> void initKey(const std::shared_ptr<SSLKey> &key, const EVP_CIPHER
> *_blockCipher,
> const EVP_CIPHER *_streamCipher, int _keySize) {
> Lock lock(key->mutex);
> +
> + OSSL_PROVIDER_load(NULL, "legacy");
> +
> // initialize the cipher context once so that we don't have to do it for
> // every block..
> EVP_EncryptInit_ex(key->block_enc, _blockCipher, nullptr, nullptr,
> nullptr);
If that fixes the bug, it would be great to be applied.
However, I concider that a bug in openssl as it would need random
changes in many other software, I believe.
Gruß
Klaus
--
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
signature.asc
Description: PGP signature
