​OpenSSL v1.1.1s - Segmenation fault on older Linux (ARM)

Ismir Čolović i.colovic at main-embedded.de
Wed Jan 4 15:57:49 UTC 2023 

Hi,
I've upgraded libcrypto.so and libssl.so from 1.0.x to 1.1.1s on our two
Devices with ARM-Architecture and custom Linux and have segfault issue on
older device only.

*Background*
Our application runs civetweb webserver v1.5 which uses libcrypto.so and
libssl.so to provide TLSv1.2 (and TLSv1.3) encryption.
Same application is crosscompiled for two HW-Platforms (ARM) and both works
fine with OpenSSL 1.0.x.

*HW-Platforms*

   - iMX6 (works fine with 1.1.1s)
      - Freescale i.MX6 ARMv7 CPU
      - Linux Kernel v4.14
      - GCC v7.3.0


   - AM33xx (segfault with 1.1.1s)
      - TI AM33xx ARMv7 CPU
      - Linux Kernel v3.12.15
      - GCC v4.7.3


I've crosscompiled openssl 1.1.1s for both platforms. On iMX6 platform
everything works fine and the webserver provides TLSv1.2 and TLSv1.3 with
configured ciphers.
On the older AM33xx platform the application crashes with segmentation
fault on loading the openssl libs.

*Issue details*
I've configured the openssl with following options

./Configure linux-armv4 shared no-deprecated no-dgram no-ssl3 no-psk no-srp
no-zlib no-afalgeng no-comp no-cms no-ct no-srp no-srtp no-ts no-gost
no-dso no-ec2m no-tls1 no-tls1_1 no-dtls no-dtls1 no-ssl no-ssl3-method
no-tls1-method no-tls1_1-method no-dtls1-method no-siphash no-whirlpool
no-aria no-bf no-blake2 no-egd no-idea no-rc5 no-rc4 no-sm2 no-sm3 no-sm4
no-camellia no-cast no-md4 no-mdc2 no-ocb no-rc2 no-rmd160 no-scrypt
no-weak-ssl-ciphers no-tests no-seed

Civetweb is passing following cipher list
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384"

the application is crashing after the webserver calls *OPENSSL_init_ssl()*

I made some debugging and found out that segfault happens after calling
*EVP_add_cipher(EVP_chacha20_poly1305());* (ssl/ssl_init.c)
If I disable chacha20 and poly1305 than tha app is not crashing but it also
not working.

Do you have any idea how fix this issue? Is my configuration OK?
Are they any minimum requrements for Linux Kernel or GCC?

Best regards
Ismir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230104/d5c33f08/attachment.htm>

More information about the openssl-users mailing list