Ubuntu 20.04.2 - OPENSSL_cleanse() fails with segmentation fault in eddsa_test
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Invalid
|
High
|
Unassigned | ||
openssl (Ubuntu) |
Invalid
|
Undecided
|
Skipper Bug Screeners |
Bug Description
---Problem Description---
=======
IBM z15 with D41C Bundle S39a and z/VM 7.2.0 guest with crypto cards attached
OS: Ubuntu 20.04.2 (focal fossa) with 5.4.0-73-generic and libica 3.6.1 installed
Core dump when running the eddsa_test from libica
Details
=======
The available openSSL version is: OpenSSL 1.1.1f 31 Mar 2020
The ibmca engine was installed, but not defined into the openssl.cnf file,
openssl engine displayed the default line:
(dynamic) Dynamic engine loading support
The segmentation fault was generated by `./eddsa_test'.
Program terminated with signal SIGSEGV, Segmentation fault in openSSL
(gdb) bt
#0 0x000003ff896e50be in OPENSSL_cleanse () from /lib/s390x-
#1 0x000003ff898a26fa in ica_ed25519_ctx_del (ctx=0x3fff9b7e010) at ica_api.c:1897
#2 0x000002aa28986f14 in ed25519_stress () at eddsa_test.c:441
#3 0x000002aa289831bc in main (argc=0x1, argv=0x3fff9b7eaf8) at eddsa_test.c:66
See https:/
apt install libica3-dbgsym
#0 0x000003ff896e50be in OPENSSL_cleanse () from /lib/s390x-
(gdb) bt
# coredumpctl dump 158582 > eddsa.core
PID: 158582 (eddsa_test)
UID: 0 (root)
GID: 0 (root)
Signal: 11 (SEGV)
Timestamp: Wed 2021-05-26 19:52:28 CEST (15h ago)
Command Line: ./eddsa_test
Executable: /root/crypto/
Control Group: /user.slice/
Unit: session-9.scope
Slice: user-0.slice
Session: 9
Owner UID: 0 (root)
Boot ID: 6a7a23240f464a0
Machine ID: c933ae494f9a4c6
Hostname: t3514002.lnxne.boe
Storage: /var/lib/
Message: Process 158582 (eddsa_test) of user 0 dumped core.
#0 0x000003ff896e50be OPENSSL_cleanse (libcrypto.so.1.1 + 0x1650be)
---uname output---
Linux system 5.4.0-73-generic #82-Ubuntu SMP Wed Apr 14 17:29:32 UTC 2021 s390x s390x s390x GNU/Linux
Machine Type = Manufacturer: IBM Type: 8561 Model: 703 T01
---Debugger---
A debugger was configured, however the system did not enter into the debugger
---Steps to Reproduce---
1.) install the github libica 3.6.1 package
and build the test cases
2.) cd .../libica-3.6.1
3.) ./bootstrap.sh; configure --enable-coverage
4.) make coverage
Watch the segmentation fault to happen
Userspace tool common name: eddsa_test
The userspace tool has the following bit modes: 64bit
Userspace rpm: libica3
Userspace tool obtained from project website: na
The problem could be reproduced with libica 3.6.1, however, it does not show up with libica 3.8.0. Looks like the problem was fixed by commit
https:/
After applying this fix on top of 3.6.1, the segfault does not occur anymore. It's sufficient to apply the 4 changes in eddsa_test.c.
Changed in ubuntu-z-systems: | |
importance: | Undecided → High |
Changed in ubuntu-z-systems: | |
status: | New → Invalid |
Changed in linux (Ubuntu): | |
status: | New → Invalid |
affects: | linux (Ubuntu) → openssl (Ubuntu) |
Default Comment by Bridge