• State Resolved
  • Locked Locked
  • Replies 4 replies
  • Subscribers 98 subscribers
  • Views 1682 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TI 8148 openssl seg fault with HTTPS connection

babs76er
Prodigy 225 points


Hello,

I am trying to log into a given website securely using libcurl and/or QT using HTTPS in an 8148 environment but keep getting a seg fault.  The same code works on an ubuntu linux host. I've tried to simplify even more by just doing an HTTPS connection with openssl. I still get the seg fault and I'm in the process of debugging this further. Below is the output from the 8148 platform (not working) and the Ubuntu Linux host (working):

TI 8148 Platform (not working):

dm814x-evm:# openssl s_client -connect www.facebook.com:443
CONNECTED(00000004)
depth=1 O = VeriSign Trust Network, OU = "VeriSign, Inc.", OU = VeriSign International Server CA - Class 3, OU = www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
verify error:num=20:unable to get local issuer certificate
verify return:0
Segmentation fault
dm814x-evm:#

Ubuntu Linux Host (working):

>> openssl s_client -connect www.facebook.com:443
CONNECTED(00000003)
depth=1 /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Palo Alto/O=Facebook, Inc./CN=*.facebook.com
i:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
1 s:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDyDCCAzGgAwIBAgIQAX933rO8uyNdRMzH26YucjANBgkqhkiG9w0BAQUFADCB
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg
SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0x
MjA2MjEwMDAwMDBaFw0xMzEyMzEyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlQYWxvIEFsdG8xFzAVBgNVBAoTDkZh
Y2Vib29rLCBJbmMuMRcwFQYDVQQDFA4qLmZhY2Vib29rLmNvbTCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEArpSxceLezMFpPgUQYyQBAuBomug8Obaz50uX1I17
I2iRALC0lu5i8ObTVrz0qg9QZDQC9dF2aqlyg1p1ZHI/ObvvUpDe2bzb+dPVXfrS
OqA9xgTFTSnPHUs729GoCc+uR7RMfq4XxRCb7iSpz0qNkRuw/QQVrkw/QwqhKlV+
KuECAwEAAaOCAR4wggEaMAkGA1UdEwQCMAAwRAYDVR0gBD0wOzA5BgtghkgBhvhF
AQcXAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
MDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9TVlJJbnRsLWNybC52ZXJpc2lnbi5j
b20vU1ZSSW50bC5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAsG
A1UdDwQEAwIFoDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
Y3NwLnZlcmlzaWduLmNvbTAnBgNVHREEIDAegg4qLmZhY2Vib29rLmNvbYIMZmFj
ZWJvb2suY29tMA0GCSqGSIb3DQEBBQUAA4GBAFtsK3X47TCqUarTarpZXlVRQZUf
gaU7RHkQrB92/3j8J4Fha1jzEir8HIcBBCXp7UPfGnumSYBgZ+JoivA9tYx99O4D
MJpq/CR8yxNNwz5UxrwdUTOlMqcyc7HXnK3Ajn4agxFtNFIzQLAwVCeiF0KCfJiR
Zpjufq+MO91xcAgX
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Palo Alto/O=Facebook, Inc./CN=*.facebook.com
issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
---
No client certificate CA names sent
---
SSL handshake has read 2028 bytes and written 304 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID: 49B8D2E493499AF90D2F5883B2759B4EF08B90A8206D23E2654492324EAB094C
Session-ID-ctx:
Master-Key: D042483CCEE2694998C5CD16671AE9F34B2EE3816AF166BAA8DE4DDFA14C7FEFFD011440BB76A51BD7121CE7970CD658
Key-Arg : None
Start Time: 1360344331
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
^C

  • 0
    TI__Genius 11470 points

    Hello,

    Please, provide more details. What software release you are using, which version? What is the PSP version? Thank you.

    BR

    Vladimir

  • 0 in reply to Vladimir-XID
    Prodigy 225 points

    Here are the versions I am using:

    EZSDK: ti-ezsdk_dm814x-evm_5_04_00_11

    PSP: linux-2.6.37-psp04.04.00.01

    OpenSSL:

    dm814x-evm:# opkg info openssl
    Package: openssl
    Version: 1.0.0d-r14.0.6
    Depends: libssl1.0.0 (>= 1.0.0d), libcrypto1.0.0 (>= 1.0.0d), libc6 (>= 2.9)
    Provides:
    Status: install user installed
    Architecture: armv7a
    Installed-Time: 1323455011

  • 0 in reply to babs76er
    Prodigy 225 points

    I have found a solution to the problem. Below is the procedure to fix this with the openssl v1.0.0d that comes with the TI 8148 EZSDK v5.04. You basically have to apply a cryptodev patch to openssl and cross compile correctly.

    Cross Compiling OpenSSL for TI8148 (cryptodev patch)

     

    References:

    http://www.openssl.org/

    http://processors.wiki.ti.com/index.php/Build_OpenSSL_for_Sitara

    http://processors.wiki.ti.com/index.php/File:0002-Modify-eng_cryptodev.c-to-make-SHA1-and-MD5-work-wit.patch

    http://openssl.6102.n7.nabble.com/openssl-org-2735-RE-segfault-with-cryptodev-in-openssl-1-0-0g-td30950.html

     

    Procedure:

