After a lot of sleuthing with gdb, I'm pretty confident this is the source of (and fix for) the crash we are seeing with libssl1.1:arm64 1.1.1f-1ubuntu2.10:
https://github.com/openssl/openssl/commit/fcf6e9d056162d5af64c6f7209388a5c3be2ce57 It's a bug fix for some pointer authentication assembly instructions for the Poly1305 arm64 assembly code. These instructions only execute (and crash) on Arm v8.3 64 bit processors - they NOOP on other processors that don't understand them. Note, I have no idea why that code would not also be a problem and crash under valgrind, but I've definitely narrowed this particular crash outside of valgrind down to that location. Maybe it disables pointer authentication....? It appears the commit above was landed in OpenSSL 1.1.1i: https://github.com/openssl/openssl/blob/OpenSSL_1_1_1i/crypto/poly1305/asm/poly1305-armv8.pl Bottom line, in order to prevent crashes on Arm v8.3 processors I believe addressing this requires an upgrade of libssl1.1 to OpenSSL 1.1.1i. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1951279 Title: OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds Status in openssl package in Ubuntu: Incomplete Bug description: Description ----------- It seems that current Ubuntu 20.04 (Focal) distribution for Arm64/Aarch64 raise a segmentation fault when certain validates some certificates. This issue affects only to Arm64/Aarch64 all the tools statically or dynamically linked with this version of the library are affected (Libcurl4, Curl, Wget, OpenJDK, Curl-PHP, etc). Environment and platform ------------------------ Linux 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:29:20 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux Steps to reproduce ------------------ 1. Run: curl -v https://graph.facebook.com/v12.0/act_111/ or wget https://graph.facebook.com/v12.0/act_111/ Result received --------------- Segmentation fault (core dumped) Notes ----- This bug was found by the Curl users: See: https://github.com/curl/curl/issues/8024 I believe that this bug is related to https://ubuntu.com/security/CVE-2020-1967 that maybe used as a vector point for code injection. Actually there isn't any replacement for OpenSSL 1.1.1f for Focal (Arm64), so it makes difficult to use Ubuntu 20.04 in a production environment. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1951279/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
