#67122 closed defect (fixed)

openssl3 @3.1.0_0 causes break with lldb

Reported by: MStraeten (Martin Straeten) Owned by: neverpanic (Clemens Lang)
Priority: Normal Milestone:
Component: ports Version: 2.8.1
Keywords: Cc: neverpanic (Clemens Lang)
Port: openssl3

Description

after upgrading from openssl3 @3.0.8_1+legacy to openssl3 @3.1.0_0 lldb breaks with

Process 84032 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=1, subcode=0x4a03000)
    frame #0: 0x000000010836a328 libcrypto.3.dylib`_armv8_sve_probe
libcrypto.3.dylib`:
->  0x10836a328 <+0>: eor    z0.d, z0.d, z0.d
    0x10836a32c <+4>: ret

libcrypto.3.dylib`:
    0x10836a330 <+0>: xar    z0.d, z0.d, z0.d, #0x20
    0x10836a334 <+4>: ret
Target 0: (darktable) stopped.

same with +legacy variant (that need to be installed explicitly, not via sudo port upgrade outdated ...)

Change History (5)

comment:1 Changed 20 months ago by ryandesign (Ryan Carsten Schmidt)

Cc: neverpanic added
Keywords: openssl3 libcrypto removed
Owner: set to larryv
Port: openssl3 added; openssle3 removed
Status: newassigned

Which lldb—/usr/bin/lldb or installed by some port? (which port?)

comment:2 Changed 20 months ago by neverpanic (Clemens Lang)

Please also add:

  • your CPU architecture and model
  • your OS version

EXC_BAD_INSTRUCTION seems to suggest that OpenSSL uses an assembly instruction that is not supported by your CPU.

comment:3 Changed 20 months ago by neverpanic (Clemens Lang)

Owner: changed from larryv to neverpanic
Status: assignedaccepted

You're hitting https://github.com/openssl/openssl/blob/openssl-3.1.0/crypto/armcap.c#L366-L369. I'm not sure why the SIGILL signal handler that is set up in the code before doesn't work for you.

See also https://github.com/openssl/openssl/issues/20188 which described the issue upstream, and https://github.com/openssl/openssl/pull/20305 / https://github.com/openssl/openssl/commit/52a38144b019cfda6b0e5eaa0aca88ae11661a26 which fixed this on master. We should probably backport this fix into our OpenSSL.

comment:4 Changed 20 months ago by MStraeten (Martin Straeten)

lldb from xcode commandline tools 14.2 recent macOS ventura 13.2 m1 max cpu so arm64

comment:5 Changed 20 months ago by neverpanic (Clemens Lang)

Resolution: fixed
Status: acceptedclosed

In fd259e6117af72e16caa5c8e85b4aa5ad3d532ca/macports-ports (master):

openssl3: Fix CVE-2023-0464, lldb break on aarch64

See https://www.openssl.org/news/secadv/20230322.txt for the advisory
for the CVE.

Also backports a patch for CPU feature detection on macOS from master so
it no longer relies on signal handling of SIGILL after attempting to
perform the possibly unsuported assembly instruction, because that
signal will stop lldb on macOS regardless of whether a handler exists,
which leads to an unexpected debugging experience. This change includes
enabling CPU optimizations for M2 Macs.

No revbump of the openssl port or other dependent ports, because these
are entirely internal changes and neither the names of installed files
nor their ABI changes.

CVE: CVE-2023-0464
Fixes: #67122

Note: See TracTickets for help on using tickets.