[UBUNTU 22.04] openssl with ibmca engine configured dumps core when creating a new certificate

I've created a PPA for Jammy that incorporates the fix mentionned. The details are available at https://launchpad.net/~adrien-n/+archive/ubuntu/openssl-jammy-sru . Could you test it and confirm your issue is solved?

------- Comment From <email address hidden> 2023-09-14 03:15 EDT-------
First, reproduced the behaviour of the problem as described and encountered the segmentation fault situation as described.
Wrote out the coredump with coredumpctl dump and saw from the call stack the reported problem was reproduced.

The installed libssl3 and openssl versions were:
# dpkg -l libssl3 openssl
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-=================-============-====================================================
ii libssl3:s390x 3.0.2-0ubuntu1.10 s390x Secure Sockets Layer toolkit - shared libraries
ii openssl 3.0.2-0ubuntu1.10 s390x Secure Sockets Layer toolkit - cryptographic utility

Next, added the ppa repository as instructed.

# apt list --upgradable
Listing... Done
libssl-dev/jammy 3.0.2-0ubuntu1.11~ppa2 s390x [upgradable from: 3.0.2-0ubuntu1.10]
libssl3/jammy 3.0.2-0ubuntu1.11~ppa2 s390x [upgradable from: 3.0.2-0ubuntu1.10]
openssl/jammy 3.0.2-0ubuntu1.11~ppa2 s390x [upgradable from: 3.0.2-0ubuntu1.10]

Successfully updated the three required packages to the version provided by the ppa package:
# apt upgrade libssl3 openssl libssl-dev
The following packages will be upgraded:
libssl-dev libssl3 openssl
3 upgraded, 0 newly installed, 0 to remove and 15 not upgraded.
Need to get 5,038 kB of archives.
After this operation, 5,120 B of additional disk space will be used.
Do you want to continue? [Y/n] Y
...

Cross-checked the libssl3 and openssl packages had been successfully upgraded:
# dpkg -l libssl3 openssl
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-======================-============-====================================================
ii libssl3:s390x 3.0.2-0ubuntu1.11~ppa2 s390x Secure Sockets Layer toolkit - shared libraries
ii openssl 3.0.2-0ubuntu1.11~ppa2 s390x Secure Sockets Layer toolkit - cryptographic utility

Next checked the ibmca engine is still enabled, and subsequently was able to run the key generation request without encountering the segmentation fault.
Thanks for providing the fix.
Please integrate.

Thanks.

# openssl engine
(dynamic) Dynamic engine loading support
(ibmca) Ibmca hardware engine support
# openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
# openssl req -new -newkey rsa:2048 -x509 -sha256 -nodes -out __cert.pem -keyout __key.pem --subj '/CN=US'
..+..+.+......+...+.....+.+..+...+.........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+.+.....+.......+........+...+....+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+.....................+.........+...+..+...+......+..........+.....+......+.+..+......+.+....................+...+...+.............+....

Thanks a lot for taking the time to test and provide feedback. I'll continue with the SRU process; landing will probably take a few weeks.

Hi Adrien,

You subscribed ubuntu-sponsors, do you have any debdiff or MP to be reviewed? Sorry, I did not find anything ready to review. Without that I believe the best way is to unsubscribe ubuntu-sponsors until there is something ready to be uploaded.

Hi Lucas,

Sorry, this is part of an SRU with 4 patches but that we've decided to hold back for a bit (a few days after the current release). I've removed ubuntu-sponsors from the "main" LP bug (link near the top of the bug report) but not from the others. I'll do it now and I think maybe it's better to only add ~ubuntu-sponsors to that main ticket.

A version containing a fix for this has been uploaded to the Jammy queue to be processed by the SRU team. Thanks, Adrien :)

Adrien, we do have openssl-ibmca in the archive, for the s390x arch:
$ rmadison openssl-ibmca
 openssl-ibmca | 1.3.0-0ubuntu2 | xenial/universe | source, s390x
 openssl-ibmca | 1.3.0-0ubuntu2.16.04.2 | xenial-updates/universe | source, s390x
 openssl-ibmca | 1.4.1-0ubuntu1 | bionic/universe | source, s390x
 openssl-ibmca | 1.4.1-0ubuntu1.2 | bionic-security/universe | source, s390x
 openssl-ibmca | 1.4.1-0ubuntu1.2 | bionic-updates/universe | source, s390x
 openssl-ibmca | 2.1.0-0ubuntu1 | focal/universe | source, s390x
 openssl-ibmca | 2.1.0-0ubuntu1.20.04.2 | focal-security/universe | source, s390x
 openssl-ibmca | 2.1.0-0ubuntu1.20.04.2 | focal-updates/universe | source, s390x
 openssl-ibmca | 2.2.3-0ubuntu1 | jammy/universe | source, s390x
 openssl-ibmca | 2.2.3-0ubuntu1.1 | jammy-security/universe | source, s390x
 openssl-ibmca | 2.2.3-0ubuntu1.1 | jammy-updates/universe | source, s390x
 openssl-ibmca | 2.4.0-0ubuntu1 | lunar/universe | source, s390x
 openssl-ibmca | 2.4.0-0ubuntu2 | mantic/universe | source, s390x
 openssl-ibmca | 2.4.0-0ubuntu2 | noble/universe | source, s390x

It should be possible to come up with a test case that mimics what was reported. But if not, we can rely on their testing of the proposed packages, since this particular test case requires specialized hardware.

