Debian Bug report logs - #839575
hangs waiting for openssl

Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>; Source for openssl is src:openssl (PTS, buildd, popcon).

Affects: tinyca

Reported by: Richard Kettlewell <rjk@greenend.org.uk>

Date: Sun, 2 Oct 2016 09:48:01 UTC

Severity: serious

Tags: fixed-upstream, upstream

Found in version openssl/1.1.0-1

Fixed in version openssl/1.1.0f-1

Done: Kurt Roeckx <kurt@roeckx.be>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/openssl/openssl/issues/3396

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Christoph Ulrich Scholler <scholler@fnb.tu-darmstadt.de>:
Bug#839575; Package tinyca. (Sun, 02 Oct 2016 09:48:03 GMT) (full text, mbox, link).

Acknowledgement sent to Richard Kettlewell <rjk@greenend.org.uk>:
New Bug report received and forwarded. Copy sent to Christoph Ulrich Scholler <scholler@fnb.tu-darmstadt.de>. (Sun, 02 Oct 2016 09:48:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: tinyca
Version: 0.7.5-6

Attempting to create a fresh CA, tinyca hangs awaiting openssl.  OpenSSL
in turn is awaiting input on FD 0, which never arrives.

The line 328 diagnostic is suspicous, but I don't know if it's related.

$ tinyca2
create basedir: /home/richard/.TinyCA
create temp dir: /home/richard/.TinyCA/tmp
DEBUG call: /usr/bin/openssl req -new -keyform PEM -outform PEM -passin
env:SSLPASS -config /home/richard/.TinyCA/test/openssl.cnf -out
/home/richard/.TinyCA/test/cacert.req -key
/home/richard/.TinyCA/test/cacert.key -sha256
DEBUG: add to dn: GB
DEBUG: add to dn:
Use of uninitialized value $_ in concatenation (.) or string at
/usr/share/tinyca/OpenSSL.pm line 328.
DEBUG: add to dn:
DEBUG: add to dn: Anjou
DEBUG: add to dn: Deodand
DEBUG: add to dn: DeodandTest
DEBUG: add to dn: rjk@terraraq.uk
DEBUG: add to dn:
DEBUG: add to dn:
DEBUG return: /usr/bin/openssl req -new -keyform PEM -outform PEM
-passin env:SSLPASS -config /home/richard/.TinyCA/test/openssl.cnf -out
/home/richard/.TinyCA/test/cacert.req -key
/home/richard/.TinyCA/test/cacert.key -sha256

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:State or Province Name (full name)
[Some-State]:Locality Name (eg, city) []:Organization Name (eg, company)
[Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section)
[]:Common Name (eg, YOUR name) []:Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:An optional company name []:




$ ps -ef | grep -E 'tinyca|openssl'
richard   2279  2262  0 10:35 pts/1    00:00:00 /usr/bin/perl -w
/usr/bin/tinyca2
richard   2330  2279  0 10:36 pts/1    00:00:00 /usr/bin/openssl req
-x509 -keyform PEM -outform PEM -passin env:SSLPASS -config
/home/richard/.TinyCA/test/openssl.cnf -out
/home/richard/.TinyCA/test/cacert.pem -key
/home/richard/.TinyCA/test/cacert.key -in
/home/richard/.TinyCA/test/cacert.req -days 3650 -sha256
richard   3227  3204  0 10:41 pts/3    00:00:00 grep -E tinyca|openssl

$ strace -p 2279
strace: Process 2279 attached
read(10, ^Cstrace: Process 2279 detached
 <detached ...>

$ strace -p 2330
strace: Process 2330 attached
read(0, ^Cstrace: Process 2330 detached
 <detached ...>
$ lsof -p 2330
COMMAND  PID    USER   FD   TYPE DEVICE SIZE/OFF    NODE NAME
openssl 2330 richard  cwd    DIR  253,1     4096 1573015 /home/richard
openssl 2330 richard  rtd    DIR  253,1     4096       2 /
openssl 2330 richard  txt    REG  253,1   625588 2109333 /usr/bin/openssl
openssl 2330 richard  mem    REG  253,1  1787812 1175596
/lib/i386-linux-gnu/libc-2.24.so
openssl 2330 richard  mem    REG  253,1    13860 1175599
/lib/i386-linux-gnu/libdl-2.24.so
openssl 2330 richard  mem    REG  253,1  2095268 2101234
/usr/lib/i386-linux-gnu/libcrypto.so.1.0.2
openssl 2330 richard  mem    REG  253,1   432868 2101254
/usr/lib/i386-linux-gnu/libssl.so.1.0.2
openssl 2330 richard  mem    REG  253,1   146716 1052859
/lib/i386-linux-gnu/ld-2.24.so
openssl 2330 richard    0r  FIFO   0,10      0t0   20272 pipe
openssl 2330 richard    1w  FIFO   0,10      0t0   20273 pipe
openssl 2330 richard    2w  FIFO   0,10      0t0   20273 pipe
$ dpkg -l openssl
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version      Architecture Description
+++-==============-============-============-=================================
ii  openssl        1.0.2j-1     i386         Secure Sockets Layer
toolkit - cr

