Ubuntu 20.04.2 - OPENSSL_cleanse() fails with segmentation fault in eddsa_test

Bug #1929921 reported by bugproxy
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
openssl (Ubuntu)
Skipper Bug Screeners

Bug Description

---Problem Description---
IBM z15 with D41C Bundle S39a and z/VM 7.2.0 guest with crypto cards attached
OS: Ubuntu 20.04.2 (focal fossa) with 5.4.0-73-generic and libica 3.6.1 installed
Core dump when running the eddsa_test from libica

The available openSSL version is: OpenSSL 1.1.1f 31 Mar 2020
The ibmca engine was installed, but not defined into the openssl.cnf file,
openssl engine displayed the default line:
   (dynamic) Dynamic engine loading support

The segmentation fault was generated by `./eddsa_test'.
Program terminated with signal SIGSEGV, Segmentation fault in openSSL
(gdb) bt
#0 0x000003ff896e50be in OPENSSL_cleanse () from /lib/s390x-linux-gnu/libcrypto.so.1.1
#1 0x000003ff898a26fa in ica_ed25519_ctx_del (ctx=0x3fff9b7e010) at ica_api.c:1897
#2 0x000002aa28986f14 in ed25519_stress () at eddsa_test.c:441
#3 0x000002aa289831bc in main (argc=0x1, argv=0x3fff9b7eaf8) at eddsa_test.c:66

See https://wiki.ubuntu.com/Debug%20Symbol%20Packages about how to define debug repositories

apt install libica3-dbgsym

#0 0x000003ff896e50be in OPENSSL_cleanse () from /lib/s390x-linux-gnu/libcrypto.so.1.1
(gdb) bt
# coredumpctl dump 158582 > eddsa.core
           PID: 158582 (eddsa_test)
           UID: 0 (root)
           GID: 0 (root)
        Signal: 11 (SEGV)
     Timestamp: Wed 2021-05-26 19:52:28 CEST (15h ago)
  Command Line: ./eddsa_test
    Executable: /root/crypto/libica-3.6.1/test/eddsa_test
 Control Group: /user.slice/user-0.slice/session-9.scope
          Unit: session-9.scope
         Slice: user-0.slice
       Session: 9
     Owner UID: 0 (root)
       Boot ID: 6a7a23240f464a0d9f2d3fa3e82be73e
    Machine ID: c933ae494f9a4c6e8d82625c952945d5
      Hostname: t3514002.lnxne.boe
       Storage: /var/lib/systemd/coredump/core.eddsa_test.0.6a7a23240f464a0d9f2d3fa3e82be73e.158582.1622051548000000000000.lz4
       Message: Process 158582 (eddsa_test) of user 0 dumped core.

                Stack trace of thread 158582:
                #0 0x000003ff896e50be OPENSSL_cleanse (libcrypto.so.1.1 + 0x1650be)

---uname output---
Linux system 5.4.0-73-generic #82-Ubuntu SMP Wed Apr 14 17:29:32 UTC 2021 s390x s390x s390x GNU/Linux

Machine Type = Manufacturer: IBM Type: 8561 Model: 703 T01
A debugger was configured, however the system did not enter into the debugger

---Steps to Reproduce---
1.) install the github libica 3.6.1 package
    and build the test cases
2.) cd .../libica-3.6.1
3.) ./bootstrap.sh; configure --enable-coverage
4.) make coverage
    Watch the segmentation fault to happen

Userspace tool common name: eddsa_test

The userspace tool has the following bit modes: 64bit

Userspace rpm: libica3

Userspace tool obtained from project website: na

The problem could be reproduced with libica 3.6.1, however, it does not show up with libica 3.8.0. Looks like the problem was fixed by commit


After applying this fix on top of 3.6.1, the segfault does not occur anymore. It's sufficient to apply the 4 changes in eddsa_test.c.

Revision history for this message
bugproxy (bugproxy) wrote : compressed eddsa core file

Default Comment by Bridge

tags: added: architecture-s39064 bugnameltc-192953 severity-high targetmilestone-inin20042
Revision history for this message
bugproxy (bugproxy) wrote : Core dump lines from journal

Default Comment by Bridge

Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2021-05-28 05:09 EDT-------
Please close this ticket. The problem only occurs in the testsuite not in the production package... Many thanks

------- Comment From <email address hidden> 2021-05-28 05:10 EDT-------
IBM Bugzilla status->closed, Not a bug !

Changed in ubuntu-z-systems:
importance: Undecided → High
Steve Langasek (vorlon)
Changed in ubuntu-z-systems:
status: New → Invalid
Changed in linux (Ubuntu):
status: New → Invalid
Frank Heimes (fheimes)
affects: linux (Ubuntu) → openssl (Ubuntu)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers