844748 – net-p2p/transmission-3.00-r1: assertion failed: handle != NULL w/ openssl-3.0.3

Bug 844748 - net-p2p/transmission-3.00-r1: assertion failed: handle != NULL w/ openssl-3.0.3

Summary: net-p2p/transmission-3.00-r1: assertion failed: handle != NULL w/ openssl-3.0.3

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Mike Gilbert

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	openssl-3.0
	Show dependency tree

Reported:	2022-05-15 06:38 UTC by Michał Górny
Modified:	2022-05-15 15:11 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
0001-Switch-to-a-standalone-ARC4-implementation-1788.patch (rebased on 3.00) (0001-Switch-to-a-standalone-ARC4-implementation-1788.patch,24.15 KB, patch) 2022-05-15 07:40 UTC, Michał Górny	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michał Górny archtester

2022-05-15 06:38:20 UTC

At most a few seconds after starting transmission-3.00 built against openssl-3.0.3 (I guess when it starts hashing something):

assertion failed: handle != NULL (/tmp/portage/net-p2p/transmission-3.00-r1/work/transmission-3.00/libtransmission/crypto-utils-openssl.c:210)
Aborted (core dumped)

FWICS it's fixed in git, I'm bisecting to find the right commit right now.

Comment 1 Michał Górny archtester

2022-05-15 07:34:16 UTC

Found it.  Unfortunately, it's not a small patch:

commit a459e5e11b2d2524b649f7487368de30c8d2af21
Author: Mike Gelfand <mikedld@users.noreply.github.com>
Date:   Sun Sep 12 06:47:29 2021 +0300

    Switch to a standalone ARC4 implementation (#1788)
    
    * Switch to a standalone ARC4 implementation
    
    This frees us from expecting it being provided by one of the crypto
    libraries we support, all of which deprecated and/or removed it at this
    point.
    
    Fixes: #1103
    Fixes: #1777
    
    * Suppress lgtm warnings about RC4 being weak (we don't care)

Comment 2 Michał Górny archtester

2022-05-15 07:40:59 UTC

Created attachment 778997 [details, diff]
0001-Switch-to-a-standalone-ARC4-implementation-1788.patch (rebased on 3.00)

Here's a rebased patch.  Apparently we also need the bundled ARC4 library.  I can try to minimalize it (i.e. by replacing the big removals with #if 0) but I'm not sure if it wouldn't be better to just grab a snapshot at this point.

Comment 3 Sam James archtester

2022-05-15 07:51:54 UTC

Not my decision but worth noting they're in the middle of a big c->c++ rewrite and don't seem to plan a release any time soon, so even if do take a snapshot, it won't be suitable for stabilisation :(

https://github.com/transmission/transmission/discussions/2287

Comment 4 Michał Górny archtester

2022-05-15 10:12:40 UTC

I meant a snapshot prior to the refactoring.

Comment 5 Mike Gilbert gentoo-dev

2022-05-15 13:54:00 UTC

Another possible solution would be to load the "legacy" provider via config or via a code patch.

https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers

Comment 6 Larry the Git Cow gentoo-dev

2022-05-15 15:11:13 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=49f3a2685d492f468e92e9d7fe1a72071163c726

commit 49f3a2685d492f468e92e9d7fe1a72071163c726
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2022-05-15 15:08:34 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2022-05-15 15:08:34 +0000

    net-p2p/transmission: load openssl "legacy" provider
    
    Required for RC4.
    
    Closes: https://bugs.gentoo.org/844748
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 .../files/transmission-3.00-openssl-3.patch        |  37 ++++++
 net-p2p/transmission/transmission-3.00-r2.ebuild   | 146 +++++++++++++++++++++
 2 files changed, 183 insertions(+)