ttfn/rjk

Information forwarded to debian-bugs-dist@lists.debian.org, Christoph Ulrich Scholler <scholler@fnb.tu-darmstadt.de>:
Bug#839575; Package tinyca. (Sat, 06 May 2017 20:45:02 GMT) (full text, mbox, link).

Acknowledgement sent to Thomas Viehweger <patchesThomas.Vie@web.de>:
Extra info received and forwarded to list. Copy sent to Christoph Ulrich Scholler <scholler@fnb.tu-darmstadt.de>. (Sat, 06 May 2017 20:45:03 GMT) (full text, mbox, link).

Message #10 received at 839575@bugs.debian.org (full text, mbox, reply):

severity 839575 important
thanks

Same behaviour here. In the file .TinyCA/myown-CA/openssl.cnf most settings
from the filled form are missing. For me the program is unusable.
Set it to important, please.
Thomas

Severity set to 'important' from 'normal' Request was from Thomas Viehweger <patchesThomas.Vie@web.de> to control@bugs.debian.org. (Sat, 06 May 2017 20:45:04 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Christoph Ulrich Scholler <scholler@fnb.tu-darmstadt.de>:
Bug#839575; Package tinyca. (Sun, 07 May 2017 12:39:03 GMT) (full text, mbox, link).

Acknowledgement sent to Thomas Viehweger <patchesThomas.Vie@web.de>:
Extra info received and forwarded to list. Copy sent to Christoph Ulrich Scholler <scholler@fnb.tu-darmstadt.de>. (Sun, 07 May 2017 12:39:03 GMT) (full text, mbox, link).

Message #17 received at 839575@bugs.debian.org (full text, mbox, reply):

severity 839575 serious
thanks
 
I digged a bit deeper. Tinyca 0.7.5-5 worked for me in Jessie. So I tried 0.7.5-6
there. It worked, too!
After updating openssl from 1.0.2g-2 (jessie-backports) to 1.1.0e-1 (stretch) tinyca
stopped working!

The last thing what happened when creating a CA is a messagebox saying that the RSA
key will be produced (in german: "Die Erstellung des RSA Schlüssels läuft...")
but after a while the slider stopped moving and the messages mentioned by Richard
appeared in the console window.

Tinyca should be fixed or removed from stretch.

Severity set to 'serious' from 'important' Request was from Thomas Viehweger <patchesThomas.Vie@web.de> to control@bugs.debian.org. (Sun, 07 May 2017 12:39:05 GMT) (full text, mbox, link).

Acknowledgement sent to Thomas Viehweger <Thomas.Vie@web.de>:
Extra info received and forwarded to list. Copy sent to Christoph Ulrich Scholler <scholler@fnb.tu-darmstadt.de>. (Sun, 07 May 2017 20:33:05 GMT) (full text, mbox, link).

Message #24 received at 839575@bugs.debian.org (full text, mbox, reply):

Edit:
The working openssl-version 1.02g-2 was not from jessie-backports.
It was from an older stretch version.

Now I tried the current version 1.0.2k-1~bpo8+1 from jessie-backports:
Tinyca hangs with this version, too - when creating a CA.

openssl version 1.0.1t-1+deb8u6 works as expected...

Acknowledgement sent to Stefan Bühler <stbuehler@web.de>:
Extra info received and forwarded to list. Copy sent to Christoph Ulrich Scholler <scholler@fnb.tu-darmstadt.de>. (Sat, 20 May 2017 17:33:02 GMT) (full text, mbox, link).

Message #29 received at 839575@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Hi,

tinyca hangs due to a regression in openssl, fixed in:

    https://github.com/openssl/openssl/commit/888adbe064556ff5ab2f1d16a223b0548696614c

The tinyca code quality is still very low - very close to unacceptable
for something handling private keys and crypto.

