On a fresh Jammy LXC container:
root@rational-polliwog:~# dpkg -l libssl-dev | tail -n 1
ii libssl-dev:amd64 3.0.2-0ubuntu1.4 amd64 Secure Sockets Layer toolkit
- development files
root@rational-polliwog:~# cat <<EOF > openssl_test.c
#include <openssl/evp.h>
int main()
{
EVP_PKEY_Q_keygen(NULL, NULL, "EC", "P-256");
}
EOF
root@rational-polliwog:~# gcc openssl_test.c -lcrypto -lssl -o openssl_test
root@rational-polliwog:~# ./openssl_test
root@rational-polliwog:~# echo $?
0
Marking as verified.
** Tags removed: verification-needed verification-needed-jammy
** Tags added: verification-done verification-done-jammy
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1974037
Title:
openssl: EVP_EC_gen() segfault without init
Status in openssl package in Ubuntu:
Fix Released
Status in openssl source package in Jammy:
Fix Committed
Status in openssl source package in Kinetic:
Fix Released
Status in openssl package in Debian:
Fix Released
Bug description:
[Impact]
The fix for
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997 has
broken some code paths as the new string comparison functions now need
initialization, triggering segafults.
The provided debdiff fixes the immediate issue and also settles on a
new implementation not requiring the initialization in the first
place.
[Test Plan]
Since this is a regression fix, we first need to check that the
original bug hasn't cropped up again:
sudo locale-gen tr_TR.UTF-8
LANG=C curl https://ubuntu.com/ > /dev/null # This work
LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This should work as
well
For the regression itself:
sudo apt install libssl-dev
cat <<EOF > openssl_test.c
#include <openssl/evp.h>
int main()
{
EVP_PKEY_Q_keygen(NULL, NULL, "EC", "P-256");
}
EOF
gcc openssl_test.c -lcrypto -lssl -o openssl_test
./openssl_test
[Where problems could occur]
This new patch set is relatively massive, on top of another massive one.
Some new regressions could crop up of a similar kind. Furthermore, the
homegrown string comparison function could be buggy, leading to algorithm
name mismatches.
[Other info]
The patches all come from upstream and have been merged on their 3.0
maintenance branch.
[Original report]
Source: sscg
Version: 3.0.2-1
Severity: serious
Tags: ftbfs
https://buildd.debian.org/status/logs.php?pkg=sscg&ver=3.0.2-1%2Bb1
...
1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11
SIGSEGV
04:32:21 MALLOC_PERTURB_=87
/<<PKGBUILDDIR>>/obj-x86_64-linux-gnu/generate_rsa_key_test
...
Summary of Failures:
1/10 generate_rsa_key_test FAIL 0.01s killed by signal
11 SIGSEGV
Ok: 9
Expected Fail: 0
Fail: 1
Unexpected Pass: 0
Skipped: 0
Timeout: 0
dh_auto_test: error: cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8
MESON_TESTTHREADS=4 ninja test returned exit code 1
make: *** [debian/rules:6: binary-arch] Error 25
This has also been reported on the openssl-users mailing list:
https://www.mail-archive.com/openssl-users@openssl.org/msg90830.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
