Here's an interesting data point. If I run this under valgrind:
$ valgrind openssl s_client -showcerts -connect graph.facebook.com:443
==36982== Memcheck, a memory error detector
==36982== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==36982== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==36982== Command: openssl s_client -showcerts -connect graph.facebook.com:443
==36982==
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High
Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2
High Assurance Server CA
verify return:1
depth=0 C = US, ST = California, L = Menlo Park, O = "Facebook, Inc.", CN =
*.facebook.com
verify return:1
---
Certificate chain
0 s:C = US, ST = California, L = Menlo Park, O = "Facebook, Inc.", CN =
*.facebook.com
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High
Assurance Server CA
-----BEGIN CERTIFICATE-----
MIIGkTCCBXmgAwIBAgIQCivCRFoplTX8XaBRF4f4wDANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0yMTEwMDMwMDAwMDBaFw0yMjAxMDEyMzU5NTla
MGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN
ZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m
YWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ9cpj/+XqZgH6d
qstfu/ZUoA+jNBS8A2pE9naG2+/1fDQbFhAK/4N1wNQ69xh2o1KbUId1Qi9sDCWk
Fu6s9XAqo4ID9zCCA/MwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjsw
HQYDVR0OBBYEFLARiFqEkLy4TD1U7suyuVQuqD6/MIG1BgNVHREEga0wgaqCDiou
ZmFjZWJvb2suY29tgg4qLmZhY2Vib29rLm5ldIILKi5mYmNkbi5uZXSCCyouZmJz
YnguY29tghAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDioueHgu
ZmJjZG4ubmV0gg4qLnh5LmZiY2RuLm5ldIIOKi54ei5mYmNkbi5uZXSCDGZhY2Vi
b29rLmNvbYINbWVzc2VuZ2VyLmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9j
cmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0
dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwPgYD
VR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdp
Y2VydC5jb20vQ1BTMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6
Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMu
ZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5j
cnQwDAYDVR0TAQH/BAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYAKXm+
8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF8Q4ALtQAABAMARzBFAiAB
3r54JbfoFtjAqiLdaY6fXb/o1jjaT9u4XCdN5xu7NAIhAKGf3c1Jzs2cXQcAu422
KlF9P2lXrpZyMmP4rJYTuev2AHYAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN
/tSLBeUAAAF8Q4AL8AAABAMARzBFAiEAq7yuxzQO7e+txL6xITlC/qIHDYvapOTh
Tl4NHC+rOj0CIFHm8wXHI/F0gsWQVv5Ot8Ij4RuEZEVMMau/AEMroZ2aAHUAQcjK
sd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF8Q4ALyAAABAMARjBEAiAB
b4Q1lYSN7rcuXUxkIzbum5dVe0caAHuVTYgU00HYkQIgFtebuk3zr+NVZ520RCGZ
fetkFZv08wHf7TJK+JBMnBwwDQYJKoZIhvcNAQELBQADggEBAIcfi8CHi/+QH4cW
BjjDEZnQtPaOG77WtdFW2UK3xt2GKk4qY5rfVKLFGT9vAZRx4ZHFfK6c1IADkNMe
42lwc0+gTBrqrx1Uu+11vAIektX3Lx5xfeCTY604NK1qCC6ISYB/U2NVy2l0skT/
1xKLH87I+P7IwgQtE2en7yt9bu03GPIU0DVkYzqvBxGCq599ae2gYIVZVRSe2Xhp
WVeBB03fhf+NNcbR4LZK7n1ohrUBs7rurc0z6iv8V6qRU+aj8tS8606iQhcjEm9h
SN8G9/0JXXR5oWD/pAScLRtBwvkmDJEyw9lwxiErjgnfFHL0iDUZvqk0gXiQq54v
IK957WY=
-----END CERTIFICATE-----
1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High
Assurance Server CA
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High
Assurance EV Root CA
-----BEGIN CERTIFICATE-----
MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL
MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy
YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2
4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC
Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1
itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn
4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X
sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft
bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA
MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t
L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG
BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ
UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D
aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd
aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH
E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly
/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu
xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF
0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae
cPUeybQ=
-----END CERTIFICATE-----
---
Server certificate
subject=C = US, ST = California, L = Menlo Park, O = "Facebook, Inc.", CN =
*.facebook.com
issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert
SHA2 High Assurance Server CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3228 bytes and written 374 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_CHACHA20_POLY1305_SHA256
Session-ID: BA5E7D3EF0748870F4B94CC6EA59C5C0575EC6E8DBDDD0D9BEFCBDF543E26EC3
Session-ID-ctx:
Resumption PSK:
9A9647E811A905233D1B66E668B6BC8775583D5453E3DBB68186B0E8BDE6C3DC
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 172800 (seconds)
TLS session ticket:
0000 - b4 c8 31 e9 50 5f 01 e3-7a 27 61 3c f1 14 92 e8 ..1.P_..z'a<....
0010 - ab a3 15 9a e0 87 c3 0f-93 0e 56 7b 21 70 82 2b ..........V{!p.+
0020 - 00 00 00 00 90 38 f6 e1-5b 61 49 24 21 c5 50 c8 .....8..[aI$!.P.
0030 - c7 cd 2c 0e 6d a0 5c 5c-19 3f 1d fe 94 fa 36 ef ..,.m.\\.?....6.
0040 - 1a 66 7c 33 e6 d8 47 db-46 ed e2 f9 cb 6f cf bb .f|3..G.F....o..
0050 - 9e 57 0d 6f 23 39 9f d0-74 9b 3b 8b 9c 5f 21 ed .W.o#9..t.;.._!.
0060 - 6e 86 fa 3b d2 99 c9 98-36 62 d8 84 38 aa 14 22 n..;....6b..8.."
0070 - ec cc b7 ca b2 ee 8e 11-87 7e 1d 58 3b e6 a5 1a .........~.X;...
0080 - c5 34 .4
Start Time: 1640448351
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
^C==36982==
==36982== Process terminating with default action of signal 2 (SIGINT)
==36982== at 0x4C8B7BC: select (select.c:53)
==36982== by 0x15DB47: s_client_main (s_client.c:2845)
==36982== by 0x14DFD3: do_cmd (openssl.c:570)
==36982== by 0x13AC03: main (openssl.c:189)
==36982==
==36982== HEAP SUMMARY:
==36982== in use at exit: 208,670 bytes in 4,256 blocks
==36982== total heap usage: 6,290 allocs, 2,034 frees, 563,009 bytes allocated
==36982==
==36982== LEAK SUMMARY:
==36982== definitely lost: 0 bytes in 0 blocks
==36982== indirectly lost: 0 bytes in 0 blocks
==36982== possibly lost: 0 bytes in 0 blocks
==36982== still reachable: 208,670 bytes in 4,256 blocks
==36982== suppressed: 0 bytes in 0 blocks
==36982== Rerun with --leak-check=full to see details of leaked memory
==36982==
==36982== For lists of detected and suppressed errors, rerun with: -s
==36982== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
it not only doesn't report any errors, it finishes and goes into waiting
for input *without* a segmentation fault. Versus:
$ openssl s_client -showcerts -connect graph.facebook.com:443
CONNECTED(00000003)
Segmentation fault (core dumped)
$
This may be a newly discovered race condition of some sort that's only
showing up on some Arm64 platforms (Apple Silicon M1 Max in my case).
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1951279
Title:
OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds
Status in openssl package in Ubuntu:
Incomplete
Bug description:
Description
-----------
It seems that current Ubuntu 20.04 (Focal) distribution for
Arm64/Aarch64 raise a segmentation fault when certain validates some
certificates.
This issue affects only to Arm64/Aarch64 all the tools statically or
dynamically linked with this version of the library are affected
(Libcurl4, Curl, Wget, OpenJDK, Curl-PHP, etc).
Environment and platform
------------------------
Linux 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:29:20 UTC 2021 aarch64
aarch64 aarch64 GNU/Linux
Steps to reproduce
------------------
1. Run:
curl -v https://graph.facebook.com/v12.0/act_111/
or
wget https://graph.facebook.com/v12.0/act_111/
Result received
---------------
Segmentation fault (core dumped)
Notes
-----
This bug was found by the Curl users:
See: https://github.com/curl/curl/issues/8024
I believe that this bug is related to
https://ubuntu.com/security/CVE-2020-1967 that maybe used as a vector
point for code injection.
Actually there isn't any replacement for OpenSSL 1.1.1f for Focal
(Arm64), so it makes difficult to use Ubuntu 20.04 in a production
environment.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1951279/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
