Ubuntu 20.04.2 - OPENSSL_cleanse() fails with segmentation fault in eddsa_test

Bug #1929921 reported by bugproxy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
High
Unassigned
openssl (Ubuntu)
Undecided
Skipper Bug Screeners

Bug Description

---Problem Description---
=======
IBM z15 with D41C Bundle S39a and z/VM 7.2.0 guest with crypto cards attached
OS: Ubuntu 20.04.2 (focal fossa) with 5.4.0-73-generic and libica 3.6.1 installed
Core dump when running the eddsa_test from libica

Details
=======
The available openSSL version is: OpenSSL 1.1.1f 31 Mar 2020
The ibmca engine was installed, but not defined into the openssl.cnf file,
openssl engine displayed the default line:
   (dynamic) Dynamic engine loading support

The segmentation fault was generated by `./eddsa_test'.
Program terminated with signal SIGSEGV, Segmentation fault in openSSL
(gdb) bt
#0 0x000003ff896e50be in OPENSSL_cleanse () from /lib/s390x-linux-gnu/libcrypto.so.1.1
#1 0x000003ff898a26fa in ica_ed25519_ctx_del (ctx=0x3fff9b7e010) at ica_api.c:1897
#2 0x000002aa28986f14 in ed25519_stress () at eddsa_test.c:441
#3 0x000002aa289831bc in main (argc=0x1, argv=0x3fff9b7eaf8) at eddsa_test.c:66

See https://wiki.ubuntu.com/Debug%20Symbol%20Packages about how to define debug repositories

apt install libica3-dbgsym

#0 0x000003ff896e50be in OPENSSL_cleanse () from /lib/s390x-linux-gnu/libcrypto.so.1.1
(gdb) bt
# coredumpctl dump 158582 > eddsa.core
           PID: 158582 (eddsa_test)
           UID: 0 (root)
           GID: 0 (root)
        Signal: 11 (SEGV)
     Timestamp: Wed 2021-05-26 19:52:28 CEST (15h ago)
  Command Line: ./eddsa_test
    Executable: /root/crypto/libica-3.6.1/test/eddsa_test
 Control Group: /user.slice/user-0.slice/session-9.scope
          Unit: session-9.scope
         Slice: user-0.slice
       Session: 9
     Owner UID: 0 (root)
       Boot ID: 6a7a23240f464a0d9f2d3fa3e82be73e
    Machine ID: c933ae494f9a4c6e8d82625c952945d5
      Hostname: t3514002.lnxne.boe
       Storage: /var/lib/systemd/coredump/core.eddsa_test.0.6a7a23240f464a0d9f2d3fa3e82be73e.158582.1622051548000000000000.lz4
       Message: Process 158582 (eddsa_test) of user 0 dumped core.

                Stack trace of thread 158582:
                #0 0x000003ff896e50be OPENSSL_cleanse (libcrypto.so.1.1 + 0x1650be)

---uname output---
Linux system 5.4.0-73-generic #82-Ubuntu SMP Wed Apr 14 17:29:32 UTC 2021 s390x s390x s390x GNU/Linux

Machine Type = Manufacturer: IBM Type: 8561 Model: 703 T01
 ---Debugger---
A debugger was configured, however the system did not enter into the debugger

---Steps to Reproduce---
1.) install the github libica 3.6.1 package
    and build the test cases
2.) cd .../libica-3.6.1
3.) ./bootstrap.sh; configure --enable-coverage
4.) make coverage
    Watch the segmentation fault to happen

Userspace tool common name: eddsa_test

The userspace tool has the following bit modes: 64bit

Userspace rpm: libica3

Userspace tool obtained from project website: na

The problem could be reproduced with libica 3.6.1, however, it does not show up with libica 3.8.0. Looks like the problem was fixed by commit

https://github.com/opencryptoki/libica/commit/b40d0d2ad4a2aac088cf47befbddd8b3b9fca1c5

After applying this fix on top of 3.6.1, the segfault does not occur anymore. It's sufficient to apply the 4 changes in eddsa_test.c.

Revision history for this message
bugproxy (bugproxy) wrote : compressed eddsa core file

Default Comment by Bridge

tags: added: architecture-s39064 bugnameltc-192953 severity-high targetmilestone-inin20042
Revision history for this message
bugproxy (bugproxy) wrote : Core dump lines from journal

Default Comment by Bridge

Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2021-05-28 05:09 EDT-------
Please close this ticket. The problem only occurs in the testsuite not in the production package... Many thanks

------- Comment From <email address hidden> 2021-05-28 05:10 EDT-------
IBM Bugzilla status->closed, Not a bug !

Changed in ubuntu-z-systems:
importance: Undecided → High
Steve Langasek (vorlon)
Changed in ubuntu-z-systems:
status: New → Invalid
Changed in linux (Ubuntu):
status: New → Invalid
Frank Heimes (fheimes)
affects: linux (Ubuntu) → openssl (Ubuntu)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers