Ubuntu
openssl package

Comment 16 for bug 1951279

Revision history for this message

David Hess (dhess-8) wrote on 2021-12-25:

#16

To reproduce, be on an Arm v8.3 processor and do the following:

$ gdb $(which openssl)
GNU gdb (Ubuntu 9.2-0ubuntu1~20.04) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "aarch64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/openssl...
Reading symbols from /usr/lib/debug/.build-id/8c/c0ad363ae4508d48a68d9f9dafdbadf7bd264a.debug...
(gdb) break main
Breakpoint 1 at 0x32840: file ../apps/openssl.c, line 120.
(gdb) run s_client -showcerts -connect graph.facebook.com:443
Starting program: /usr/bin/openssl s_client -showcerts -connect graph.facebook.com:443
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1".

Breakpoint 1, main (argc=5, argv=0xfffffffff478) at ../apps/openssl.c:120
120 ../apps/openssl.c: No such file or directory.
(gdb) break ../crypto/poly1305/poly1305.c:502
Breakpoint 2 at 0xfffff7e082c8: file ../crypto/poly1305/poly1305.c, line 502.
(gdb) c
Continuing.
CONNECTED(00000003)

Breakpoint 2, Poly1305_Update (ctx=ctx@entry=0xaaaaaaba97f0, inp=<optimized out>, inp@entry=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>, len=992, len@entry=1001)
    at ../crypto/poly1305/poly1305.c:502
502 ../crypto/poly1305/poly1305.c: No such file or directory.
(gdb) s
poly1305_blocks_neon () at crypto/poly1305/poly1305-armv8.S:223
223 crypto/poly1305/poly1305-armv8.S: No such file or directory.
(gdb) bt
#0 poly1305_blocks_neon () at crypto/poly1305/poly1305-armv8.S:223
#1 0x0000fffff7e082dc in Poly1305_Update (ctx=ctx@entry=0xaaaaaaba97f0, inp=<optimized out>, inp@entry=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>,
    len=<optimized out>, len@entry=1001) at ../crypto/poly1305/poly1305.c:502
#2 0x0000fffff7dd7834 in chacha20_poly1305_cipher (ctx=0xaaaaaaba95b0, out=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>,
    in=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>, len=1001) at ../crypto/evp/e_chacha20_poly1305.c:419
#3 0x0000fffff7ddc214 in EVP_DecryptUpdate (inl=1001, in=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>, outl=0xffffffffe360,
    out=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>, ctx=0xaaaaaaba95b0) at ../crypto/evp/evp_enc.c:498
#4 EVP_DecryptUpdate (ctx=0xaaaaaaba95b0, out=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>, outl=0xffffffffe360,
    in=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>, inl=1001) at ../crypto/evp/evp_enc.c:464
#5 0x0000fffff7f59d8c in tls13_enc (s=0xaaaaaab94ca0, recs=0xaaaaaab95a28, n_recs=<optimized out>, sending=0) at ../ssl/record/ssl3_record_tls13.c:173
#6 0x0000fffff7f58748 in ssl3_get_record (s=s@entry=0xaaaaaab94ca0) at ../ssl/record/ssl3_record.c:529
#7 0x0000fffff7f55fc0 in ssl3_read_bytes (s=0xaaaaaab94ca0, type=22, recvd_type=0xffffffffe5ec, buf=0xaaaaaab98b30 "\002", len=4, peek=0, readbytes=0xffffffffe5f0) at ../ssl/record/rec_layer_s3.c:1323
#8 0x0000fffff7f84800 in tls_get_message_header (s=s@entry=0xaaaaaab94ca0, mt=mt@entry=0xffffffffe68c) at ../ssl/statem/statem_lib.c:1160
#9 0x0000fffff7f7af74 in read_state_machine (s=0xaaaaaab94ca0) at ../ssl/statem/statem.c:579
#10 state_machine (s=0xaaaaaab94ca0, server=0) at ../ssl/statem/statem.c:434
#11 0x0000fffff7f55ce4 in ssl3_write_bytes (s=0xaaaaaab94ca0, type=23, buf_=0xaaaaaab89d90, len=0, written=0xffffffffe8e0) at ../ssl/record/rec_layer_s3.c:390
#12 0x0000fffff7f66b74 in ssl_write_internal (s=s@entry=0xaaaaaab94ca0, buf=buf@entry=0xaaaaaab89d90, num=num@entry=0, written=written@entry=0xffffffffe8e0) at ../ssl/ssl_lib.c:1958
#13 0x0000fffff7f66ca0 in SSL_write (s=s@entry=0xaaaaaab94ca0, buf=buf@entry=0xaaaaaab89d90, num=num@entry=0) at ../ssl/ssl_lib.c:1972
#14 0x0000aaaaaab00250 in s_client_main (argc=<optimized out>, argv=<optimized out>) at ../apps/s_client.c:2859
#15 0x0000aaaaaaaeffd4 in do_cmd (prog=0xaaaaaab84740, argc=4, argv=0xfffffffff480) at ../apps/openssl.c:570
#16 0x0000aaaaaaadcc04 in main (argc=4, argv=0xfffffffff480) at ../apps/openssl.c:189
(gdb) finish
Run till exit from #0 poly1305_blocks_neon () at crypto/poly1305/poly1305-armv8.S:223

