Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-85417

gnutls on s390x under valgrind: RHEL-10 edition

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • rhel-10.0
    • gnutls
    • None
    • No
    • Low
    • rhel-security-crypto-spades
    • ssg_security
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • s390x
    • None

      Running upstream testsuite of gnutls-3.8.9-9.el10 under valgrind on s390x now manifests a new class of failures:

      tls-neg-ext4-key Syscall param KIMD(op2) points to uninitialised byte(s)
      ==139176== Syscall param KIMD(op2) points to uninitialised byte(s)
==139176==    at 0x49B7C78: _nettle_sha1_compress_s390x (sha1-compress-2.s:79)
==139176==    by 0x49B48D9: nettle_sha1_update (sha1.c:77)
==139176==    by 0x49BAD97: nettle_hmac_set_key (hmac.c:80)
==139176==    by 0x49B1049: nettle_hmac_sha1_set_key (hmac-sha1.c:44)
==139176==    by 0x4999C4F: nettle_tls10_prf (tls1-prf.c:111)
==139176==    by 0x49964B7: _gnutls_prf_raw (prf.c:56)
==139176==    by 0x48A5FB7: _gnutls_PRF (state.h:106)
==139176==    by 0x48A5FB7: generate_normal_master.constprop.0 (kx.c:243)
==139176==    by 0x48BFEA5: _gnutls_connection_state_init (constate.c:835)
==139176==    by 0x48A038D: recv_handshake_final (handshake.c:3433)
==139176==    by 0x48A256B: handshake_server (handshake.c:3615)
==139176==    by 0x48A256B: gnutls_handshake (handshake.c:2879)
==139176==    by 0x100306F: try_with_key (tls-neg-ext4-key.c:272)
==139176==    by 0x100306F: doit (tls-neg-ext4-key.c:500)
==139176==    by 0x100274D: main (utils.c:246)
==139176==  Address 0x1ffeff7da0 is on thread 1's stack
==139176==  in frame #2, created by nettle_hmac_set_key (hmac.c:53)
==139176==  Uninitialised value was created by a heap allocation
==139176==    at 0x4839548: malloc (vg_replace_malloc.c:446)
==139176==    by 0x49F3035: __gmp_default_allocate (in /tmp/tmp.Ncr91i4yUZ/buildroot/BUILD/gnutls-3.8.9/lib/.libs/libgnutls.so.30.40.3)
==139176==    by 0x499FBD3: _nettle_gmp_alloc (gmp-glue.c:310)
==139176==    by 0x49A4B4B: rsa_sec_check_root (rsa-sign-tr.c:266)
==139176==    by 0x49A4B4B: _nettle_rsa_sec_compute_root_tr (rsa-sign-tr.c:330)
==139176==    by 0x499E5D9: nettle_rsa_decrypt_tr (rsa-decrypt-tr.c:65)
==139176==    by 0x498CBB5: _rsa_decrypt_tr (pk.c:1354)
==139176==    by 0x498CBB5: _wrap_nettle_pk_decrypt (pk.c:1451)
==139176==    by 0x48D5513: gnutls_privkey_decrypt_data (privkey.c:1592)
==139176==    by 0x48D568B: gnutls_privkey_decrypt_data2 (privkey.c:1646)
==139176==    by 0x4984AC5: proc_rsa_client_kx (rsa.c:204)
==139176==    by 0x48A710B: _gnutls_recv_client_kx_message (kx.c:614)
==139176==    by 0x48A284B: handshake_server (handshake.c:3600)
==139176==    by 0x48A284B: gnutls_handshake (handshake.c:2879)
==139176==    by 0x100306F: try_with_key (tls-neg-ext4-key.c:272)
==139176==    by 0x100306F: doit (tls-neg-ext4-key.c:500)
==139176== 

...

==139176== Conditional jump or move depends on uninitialised value(s)
==139176==    at 0x4899A74: cmp_hsk_types (buffers.c:1066)
==139176==    by 0x4899A74: get_last_packet (buffers.c:1129)
==139176==    by 0x489C08B: _gnutls_handshake_io_recv_int (buffers.c:1416)
==139176==    by 0x489E36F: _gnutls_recv_handshake (handshake.c:1585)
==139176==    by 0x48A000F: _gnutls_recv_finished (handshake.c:1018)
==139176==    by 0x48A03DB: recv_handshake_final (handshake.c:3457)
==139176==    by 0x48A256B: handshake_server (handshake.c:3615)
==139176==    by 0x48A256B: gnutls_handshake (handshake.c:2879)
==139176==    by 0x100306F: try_with_key (tls-neg-ext4-key.c:272)
==139176==    by 0x100306F: doit (tls-neg-ext4-key.c:500)
==139176==    by 0x100274D: main (utils.c:246)
==139176==  Uninitialised value was created by a heap allocation
==139176==    at 0x4839548: malloc (vg_replace_malloc.c:446)
==139176==    by 0x49F3035: __gmp_default_allocate (in /tmp/tmp.Ncr91i4yUZ/buildroot/BUILD/gnutls-3.8.9/lib/.libs/libgnutls.so.30.40.3)
==139176==    by 0x499FBD3: _nettle_gmp_alloc (gmp-glue.c:310)
==139176==    by 0x49A4B4B: rsa_sec_check_root (rsa-sign-tr.c:266)
==139176==    by 0x49A4B4B: _nettle_rsa_sec_compute_root_tr (rsa-sign-tr.c:330)
==139176==    by 0x499E5D9: nettle_rsa_decrypt_tr (rsa-decrypt-tr.c:65)
==139176==    by 0x498CBB5: _rsa_decrypt_tr (pk.c:1354)
==139176==    by 0x498CBB5: _wrap_nettle_pk_decrypt (pk.c:1451)
==139176==    by 0x48D5513: gnutls_privkey_decrypt_data (privkey.c:1592)
==139176==    by 0x48D568B: gnutls_privkey_decrypt_data2 (privkey.c:1646)
==139176==    by 0x4984AC5: proc_rsa_client_kx (rsa.c:204)
==139176==    by 0x48A710B: _gnutls_recv_client_kx_message (kx.c:614)
==139176==    by 0x48A284B: handshake_server (handshake.c:3600)
==139176==    by 0x48A284B: gnutls_handshake (handshake.c:2879)
==139176==    by 0x100306F: try_with_key (tls-neg-ext4-key.c:272)
==139176==    by 0x100306F: doit (tls-neg-ext4-key.c:500)
==139176== 

...

==139176== Conditional jump or move depends on uninitialised value(s)
==139176==    at 0x489C270: handshake_hash_add_recvd (handshake.c:1474)
==139176==    by 0x489E41B: _gnutls_recv_handshake (handshake.c:1605)
==139176==    by 0x48A000F: _gnutls_recv_finished (handshake.c:1018)
==139176==    by 0x48A03DB: recv_handshake_final (handshake.c:3457)
==139176==    by 0x48A256B: handshake_server (handshake.c:3615)
==139176==    by 0x48A256B: gnutls_handshake (handshake.c:2879)
==139176==    by 0x100306F: try_with_key (tls-neg-ext4-key.c:272)
==139176==    by 0x100306F: doit (tls-neg-ext4-key.c:500)
==139176==    by 0x100274D: main (utils.c:246)
==139176==  Uninitialised value was created by a heap allocation
==139176==    at 0x4839548: malloc (vg_replace_malloc.c:446)
==139176==    by 0x49F3035: __gmp_default_allocate (in /tmp/tmp.Ncr91i4yUZ/buildroot/BUILD/gnutls-3.8.9/lib/.libs/libgnutls.so.30.40.3)
==139176==    by 0x499FBD3: _nettle_gmp_alloc (gmp-glue.c:310)
==139176==    by 0x49A4B4B: rsa_sec_check_root (rsa-sign-tr.c:266)
==139176==    by 0x49A4B4B: _nettle_rsa_sec_compute_root_tr (rsa-sign-tr.c:330)
==139176==    by 0x499E5D9: nettle_rsa_decrypt_tr (rsa-decrypt-tr.c:65)
==139176==    by 0x498CBB5: _rsa_decrypt_tr (pk.c:1354)
==139176==    by 0x498CBB5: _wrap_nettle_pk_decrypt (pk.c:1451)
==139176==    by 0x48D5513: gnutls_privkey_decrypt_data (privkey.c:1592)
==139176==    by 0x48D568B: gnutls_privkey_decrypt_data2 (privkey.c:1646)
==139176==    by 0x4984AC5: proc_rsa_client_kx (rsa.c:204)
==139176==    by 0x48A710B: _gnutls_recv_client_kx_message (kx.c:614)
==139176==    by 0x48A284B: handshake_server (handshake.c:3600)
==139176==    by 0x48A284B: gnutls_handshake (handshake.c:2879)
==139176==    by 0x100306F: try_with_key (tls-neg-ext4-key.c:272)
==139176==    by 0x100306F: doit (tls-neg-ext4-key.c:500)
==139176== 

