Hi Adrien, You subscribed ubuntu-sponsors, do you have any debdiff or MP to be reviewed? Sorry, I did not find anything ready to review. Without that I believe the best way is to unsubscribe ubuntu-sponsors until there is something ready to be uploaded.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2023545 Title: [UBUNTU 22.04] openssl with ibmca engine configured dumps core when creating a new certificate Status in Ubuntu on IBM z Systems: In Progress Status in openssl package in Ubuntu: In Progress Status in openssl source package in Jammy: In Progress Status in openssl source package in Lunar: Fix Released Bug description: === SRU information === [Meta] This bug is part of a series of four bugs for a single SRU. The "central" bug with the global information and debdiff is http://pad.lv/2033422 [Impact] Openssl using an engine dumps core upon certificate creation; other operations are probably affected too. Overall, engines are likely mostly unusable. [Test plan] An engine is needed to test the fix and I don't think we have many in the archive. This complicates reproducing the issue. I have been relying on user reports which have been very detailled and helpful. The issue has also been reported independently and with another engine (devcrypto). The issue is fixed in openssl 3.0.8 which landed in lunar. [Where problems could occur] I don't pretend to understand the lifecycle of providers in openssl3 but the patch is simple and has been widely tested by now, including on ubuntu. Thus, I see little chance an unexpected problem would occur with it. [Patches] The patches come directly from upstream and apply cleanly. https://github.com/openssl/openssl/issues/18578 * https://git.launchpad.net/~adrien-n/ubuntu/+source/openssl/tree/debian/patches/jammy- sru-0001-Release-the-drbg-in-the-global-default-context- befor.patch?h=jammy-sru&id=04ef023920ab08fba214817523fba897527dfff0 === Original description === openssl req -new -newkey rsa:2048 -x509 -sha256 -nodes -out __cert.pem -keyout __key.pem --subj '/CN=US' ---Problem Description--- OpenSSL with ibmca engine configured dumps core when creating a new certificate. # openssl engine (dynamic) Dynamic engine loading support (ibmca) Ibmca hardware engine support # openssl req -new -newkey rsa:2048 -x509 -sha256 -nodes -out __cert.pem -keyout __key.pem --subj '/CN=US' Segmentation fault (core dumped) # journalctl Jun 07 13:06:08 SYSTEM kernel: User process fault: interruption code 003b ilc:2 in libc.so.6[3ffae080000+1ca000] Jun 07 13:06:08 SYSTEM kernel: Failing address: 0000000000000000 TEID: 0000000000000800 Jun 07 13:06:08 SYSTEM kernel: Fault in primary space mode while using user ASCE. Jun 07 13:06:08 SYSTEM kernel: AS:000000009c2941c7 R3:0000000000000024 Jun 07 13:06:08 SYSTEM kernel: CPU: 2 PID: 2344 Comm: openssl Kdump: loaded Not tainted 5.15.0-73-generic #80-Ubuntu Jun 07 13:06:08 SYSTEM kernel: Hardware name: IBM 3931 A01 703 (z/VM 7.3.0) Jun 07 13:06:08 SYSTEM kernel: User PSW : 0705000180000000 000003ffae11c708 Jun 07 13:06:08 SYSTEM kernel: R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:1 AS:0 CC:0 PM:0 RI:0 EA:3 Jun 07 13:06:08 SYSTEM kernel: User GPRS: 0000000000000007 000003ffae11c6f0 0000000000000000 000002aa3289f9d0 Jun 07 13:06:08 SYSTEM kernel: 000002aa1825980f 000002aa3289f9d0 0000000000000000 000002aa328a4300 Jun 07 13:06:08 SYSTEM kernel: 000003ffae870720 000003ffae657128 000002aa000003ff 0000000000000000 Jun 07 13:06:08 SYSTEM kernel: 000003ffae24dd10 000003ffae657120 000003ffae437c22 000003ffec2fe000 Jun 07 13:06:08 SYSTEM kernel: User Code: 000003ffae11c6fc: b90400b2 lgr %r11,%r2 000003ffae11c700: 47000000 bc 0,0 #000003ffae11c704: b24f00a0 ear %r10,%a0 >000003ffae11c708: 58102018 l %r1,24(%r2) 