commit: f1a4d26b145ab141e374a878321a89afb71feea0 Author: Kenton Groombridge <concord <AT> gentoo <DOT> org> AuthorDate: Wed Aug 31 14:21:22 2022 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Wed Aug 31 14:50:26 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f1a4d26b
net-voip/mumble: move crypto threads patch to dev space This patch is also shared with net-voip/murmur. Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> net-voip/mumble/Manifest | 1 + .../mumble/files/mumble-1.4-crypto-threads.patch | 131 --------------------- net-voip/mumble/mumble-1.4.274-r1.ebuild | 3 +- 3 files changed, 3 insertions(+), 132 deletions(-) diff --git a/net-voip/mumble/Manifest b/net-voip/mumble/Manifest index 6adcf87553bb..ba7d6f1036de 100644 --- a/net-voip/mumble/Manifest +++ b/net-voip/mumble/Manifest @@ -1,4 +1,5 @@ DIST mumble-1.3.4.tar.gz 8592741 BLAKE2B bcde3fd859ec4faea06f996cd4c583af7c0b8409cca79cb05ef8ba7fcdeac9e49ed1d07a4131225dd582da7610190d4006abc731fd4276b2288e02e8c18effb6 SHA512 e2dde5aad30d1a931e7acd8d7db0b8c785d3a268d0b8cf5626fa03953a51bcadb719c6682c440d02524e83beee13d73d8f5bb3fdf98ab1c82d3ecf824cc25f68 +DIST mumble-1.4-crypto-threads.patch.xz 1472 BLAKE2B 18f64d7b63a5ac253792e31fe272870a8e6a8bec542c163c6f63e9c80157329ce07e3d8753aa4c29429980903207c457c6488ff81d7dffcc48426a022a8d1767 SHA512 981db1f7d877fa9ab92875449486074c31ea269a48db49cafa9e37380dfb1140d7d4a225765d2f5333b27aa2d271427287ac5c7d32a525eded455d734aca7d8b DIST mumble-1.4-odr.patch.xz 1088 BLAKE2B 48a7b04ef31f7d0f4cc7e5632ba8f328e5a7fa6961cd971b66a761366351a9a99e3cecce911c90701688083e03f2b63e6838083a8ab669f86fe0fecf23a8596d SHA512 600807cbd893f585c621e7267ee16e2828428fff17aa7eb36b8595164356ef73be2765a41ff9cd7c549c11a63abbf593b0172e56e07571e1c0a3c86fd14e5f15 DIST mumble-1.4-openssl3.patch.xz 4172 BLAKE2B 5b68f023e218628a4d73b0991dcc7790ce5f92ce6a27c372c5e80b1f3a8beafa3ddd6416b884705b321aee31ea4f5e09dda6ceb240272dde64f420fbeb06845a SHA512 3a4e504f3365e93418cb85d0da4e6f2f54ab904283743907604bb39276560a4215d9bea1b225601789d1c3d84d270c04840ec57cd04e3df1204cc586ea42562a DIST mumble-1.4.274.tar.gz 9446657 BLAKE2B db1909eaab0bd1fca1f65023ff695c753af7721032305ad0c2da8246cfd91f0ed097fe0dc3b6e09c96a78f1b9df671847e1c48f3f24ac58b477148b91e24e660 SHA512 6a585b75db966c45783eab9097dc93d597ef1b718a3b7b9cf544f92c94d4305c2cac6c959931ade62d5d104a89cb41e7ca44347d49ec170687fc92d2e8b718a2 diff --git a/net-voip/mumble/files/mumble-1.4-crypto-threads.patch b/net-voip/mumble/files/mumble-1.4-crypto-threads.patch deleted file mode 100644 index 0ad371cd6c63..000000000000 --- a/net-voip/mumble/files/mumble-1.4-crypto-threads.patch +++ /dev/null @@ -1,131 +0,0 @@ -commit f8d47db318f302f5a7d343f15c9936c7030c49c4 -Author: Terry Geng <[email protected]> -Date: Sun Dec 12 22:39:38 2021 -0500 - - FIX(crypto): Sharing EVP context between threads crushes Mumble - - Functions ocb_encrypt and ocb_decrypt share the same set - of encrypt and decrypt contexts. However, they are invoked - in different threads (audio input thread and server - handler thread). - This may lead to conflicts that would crash Mumble. - This patch separates contexts used in these two functions - to avoid such conflicts. - - Fixes #5361 - -diff --git a/src/crypto/CryptStateOCB2.cpp b/src/crypto/CryptStateOCB2.cpp -index 640fdedac..3b3473ffe 100644 ---- a/src/crypto/CryptStateOCB2.cpp -+++ b/src/crypto/CryptStateOCB2.cpp -@@ -30,7 +30,9 @@ - #include <cstring> - #include <openssl/rand.h> - --CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), dec_ctx(EVP_CIPHER_CTX_new()) { -+CryptStateOCB2::CryptStateOCB2() -+ : CryptState(), enc_ctx_ocb_enc(EVP_CIPHER_CTX_new()), dec_ctx_ocb_enc(EVP_CIPHER_CTX_new()), -+ enc_ctx_ocb_dec(EVP_CIPHER_CTX_new()), dec_ctx_ocb_dec(EVP_CIPHER_CTX_new()) { - for (int i = 0; i < 0x100; i++) - decrypt_history[i] = 0; - memset(raw_key, 0, AES_KEY_SIZE_BYTES); -@@ -39,8 +41,10 @@ CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), - } - - CryptStateOCB2::~CryptStateOCB2() noexcept { -- EVP_CIPHER_CTX_free(enc_ctx); -- EVP_CIPHER_CTX_free(dec_ctx); -+ EVP_CIPHER_CTX_free(enc_ctx_ocb_enc); -+ EVP_CIPHER_CTX_free(dec_ctx_ocb_enc); -+ EVP_CIPHER_CTX_free(enc_ctx_ocb_dec); -+ EVP_CIPHER_CTX_free(dec_ctx_ocb_dec); - } - - bool CryptStateOCB2::isValid() const { -@@ -257,25 +261,28 @@ static void inline ZERO(keyblock &block) { - block[i] = 0; - } - --#define AESencrypt(src, dst, key) \ -- { \ -- int outlen = 0; \ -- EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \ -- EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \ -- EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \ -- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \ -- EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \ -+#define AESencrypt_ctx(src, dst, key, enc_ctx) \ -+ { \ -+ int outlen = 0; \ -+ EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \ -+ EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \ -+ EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \ -+ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \ -+ EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \ - } --#define AESdecrypt(src, dst, key) \ -- { \ -- int outlen = 0; \ -- EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \ -- EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \ -- EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \ -- reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \ -- EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \ -+#define AESdecrypt_ctx(src, dst, key, dec_ctx) \ -+ { \ -+ int outlen = 0; \ -+ EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \ -+ EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \ -+ EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \ -+ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \ -+ EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \ - } - -+#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_enc) -+#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_enc) -+ - bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encrypted, unsigned int len, - const unsigned char *nonce, unsigned char *tag, bool modifyPlainOnXEXStarAttack) { - keyblock checksum, delta, tmp, pad; -@@ -345,6 +352,12 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr - return success; - } - -+#undef AESencrypt -+#undef AESdecrypt -+ -+#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_dec) -+#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_dec) -+ - bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *plain, unsigned int len, - const unsigned char *nonce, unsigned char *tag) { - keyblock checksum, delta, tmp, pad; -@@ -392,9 +405,9 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char * - return success; - } - -+#undef AESencrypt -+#undef AESdecrypt - #undef BLOCKSIZE - #undef SHIFTBITS - #undef SWAPPED - #undef HIGHBIT --#undef AESencrypt --#undef AESdecrypt -diff --git a/src/crypto/CryptStateOCB2.h b/src/crypto/CryptStateOCB2.h -index cc3f1c0bc..0fd3000ad 100644 ---- a/src/crypto/CryptStateOCB2.h -+++ b/src/crypto/CryptStateOCB2.h -@@ -44,8 +44,10 @@ private: - unsigned char decrypt_iv[AES_BLOCK_SIZE]; - unsigned char decrypt_history[0x100]; - -- EVP_CIPHER_CTX *enc_ctx; -- EVP_CIPHER_CTX *dec_ctx; -+ EVP_CIPHER_CTX *enc_ctx_ocb_enc; -+ EVP_CIPHER_CTX *dec_ctx_ocb_enc; -+ EVP_CIPHER_CTX *enc_ctx_ocb_dec; -+ EVP_CIPHER_CTX *dec_ctx_ocb_dec; - }; - - diff --git a/net-voip/mumble/mumble-1.4.274-r1.ebuild b/net-voip/mumble/mumble-1.4.274-r1.ebuild index 7780adddc12b..b8308735543a 100644 --- a/net-voip/mumble/mumble-1.4.274-r1.ebuild +++ b/net-voip/mumble/mumble-1.4.274-r1.ebuild @@ -25,6 +25,7 @@ else fi SRC_URI+=" https://dev.gentoo.org/~concord/distfiles/${PN}-1.4-openssl3.patch.xz"; +SRC_URI+=" https://dev.gentoo.org/~concord/distfiles/${PN}-1.4-crypto-threads.patch.xz"; SRC_URI+=" https://dev.gentoo.org/~concord/distfiles/${PN}-1.4-odr.patch.xz"; LICENSE="BSD MIT" @@ -74,7 +75,7 @@ BDEPEND=" PATCHES=( "${WORKDIR}/${PN}-1.4-openssl3.patch" - "${FILESDIR}/${PN}-1.4-crypto-threads.patch" + "${WORKDIR}/${PN}-1.4-crypto-threads.patch" "${WORKDIR}/${PN}-1.4-odr.patch" )