      Unable to find source-code formatter for language: rsa-encrypt-decrypt conditional jump or move depends on uninitialised value(s). Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml==139209== Conditional jump or move depends on uninitialised value(s)
==139209==    at 0x1001B66: doit (rsa-encrypt-decrypt.c:151)
==139209==    by 0x100187D: main (utils.c:246)
==139209==  Uninitialised value was created by a heap allocation
==139209==    at 0x4839548: malloc (vg_replace_malloc.c:446)
==139209==    by 0x49F3035: __gmp_default_allocate (in /tmp/tmp.Ncr91i4yUZ/buildroot/BUILD/gnutls-3.8.9/lib/.libs/libgnutls.so.30.40.3)
==139209==    by 0x499FBD3: _nettle_gmp_alloc (gmp-glue.c:310)
==139209==    by 0x49A4B4B: rsa_sec_check_root (rsa-sign-tr.c:266)
==139209==    by 0x49A4B4B: _nettle_rsa_sec_compute_root_tr (rsa-sign-tr.c:330)
==139209==    by 0x499E5D9: nettle_rsa_decrypt_tr (rsa-decrypt-tr.c:65)
==139209==    by 0x498CBB5: _rsa_decrypt_tr (pk.c:1354)
==139209==    by 0x498CBB5: _wrap_nettle_pk_decrypt (pk.c:1451)
==139209==    by 0x48D5513: gnutls_privkey_decrypt_data (privkey.c:1592)
==139209==    by 0x1001B47: doit (rsa-encrypt-decrypt.c:144)
==139209==    by 0x100187D: main (utils.c:246)
==139209==
      pkcs11/tls-neg-pkcs11[-no]-key has ones that aren't even from gnutls
      ==141946== Syscall param KMA(parms) points to uninitialised byte(s)
==141946==    at 0x55E5C48: ??? (in /usr/lib64/libcrypto.so.3.2.2)
==141946==    by 0x5708A15: CRYPTO_ctr128_encrypt_ctr32 (in /usr/lib64/libcrypto.so.3.2.2)
==141946==    by 0x5858507: ??? (in /usr/lib64/libcrypto.so.3.2.2)
==141946==  Address 0x1ffeff71f0 is on thread 1's stack
==141946==  Uninitialised value was created by a stack allocation
==141946==    at 0x55E5BE4: ??? (in /usr/lib64/libcrypto.so.3.2.2)
==141946== 
{
   <insert_a_suppression_name_here>
   Memcheck:Param
   KMA(parms)
   obj:/usr/lib64/libcrypto.so.3.2.2
   fun:CRYPTO_ctr128_encrypt_ctr32
   obj:/usr/lib64/libcrypto.so.3.2.2
}

              dueno@redhat.com Daiki Ueno
              asosedki@redhat.com Alexander Sosedkin
              Daiki Ueno Daiki Ueno
              Alexander Sosedkin Alexander Sosedkin
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: