I have the same problem as Kurt with libcrypto1.0.0 from
libssl1.0.0 version 1.0.1-2. The same happens on two
different i386 hosts.
Among other ways, here are two ways to reproducibly cause
libcrypto to segfault:
- Sshing to a host with libssl1.0.0 1.0.1-2 and running
'ssh-add -l' there causes the sshd process to segfault
- Sshing from a host with libssl1.0.0 1.0.1-2 to another
host causes the ssh client to segfault after
In both cases the segfault happens in
vpaes-x86.s, somewhere in vpaes_cbc_encrypt().
The ssh-add segfault happens with an RSA key. If I don't
forward the ssh agent connection (or don't use one at all),
'ssh-add -l' doesn't cause a segfault.
Mar 30 08:44:43 kernel: sshd: segfault at b8911000 ip b756c678 sp bfe85f00 error 6 in libcrypto.so.1.0.0[b7503000+1a3000]
Mar 30 08:44:43 kernel: ssh: segfault at b7ba8000 ip b756e0cd sp bfd4d44c error 4 in libcrypto.so.1.0.0[b7505000+1a3000]