Working theory at the moment is that cyrus-sasl2 is using RC4 from
OpenSSL, and OpenSSL3 deprecated it:
On Kinetic:
$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
$ echo -ne test | openssl rc4 -k test
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
Error setting cipher RC4
4057FE8C0B7F0000:error:0308010C:digital envelope
routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:349:Global
default library context, Algorithm (RC4 : 37), Properties ()
Salted__gG
On Impish:
$ openssl version
OpenSSL 1.1.1l 24 Aug 2021
$ echo -ne test | openssl rc4 -k test
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
Salted__~T�|=�ʇ����
Jammy:
$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
$ echo -ne "test" | openssl rc4 -k test
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
Error setting cipher RC4
40078BF4127F0000:error:0308010C:digital envelope
routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:349:Global
default library context, Algorithm (RC4 : 37), Properties ()
Salted__��N�x���
Both jammy and kinetic show "Error setting cipher RC4".
Oh, and the stack trace confirming it's inside openssl:
(gdb) bt
#0 0x00007ffff74085cb in EVP_EncryptUpdate (ctx=0x0,
out=out@entry=0x5555555c7cf4
"0\036\002\001\004w\031\200\027\061.3.6.1.4.1.4203.1.11.3ST-MD5 client step 3",
outl=outl@entry=0x7fffffffdbc4, in=0x5555555c8d50
"0\036\002\001\004w\031\200\027\061.3.6.1.4.1.4203.1.11.311.311.3", inl=32) at
../crypto/evp/evp_enc.c:614
#1 0x00007ffff70a07a9 in enc_rc4 (text=0x555555585e00, input=<optimized out>,
inputlen=<optimized out>, digest=0x7fffffffdc20
"^\316@+\322}\a\334\006T\005\353:H}\036\260l\\UUU",
output=0x5555555c7cf4
"0\036\002\001\004w\031\200\027\061.3.6.1.4.1.4203.1.11.3ST-MD5 client step 3",
outputlen=0x7fffffffdda4) at ../../plugins/digestmd5.c:1201
#2 0x00007ffff70a1ddb in digestmd5_encode (context=0x555555585e00,
invec=<optimized out>, numiov=<optimized out>, output=0x55555559e708,
outputlen=0x7fffffffdda4)
at ../../plugins/digestmd5.c:1552
#3 0x00007ffff7f33c3e in _sasl_encodev (conn=conn@entry=0x555555586cf0,
invec=invec@entry=0x7fffffffdd70, numiov=numiov@entry=1,
p_num_packets=p_num_packets@entry=0x7fffffffdd0c,
output=output@entry=0x55555559e708,
outputlen=outputlen@entry=0x7fffffffdda4) at ../../lib/common.c:359
#4 0x00007ffff7f360a1 in sasl_encodev (conn=conn@entry=0x555555586cf0,
invec=invec@entry=0x7fffffffdd70, numiov=numiov@entry=1,
output=output@entry=0x55555559e708,
outputlen=outputlen@entry=0x7fffffffdda4) at ../../lib/common.c:582
#5 0x00007ffff7f361d0 in sasl_encode (conn=0x555555586cf0, input=<optimized
out>, inputlen=<optimized out>, output=output@entry=0x55555559e708,
outputlen=outputlen@entry=0x7fffffffdda4)
at ../../lib/common.c:304
#6 0x00007ffff7f665ba in sb_sasl_cyrus_encode (p=0x55555559e680,
buf=<optimized out>, len=<optimized out>, dst=0x55555559e6f0) at
../../../../libraries/libldap/cyrus.c:134
#7 0x00007ffff7f66b90 in sb_sasl_generic_write (sbiod=0x555555585a30,
buf=0x5555555c8d50, len=<optimized out>) at
../../../../libraries/libldap/sasl.c:783
#8 0x00007ffff7f4ad3c in sb_debug_write (sbiod=0x555555586aa0,
buf=0x5555555c8d50, len=32) at ../../../../libraries/liblber/sockbuf.c:854
#9 0x00007ffff7f50105 in ber_int_sb_write (sb=sb@entry=0x555555585900,
buf=0x5555555c8d50, len=len@entry=32) at
../../../../libraries/liblber/sockbuf.c:445
#10 0x00007ffff7f5027b in ber_flush2 (sb=0x555555585900, ber=0x5555555c7c90,
freeit=freeit@entry=0) at ../../../../libraries/liblber/io.c:249
#11 0x00007ffff7f7e0a7 in ldap_int_flush_request (ld=ld@entry=0x5555555834e0,
lr=lr@entry=0x5555555c6cb0) at ../../../../libraries/libldap/request.c:186
#12 0x00007ffff7f8001f in ldap_send_server_request (ld=ld@entry=0x5555555834e0,
ber=ber@entry=0x5555555c7c90, msgid=msgid@entry=4,
parentreq=parentreq@entry=0x0, srvlist=srvlist@entry=0x0,
lc=<optimized out>, lc@entry=0x0, bind=0x0, m_noconn=0, m_res=0) at
../../../../libraries/libldap/request.c:412
#13 0x00007ffff7f80415 in ldap_send_initial_request (ld=0x5555555834e0,
msgtype=<optimized out>, dn=<optimized out>, ber=0x5555555c7c90, msgid=4)
at ../../../../libraries/libldap/request.c:169
#14 0x00007ffff7f6fa25 in ldap_extended_operation (ld=ld@entry=0x5555555834e0,
reqoid=reqoid@entry=0x7ffff7f9f9f0 "1.3.6.1.4.1.4203.1.11.3",
reqdata=reqdata@entry=0x0,
sctrls=sctrls@entry=0x0, cctrls=cctrls@entry=0x0,
msgidp=msgidp@entry=0x7fffffffe168) at
../../../../libraries/libldap/extended.c:127
#15 0x00007ffff7f70267 in ldap_whoami (ld=ld@entry=0x5555555834e0,
sctrls=sctrls@entry=0x0, cctrls=cctrls@entry=0x0,
msgidp=msgidp@entry=0x7fffffffe168)
at ../../../../libraries/libldap/whoami.c:71
#16 0x0000555555558c6e in main (argc=<optimized out>, argv=<optimized out>) at
../../../../clients/tools/ldapwhoami.c:142
Still gathering more details.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/1973760
Title:
Crash when using DIGEST-MD5 with SSF>=128
Status in cyrus-sasl2 package in Ubuntu:
In Progress
Bug description:
I'm still troubleshooting this, but at the moment apps negotiating a
DIGEST-MD5 authentication and requesting some form of transport
encryption (ssf != 0) are crashing. The only example I have so far is
the openldap client tools (so just one app really).
ssf=0 works:
$ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=0
SASL/DIGEST-MD5 authentication started
SASL username: ubuntu@lxd
SASL SSF: 0
dn:uid=ubuntu@lxd,cn=vms,cn=digest-md5,cn=auth
ssf=128 crashes:
$ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=128
SASL/DIGEST-MD5 authentication started
SASL username: ubuntu@lxd
SASL SSF: 128
SASL data security layer installed.
Segmentation fault (core dumped)
The crash seems to be inside openssl. I'll get a proper stack trace.
2.1.27, also built with openssl3, does not crash. So far only 2.1.28
(in kinetic-proposed).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1973760/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
