Bug 1352404 - cryptlib: Symbol collisions with OpenSSL
Summary: cryptlib: Symbol collisions with OpenSSL
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: cryptlib
Version: 25
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Ralf Senderek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-04 06:14 UTC by Florian Weimer
Modified: 2016-08-28 13:19 UTC (History)
2 users (show)

Fixed In Version: cryptlib-3.4.3-8 cryptlib-3.4.3-8.fc24 cryptlib-3.4.3-8.fc23 cryptlib-3.4.3-8.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-08-20 21:52:31 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Florian Weimer 2016-07-04 06:14:02 UTC
cryptlib embeds a parts of OpenSSL, and does not mangle those symbols:

0000000000056860 T BN_add
0000000000056080 T BN_add_word
00000000000575a0 T BN_bin2bn
00000000000578a0 T BN_bn2bin
0000000000054b00 T BN_clear
0000000000055ca0 T BN_cmp_word
0000000000054be0 T BN_copy
00000000000553a0 T BN_CTX_end
0000000000055530 T BN_CTX_end_ext
0000000000055220 T BN_CTX_final
…

As a result, cryptlib and OpenSSL may interpose parts of each other.  (Symbol versioning on the OpenSSL does not prevent this.)

Since OpenSSL was there first, I think cryptlib should change, and hide these symbols in some way (or introduce symbol versioning).

Comment 1 Jan Kurik 2016-07-26 04:17:08 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 25 development cycle.
Changing version to '25'.

Comment 2 Ralf Senderek 2016-07-26 10:52:46 UTC
Discussion with upstream is still ongoing about how to best resolve this issue.

Comment 3 Fedora Update System 2016-08-11 19:05:29 UTC
cryptlib-3.4.3-8.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0b36efc363

Comment 4 Fedora Update System 2016-08-11 19:05:38 UTC
cryptlib-3.4.3-8.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-1316072286

Comment 5 Fedora Update System 2016-08-11 19:05:43 UTC
cryptlib-3.4.3-8.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-3095850777

Comment 6 Ralf Senderek 2016-08-12 08:09:14 UTC
For the sake of reference, let's back up with a bit
of information:

OpenSSL, which comprises of two libraries (libssl.so.1.0.2h
and libcrypto.so.1.0.2h) have 1052 and 4429 symbols respectivly.
Both libraries share only 3 symbols with the same name.

In comparison to cryptlib-3.4.3 the smaller library libssl.so.1.0.2h
does not share any symbols with cryptlib, but the larger library
libcrypto.so.1.0.2h shares a total of 109 symbols with cryptlib.
(see below)

To resolve any possible interference between the two libraries and 
to ensure peaceful co-existence, I will rename all of those shared
symbols and prefix these symbols with "cl_".
So, for instance BN_mod_exp becomes cl_BN_mod_exp. This renaming
will start with the next release, cryptlib-3.4.3-8.

The symbols affected are:

BN_CTX_end
BN_CTX_get
BN_CTX_init
BN_CTX_start
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_set
BN_add
BN_add_word
BN_bin2bn
BN_bn2bin
BN_clear
BN_copy
BN_div
BN_div_recp
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_get_word
BN_init
BN_is_bit_set
BN_lshift
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_sqr
BN_mod_word
BN_mul
BN_mul_word
BN_new
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_reciprocal
BN_rshift
BN_set_bit
BN_set_negative
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_swap
BN_uadd
BN_ucmp
BN_usub
BN_value_one
CAST_S_table0
CAST_S_table1
CAST_S_table2
CAST_S_table3
CAST_S_table4
CAST_S_table5
CAST_S_table6
CAST_S_table7
CAST_cbc_encrypt
CAST_decrypt
CAST_ecb_encrypt
CAST_encrypt
CAST_set_key
MD5_Final
MD5_Init
MD5_Transform
MD5_Update
RC4
SHA1_Final
SHA1_Init
SHA1_Transform
SHA1_Update
bn_add_part_words
bn_add_words
bn_cmp_part_words
bn_cmp_words
bn_div_words
bn_mul_add_words
bn_mul_comba4
bn_mul_comba8
bn_mul_high
bn_mul_low_normal
bn_mul_low_recursive
bn_mul_normal
bn_mul_part_recursive
bn_mul_recursive
bn_mul_words
bn_sqr_comba4
bn_sqr_comba8
bn_sqr_words
bn_sub_part_words
bn_sub_words
idea_cbc_encrypt
idea_ecb_encrypt
idea_encrypt
idea_options
idea_set_decrypt_key
idea_set_encrypt_key
sha1_block_data_order

Comment 7 Fedora Update System 2016-08-12 20:52:47 UTC
cryptlib-3.4.3-8.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-1316072286

Comment 8 Fedora Update System 2016-08-12 20:52:49 UTC
cryptlib-3.4.3-8.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-3095850777

Comment 9 Fedora Update System 2016-08-13 18:47:54 UTC
cryptlib-3.4.3-8.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0b36efc363

Comment 10 Fedora Update System 2016-08-20 21:52:27 UTC
cryptlib-3.4.3-8.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2016-08-21 03:18:23 UTC
cryptlib-3.4.3-8.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2016-08-28 13:19:55 UTC
cryptlib-3.4.3-8.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.