Bug 1962052
| Summary: | lasso: Port to OpenSSL 3.0 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Sahana Prasad <sahana> |
| Component: | lasso | Assignee: | Jakub Hrozek <jhrozek> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Scott Poore <spoore> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | CentOS Stream | CC: | bstinson, fweimer, jhrozek, jwboyer, sahana, sgoveas, spoore, thalman |
| Target Milestone: | beta | Keywords: | Triaged |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | lasso-2.7.0-2.ssl3 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-12-07 21:50:14 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1958021 | ||
|
Comment 1
Jakub Hrozek
2021-05-19 10:02:13 UTC
Hi Sahana, before I dive any deeper, are there any known bugs in openssl 3.0 wrt memory handling? It seems that the tests are segfaulting with openssl 3.0, but work fine with 1.1. valgrind is showing me: ==1425128== at 0x4F21E64: RSA_sign (rsa_sign.c:282) ==1425128== by 0x434013: lasso_query_sign (tools.c:621) ==1425128== by 0x480FEE: lasso_saml20_profile_export_to_query (profile.c:1185) ==1425128== by 0x4811D6: lasso_saml20_profile_build_http_redirect (profile.c:1225) ==1425128== by 0x47F5E4: lasso_saml20_profile_build_redirect_request_msg (profile.c:881) ==1425128== by 0x47FD61: lasso_saml20_profile_build_request_msg (profile.c:995) ==1425128== by 0x473128: lasso_saml20_login_build_authn_request_msg (login.c:271) ==1425128== by 0x4532F3: lasso_login_build_authn_request_msg (login.c:1129) ==1425128== by 0x416AC6: test16_test_get_issuer_fn (basic_tests.c:2129) ==1425128== by 0x5153785: tcase_run_tfun_nofork (check_run.c:420) ==1425128== by 0x5153EA9: UnknownInlinedFun (check_run.c:263) ==1425128== by 0x5153EA9: UnknownInlinedFun (check_run.c:402) ==1425128== by 0x5153EA9: UnknownInlinedFun (check_run.c:222) ==1425128== by 0x5153EA9: srunner_run_tagged (check_run.c:814) ==1425128== by 0x408A9D: main (tests.c:183) ==1425128== Address 0x7a56878 is 24 bytes before a block of size 88 free'd ==1425128== at 0x48410E4: free (vg_replace_malloc.c:755) ==1425128== by 0x55AFCB0: CRYPTO_clear_realloc (mem.c:290) ==1425128== by 0x5526958: BUF_MEM_grow_clean (buffer.c:135) ==1425128== by 0x5514135: mem_write (bss_mem.c:236) ==1425128== by 0x5504D60: BIO_puts (bio_lib.c:408) ==1425128== by 0x55C3F3D: UnknownInlinedFun (pem_lib.c:873) ==1425128== by 0x55C3F3D: PEM_read_bio_ex (pem_lib.c:933) ==1425128== by 0x55C0C95: PEM_X509_INFO_read_bio (pem_info.c:65) ==1425128== by 0x55FF87A: UnknownInlinedFun (by_file.c:202) ==1425128== by 0x55FF87A: X509_load_cert_crl_file (by_file.c:188) ==1425128== by 0x55FF9F1: UnknownInlinedFun (by_file.c:51) ==1425128== by 0x55FF9F1: by_file_ctrl (by_file.c:40) ==1425128== by 0x55FBA43: X509_STORE_set_default_paths (x509_d2.c:22) ==1425128== by 0x4A38267: xmlSecOpenSSLX509StoreInitialize (x509vfy.c:582) ==1425128== by 0x4A709D1: xmlSecKeyDataStoreCreate (keysdata.c:1239) ==1425128== Block was alloc'd at ==1425128== at 0x483E86F: malloc (vg_replace_malloc.c:380) ==1425128== by 0x5526958: BUF_MEM_grow_clean (buffer.c:135) ==1425128== by 0x5514135: mem_write (bss_mem.c:236) ==1425128== by 0x5504D60: BIO_puts (bio_lib.c:408) ==1425128== by 0x55C3F3D: UnknownInlinedFun (pem_lib.c:873) ==1425128== by 0x55C3F3D: PEM_read_bio_ex (pem_lib.c:933) ==1425128== by 0x55C0C95: PEM_X509_INFO_read_bio (pem_info.c:65) ==1425128== by 0x55FF87A: UnknownInlinedFun (by_file.c:202) ==1425128== by 0x55FF87A: X509_load_cert_crl_file (by_file.c:188) ==1425128== by 0x55FF9F1: UnknownInlinedFun (by_file.c:51) ==1425128== by 0x55FF9F1: by_file_ctrl (by_file.c:40) ==1425128== by 0x55FBA43: X509_STORE_set_default_paths (x509_d2.c:22) ==1425128== by 0x4A38267: xmlSecOpenSSLX509StoreInitialize (x509vfy.c:582) ==1425128== by 0x4A709D1: xmlSecKeyDataStoreCreate (keysdata.c:1239) ==1425128== by 0x4A18EBC: UnknownInlinedFun (crypto.c:382) ==1425128== by 0x4A18EBC: xmlSecOpenSSLKeysMngrInit (crypto.c:372) I realize big chunks of the backtrace are coming from xmlsec and/or lasso but still, does this backtrace ring a bell? Would it help to prepare a more minimal reproducer? Verified. Version :: lasso-2.7.0-3.el9.x86_64 Results :: build.log: Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.4)(64bit) libcrypto.so.3()(64bit) libcrypto.so.3(OPENSSL_3.0.0)(64bit) libglib-2.0.so.0()(64bit) libgobject-2.0.so.0()(64bit) libltdl.so.7()(64bit) libssl.so.3()(64bit) libxml2.so.2()(64bit) libxml2.so.2(LIBXML2_2.4.30)(64bit) libxml2.so.2(LIBXML2_2.5.0)(64bit) libxml2.so.2(LIBXML2_2.5.7)(64bit) libxml2.so.2(LIBXML2_2.6.0)(64bit) libxml2.so.2(LIBXML2_2.6.23)(64bit) libxmlsec1-openssl.so.1()(64bit) libxmlsec1.so.1()(64bit) libxslt.so.1()(64bit) libxslt.so.1(LIBXML2_1.0.11)(64bit) libz.so.1()(64bit) rtld(GNU_HASH) installed_pkgs.log openssl-devel-1:3.0.0-0.alpha16.4.el9.x86_64 1623783881 4702084 ca9c3d971c5ec2fa126c52e30589c91b installed rpm check from system: [root@ci-vm-10-0-136-209 ~]# rpm -q lasso xmlsec1 lasso-2.7.0-3.el9.x86_64 xmlsec1-1.2.29-6.el9.x86_64 [root@ci-vm-10-0-136-209 ~]# rpm -qR lasso|grep -i openssl libcrypto.so.3(OPENSSL_3.0.0)(64bit) libxmlsec1-openssl.so.1()(64bit) [root@ci-vm-10-0-136-209 ~]# rpm -qR xmlsec1-openssl|grep -i openssl libcrypto.so.3(OPENSSL_3.0.0)(64bit) libxmlsec1-openssl.so.1()(64bit) |