Re: Possible bug in crypto/engine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Antonio,

 

did you debug the preinstalled openssl app or have you tried to debug your own version, built with a debug configuration?

 

You get the best results in the debugger if you use the `debug-linux-x86_64` config target and
after building (you only need to run `make`, not `make install`) run it in the debugger directly from the source

directory as follows:

 

    util/shlib_wrap.sh  gdb  apps/openssl cms -sign -signer cert.pem -inkey 101 -keyform engine -engine pkcs11

 

If you can reproduce the crash with your debug version, please post a backtrace of the call stack when it’s stopped

at the segmentation fault.

 

HTH,

Matthias

 

Von: openssl-users <openssl-users-bounces@xxxxxxxxxxx> Im Auftrag von Antonio Iacono
Gesendet: Sonntag, 6. Januar 2019 19:55
An: openssl-users@xxxxxxxxxxx
Betreff: [openssl-users] Possible bug in crypto/engine

 

Hi,

 

I sign a text file with:

openssl cms -sign -signer cert.pem -inkey 01 -keyform engine -engine pkcs11

in openssl.cnf

[pkcs11_section]
engine_id = pkcs11
dynamic_path = /path/pkcs11.so
MODULE_PATH = /path/opensc-pkcs11.so

everything works well but if I write a wrong key, es. -inkey 101, this is gdb result:

 

PKCS11_get_private_key returned NULL
cannot load signing key file from engine
140737353990592:error:26096080:engine routines:ENGINE_load_private_key:failed loading private key:crypto/engine/eng_pkey.c:78:
unable to load signing key file
Program received signal SIGSEGV, Segmentation fault.
__GI___pthread_rwlock_wrlock (rwlock=0x0) at pthread_rwlock_wrlock.c:27
27    pthread_rwlock_wrlock.c: No such file or directory

 

I realized that the error is probably here:

crypto/engine/eng_lib.c line 93

if (e->destroy)
        e->destroy(e);

CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);

if I comment these lines openssl does not crash

 

I do not know engine well and I do not know what these two lines do, if anyone has any suggestions I can do some tests

 

Thanks,

Antonio Iacono

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux