Patch iperf3 to fix compat with openssl 3.3.5 (#14962)

corvus-callidus · christopherco · anphel31 · commit e530f3143000 · 2025-10-30T20:07:49.000Z
Co-authored-by: Christopher Co &lt;35273088+christopherco@users.noreply.github.com&gt;
diff --git a/SPECS/iperf3/iperf3.spec b/SPECS/iperf3/iperf3.spec
@@ -1,7 +1,7 @@
 Summary:        A network performance benchmark tool.
 Name:           iperf3
 Version:        3.17.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        BSD and MIT and Public Domain
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -12,8 +12,11 @@ Patch1:         disablepg.patch
 Patch2:         CVE-2024-53580.patch
 Patch3:         CVE-2025-54350.patch
 Patch4:         CVE-2025-54349.patch
+Patch5:         openssl_encrypt_buffer_size.patch
 BuildRequires:  autoconf >= 2.71
 BuildRequires:  automake
+BuildRequires:  openssl
+Requires:       openssl
 
 %description
 ipref is a network performance measurement tool that can measure the maximum
@@ -69,6 +72,9 @@ make %{?_smp_mflags} check
 %{_mandir}/man3/libiperf.3.gz
 
 %changelog
+* Tue Oct 14 2025 corvus-callidus <108946721+corvus-callidus@users.noreply.github.com> - 3.17.1-4
+- Patch for openssl buffer size issue during RSA encryption
+
 * Mon Aug 04 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.17.1-3
 - Patch for CVE-2025-54350, CVE-2025-54349
 
diff --git a/SPECS/iperf3/openssl_encrypt_buffer_size.patch b/SPECS/iperf3/openssl_encrypt_buffer_size.patch
@@ -0,0 +1,24 @@
+From aab262afe1770b55bb865fd4dad2d5e737c758a6 Mon Sep 17 00:00:00 2001
+From: Michael Lowman <michael.d.lowman@gmail.com>
+Date: Wed, 8 Oct 2025 22:40:07 +0200
+Subject: [PATCH] Set output buffer size prior to encrypt operation
+
+When calling EVP_PKEY_encrypt with a non-null output buffer,
+the output buffer length must be provided. Attempts to write
+beyond this length will fail.
+---
+ src/iperf_auth.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/iperf_auth.c b/src/iperf_auth.c
+index eda015099..774e1b701 100644
+--- a/src/iperf_auth.c
++++ b/src/iperf_auth.c
+@@ -255,6 +255,7 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch
+ #endif
+     rsa_buffer  = OPENSSL_malloc(keysize * 2);
+     *encryptedtext = (unsigned char*)OPENSSL_malloc(keysize);
++    encryptedtext_len = keysize;
+
+     BIO *bioBuff   = BIO_new_mem_buf((void*)plaintext, (int)strlen(plaintext));
+     rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, keysize * 2);
