segmentation fault on Version 5 directories with SSL 3.0

Question

segmentation fault on Version 5 directories with SSL 3.0

pddp opened this issue 2 years ago · 1 comments

After upgrading to openssl-3.0.7-2 on ARCH yesterday, encfs fails to mount old directories (V5, containing .encfs5).
The output is:
VERBOSE checking if ssl/aes(3:0:2) implements ssl/blowfish(2:1) [Interface.cpp:103]
VERBOSE checking if ssl/blowfish(3:0:2) implements ssl/blowfish(2:1) [Interface.cpp:103]
VERBOSE allocated cipher ssl/blowfish, keySize 20, ivlength 8 [SSL_Cipher.cpp:395]
VERBOSE useStdin: 0 [FileUtils.cpp:1660]
EncFS-Passwort:
VERBOSE checking if ssl/aes(3:0:2) implements ssl/blowfish(2:1) [Interface.cpp:103]
VERBOSE checking if ssl/blowfish(3:0:2) implements ssl/blowfish(2:1) [Interface.cpp:103]
VERBOSE allocated cipher ssl/blowfish, keySize 20, ivlength 8 [SSL_Cipher.cpp:395]

followed by a core dump

encfs Version 1.9.5

Answer 1 · 2022-11-11T17:28:34.000Z

This happens because Blowfish is a legacy algorithm. OpenSSL 3.0 does not provide legacy algorithms by default anymore. For a workaround, you can add/update the following to your system-wide openssl.cnf file (on Ubuntu, that file is in /etc/ssl/openssl.cnf):

[openssl_init]
providers = provider_sect

[provider_sect]
default = default_sect
legacy = legacy_sect

[default_sect]
activate = 1

[legacy_sect]
activate = 1

Note that if you activate the legacy provider, you MUST activate the default provider as well. The default provider is normally a fallback provider that is only active if no other providers are explicitly activated.