------- Comment From boris.m...@de.ibm.com 2022-03-30 10:26 EDT------- This problem has been fixed with with openssl-ibmca 2.2.3:
* openssl-ibmca 2.2.3 - Fix PKEY segfault with OpenSSL 3.0 This 2.2.3 release has been made specifically to fix this bug, so you can choose between the following commit https://github.com/opencryptoki/openssl-ibmca/commit/93a12d3f3d401247c13ea3f4f47dc3d10fbb6f7b or a package upgrade to 2.2.3 to fix this. Thanks. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1967141 Title: [UBUNTU 22.04] ibmca engine with libica = libica.so.4 - sshd dumps core (openssl-ibmca) Status in Ubuntu on IBM z Systems: New Status in linux package in Ubuntu: New Bug description: ---Problem Description--- Summary ======= New IBM HW with Crypto Accelerator cards attached Kernel level: 5.14 Core dump when configuring the ibmca engine with libica = libica.so.4 in the openssl.cnf file in the engine section. The problem only occurs with OpenSSL 3.0 and is immediately reproducible. Details ======= HINT: To be able to receive core dump files at all it is needed to change the /etc/systemd/system.conf file entry DefaultLimitCORE=0:infinity to read DefaultLimitCORE=infinity:infinity On a system with ibmca engine configured system wide, when trying to use the libica.so.4 to support the ibmca engine the sshd daemon dumps core upon the first login attempt. # openssl engine -c (dynamic) Dynamic engine loading support (ibmca) Ibmca hardware engine support [RSA, DSA, DH] Debug Data ========== core dump file in the attachments. Contact Information = christian.r...@de.ibm.com ---uname output--- Linux system 5.14. ---Debugger--- A debugger is not configured ---Steps to Reproduce--- 1.) Edit /etc/systemd/system.conf file to allow core dumps: Change the line DefaultLimitCORE=0:infinity to read DefaultLimitCORE=infinity:infinity 2.) run: systemctl daemon-reload systemctl restart systemd-coredump.socket 3.) Run the /usr/share/doc/openssl-ibmca/ibmca-engine-opensslconfig perl script 4.) Edit the /etc/pki/tls file near the end to contain the line to back the ibmca engine by the libica.so.4 library as outlined in the /usr/share/doc/openssl-ibmca/README.md file 5.) Run: openssl engine -c 6.) Keep the current session open for subsequently stepping back to the original openssl.cnf! 7.) Open up a new ssh session to the system under test and watch the login to fail with broken pipe 8.) On the remaining session, run coreumpctl list / coredumpctl dump Userspace tool common name: openssl-ibmca Userspace rpm: openssl-ibmca-2.2.2-1.el9.s390x The userspace tool has the following bit modes: 64bit Userspace tool obtained from project website: na To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1967141/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