    1. Download supported version for TI 8148 EZSDK 5.04
      1. http://www.openssl.org/source/
      2. Version: 1.0.0d
    2. Apply the patch to fix crypto/engine/eng_cryptodev.c
      1. http://openssl.6102.n7.nabble.com/openssl-org-2735-RE-segfault-with-cryptodev-in-openssl-1-0-0g-td30950.html
      2. >> patch –p1 < cryptodev-digest.diff
    3. Download configuration script for TI ARM
      1. http://e2e.ti.com/support/arm/sitara_arm/f/791/p/246082/861021.aspx
      2. File is 2438.Configure.txt, rename to Configure in the openssl directory
    4. Run Configure script
      1. >> ./Configure
    5. Modify Makefile for INSTALL_PREFIX and CFLAGS
      1. INSTALL_PREFIX=${TARGETFS}
      2. Add to CFLAGS for include files: -I${EZSDK}/linux-devkit/arm-none-linux-gnueabi/usr/include
    6. Build OpenSSL
      1. >> make
    7. Install OpenSSL Software
      1. >> make install_sw
    8. Run the HTTPS test:
    1. >> openssl s_client -connect www.ti.com:443
    Results:

    dm814x-evm:# openssl s_client -connect www.ti.com:443
    CONNECTED(00000004)
    depth=3 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
    verify error:num=19:self signed certificate in certificate chain
    verify return:0
    ---
    Certificate chain
    0 s:/C=US/ST=Texas/L=Plano/O=Texas Instruments Inc./OU=IT Services/CN=www.ti.com
    i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
    1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
    i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
    2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
    i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
    3 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
    i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIFjDCCBHSgAwIBAgIQXR1DwgWV13ak6hjmBj0lPTANBgkqhkiG9w0BAQUFADCB
    tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
    ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
    YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm
    VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTEwNzEz
    MDAwMDAwWhcNMTMwNzEyMjM1OTU5WjB5MQswCQYDVQQGEwJVUzEOMAwGA1UECBMF
    VGV4YXMxDjAMBgNVBAcUBVBsYW5vMR8wHQYDVQQKFBZUZXhhcyBJbnN0cnVtZW50
    cyBJbmMuMRQwEgYDVQQLFAtJVCBTZXJ2aWNlczETMBEGA1UEAxQKd3d3LnRpLmNv
    bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM1jLPCfgg7Gb+ZSmHGN
    DmqCe+rCo5nI2OnJIGes8te+yIdogXX0hjGbLOAgZC+Y7W5rnZGHMuc4jJpL0Rsq
    haghtweifhG5Y1Z4MXYd07D8gSkGCRSe3YItdqug9sxDltgdu2MSlTcfbMTub94I
    fXkOBXVcwC+9miKKgsft6A+L/P6/LrUbMbIdXHd17HpKdOdidWiY4FoI7KPwHkgd
    elLo0PUluGu9q3NjQCmGiEm5eAAKDtpc0/UG0RW99JthkM7+9LK9EJ8OFVlwcUDb
    ESzPpmw0S7hWaUHnwxKv7xbrBzIOl/cMQNGTvIETr1fVINTo7lyi6OdpfllEYJe6
    B3kCAwEAAaOCAdEwggHNMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMEUGA1UdHwQ+
    MDwwOqA4oDaGNGh0dHA6Ly9TVlJTZWN1cmUtRzMtY3JsLnZlcmlzaWduLmNvbS9T
    VlJTZWN1cmVHMy5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsG
    AQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMB0GA1UdJQQWMBQG
    CCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBQNRFwWU0TBgn4dIKsl9AFj
    2L55pTB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZl
    cmlzaWduLmNvbTBABggrBgEFBQcwAoY0aHR0cDovL1NWUlNlY3VyZS1HMy1haWEu
    dmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjBuBggrBgEFBQcBDARiMGChXqBc
    MFowWDBWFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBRLa7kolgYMu9BSOJsprEsH
    iyEFGDAmFiRodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvMS5naWYwDQYJ
    KoZIhvcNAQEFBQADggEBAFM6WQf+hwnbkUF+flrFvanVIIHAvhL/sKZp5IJWN4sj
    xUZml7ZlzKjLGdpjoPwaFRoFgpLEK59iQyxrt/I/V938gksa5oZ3vQyCKoZO/mNr
    vii59YzVJKGDxDbE7r2EiTg9N6w4Pl02zfKCedMPNFvvbW5q6NTYlKvXJ2dmOktE
    2MWI+JU/6WnSfJ1/Ml/OhNqykRYkhgl2AbsgoCq9gfJdK+4sRhoi4ZqxNcxmKWuF
    rzyXhBj91Z/4Y6cE2/eAMJHZrIDjWGx9KQ24ZUgE43c0xoIpIrQZJOkTKKytKpTv
    zL7WJQUO2YfxJrAUpbK8TotwPsYBLTqEVUdvu461/xk=
    -----END CERTIFICATE-----
    subject=/C=US/ST=Texas/L=Plano/O=Texas Instruments Inc./OU=IT Services/CN=www.ti.com
    issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 5464 bytes and written 408 bytes
    ---
    New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
    Protocol : TLSv1
    Cipher : DHE-RSA-AES256-SHA
    Session-ID: FBD1B967D6F36EF8F776D6DA87C69E4CE9E5F90D1E2620D985D92C73B613BF9E
    Session-ID-ctx:
    Master-Key: 0A76FC8A38DCC7C20F504AA64C3D2FD0934327A641D9F32A824653D29202F146969C4B0B51028024C200F5900738ED50
    Key-Arg : None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1363214508
    Timeout : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
    ---
    ^C
    dm814x-evm:#

  • 0 in reply to babs76er
    TI__Genius 11470 points

    Hello,

    I am sorry that there was no reply here. I am glad that the issue is solved. Many thanks for the shared solution.

    BR

    Vladimir