[openssl/openssl] 9f0867: Configurations: mips64*-linux-*abin32 needs bn_ops...

Adam Joseph noreply at github.com
Mon Oct 3 00:27:37 UTC 2022 

  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 9f0867da4cbf77ed642717b5e703e09ab2c087a0
      https://github.com/openssl/openssl/commit/9f0867da4cbf77ed642717b5e703e09ab2c087a0
  Author: Adam Joseph <adam at westernsemico.com>
  Date:   2022-10-03 (Mon, 03 Oct 2022)

  Changed paths:
    M Configurations/10-main.conf

  Log Message:
  -----------
  Configurations: mips64*-linux-*abin32 needs bn_ops SIXTY_FOUR_BIT

The IRIX mips64-cpu, n32-abi configurations include SIXTY_FOUR_BIT in bn_ops,
but it is missing from mips64*-linux-*abin32 (which OpenSSL calls
"linux-mips64").  This causes heap corruption when verifying TLS certificates
(which tend to be RSA-signed) with openssl 1.1.1q:

```
nix at oak:~$ /nix/store/4k04dh6a1zs6hxiacwcg4a4nvxvgli2j-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443free(): invalid pointer
Aborted
```

and a slightly different failure with current HEAD:

```
nix at oak:~$ /nix/store/9bqxharxajsl9fid0c8ls6fb9wxp8kdc-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443
Connecting to 142.250.180.4
CONNECTED(00000003)
Fatal glibc error: malloc assertion failure in sysmalloc: (old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)
Aborted
```

Applying this patch and recompiling produces the expected output instead of a
crash.

Note that Gentoo (and to my knowledge all other other distributions which
support mips64n32) use the `linux-generic32` configuration, which uses only
32-bit arithmetic (rather than full 64-bit arithmetic) and lacks assembler
implementations for the SHA hash functions:

  https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/openssl/files/gentoo.config-1.0.2#n102

For support in nixpkgs we would like to use the full 64-bit integer registers
and perlasm routines, so I'm submitting this upstream as well.

Fixes #19319

CLA: trivial

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19320)

(cherry picked from commit d250e8563fa400fd3d9b93cff609c7503149b908)

More information about the openssl-commits mailing list