000003ffae11c70c: ebaa0020000d sllg %r10,%r10,32 000003ffae11c712: b24f00a1 ear %r10,%a1 000003ffae11c716: 5910a0d0 c %r1,208(%r10) 000003ffae11c71a: a7840033 brc 8,000003ffae11c780 Jun 07 13:06:08 SYSTEM kernel: Last Breaking-Event-Address: Jun 07 13:06:08 SYSTEM kernel: [<000003ffae33242c>] 0x3ffae33242c Jun 07 13:06:08 SYSTEM systemd[1]: Started Process Core Dump (PID 2345/UID 0). Jun 07 13:06:08 SYSTEM systemd-coredump[2350]: Process 2344 (openssl) of user 0 dumped core. Found module linux-vdso64.so.1 with build-id: bcfab8ac8dbd44c758c3c5494e2952db16905d2e Found module libica.so.4 with build-id: 0cc5ace50644dfba6d0ecf4f783477cd04a55731 Found module ibmca.so with build-id: 27daaf0ed1857fdad3761c2b3db21020999eee08 Found module ld64.so.1 with build-id: 31d4856f0ba9ea058c91a34f4d684ae0fe01964c Found module libc.so.6 with build-id: 74250317950da91d3345f258cb2dd12d22c3f2e5 Found module libcrypto.so.3 with build-id: a27f20e6cf293f214d459530ce2c0b2b52fdbdb4 Found module libssl.so.3 with build-id: e2c031c3dac06b5ce43bdea022aee7989f78dde4 Found module openssl with build-id: ed0fe325182e99d135ee6b08e6d90a9d1c42af7f Stack trace of thread 2344: #0 0x000003ffae11c708 __pthread_rwlock_wrlock_full64 (libc.so.6 + 0x9c708) #1 0x000003ffae437c22 CRYPTO_THREAD_write_lock (libcrypto.so.3 + 0x1b7c22) #2 0x000003ffae3e3472 ENGINE_finish (libcrypto.so.3 + 0x163472) #3 0x000003ffae406844 EVP_CIPHER_CTX_reset (libcrypto.so.3 + 0x186844) #4 0x000003ffae40688c EVP_CIPHER_CTX_free (libcrypto.so.3 + 0x18688c) #5 0x000003ffae4f903c n/a (libcrypto.so.3 + 0x27903c) #6 0x000003ffae40ca98 EVP_RAND_CTX_free (libcrypto.so.3 + 0x18ca98) #7 0x000003ffae461a92 n/a (libcrypto.so.3 + 0x1e1a92) #8 0x000003ffae430b9c CRYPTO_free_ex_data (libcrypto.so.3 + 0x1b0b9c) #9 0x000003ffae4293ca n/a (libcrypto.so.3 + 0x1a93ca) #10 0x000003ffae4335e8 OPENSSL_cleanup (libcrypto.so.3 + 0x1b35e8) #11 0x000003ffae0cb6cc __run_exit_handlers (libc.so.6 + 0x4b6cc) #12 0x000003ffae0cb790 __GI_exit (libc.so.6 + 0x4b790) #13 0x000002aa31847c06 main (openssl + 0x47c06) #14 0x000003ffae0aa712 __libc_start_call_main (libc.so.6 + 0x2a712) #15 0x000003ffae0aa7f0 __libc_start_main_impl (libc.so.6 + 0x2a7f0) #16 0x000002aa31848070 n/a (openssl + 0x48070) Jun 07 13:06:08 SYSTEM systemd[1]: systemd-coredump@12-2345-0.service: Deactivated successfully. Jun 07 13:06:31 SYSTEM kernel: User process fault: interruption code 003b ilc:2 in libc.so.6[3ffbee00000+1ca000] Jun 07 13:06:31 SYSTEM kernel: Failing address: 0000000000000000 TEID: 0000000000000800 Jun 07 13:06:31 SYSTEM kernel: Fault in primary space mode while using user ASCE. Jun 07 13:06:31 SYSTEM kernel: AS:000000009c2941c7 R3:0000000000000024 Jun 07 13:06:31 SYSTEM kernel: CPU: 2 PID: 2356 Comm: openssl Kdump: loaded Not tainted 5.15.0-73-generic #80-Ubuntu Jun 07 13:06:31 SYSTEM kernel: Hardware name: IBM 3931 A01 703 (z/VM 7.3.0) Jun 07 13:06:31 SYSTEM kernel: User PSW : 0705000180000000 000003ffbee9c708 Jun 07 13:06:31 SYSTEM kernel: R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:1 AS:0 CC:0 PM:0 RI:0 EA:3 Jun 07 13:06:31 SYSTEM kernel: User GPRS: 0000000000000007 000003ffbee9c6f0 0000000000000000 000002aa176569d0 Jun 07 13:06:31 SYSTEM kernel: 000002aa3dc356c6 000002aa176569d0 0000000000000000 000002aa1765b300 Jun 07 13:06:31 SYSTEM kernel: 000003ffbf5f0720 000003ffbf3d7128 000002aa000003ff 0000000000000000 Jun 07 13:06:31 SYSTEM kernel: 000003ffbefcdd10 000003ffbf3d7120 000003ffbf1b7c22 000003ffc4efdd40 Jun 07 13:06:31 SYSTEM kernel: User Code: 000003ffbee9c6fc: b90400b2 lgr %r11,%r2 000003ffbee9c700: 47000000 bc 0,0 #000003ffbee9c704: b24f00a0 ear %r10,%a0 >000003ffbee9c708: 58102018 l %r1,24(%r2) 000003ffbee9c70c: ebaa0020000d sllg %r10,%r10,32 000003ffbee9c712: b24f00a1 ear %r10,%a1 