One caveat, though. I fear we might find a bug in our openssl-ibmca packaging. The package in mantic, for example, installs the engine in an openssl 1.1 directory, and there is no openssl 1.1 in mantic:

ubuntu@s1lp5:~$ dpkg -L openssl-ibmca|grep engine
/usr/bin/ibmca-engine-opensslconfig
/usr/lib/s390x-linux-gnu/engines-1.1
/usr/lib/s390x-linux-gnu/engines-1.1/ibmca.so

I suppose IBM built the engine from source for their case? But if they used openssl-ibmca from jammy, then it should be easier for us to test.

As to possible regressions in other engines, we do have some in the archive, although for openssl-3 they are deprecated, and providers are favored. But I have a script that tests openvpn with an openssl engine that we could use here, I used it in another SRU[1]:
"""
[Jammy specific test plan]
Given that in jammy we had to re-enable openssl3 engine support, here is a test for that to make sure it keeps working.

In a jammy *VM*:
- Download test script:
wget https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2004676/+attachment/5714185/+files/vpn-setup-with-pkcs11

- Install test dependencies
sudo apt install openvpn easy-rsa openssl opensc-pkcs11 gnutls-bin softhsm2 dpkg-dev libengine-pkcs11-openssl expect

- Run test:
sudo ./vpn-setup-with-pkcs11

It runs with set -e, so expected result is "## All good, stopping client and server services" and "## Done." This result is expected both with the current jammy package, and the proposed update.
"""

In that script, the bit that exercises the engine is this, right after having configured openssl.cnf to use the engine:
OPENS...

As you mention, it's difficult to test with this reproducer specifically since it's specialized hardware and I've largely had to rely on testing from the proxied persons who also have interests and duties in this working well. The issue also appears without the specific hardware when using providers for some functions but openssl 3.0 providers are recent and not very widely used so there aren't many one that fit either and the verification/setup is correspondingly high. On the bright side, the potential for damage is low due to the small userbase. One last thing: I don't know if this could work less well than right now since they get crashes.

The "engines-1.1" is not necessarily a concern: libengine-gost-openssl/libengine-gost-openssl1.1 was/were putting files in a similar place without issue IIRC. I don't have a good example to show because the package currently for jammy puts it in / directly... . In any case, the path should be configured and the actual location isn't really an issue. You can see the configuration on https://sysos.ru/archives/589 (russian, search for "openssl_def"; I have seen non-russian links too but I can't find them again).

The package for the SRU is already in -proposed so it should be possible to test already. It's (very) late here though so I'll come back to this and the tests tomorrow. Thanks for the review, comments, and testcase.

Excuse me for chiming in so late, but we can test (and even recreate) the situation by ourselves on our system (and we have systems with attached crypto hw to it).

I just tried it on a jammy z/VM guest:

$ lszcrypt -V
CARD.DOM TYPE MODE STATUS REQUESTS PENDING HWTYPE QDEPTH FUNCTIONS DRIVER
--------------------------------------------------------------------------------------------
02 CEX5C CCA-Coproc online 1 0 11 08 S--D--N-- cex4card
02.0011 CEX5C CCA-Coproc online 1 0 11 08 S--D--N-- cex4queue
$ sudo apt-get install libica-utils libica? openssl-ibmca
$ sudo cp /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample /etc/ssl/openssl.cnf
$ openssl engine
(dynamic) Dynamic engine loading support
(ibmca) Ibmca hardware engine support
$ openssl req -new -newkey rsa:2048 -x509 -sha256 -nodes -out __cert.pem -keyout __key.pem --subj '/CN=US'
..+....+........+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+........+...+.+........+.+......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......................+......+......+...+...+........+.........................+......+........+...+...+..........+..+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+..+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+..+...+....+...+...+........+.+.....+...+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+.....................+..+....+...+..+......+...+......+.............+..+.+.....+...................+........+.+.....+......+.........+.......+..+.+.....+....+...+.....+....+......+.....+.......+...............+......+.........+...+........+...............+............+....+.....+.+..+..........+...............+......+.........+.....+.+.....+.+..............+..........+............+...+......+...........+...+......+....+............+..+.+......+.....+...+.............+.................+.+.....+.........+.+.....+.+.....+.+........+....+..+......+..........+..+.+......+...+..+......+....+.........+..+..................+......+...+.+.................+...............+.......+.....+.+......+...+......+......+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Segmentation fault (core dumped)
$

An upload of openssl to jammy-proposed has been rejected from the upload queue for the following reason: "Please reupload without debian/patches/lp1994165/0002-Handle-SMIME_crlf_copy-return-code.patch".

> Excuse me for chiming in so late, but we can test (and even recreate)
> the situation by ourselves on our system (and we have systems with
> attached crypto hw to it).

Someone please update the bug description accordingly with a complete description of the SRU test case.

I had the update of the bug description on my todo list - it's done now.

Hello bugproxy, or anyone else affected,

Accepted openssl into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.13 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted openssl (3.0.2-0ubuntu1.13) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

diffoscope/205 (armhf)
dotnet6/6.0.126-0ubuntu1~22.04.1 (amd64, arm64)
ganeti/3.0.2-1ubuntu1 (armhf)
linux-aws-5.19/5.19.0-1029.30~22.04.1 (arm64)
linux-aws-6.5/6.5.0-1011.11~22.04.1 (arm64)
linux-azure-6.2/6.2.0-1018.18~22.04.1 (arm64)
linux-gcp-6.2/6.2.0-1019.21~22.04.1 (arm64)
linux-gke/5.15.0-1048.53 (arm64)
linux-lowlatency-hwe-6.2/6.2.0-1018.18~22.04.1 (arm64)
linux-lowlatency-hwe-6.5/6.5.0-14.14.1~22.04.1 (arm64)
linux-mtk/5.15.0-1029.33 (arm64)
linux-nvidia-6.5/6.5.0-1010.10 (arm64)
linux-oracle-6.2/6.2.0-1017.18~22.04.1 (arm64)
puma/5.5.2-2ubuntu2 (arm64)
python-bonsai/1.3.0+ds-3build1 (armhf)
ruby3.0/3.0.2-7ubuntu2.4 (amd64, arm64, i386)
seqkit/2.1.0+ds-1 (s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#openssl

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

verification on jammy was successful

------- Comment From <email address hidden> 2024-01-23 03:44 EDT-------
The problem is still visible after installing the -proposed package:

root:~# dpkg -l | grep openssl
ii openssl 3.0.2-0ubuntu1.13 s390x Secure Sockets Layer toolkit - cryptographic utility
ii openssl-ibmca 2.2.3-0ubuntu1.1 s390x libica based hardware acceleration engine for OpenSSL
ii python3-openssl 21.0.0-1 all Python 3 wrapper around the OpenSSL library
root:~# openssl engine
(dynamic) Dynamic engine loading support
(ibmca) Ibmca hardware engine support

By running with gdb the following BT can be observed:
(gdb) r
Starting program: /usr/bin/openssl req -new -newkey rsa:2048 -x509 -sha256 -nodes -out __cert.pem -keyout __key.pem --subj /CN=US
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/s390x-linux-gnu/libthread_db.so.1".
.............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+.....+..........+............+...+...........+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.+.....+.+..........................+...+.+......+.....+...+.........+.+.........+......+..+.......+....................+.+...............+..............+...+...+......+.+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+.....+............+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+........+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----

Program received signal SIGSEGV, Segmentation fault.
0x000003fffd89c738 in __pthread_rwlock_wrlock_full64 (abstime=0x0, clockid=0, rwlock=0x0) at pthread_rwlock_common.c:603
603 pthread_rwlock_common.c: No such file or directory.
(gdb) bt
#0 0x000003fffd89c738 in __pthread_rwlock_wrlock_full64 (abstime=0x0, clockid=0, rwlock=0x0) at pthread_rwlock_common.c:603
#1 ___pthread_rwlock_wrlock (rwlock=0x0) at pthread_rwlock_wrlock.c:26
#2 0x000003fffdbb7812 in CRYPTO_THREAD_write_lock () from /lib/s390x-linux-gnu/libcrypto.so.3
#3 0x000003fffdb634f2 in ENGINE_finish () from /lib/s390x-linux-gnu/libcrypto.so.3
#4 0x000003fffdb86314 in EVP_CIPHER_CTX_reset () from /lib/s390x-linux-gnu/libcrypto.so.3
#5 0x000003fffdb8635c in EVP_CIPHER_CTX_free () from /lib/s390x-linux-gnu/libcrypto.so.3
#6 0x000003fffdc791ac in ?? () from /lib/s390x-linux-gnu/libcrypto.so.3
#7 0x000003fffdb8ca88 in EVP_RAND_CTX_free () from /lib/s390x-linux-gnu/libcrypto.so.3
#8 0x000003fffdbe4bc2 in ?? () from /lib/s390x-linux-gnu/libcrypto.so.3
#9 0x000003fffdbb0c6c in CRYPTO_free_ex_data () from /lib/s390x-linux-gnu/libcrypto.so.3
#10 0x000003fffdba8dfa in ?? () from /lib/s390x-linux-gnu/libcrypto.so.3
#11 0x000003fffdbb36b8 in OPENSSL_cleanup () from /lib/s390x-linux-gnu/libcrypto.so.3
#12 0x000003fffd84b6ec in __run_exit_handlers (status=<optimized out>, listp=0x3fffd9ce618 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true,
run_dtors=run_dtors@entry=...

------- Comment From <email address hidden> 2024-01-23 03:53 EDT-------
After upgrading to Ubuntu 22.04.3 the solution is working and the problem is not visible anymore.

Explicit update of the fix is not valid on the older version (22.04.1).

Hi Grgo, did you also updated libssl3?
see test plan in Description:
"
- Upgrade not only the openssl package itself,
  but also libssl3, before verification.
"
With that I could successfully verify.

------- Comment From <email address hidden> 2024-01-23 05:09 EDT-------
# apt-cache policy libssl3 openssl
libssl3:
Installed: 3.0.2-0ubuntu1.13
Candidate: 3.0.2-0ubuntu1.13
Version table:
*** 3.0.2-0ubuntu1.13 400
400 http://ports.ubuntu.com/ubuntu-ports jammy-proposed/main s390x Packages
100 /var/lib/dpkg/status
3.0.2-0ubuntu1.12 500
500 http://ports.ubuntu.com/ubuntu-ports jammy-updates/main s390x Packages
500 http://ports.ubuntu.com/ubuntu-ports jammy-security/main s390x Packages
3.0.2-0ubuntu1 500
500 http://ports.ubuntu.com/ubuntu-ports jammy/main s390x Packages
openssl:
Installed: 3.0.2-0ubuntu1.13
Candidate: 3.0.2-0ubuntu1.13
Version table:
*** 3.0.2-0ubuntu1.13 400
400 http://ports.ubuntu.com/ubuntu-ports jammy-proposed/main s390x Packages
100 /var/lib/dpkg/status
3.0.2-0ubuntu1.12 500
500 http://ports.ubuntu.com/ubuntu-ports jammy-updates/main s390x Packages
500 http://ports.ubuntu.com/ubuntu-ports jammy-security/main s390x Packages
3.0.2-0ubuntu1 500
500 http://ports.ubuntu.com/ubuntu-ports jammy/main s390x Packages

Successfully verified. The problem is not visible any more. Thank you!

Frank and Grgo, thanks for the verification. That was very helpful.

This bug was fixed in the package openssl - 3.0.2-0ubuntu1.13

---------------
openssl (3.0.2-0ubuntu1.13) jammy; urgency=medium

  * Fix (upstream): crash when using an engine for ciphers used by DRBG
    (LP: #2023545)
    - lp2023545/0001-Release-the-drbg-in-the-global-default-context-befor.patch
  * Fix (upstream): do not ignore return values for S/MIME signature
    (LP: #1994165)
    - lp1994165/0001-REGRESSION-CMS_final-do-not-ignore-CMS_dataFinal-res.patch
  * Perf (upstream): don't empty method stores and provider synchronization
    records when flushing the query cache (LP: #2033422)
    - lp2033422/0001-Drop-ossl_provider_clear_all_operation_bits-and-all-.patch
    - lp2033422/0002-Refactor-method-construction-pre-and-post-condition.patch
    - lp2033422/0003-Don-t-empty-the-method-store-when-flushing-the-query.patch
    - lp2033422/0004-Make-it-possible-to-remove-methods-by-the-provider-t.patch
    - lp2033422/0005-Complete-the-cleanup-of-an-algorithm-in-OSSL_METHOD_.patch
    - lp2033422/0006-For-child-libctx-provider-don-t-count-self-reference.patch
    - lp2033422/0007-Add-method-store-cache-flush-and-method-removal-to-n.patch

 -- Adrien Nader <email address hidden> Tue, 09 Jan 2024 11:42:50 +0100

The verification of the Stable Release Update for openssl has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

------- Comment From <email address hidden> 2024-01-25 07:28 EDT-------
Thanks everyone for your work.
With the fix being released to -updates, I will close this bug as soon as the status in Launchpad changes to "fix released"

Since this bug is fixed with openssl 3.0.8 and newer,
I'm changing the status of the current devel. release to Fix Released too (since we are there on 3.0.10).
And with that the affected project status can be set to Fix Released, too.

Thx!