[Bug 1226463] New: algif_hash in kernel-obs-build causes an openssl-1_1 test failure
https://bugzilla.suse.com/show_bug.cgi?id=1226463 Bug ID: 1226463 Summary: algif_hash in kernel-obs-build causes an openssl-1_1 test failure Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: kernel-bugs@opensuse.org Reporter: jslaby@suse.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Created attachment 875539 --> https://bugzilla.suse.com/attachment.cgi?id=875539&action=edit diff of lsinitrd From https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:K... :
[ 248s] ../test/recipes/30-test_afalg.t (Wstat: 256 (exited 1) Tests: 1 Failed: 1)
Comparing /proc/modules in the build VM shows: +algif_hash 12288 0 - Live 0x0000000000000000 (E) +af_alg 36864 1 algif_hash, Live 0x0000000000000000 (E) So apparently, algif_hash brings af_alg and that for some unknown reason breaks the test. If I rm algif_hash from KERNEL_MODULES, it works again. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c1 Jiri Slaby <jslaby@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|kernel-bugs@opensuse.org |fvogt@suse.com --- Comment #1 from Jiri Slaby <jslaby@suse.com> --- It was introduced in: commit bfd7db420f2993e1228e6413ab3e6d6033ff73db Refs: Author: Fabian Vogt <fvogt@suse.de> AuthorDate: Tue Apr 19 15:01:49 2022 +0200 Commit: Fabian Vogt <fvogt@suse.de> CommitDate: Wed Jun 12 11:17:48 2024 +0200 rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c2 --- Comment #2 from Jiri Slaby <jslaby@suse.com> --- Without the module loaded: # INFO: @ test/afalgtest.c:133 # Can't load AFALG engine 1..0 # Skipped: ./test/afalgtest With the module loaded: # Subtest: test_afalg_aes_cbc 1..3 ALG_PERR: engines/e_afalg.c(383): Failed to bind socket : No such file or directory # ERROR: (bool) 'EVP_CipherInit_ex(ctx, cipher, e, key, iv, 1) == true' fail ed @ test/afalgtest.c:73 # false # 139906561836864:error:80065067:lib(128):afalg_create_sk:socket bind failed :engines/e_afalg.c:384: not ok 1 - iteration 1 ALG_PERR: engines/e_afalg.c(383): Failed to bind socket : No such file or directory # ERROR: (bool) 'EVP_CipherInit_ex(ctx, cipher, e, key, iv, 1) == true' fail ed @ test/afalgtest.c:73 # false # 139906561836864:error:80065067:lib(128):afalg_create_sk:socket bind failed :engines/e_afalg.c:384: not ok 2 - iteration 2 ALG_PERR: engines/e_afalg.c(383): Failed to bind socket : No such file or directory # ERROR: (bool) 'EVP_CipherInit_ex(ctx, cipher, e, key, iv, 1) == true' fail ed @ test/afalgtest.c:73 # false # 139906561836864:error:80065067:lib(128):afalg_create_sk:socket bind failed :engines/e_afalg.c:384: not ok 3 - iteration 3 not ok 1 - test_afalg_aes_cbc ok 2 - test_pr16743 And according to strace: 23186 bind(3, {sa_family=AF_ALG, salg_type="skcipher", salg_feat=0, salg_mask=0, salg_name="cbc(aes)"}, 88) = -1 ENOENT (No such file or directory) So apparently cbc(aes) is needed for the test, if afalg is available. We likely need to disable that test in openssl. For the time being, I am dropping algif_hash from KERNEL_MODULES. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c3 --- Comment #3 from Jiri Slaby <jslaby@suse.com> --- Some notes: When the build fails, "osc shell" and then: 1) either: cd rpmbuild/BUILD/openssl-1.1.1w LD_LIBRARY_PATH=`pwd` make test -j1 TESTS=test_afalg 2) or: cd rpmbuild/BUILD/openssl-1.1.1w LD_LIBRARY_PATH=`pwd` OPENSSL_ENGINES=`pwd`/engines ./test/afalgtest -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 Michal Suchanek <msuchanek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |msuchanek@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 Jiri Slaby <jslaby@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |marco.strigl@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c4 --- Comment #4 from Jiri Slaby <jslaby@suse.com> --- Any updates here? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c5 Fabian Vogt <fvogt@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|fvogt@suse.com |pmonrealgonzalez@suse.com --- Comment #5 from Fabian Vogt <fvogt@suse.com> --- Apparently if af_alg is available, openssl tries to test various algorithms, even those not actually available. IMO an openssl bug. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 Fabian Vogt <fvogt@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fvogt@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c6 --- Comment #6 from Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> --- Breaks also openssl-3 in SP6 now, see:
Upstream recommends to build with no-afalgeng for openssl-3 since they moved away from engines: * https://github.com/openssl/openssl/discussions/23552 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c7 --- Comment #7 from Fabian Vogt <fvogt@suse.com> --- (In reply to Pedro Monreal Gonzalez from comment #6)
Breaks also openssl-3 in SP6 now, see:
Upstream recommends to build with no-afalgeng for openssl-3 since they moved away from engines: * https://github.com/openssl/openssl/discussions/23552
Either fixing the buggy code or disabling it WFM. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c8 --- Comment #8 from Marcus Meissner <meissner@suse.com> --- i agree with disabling it -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c9 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pmonrealgonzalez@suse.com Status|NEW |IN_PROGRESS --- Comment #9 from Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> --- OK, thanks! I will build with the no-afalgeng config option. I assume this is required in:
SUSE:ALP:Source:Standard:1.0 SUSE:SLE-15-SP6:Update SUSE:SLFO:Main openSUSE:Factory
right? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c13 --- Comment #13 from Jiri Slaby <jslaby@suse.com> --- I pushed a revert to stable. b4c384c6..178f0b6b HEAD -> users/jslaby/stable/for-next -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c15 --- Comment #15 from Maintenance Automation <maint-coord+maintenance-robot@suse.de> --- SUSE-SU-2024:2635-1: An update that solves one vulnerability and has three security fixes can now be installed. URL: https://www.suse.com/support/update/announcement/2024/suse-su-20242635-1 Category: security (important) Bug References: 1222899, 1223336, 1226463, 1227138 CVE References: CVE-2024-5535 Maintenance Incident: [SUSE:Maintenance:34887](https://smelt.suse.de/incident/34887/) Sources used: openSUSE Leap 15.6 (src): openssl-3-3.1.4-150600.5.10.1 Basesystem Module 15-SP6 (src): openssl-3-3.1.4-150600.5.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c16 --- Comment #16 from Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> --- (In reply to Jiri Slaby from comment #13)
I pushed a revert to stable. b4c384c6..178f0b6b HEAD -> users/jslaby/stable/for-next
OK, I have submitted the change to build with the no-afalgeng config option to the above mentioned codestreams. This should not strike back if you re-enable it in stable. @Jiri, I think we can close the bug now, right? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c19 --- Comment #19 from Maintenance Automation <maint-coord+maintenance-robot@suse.de> --- SUSE-SU-2024:2891-1: An update that solves one vulnerability and has one security fix can now be installed. URL: https://www.suse.com/support/update/announcement/2024/suse-su-20242891-1 Category: security (moderate) Bug References: 1226463, 1227138 CVE References: CVE-2024-5535 Maintenance Incident: [SUSE:Maintenance:34949](https://smelt.suse.de/incident/34949/) Sources used: openSUSE Leap 15.5 (src): openssl-1_1-1.1.1l-150500.17.34.1 openSUSE Leap Micro 5.5 (src): openssl-1_1-1.1.1l-150500.17.34.1 SUSE Linux Enterprise Micro 5.5 (src): openssl-1_1-1.1.1l-150500.17.34.1 Basesystem Module 15-SP5 (src): openssl-1_1-1.1.1l-150500.17.34.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c20 --- Comment #20 from Maintenance Automation <maint-coord+maintenance-robot@suse.de> --- SUSE-SU-2024:2927-1: An update that solves one vulnerability and has one security fix can now be installed. URL: https://www.suse.com/support/update/announcement/2024/suse-su-20242927-1 Category: security (moderate) Bug References: 1226463, 1227138 CVE References: CVE-2024-5535 Maintenance Incident: [SUSE:Maintenance:34950](https://smelt.suse.de/incident/34950/) Sources used: openSUSE Leap 15.4 (src): openssl-1_1-1.1.1l-150400.7.72.