[Bug 1990216] Re: backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL 1.1 with blowfish in OFB or CFB modes" to Jammy

[Nathan Stratton Treadway]

Yes, libssl3 3.0.2-0ubuntu1.11~ppa2 appears to fix the Blowfish
incompatibility (at least for the original case of connecting to Tinc
running on old distributions of Ubuntu).

Test steps:
disabled the OPENSSL_MODULES workaround I had in place on a my Jammy node, and confirmed that Tinc was unable to connect to the remote Tinc node, and generated "Bogus data received from" syslog error messages (as expected due to this bug).

enabled the adrien-n/openssl-jammy-sru PPA, and installed the
...ubuntu1.11~ppa2 versions of openssl and libssl3.

restarted the Tinc service... and saw that the Jammy node was once again
able to connect to the remote node (without the OPENSSL_MODULES
workaround).

Let me know if I can provide any other information.


(Do you have an ETA for publishing this package to Jammy?)

Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1990216

Title:
  backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL
  1.1 with blowfish in OFB or CFB modes" to Jammy

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Jammy:
  In Progress
Status in openssl source package in Lunar:
  Fix Released

Bug description:
  OpenSSL upstream implemented a fix for their issue #18359  "OpenSSL 3 cannot decrypt data encrypted with OpenSSL 1.1 with blowfish in OFB or CFB modes" 
    https://github.com/openssl/openssl/issues/18359
  as of libssl3 3.0.4 (and thus it is included in recent libssl3 versions in Kinetic).

  Could this fix be backported to libssl3 in Jammy?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1990216/+subscriptions