Hi, It was reported that nettle crashes with SIGILL on an armv7 system. I've gather some info from the report [0], but let me know if you need anything else. My hunch is that this is neon related, and that the system that was used for compilation supported it but the final system doesn't. I'll disable neon support in the fedora builds and see how it works out.
The instruction that fails is:
(gdb) x/i$pc => 0xb6647af8 <_nettle_salsa20_core+8>: vldmia r12, {d20-d25}
And the backtrace is:
(gdb) backtrace #0 _nettle_salsa20_core () at salsa20-core-internal.s:58 #1 0xb6647db4 in nettle_salsa20r12_crypt (ctx=ctx@entry=0xb6cc7f40 <nonce_ctx>, length=<optimized out>, length@entry=29, c=c@entry=0x7f67ce83 "", m=m@entry=0x7f67ce83 "") at salsa20r12-crypt.c:65 #2 0xb6c9b1e0 in wrap_nettle_rnd_nonce (_ctx=<optimized out>, datasize=29, data=0x7f67ce83) at rnd.c:302 #3 wrap_nettle_rnd (_ctx=<optimized out>, level=level@entry=0, data=0x7f67ce83, datasize=datasize@entry=29) at rnd.c:321 #4 0xb6bcdd2c in _gnutls_rnd (len=29, data=<optimized out>, level=GNUTLS_RND_NONCE) at ./random.h:37 #5 create_tls_random (dst=<optimized out>) at gnutls_handshake.c:205 #6 0xb6bce0e0 in _gnutls_set_client_random (session=<optimized out>, rnd=<optimized out>) at gnutls_handshake.c:230 #7 0xb6bcf460 in send_client_hello (again=<optimized out>, session=0x7f67ce38) at gnutls_handshake.c:2039 #8 send_hello (session=session@entry=0x7f67ce38, again=<optimized out>) at gnutls_handshake.c:2249 #9 0xb6bd2ca4 in handshake_client (session=0x7f67ce38) at gnutls_handshake.c:2732 #10 gnutls_handshake (session=0x7f67ce38) at gnutls_handshake.c:2583 #11 0xb6f9a9d8 in cstp_handshake (vpninfo=vpninfo@entry=0x7f58ccf8, init=64, init@entry=1) at gnutls.c:2250 #12 0xb6f9aff8 in openconnect_open_https (vpninfo=vpninfo@entry=0x7f58ccf8) at gnutls.c:2227 #13 0xb6f7cc70 in do_https_request (vpninfo=vpninfo@entry=0x7f58ccf8, method=0xb6f9f700 "POST", method@entry=0xb6ffec80 <__stack_chk_guard> "", request_body_type=request_body_type@entry=0xb6f9fa28 "application/x-www-form-urlencoded", request_body=request_body@entry=0x7f58d480, form_buf=0xbefff25c, form_buf@entry=0x1bb, fetch_redirect=fetch_redirect@entry=0) at http.c:875 #14 0xb6f8d1a0 in cstp_obtain_cookie (vpninfo=<optimized out>) at auth.c:1238 #15 0x7f559508 in main (argc=0, argv=0x0) at main.c:1388
[0]. The full report: https://bugzilla.redhat.com/show_bug.cgi?id=1287298#c10
regards, Nikos