[Pkg-openssl-devel] Bug#989604: libssl1.1: segfault on arm64 (M1) with some ciphers e.g. curl https://dl.yarnpkg.com

Tue Jun 8 14:57:39 BST 2021

Package: libssl1.1
Version: 1.1.1d-0+deb10u6
Severity: normal

Dear Maintainer,

This bug appears to be fixed by 1.1.1k-1 in testing. I couldn't spot it
in the issue tracker but thought I'd mention it just in case.

On my arm64 machine (Apple M1) if I run Debian buster (in a Linux container
inside a qemu VM) with 1.1.1d-0+deb10u6 *and* expose the host's CPUID to the
VM running the container i.e.

```
root at 1a99ac25e4fd:/# cat /proc/cpuinfo
processor	: 0
BogoMIPS	: 48.00
Features	: fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm jscvt fcma lrcpc dcpop sha3 asimddp sha512 asimdfhm dit uscat ilrcpc flagm ssbs sb paca pacg dcpodp flagm2 frint
```

then this crashes:

```
root at 1a99ac25e4fd:/# curl -vvv https://dl.yarnpkg.com
* Expire in 0 ms for 6 (transfer 0xaaaafbedef30)
* Expire in 1 ms for 1 (transfer 0xaaaafbedef30)
...
*   Trying 104.18.126.100...
* TCP_NODELAY set
* Expire in 149997 ms for 3 (transfer 0xaaaafbedef30)
* Expire in 200 ms for 4 (transfer 0xaaaafbedef30)
* Connected to dl.yarnpkg.com (104.18.126.100) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Aug 18 00:00:00 2020 GMT
*  expire date: Aug 18 12:00:00 2021 GMT
*  subjectAltName: host "dl.yarnpkg.com" matched cert's "*.yarnpkg.com"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xaaaafbedef30)
> GET / HTTP/2
> Host: dl.yarnpkg.com
> User-Agent: curl/7.64.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
Segmentation fault
```

Other URLs work fine.

The `curl` succeeds if I hide some of the CPUID flags e.g. by
pretending the system is a cortex-a57 (with `qemu -cpu cortex-a57`):
```
/ # cat /proc/cpuinfo
processor	: 0
BogoMIPS	: 48.00
Features	: fp asimd evtstrm aes pmull sha1 sha2 crc32 fphp asimdhp cpuid dit
```

If I take a broken buster system and replace the `libcrypto.so.1.1` with
the one from testing, the bug is fixed.

So I think it's a bug in the buster version of libssl1.1, detecting some
CPU feature, misusing it and crashing. The bug appears to be fixed in
testing.

-- System Information:
Debian Release: 10.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: arm64 (aarch64)

Kernel: Linux 5.10.25-linuxkit (SMP w/4 CPU cores; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_RANDSTRUCT
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages libssl1.1 depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  libc6                  2.28-10

libssl1.1 recommends no packages.

libssl1.1 suggests no packages.

-- no debconf information

Thanks for all your work!
David