Program received signal SIGSEGV, Segmentation fault.
0x0020fffff7e082dc in ?? ()
(gdb) bt
#0 0x0020fffff7e082dc in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb)

To reproduce, be on an Arm v8.3 processor and do the following:

Breakpoint 1, main (argc=5, argv=0xfffffffff478) at ../apps/openssl.c:120
120	../apps/openssl.c: No such file or directory.
(gdb) break ../crypto/poly1305/poly1305.c:502
Breakpoint 2 at 0xfffff7e082c8: file ../crypto/poly1305/poly1305.c, line 502.
(gdb) c
Continuing.
CONNECTED(00000003)

Breakpoint 2, Poly1305_Update (ctx=ctx@entry=0xaaaaaaba97f0, inp=<optimized out>, inp@entry=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>, len=992, len@entry=1001)
    at ../crypto/poly1305/poly1305.c:502
502	../crypto/poly1305/poly1305.c: No such file or directory.
(gdb) s
poly1305_blocks_neon () at crypto/poly1305/poly1305-armv8.S:223
223	crypto/poly1305/poly1305-armv8.S: No such file or directory.
(gdb) bt
#0  poly1305_blocks_neon () at crypto/poly1305/poly1305-armv8.S:223
#1  0x0000fffff7e082dc in Poly1305_Update (ctx=ctx@entry=0xaaaaaaba97f0, inp=<optimized out>, inp@entry=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>, 
    len=<optimized out>, len@entry=1001) at ../crypto/poly1305/poly1305.c:502
#2  0x0000fffff7dd7834 in chacha20_poly1305_cipher (ctx=0xaaaaaaba95b0, out=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>, 
    in=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>, len=1001) at ../crypto/evp/e_chacha20_poly1305.c:419
#3  0x0000fffff7ddc214 in EVP_DecryptUpdate (inl=1001, in=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>, outl=0xffffffffe360, 
    out=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>, ctx=0xaaaaaaba95b0) at ../crypto/evp/evp_enc.c:498
#4  EVP_DecryptUpdate (ctx=0xaaaaaaba95b0, out=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>, outl=0xffffffffe360, 
    in=0xaaaaaab9e098 "\362Hd\025\245\223\351f\027\265 b䓁\207<s\261\027\036\230\031Y/\031M\307D\"F\370", <incomplete sequence \356>, inl=1001) at ../crypto/evp/evp_enc.c:464
#5  0x0000fffff7f59d8c in tls13_enc (s=0xaaaaaab94ca0, recs=0xaaaaaab95a28, n_recs=<optimized out>, sending=0) at ../ssl/record/ssl3_record_tls13.c:173
#6  0x0000fffff7f58748 in ssl3_get_record (s=s@entry=0xaaaaaab94ca0) at ../ssl/record/ssl3_record.c:529
#7  0x0000fffff7f55fc0 in ssl3_read_bytes (s=0xaaaaaab94ca0, type=22, recvd_type=0xffffffffe5ec, buf=0xaaaaaab98b30 "\002", len=4, peek=0, readbytes=0xffffffffe5f0) at ../ssl/record/rec_layer_s3.c:1323
#8  0x0000fffff7f84800 in tls_get_message_header (s=s@entry=0xaaaaaab94ca0, mt=mt@entry=0xffffffffe68c) at ../ssl/statem/statem_lib.c:1160
#9  0x0000fffff7f7af74 in read_state_machine (s=0xaaaaaab94ca0) at ../ssl/statem/statem.c:579
#10 state_machine (s=0xaaaaaab94ca0, server=0) at ../ssl/statem/statem.c:434
#11 0x0000fffff7f55ce4 in ssl3_write_bytes (s=0xaaaaaab94ca0, type=23, buf_=0xaaaaaab89d90, len=0, written=0xffffffffe8e0) at ../ssl/record/rec_layer_s3.c:390
#12 0x0000fffff7f66b74 in ssl_write_internal (s=s@entry=0xaaaaaab94ca0, buf=buf@entry=0xaaaaaab89d90, num=num@entry=0, written=written@entry=0xffffffffe8e0) at ../ssl/ssl_lib.c:1958
#13 0x0000fffff7f66ca0 in SSL_write (s=s@entry=0xaaaaaab94ca0, buf=buf@entry=0xaaaaaab89d90, num=num@entry=0) at ../ssl/ssl_lib.c:1972
#14 0x0000aaaaaab00250 in s_client_main (argc=<optimized out>, argv=<optimized out>) at ../apps/s_client.c:2859
#15 0x0000aaaaaaaeffd4 in do_cmd (prog=0xaaaaaab84740, argc=4, argv=0xfffffffff480) at ../apps/openssl.c:570
#16 0x0000aaaaaaadcc04 in main (argc=4, argv=0xfffffffff480) at ../apps/openssl.c:189
(gdb) finish
Run till exit from #0  poly1305_blocks_neon () at crypto/poly1305/poly1305-armv8.S:223

Program received signal SIGSEGV, Segmentation fault.
0x0020fffff7e082dc in ?? ()
(gdb) bt
#0  0x0020fffff7e082dc in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb)

Ubuntuopenssl package

Comment 16 for bug 1951279

Ubuntu
openssl package