I can't reproduce the problem. Well, I didn't use archlinux binaries,
but I could replace 1.0.0 libcrypto.so with 1.0.1 libcrypto.so on rhel
and successfully run ssh... I've double-checked and can confirm that
vpaes was used in my test...
To analyze the problem one needs to identify the exact failing
instruction and registers' content, strace output(*) is not useful in
this case. Collect core file, run 'gdb /some/where/ssh core', issue
'disassemble' command and browse till you see the failing instruction,
collect 'info reg'... Provided that address ends with 0x?????d the
failing instruction is likely to be 'movdqu (%edx),%xmm0' but one needs
to be sure [that binutils did proper job]. If above is indeed failing
instruction, then it's likely to be some memory corruption. The loop in
question runs 'rounds' times and in order for this instruction to crash
'rounds' is very large, not 10, 12 or 14.
Yes, looks like exact duplicate. For reference. It should be possible to
avoid vpaes by setting OPENSSL_ia32cap environment variable to
~0x20000000000. Why x86_64 is not affected. If problem is restricted to
decrypt, then it should be noted that decryption is handled by bsaes on
x86_64, not vpaes.
OpenSSL Project http://www.openssl.org Development Mailing List [hidden email] Automated List Manager [hidden email]
I don't quite understand. The problem was reported for i386, but only
amd64 update packages are provided. Even though x86_64 module was fixed
too, CBC decrypt on x86_64 is handles by another module. So the x86_64
fix was more for some other unspecified case, but x86 fix was acute for
On Fri, Apr 13, 2012 at 12:22:56PM +0200, Andy Polyakov wrote:
> > There is also:
> > http://bugs.debian.org/665836 >
> I don't quite understand. The problem was reported for i386, but only
> amd64 update packages are provided.
I think you have a misunderstanding of how Debian works. I am
using amd64 on my system, so I build amd64 binaries. I upload
the source and binaries to Debian, and a whole bunch of other
hosts build it for the various supported arhitectures for which
I didn't upload it, including i386.
> Even though x86_64 module was fixed
> too, CBC decrypt on x86_64 is handles by another module. So the x86_64
> fix was more for some other unspecified case, but x86 fix was acute for
> i386 OpenSSH...
Both i386 and x86_64 cases are fixed in Debian based on the cvs