[qca] [Bug 482819] kwalletd6 sometimes crashed in QCA::PrivateKey::deriveKey when starting Proton VPN GUI

[Matt Fagnani]

https://bugs.kde.org/show_bug.cgi?id=482819

--- Comment #22 from Matt Fagnani <matt.fagnani at bell.net> ---
I think I've found why the problem happened on my system but not yours. The
openssl config file /etc/pki/tls/openssl.cnf was last modified in September
2020 at the time I ran a SCAP Workbench remediation script which modified
/etc/pki/tls/openssl.cnf to add lines about the Fedora crypto policies.
/etc/pki/tls/openssl.cnf wasn't updated since then because rpm doesn't change
config files that don't match those in the update. I moved
/etc/pki/tls/openssl.cnf to /etc/pki/tls/openssl.cnf.rpmold and moved
/etc/pki/tls/openssl.cnf.rpmnew from February 2024 to /etc/pki/tls/openssl.cnf.
I rebooted. kwalletd6 didn't crash when I started Proton VPN GUI or logged in
using it on the next boot using the new openssl config file. The newer openssl
config has a section not in the older one which shows that the legacy providers
are disabled unless certain lines in the following are uncommented. 

# Uncomment the sections that start with ## below to enable the legacy
provider.
# Loading the legacy provider enables support for the following algorithms:
# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160
# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED
# Key Derivation Function (KDF): PBKDF1
# In general it is not recommended to use the above mentioned algorithms for
# security critical operations, as they are cryptographically weak or
vulnerable
# to side-channel attacks and as such have been deprecated.

[provider_sect]
default = default_sect
##legacy = legacy_sect
##
[default_sect]
activate = 1

##[legacy_sect]
##activate = 1

-- 
You are receiving this mail because:
You are the assignee for the bug.