Description: Compatibility with OpenSSL 3

 We rely on RC4 because of the torrent protocol we're implementing, but this

 is no longer available in the default provider.

Author: Steve Langasek <steve.langasek@ubuntu.com>

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1946215

Last-Update: 2021-12-13

Forwarded: no

Index: transmission-3.00/libtransmission/crypto-utils-openssl.c

===================================================================

--- libtransmission/crypto-utils-openssl.c

+++ libtransmission/crypto-utils-openssl.c

@@ -20,6 +20,9 @@

 #include <openssl/rand.h>

 #include <openssl/ssl.h>

 #include <openssl/x509.h>

+#if OPENSSL_VERSION_NUMBER >= 0x30000000L

+#include <openssl/provider.h>

+#endif

 #include "transmission.h"

 #include "crypto-utils.h"

@@ -182,46 +185,86 @@

 #endif

+typedef struct tr_rc4_ctx {

+    EVP_CIPHER_CTX *cipher_ctx;

+#if OPENSSL_VERSION_NUMBER >= 0x30000000L

+    OSSL_LIB_CTX *lib_ctx;

+#endif

+} tr_rc4_ctx;

+

 tr_rc4_ctx_t tr_rc4_new(void)

 {

-    EVP_CIPHER_CTX* handle = EVP_CIPHER_CTX_new();

+#if OPENSSL_VERSION_NUMBER >= 0x30000000L

+    OSSL_PROVIDER *legacy_provider = NULL;

+    OSSL_PROVIDER *default_provider = NULL;

+#endif

+    const EVP_CIPHER *cipher;

-    if (check_result(EVP_CipherInit_ex(handle, EVP_rc4(), NULL, NULL, NULL, -1)))

+    tr_rc4_ctx *handle = malloc(sizeof(tr_rc4_ctx));

+

+    handle->cipher_ctx = EVP_CIPHER_CTX_new();

+

+#if OPENSSL_VERSION_NUMBER >= 0x30000000L

+    handle->lib_ctx = OSSL_LIB_CTX_new();

+    TR_ASSERT(handle->lib_ctx);

+    legacy_provider = OSSL_PROVIDER_load(handle->lib_ctx, "legacy");

+    TR_ASSERT(legacy_provider);

+    default_provider = OSSL_PROVIDER_load(handle->lib_ctx, "default");

+    TR_ASSERT(default_provider);

+    

+    cipher = EVP_CIPHER_fetch(handle->lib_ctx, "RC4", NULL);

+#else

+    cipher = EVP_rc4();

+#endif

+

+    if (check_result(EVP_CipherInit_ex(handle->cipher_ctx, cipher, NULL, NULL,

+                                       NULL, -1)))

     {

         return handle;

     }

-    EVP_CIPHER_CTX_free(handle);

+    EVP_CIPHER_CTX_free(handle->cipher_ctx);

+#if OPENSSL_VERSION_NUMBER >= 0x30000000L

+    OSSL_LIB_CTX_free(handle->lib_ctx);

+#endif

     return NULL;

 }

-void tr_rc4_free(tr_rc4_ctx_t handle)

+void tr_rc4_free(tr_rc4_ctx_t h)

 {

-    if (handle == NULL)

+    if (h == NULL)

     {

         return;

     }

-    EVP_CIPHER_CTX_free(handle);

+    tr_rc4_ctx *handle = (tr_rc4_ctx *)h;

+

+    EVP_CIPHER_CTX_free(handle->cipher_ctx);

+#if OPENSSL_VERSION_NUMBER >= 0x30000000L

+    OSSL_LIB_CTX_free(handle->lib_ctx);

+#endif

+    free(handle);

 }

-void tr_rc4_set_key(tr_rc4_ctx_t handle, uint8_t const* key, size_t key_length)

+void tr_rc4_set_key(tr_rc4_ctx_t h, uint8_t const* key, size_t key_length)

 {

-    TR_ASSERT(handle != NULL);

+    TR_ASSERT(h != NULL);

     TR_ASSERT(key != NULL);

-    if (!check_result(EVP_CIPHER_CTX_set_key_length(handle, key_length)))

+    tr_rc4_ctx *handle = (tr_rc4_ctx *)h;

+    if (!check_result(EVP_CIPHER_CTX_set_key_length(handle->cipher_ctx, key_length)))

     {

         return;

     }

-    check_result(EVP_CipherInit_ex(handle, NULL, NULL, key, NULL, -1));

+    check_result(EVP_CipherInit_ex(handle->cipher_ctx, NULL, NULL, key, NULL, -1));

 }

-void tr_rc4_process(tr_rc4_ctx_t handle, void const* input, void* output, size_t length)

+void tr_rc4_process(tr_rc4_ctx_t h, void const* input, void* output, size_t length)

 {

-    TR_ASSERT(handle != NULL);

+    TR_ASSERT(h != NULL);

+    tr_rc4_ctx *handle = (tr_rc4_ctx *)h;

     if (length == 0)

     {

         return;

@@ -232,7 +275,7 @@

     int output_length;

-    check_result(EVP_CipherUpdate(handle, output, &output_length, input, length));

+    check_result(EVP_CipherUpdate(handle->cipher_ctx, output, &output_length, input, length));

 }

 /***