When trying to produce a port for deltachat-rpc-server 2.53.0, I stumbled on a problem with the aws_lc_rc crate which is used for TLS.

The port builds two executables deltachat-rpc-server and deltachat-repl which reliably crash when making a TLS connection:

Thread 2 "tokio-rt-worker" received signal SIGSEGV, Segmentation fault.
0x... in aws_lc_0_41_0_curve25519_x25519base ()

I suspect this is similar to the exec-only violations which were encountered with the ring-0.16 crate, where key algorithms making use of assembly-language code are attempting to read from an executable-only region, /usr/local mounted with wxallowed. This led to the making of the security/rust-ring port maintained by tb@.

I managed to patch deltachat-rpc-server to use ring-0.17 instead of aws_lc_rs, and this now connects reliably with TLS. I will continue to test.

Further details I hope are useful and don't get email-mangled too much:

Thread 2 "tokio-rt-worker" received signal SIGSEGV, Segmentation fault.
[Switching to thread 545152 of process 63390]
0x000007098249f9d3 in aws_lc_0_41_0_curve25519_x25519base ()
(gdb) x/i $pc
=> 0x7098249f9d3 <aws_lc_0_41_0_curve25519_x25519base+95>: mov (%r10),%rax

$ objdump -t /usr/local/bin/deltachat-repl | \
> grep x25519base_edwards25519_0g
0000000002c827ef l .text 0000000000000000 Lcurve25519_x25519base_edwards25519_0g

(gdb) disas /r aws_lc_0_41_0_curve25519_x25519base,+200
Dump of assembler code from 0x7098249f974 to 0x7098249fa3c:
0x000007098249f974 <aws_lc_0_41_0_curve25519_x25519base+0>: f3 0f 1e fa endbr64 0x000007098249f978 <aws_lc_0_41_0_curve25519_x25519base+4>: 53 push %rbx 0x000007098249f979 <aws_lc_0_41_0_curve25519_x25519base+5>: 55 push %rbp 0x000007098249f97a <aws_lc_0_41_0_curve25519_x25519base+6>: 41 54 push %r12 0x000007098249f97c <aws_lc_0_41_0_curve25519_x25519base+8>: 41 55 push %r13 0x000007098249f97e <aws_lc_0_41_0_curve25519_x25519base+10>: 41 56 push %r14 0x000007098249f980 <aws_lc_0_41_0_curve25519_x25519base+12>: 41 57 push %r15 0x000007098249f982 <aws_lc_0_41_0_curve25519_x25519base+14>: 48 81 ec e8 01 00 00 sub $0x1e8,%rsp 0x000007098249f989 <aws_lc_0_41_0_curve25519_x25519base+21>: 48 89 bc 24 c0 01 00 00 mov %rdi,0x1c0(%rsp) 0x000007098249f991 <aws_lc_0_41_0_curve25519_x25519base+29>: 48 8b 06 mov (%rsi),%rax 0x000007098249f994 <aws_lc_0_41_0_curve25519_x25519base+32>: 48 89 04 24 mov %rax,(%rsp) 0x000007098249f998 <aws_lc_0_41_0_curve25519_x25519base+36>: 48 8b 46 08 mov 0x8(%rsi),%rax 0x000007098249f99c <aws_lc_0_41_0_curve25519_x25519base+40>: 48 89 44 24 08 mov %rax,0x8(%rsp) 0x000007098249f9a1 <aws_lc_0_41_0_curve25519_x25519base+45>: 48 8b 46 10 mov 0x10(%rsi),%rax 0x000007098249f9a5 <aws_lc_0_41_0_curve25519_x25519base+49>: 48 89 44 24 10 mov %rax,0x10(%rsp) 0x000007098249f9aa <aws_lc_0_41_0_curve25519_x25519base+54>: 48 b8 ff ff ff ff ff ff ff 3f movabs $0x3fffffffffffffff,%rax 0x000007098249f9b4 <aws_lc_0_41_0_curve25519_x25519base+64>: 48 23 46 18 and 0x18(%rsi),%rax 0x000007098249f9b8 <aws_lc_0_41_0_curve25519_x25519base+68>: 48 89 44 24 18 mov %rax,0x18(%rsp) 0x000007098249f9bd <aws_lc_0_41_0_curve25519_x25519base+73>: 48 8b 04 24 mov (%rsp),%rax 0x000007098249f9c1 <aws_lc_0_41_0_curve25519_x25519base+77>: 48 83 e0 08 and $0x8,%rax 0x000007098249f9c5 <aws_lc_0_41_0_curve25519_Thread 2 "tokio-rt-worker" received signal SIGSEGV, Segmentation fault.
[Switching to thread 460650 of process 4252]
0x00000afc2b6a69d3 in aws_lc_0_41_0_curve25519_x25519base ()
(gdb) bt
#0  0x00000afc2b6a69d3 in aws_lc_0_41_0_curve25519_x25519base ()
#1  0x00000afc2b54025d in aws_lc_0_41_0_X25519_keypair ()
#2  0x00000afc2b521bbe in pkey_x25519_keygen ()
#3  0x00000afc2b55ab8c in aws_lc_0_41_0_EVP_PKEY_keygen ()
#4 0x00000afc2b51350a in aws_lc_rs::evp_pkey::<impl aws_lc_rs::ptr::ManagedPointer<*mut aws_lc_sys::universal_crypto::evp_pkey_st>>::generate ()
#5  0x00000afc2b4fc570 in aws_lc_rs::agreement::PrivateKey::generate ()
#6 0x00000afc2b4f8e99 in <rustls::crypto::aws_lc_rs::kx::KxGroup as rustls::crypto::SupportedKxGroup>::start () #7 0x00000afc2b46929c in rustls::client::client_conn::<impl rustls::conn::ConnectionCore<rustlsn::ClientConnectionData>>::for_client () #8 0x00000afc2b4be0d4 in rustls::client::client_conn::connection::ClientConnection::new_with_al #9 0x00000afc299b73bd in tokio_rustls::client::TlsConnector::connect_impl ()
#10 0x00000afc29db21a4 in deltachat::net::tls::wrap_tls::{{closure}} ()
#11 0x00000afc29e39155 in deltachat::imap::client::Client::connection_attempt::{{closure}} ()
#12 0x00000afc29cdc4ee in tokio::runtime::task::core::Core<T,S>::poll ()
#13 0x00000afc29ae84d7 in tokio::runtime::task::harness::Harness<T,S>::poll () #14 0x00000afc2bcc0984 in tokio::runtime::scheduler::multi_thread::worker::Context::run_task () #15 0x00000afc2bcbfce0 in tokio::runtime::scheduler::multi_thread::worker::Context::run ()
#16 0x00000afc2bc9a51d in tokio::runtime::context::scoped::Scoped<T>::set ()
#17 0x00000afc2bcbe23f in tokio::runtime::scheduler::multi_thread::worker::run ()
#18 0x00000afc29cd8555 in tokio::runtime::task::core::Core<T,S>::poll ()
#19 0x00000afc29ab2c71 in tokio::runtime::task::harness::Harness<T,S>::poll ()
#20 0x00000afc2bcaecb4 in tokio::runtime::blocking::pool::Inner::run ()
#21 0x00000afc2bc93bb3 in std::sys::backtrace::__rust_begin_short_backtrace () #22 0x00000afc2bc9cdd6 in core::ops::function::FnOnce::call_once{{vtable.shim}} () #23 0x00000afc2be53be0 in std::sys::thread::unix::Thread::new::thread_start () #24 0x00000afe4275c132 in _rthread_start (v=0x0) at /usr/src/lib/librthread/rthread.c:99 #25 0x00000aff0c479aaa in __tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:8 x25519base+81>: 4c 8d 15 23 2e 00 00 lea 0x2e23(%rip),%r10 # 0x709824a27ef <Lcurve25519_x25519base_edwards25519_0g> 0x000007098249f9cc <aws_lc_0_41_0_curve25519_x25519base+88>: 4c 8d 1d 7c 2e 00 00 lea 0x2e7c(%rip),%r11 # 0x709824a284f <Lcurve25519_x25519base_edwards25519_8g> => 0x000007098249f9d3 <aws_lc_0_41_0_curve25519_x25519base+95>: 49 8b 02 mov (%r10),%rax 0x000007098249f9d6 <aws_lc_0_41_0_curve25519_x25519base+98>: 49 8b 0b mov (%r11),%rcx 0x000007098249f9d9 <aws_lc_0_41_0_curve25519_x25519base+101>: 48 0f 45 c1 cmovne %rcx,%rax 0x000007098249f9dd <aws_lc_0_41_0_curve25519_x25519base+105>: 48 89 84 24 80 00 00 00 mov %rax,0x80(%rsp) 0x000007098249f9e5 <aws_lc_0_41_0_curve25519_x25519base+113>: 49 8b 42 08 mov 0x8(%r10),%rax 0x000007098249f9e9 <aws_lc_0_41_0_curve25519_x25519base+117>: 49 8b 4b 08 mov 0x8(%r11),%rcx 0x000007098249f9ed <aws_lc_0_41_0_curve25519_x25519base+121>: 48 0f 45 c1 cmovne %rcx,%rax 0x000007098249f9f1 <aws_lc_0_41_0_curve25519_x25519base+125>: 48 89 84 24 88 00 00 00 mo 0x000007098249f9f9 <aws_lc_0_41_0_curve25519_x25519base+133>: 49 8b 42 10 mo 0x000007098249f9fd <aws_lc_0_41_0_curve25519_x25519base+137>: 49 8b 4b 10 mo 0x000007098249fa01 <aws_lc_0_41_0_curve25519_x25519base+141>: 48 0f 45 c1 cm 0x000007098249fa05 <aws_lc_0_41_0_curve25519_x25519base+145>: 48 89 84 24 90 00 00 00 mo 0x000007098249fa0d <aws_lc_0_41_0_curve25519_x25519base+153>: 49 8b 42 18 mo 0x000007098249fa11 <aws_lc_0_41_0_curve25519_x25519base+157>: 49 8b 4b 18 mo 0x000007098249fa15 <aws_lc_0_41_0_curve25519_x25519base+161>: 48 0f 45 c1 cm 0x000007098249fa19 <aws_lc_0_41_0_curve25519_x25519base+165>: 48 89 84 24 98 00 00 00 mo 0x000007098249fa21 <aws_lc_0_41_0_curve25519_x25519base+173>: 49 8b 42 20 mo
--Type <RET> for more, q to quit, c to continue without paging-- c
0x000007098249fa25 <aws_lc_0_41_0_curve25519_x25519base+177>: 49 8b 4b 20 mo 0x000007098249fa29 <aws_lc_0_41_0_curve25519_x25519base+181>: 48 0f 45 c1 cm 0x000007098249fa2d <aws_lc_0_41_0_curve25519_x25519base+185>: 48 89 84 24 a0 00 00 00 mo 0x000007098249fa35 <aws_lc_0_41_0_curve25519_x25519base+193>: 49 8b 42 28 mo 0x000007098249fa39 <aws_lc_0_41_0_curve25519_x25519base+197>: 49 8b 4b 28 mo
End of assembler dump.