000003ffbee9c716: 5910a0d0 c %r1,208(%r10) 000003ffbee9c71a: a7840033 brc 8,000003ffbee9c780 Jun 07 13:06:31 SYSTEM kernel: Last Breaking-Event-Address: Jun 07 13:06:31 SYSTEM kernel: [<000003ffbf0b242c>] 0x3ffbf0b242c Jun 07 13:06:32 SYSTEM systemd[1]: Started Process Core Dump (PID 2357/UID 0). Jun 07 13:06:32 SYSTEM systemd-coredump[2362]: Process 2356 (openssl) of user 0 dumped core. Found module linux-vdso64.so.1 with build-id: bcfab8ac8dbd44c758c3c5494e2952db16905d2e Found module libica.so.4 with build-id: 0cc5ace50644dfba6d0ecf4f783477cd04a55731 Found module ibmca.so with build-id: 27daaf0ed1857fdad3761c2b3db21020999eee08 Found module ld64.so.1 with build-id: 31d4856f0ba9ea058c91a34f4d684ae0fe01964c Found module libc.so.6 with build-id: 74250317950da91d3345f258cb2dd12d22c3f2e5 Found module libcrypto.so.3 with build-id: a27f20e6cf293f214d459530ce2c0b2b52fdbdb4 Found module libssl.so.3 with build-id: e2c031c3dac06b5ce43bdea022aee7989f78dde4 Found module openssl with build-id: ed0fe325182e99d135ee6b08e6d90a9d1c42af7f Stack trace of thread 2356: #0 0x000003ffbee9c708 __pthread_rwlock_wrlock_full64 (libc.so.6 + 0x9c708) #1 0x000003ffbf1b7c22 CRYPTO_THREAD_write_lock (libcrypto.so.3 + 0x1b7c22) #2 0x000003ffbf163472 ENGINE_finish (libcrypto.so.3 + 0x163472) #3 0x000003ffbf186844 EVP_CIPHER_CTX_reset (libcrypto.so.3 + 0x186844) #4 0x000003ffbf18688c EVP_CIPHER_CTX_free (libcrypto.so.3 + 0x18688c) #5 0x000003ffbf27903c n/a (libcrypto.so.3 + 0x27903c) #6 0x000003ffbf18ca98 EVP_RAND_CTX_free (libcrypto.so.3 + 0x18ca98) #7 0x000003ffbf1e1a92 n/a (libcrypto.so.3 + 0x1e1a92) #8 0x000003ffbf1b0b9c CRYPTO_free_ex_data (libcrypto.so.3 + 0x1b0b9c) #9 0x000003ffbf1a93ca n/a (libcrypto.so.3 + 0x1a93ca) #10 0x000003ffbf1b35e8 OPENSSL_cleanup (libcrypto.so.3 + 0x1b35e8) #11 0x000003ffbee4b6cc __run_exit_handlers (libc.so.6 + 0x4b6cc) #12 0x000003ffbee4b790 __GI_exit (libc.so.6 + 0x4b790) #13 0x000002aa161c7c06 main (openssl + 0x47c06) #14 0x000003ffbee2a712 __libc_start_call_main (libc.so.6 + 0x2a712) #15 0x000003ffbee2a7f0 __libc_start_main_impl (libc.so.6 + 0x2a7f0) #16 0x000002aa161c8070 n/a (openssl + 0x48070) Contact Information = grgo.mari...@ibm.com christian.r...@de.ibm.com ---uname output--- Linux SYSTEM 5.15.0-73-generic #80-Ubuntu SMP Mon May 15 15:23:03 UTC 2023 s390x s390x s390x GNU/Linux Machine Type = Manufacturer: IBM Type: 3931 Model: 703 A01 ---Steps to Reproduce--- 1. Configure openssl to be used with ibmca engine. 2. run the following command: # openssl req -new -newkey rsa:2048 -x509 -sha256 -nodes -out __cert.pem -keyout __key.pem --subj '/CN=US' 3. Check the syslog Userspace tool common name: openssl The userspace tool has the following bit modes: 64 Userspace rpm: openssl 3.0.2-0ubuntu1.10 s390x Userspace tool obtained from project website: na == Comment: #1 - Grgo =============================================== Further investigations point to this open issue on openssl repository https://github.com/openssl/openssl/issues/18578 The default_algorithms declaration of RAND and others has no effect on the behaviour of this problem. == Comment: #2 - Ingo - 2023-06-12 06:05:20 ========================= The OpenSSL fix for the mentioned issue https://github.com/openssl/openssl/issues/18578 is commit https://github.com/openssl/openssl/commit/a88e97fcace01ecf557b207f04328a72df5110df in the master branch. The corresponding commit for the openssl-3.0 branch is https://github.com/openssl/openssl/commit/d0f8056c47f7aea40a34815fe459404f14501e81 This commit is included in OpenSSL 3.0.8. Please include this commit into the OpenSSL package shipped with 22.04 (and later releases). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2023545/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
