Hi,
I've
upgraded libcrypto.so and libssl.so from 1.0.x to 1.1.1s on our two
Devices with ARM-Architecture and custom Linux and have segfault issue on older device only.
Background
Our application runs civetweb webserver v1.5 which uses libcrypto.so and libssl.so to provide TLSv1.2 (and TLSv1.3) encryption.
Same application is crosscompiled for two HW-Platforms (ARM) and both works fine with OpenSSL 1.0.x.
I've crosscompiled openssl 1.1.1s for both platforms. On iMX6 platform everything works fine and the webserver provides TLSv1.2 and TLSv1.3 with configured ciphers.
On the older AM33xx platform the application crashes with segmentation fault on loading the openssl libs.
Issue details
I've configured the openssl with following options
./Configure linux-armv4 shared no-deprecated no-dgram no-ssl3 no-psk no-srp no-zlib no-afalgeng no-comp no-cms no-ct no-srp no-srtp no-ts no-gost no-dso no-ec2m no-tls1 no-tls1_1 no-dtls no-dtls1 no-ssl no-ssl3-method no-tls1-method no-tls1_1-method no-dtls1-method no-siphash no-whirlpool no-aria no-bf no-blake2 no-egd no-idea no-rc5 no-rc4 no-sm2 no-sm3 no-sm4 no-camellia no-cast no-md4 no-mdc2 no-ocb no-rc2 no-rmd160 no-scrypt no-weak-ssl-ciphers no-tests no-seed
Civetweb is passing following cipher list
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384"
the application is crashing after the webserver calls OPENSSL_init_ssl()
I made some debugging and found out that segfault happens after calling EVP_add_cipher(EVP_chacha20_poly1305()); (ssl/ssl_init.c)
If I disable chacha20 and poly1305 than tha app is not crashing but it also not working.
Do you have any idea how fix this issue? Is my configuration OK?
Are they any minimum requrements for Linux Kernel or GCC?
Best regards
Ismir
Background
Our application runs civetweb webserver v1.5 which uses libcrypto.so and libssl.so to provide TLSv1.2 (and TLSv1.3) encryption.
Same application is crosscompiled for two HW-Platforms (ARM) and both works fine with OpenSSL 1.0.x.
HW-Platforms
- iMX6 (works fine with 1.1.1s)
- Freescale i.MX6 ARMv7 CPU
- Linux Kernel v4.14
- GCC v7.3.0
- AM33xx (segfault with 1.1.1s)
- TI AM33xx ARMv7 CPU
- Linux Kernel v3.12.15
- GCC v4.7.3
I've crosscompiled openssl 1.1.1s for both platforms. On iMX6 platform everything works fine and the webserver provides TLSv1.2 and TLSv1.3 with configured ciphers.
On the older AM33xx platform the application crashes with segmentation fault on loading the openssl libs.
Issue details
I've configured the openssl with following options
./Configure linux-armv4 shared no-deprecated no-dgram no-ssl3 no-psk no-srp no-zlib no-afalgeng no-comp no-cms no-ct no-srp no-srtp no-ts no-gost no-dso no-ec2m no-tls1 no-tls1_1 no-dtls no-dtls1 no-ssl no-ssl3-method no-tls1-method no-tls1_1-method no-dtls1-method no-siphash no-whirlpool no-aria no-bf no-blake2 no-egd no-idea no-rc5 no-rc4 no-sm2 no-sm3 no-sm4 no-camellia no-cast no-md4 no-mdc2 no-ocb no-rc2 no-rmd160 no-scrypt no-weak-ssl-ciphers no-tests no-seed
Civetweb is passing following cipher list
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384"
the application is crashing after the webserver calls OPENSSL_init_ssl()
I made some debugging and found out that segfault happens after calling EVP_add_cipher(EVP_chacha20_poly1305()); (ssl/ssl_init.c)
If I disable chacha20 and poly1305 than tha app is not crashing but it also not working.
Do you have any idea how fix this issue? Is my configuration OK?
Are they any minimum requrements for Linux Kernel or GCC?
Best regards
Ismir