Backtrace from another session:

Thread 2 "tokio-rt-worker" received signal SIGSEGV, Segmentation fault.
[Switching to thread 460650 of process 4252]
0x00000afc2b6a69d3 in aws_lc_0_41_0_curve25519_x25519base ()
(gdb) bt
#0  0x00000afc2b6a69d3 in aws_lc_0_41_0_curve25519_x25519base ()
#1  0x00000afc2b54025d in aws_lc_0_41_0_X25519_keypair ()
#2  0x00000afc2b521bbe in pkey_x25519_keygen ()
#3  0x00000afc2b55ab8c in aws_lc_0_41_0_EVP_PKEY_keygen ()
#4 0x00000afc2b51350a in aws_lc_rs::evp_pkey::<impl aws_lc_rs::ptr::ManagedPointer<*mut aws_lc_sys::universal_crypto::evp_pkey_st>>::generate ()
#5  0x00000afc2b4fc570 in aws_lc_rs::agreement::PrivateKey::generate ()
#6 0x00000afc2b4f8e99 in <rustls::crypto::aws_lc_rs::kx::KxGroup as rustls::crypto::SupportedKxGroup>::start () #7 0x00000afc2b46929c in rustls::client::client_conn::<impl rustls::conn::ConnectionCore<rustlsn::ClientConnectionData>>::for_client () #8 0x00000afc2b4be0d4 in rustls::client::client_conn::connection::ClientConnection::new_with_al #9 0x00000afc299b73bd in tokio_rustls::client::TlsConnector::connect_impl ()
#10 0x00000afc29db21a4 in deltachat::net::tls::wrap_tls::{{closure}} ()
#11 0x00000afc29e39155 in deltachat::imap::client::Client::connection_attempt::{{closure}} ()
#12 0x00000afc29cdc4ee in tokio::runtime::task::core::Core<T,S>::poll ()
#13 0x00000afc29ae84d7 in tokio::runtime::task::harness::Harness<T,S>::poll () #14 0x00000afc2bcc0984 in tokio::runtime::scheduler::multi_thread::worker::Context::run_task () #15 0x00000afc2bcbfce0 in tokio::runtime::scheduler::multi_thread::worker::Context::run ()
#16 0x00000afc2bc9a51d in tokio::runtime::context::scoped::Scoped<T>::set ()
#17 0x00000afc2bcbe23f in tokio::runtime::scheduler::multi_thread::worker::run ()
#18 0x00000afc29cd8555 in tokio::runtime::task::core::Core<T,S>::poll ()
#19 0x00000afc29ab2c71 in tokio::runtime::task::harness::Harness<T,S>::poll ()
#20 0x00000afc2bcaecb4 in tokio::runtime::blocking::pool::Inner::run ()
#21 0x00000afc2bc93bb3 in std::sys::backtrace::__rust_begin_short_backtrace () #22 0x00000afc2bc9cdd6 in core::ops::function::FnOnce::call_once{{vtable.shim}} () #23 0x00000afc2be53be0 in std::sys::thread::unix::Thread::new::thread_start () #24 0x00000afe4275c132 in _rthread_start (v=0x0) at /usr/src/lib/librthread/rthread.c:99 #25 0x00000aff0c479aaa in __tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:8

The relevant Cargo.toml entry was:

tokio-rustls = { version = "0.26.2",
                 default-features = false,
                 features = ["aws-lc-rs", "tls12"] }

This probably affects other rust ports because aws-lc-rs is the default feature for current versions of rustls. I hope the above info is helpful: I have reached the limits of my understanding however. I will keep a broken version of the package aside in case any more debugging info is needed.

regards
Chris

Reply via email to