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): openssl-1_1-1.1.1l-150400.7.72.1 SUSE Linux Enterprise Micro 5.3 (src): openssl-1_1-1.1.1l-150400.7.72.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): openssl-1_1-1.1.1l-150400.7.72.1 SUSE Linux Enterprise Micro 5.4 (src): openssl-1_1-1.1.1l-150400.7.72.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): openssl-1_1-1.1.1l-150400.7.72.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): openssl-1_1-1.1.1l-150400.7.72.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): openssl-1_1-1.1.1l-150400.7.72.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): openssl-1_1-1.1.1l-150400.7.72.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): openssl-1_1-1.1.1l-150400.7.72.1 SUSE Manager Proxy 4.3 (src): openssl-1_1-1.1.1l-150400.7.72.1 SUSE Manager Retail Branch Server 4.3 (src): openssl-1_1-1.1.1l-150400.7.72.1 SUSE Manager Server 4.3 (src): openssl-1_1-1.1.1l-150400.7.72.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c21 --- Comment #21 from Maintenance Automation <maint-coord+maintenance-robot@suse.de> --- SUSE-SU-2024:2933-1: An update that solves one vulnerability and has two security fixes can now be installed. URL: https://www.suse.com/support/update/announcement/2024/suse-su-20242933-1 Category: security (moderate) Bug References: 1225907, 1226463, 1227138 CVE References: CVE-2024-5535 Maintenance Incident: [SUSE:Maintenance:34969](https://smelt.suse.de/incident/34969/) Sources used: openSUSE Leap 15.6 (src): openssl-1_1-1.1.1w-150600.5.6.1 Basesystem Module 15-SP6 (src): openssl-1_1-1.1.1w-150600.5.6.1 Development Tools Module 15-SP6 (src): openssl-1_1-1.1.1w-150600.5.6.1 Legacy Module 15-SP6 (src): openssl-1_1-1.1.1w-150600.5.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c22 --- Comment #22 from Maintenance Automation <maint-coord+maintenance-robot@suse.de> --- SUSE-SU-2024:2931-1: An update that solves one vulnerability and has one security fix can now be installed. URL: https://www.suse.com/support/update/announcement/2024/suse-su-20242931-1 Category: security (moderate) Bug References: 1226463, 1227138 CVE References: CVE-2024-5535 Maintenance Incident: [SUSE:Maintenance:34954](https://smelt.suse.de/incident/34954/) Sources used: openSUSE Leap 15.4 (src): openssl-3-3.0.8-150400.4.60.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): openssl-3-3.0.8-150400.4.60.1 SUSE Linux Enterprise Micro 5.3 (src): openssl-3-3.0.8-150400.4.60.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): openssl-3-3.0.8-150400.4.60.1 SUSE Linux Enterprise Micro 5.4 (src): openssl-3-3.0.8-150400.4.60.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): openssl-3-3.0.8-150400.4.60.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): openssl-3-3.0.8-150400.4.60.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): openssl-3-3.0.8-150400.4.60.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): openssl-3-3.0.8-150400.4.60.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): openssl-3-3.0.8-150400.4.60.1 SUSE Manager Proxy 4.3 (src): openssl-3-3.0.8-150400.4.60.1 SUSE Manager Retail Branch Server 4.3 (src): openssl-3-3.0.8-150400.4.60.1 SUSE Manager Server 4.3 (src): openssl-3-3.0.8-150400.4.60.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1226463 https://bugzilla.suse.com/show_bug.cgi?id=1226463#c24 --- Comment #24 from Maintenance Automation <maint-coord+maintenance-robot@suse.de> --- SUSE-SU-2024:3019-1: An update that solves one vulnerability and has one security fix can now be installed. URL: https://www.suse.com/support/update/announcement/2024/suse-su-20243019-1 Category: security (moderate) Bug References: 1226463, 1227138 CVE References: CVE-2024-5535 Maintenance Incident: [SUSE:Maintenance:34953](https://smelt.suse.de/incident/34953/) Sources used: openSUSE Leap 15.5 (src): openssl-3-3.0.8-150500.5.39.1 Basesystem Module 15-SP5 (src): openssl-3-3.0.8-150500.5.39.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com