* it builds strings to execute with /bin/sh -c "...", and quotes 
  filenames using \"$filename\" in perl.  It should pass the command
  and arguments as list instead - it's not that complicated.
* trying to respond to the openssl interactive mode seems a very bad
  idea.
* when I close tinyca (working on an existing setup) perl crashes with 
  a segfault (no idea who to blame for this, see attached 
  tinyca-perl-valgrind.txt)

cheers,
Stefan

[tinyca-perl-valgrind.txt (text/plain, attachment)]

Acknowledgement sent to Christoph Ulrich Scholler <uli@scholler.net>:
Extra info received and forwarded to list. Copy sent to Christoph Ulrich Scholler <scholler@fnb.tu-darmstadt.de>. (Sat, 20 May 2017 22:09:03 GMT) (full text, mbox, link).

Message #34 received at 839575@bugs.debian.org (full text, mbox, reply):

Hi Stefan,

Stefan Bühler <stbuehler@web.de> writes:
> tinyca hangs due to a regression in openssl, fixed in:
>
>     https://github.com/openssl/openssl/commit/888adbe064556ff5ab2f1d16a223b0548696614c

Thank you very much for this piece of information. I had already
implemented (but not uploaded) a ugly workaround for this issue, but it
is of course best addressed in OpenSSL itself. I will reassign this
issue to the openssl package.

> * it builds strings to execute with /bin/sh -c "...", and quotes
>   filenames using \"$filename\" in perl.  It should pass the command
>   and arguments as list instead - it's not that complicated.

I'll look into that.

> * trying to respond to the openssl interactive mode seems a very bad
>   idea.

Agreed. Fixing it amounts to an almost complete rewrite of the non-GUI
code, though...

> * when I close tinyca (working on an existing setup) perl crashes with
>   a segfault (no idea who to blame for this, see attached
>   tinyca-perl-valgrind.txt)

See #843568. It doesn't happen on Jessie, even with the current version
of tinyca.

Regards

Uli

Bug reassigned from package 'tinyca' to 'openssl'. Request was from Christoph Ulrich Scholler <uli@scholler.net> to control@bugs.debian.org. (Sat, 20 May 2017 22:24:04 GMT) (full text, mbox, link).

No longer marked as found in versions tinyca/0.7.5-6. Request was from Christoph Ulrich Scholler <uli@scholler.net> to control@bugs.debian.org. (Sat, 20 May 2017 22:24:04 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'https://github.com/openssl/openssl/issues/3396'. Request was from kurt@roeckx.be (Kurt Roeckx) to control@bugs.debian.org. (Sun, 21 May 2017 08:33:03 GMT) (full text, mbox, link).

Added indication that 839575 affects tinyca Request was from Adrian Bunk <bunk@debian.org> to control@bugs.debian.org. (Sun, 21 May 2017 17:30:03 GMT) (full text, mbox, link).

Added tag(s) fixed-upstream and upstream. Request was from Niels Thykier <niels@thykier.net> to control@bugs.debian.org. (Tue, 23 May 2017 18:18:03 GMT) (full text, mbox, link).

Marked as found in versions openssl/1.1.0-1. Request was from Adrian Bunk <bunk@debian.org> to control@bugs.debian.org. (Thu, 25 May 2017 19:18:18 GMT) (full text, mbox, link).

Reply sent to Kurt Roeckx <kurt@roeckx.be>:
You have taken responsibility. (Thu, 25 May 2017 21:36:05 GMT) (full text, mbox, link).

Notification sent to Richard Kettlewell <rjk@greenend.org.uk>:
Bug acknowledged by developer. (Thu, 25 May 2017 21:36:05 GMT) (full text, mbox, link).

Message #51 received at 839575-close@bugs.debian.org (full text, mbox, reply):

Source: openssl
Source-Version: 1.1.0f-1

We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 839575@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <kurt@roeckx.be> (supplier of updated openssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 25 May 2017 18:29:01 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0f-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Closes: 839575 859191 861145
Changes:
 openssl (1.1.0f-1) unstable; urgency=medium
 .
   * New upstream version
     - Fix regression in req -x509 (Closes: #839575)
     - Properly detect features on the AMD Ryzen processor (Closes: #861145)
     - Don't mention -tls1_3 in the manpage (Closes: #859191)
   * Update libssl1.1.symbols for new symbols
   * Update man-section.patch
Checksums-Sha1:
 1278ae2b062e21d6733a690145ea35e2c71ca627 2583 openssl_1.1.0f-1.dsc
 9e3e02bc8b4965477a7a1d33be1249299a9deb15 5278176 openssl_1.1.0f.orig.tar.gz
 20caf5129e5791e14434e80f48e70b397c471c35 455 openssl_1.1.0f.orig.tar.gz.asc
 d912d8d9bd9517ca263a98196fd845193fa7f507 53460 openssl_1.1.0f-1.debian.tar.xz
 412406af3b846ace72ecbc2d20ac2e9d0a855daf 5200 openssl_1.1.0f-1_source.buildinfo
Checksums-Sha256:
 5cf2b7cb18228d5050e86d155f14d03fe2b2a17c7cdccfe7a235285fc45746fb 2583 openssl_1.1.0f-1.dsc
 12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765 5278176 openssl_1.1.0f.orig.tar.gz
 9f2feb0494ebcc1cf152d95a11bc966cb94bc1957d88650285db3966866801b0 455 openssl_1.1.0f.orig.tar.gz.asc
 767136df6a4ddce89ea754dbcbfc59e47a7b442a7f8e428b7ec8299293d69ba4 53460 openssl_1.1.0f-1.debian.tar.xz
 f0c7b27127be34f5745751e80e8ec2204a772c4172197f3bfa41f9430974bf28 5200 openssl_1.1.0f-1_source.buildinfo
Files:
 d5d4351e78d035bfe07da6c5ca613e10 2583 utils optional openssl_1.1.0f-1.dsc
 7b521dea79ab159e8ec879d2333369fa 5278176 utils optional openssl_1.1.0f.orig.tar.gz
 f2299a5b1d38b4113eb909feb0603566 455 utils optional openssl_1.1.0f.orig.tar.gz.asc
 fee7fa5ebc564b1ea7314e6cd5554bd5 53460 utils optional openssl_1.1.0f-1.debian.tar.xz
 07cd26a236e163063c1a3c452cb21859 5200 utils optional openssl_1.1.0f-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlknSh0ACgkQ48TdzR5M
EkQFNBAAjwY6DRqFZ09Zp82pXoOq36cyd5mDKMxPyWtfRFG5ND9bZuRsJjN1c7AC
sLms9ioCzS3qKys30TIMTtfWxXZQAFj9NQe82e5XZKGq3HN/5Nuixopkpc8QHIBT
o1RrQ7WDEzDkq8WqZx5sslnBAbtnA/eRy5tgei46ToNM0nITakUql9Rnyi0DfN2t
F8WbpOZHUFHG9ZAtYUC7vc/Oce2P5HVqcnEc4fYZCyMNVhocB62a0TeFNdLJuIfI
BVRRvuGkDP+/6ObxEhwJaKA2fJNFfnNr52YTEvrBO03wgDCnHad9HC5DPRs/7zAH
s5+DADypYN5D8RZF17FQ/ZpI0gQfnwqvH9JP0iC4Q2xHvUccbG8FiZZdb52Js9g0
PErfGRzgSZII4oFm4k8/AOf6yse3Ri6xJyuzLbJGRKeqRcHRGLgAdORWWXMZzUlU
MIq/9LuzK7t17t91eP75pOEEl6kyD8xC6RSZd6+tgH4y7lavV3J+CW5GsKVn6HBM
5W6Ts9nHr8/fvDji6Z6X8SA7iZVuggayAFV3Wxrp0oYf68MjWusB3Cy5bdaCY14f
svbwuja0GfeDFiHO3r3N+arJZEyCvBGGvvAF1wV1Mw8aNN2jwp94Bo0YmPQDoQEd
V8uqptUo2allyD/JOqfMM358FPzrx13A6AaBzGQbwvjubNSrpG8=
=+YLU
-----END PGP SIGNATURE-----

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#839575; Package openssl. (Tue, 03 Oct 2017 21:36:05 GMT) (full text, mbox, link).

Acknowledgement sent to Alma Gyogyszertar Orient <orient@almapatika.hu>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Tue, 03 Oct 2017 21:36:05 GMT) (full text, mbox, link).

Message #56 received at 839575@bugs.debian.org (full text, mbox, reply):

I intend to give you a portion of my wealth as a free-will financial donation to you, Respond to partake.contact my email (wang.jianlin@yandex.com)
Wang Jianlin
Wanda Group

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 24 May 2018 07:28:14 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jul 3 02:58:08 2024; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Debian Bug report logs - #839575 hangs waiting for openssl

Debian Bug report logs - #839575
hangs waiting for openssl