|
Thanks Viktor,
The
crashed application doesn't call SSL_get0_verified_chain(). I'm not sure why the heap verified_chain is corrupted.
Besides,
for the X509 object, if I call X509_free() twice no coredump is generated which is as expected. So my issue is still related with verified_chain heap.
发件人: openssl-users <openssl-users-bounces@xxxxxxxxxxx> 代表 openssl-users-request@xxxxxxxxxxx <openssl-users-request@xxxxxxxxxxx>
发送时间: 2023年3月3日 20:00 收件人: openssl-users@xxxxxxxxxxx <openssl-users@xxxxxxxxxxx> 主题: openssl-users Digest, Vol 100, Issue 9 Send openssl-users mailing list submissions to
openssl-users@xxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit https://mta.openssl.org/mailman/listinfo/openssl-users or, via email, send a message with subject or body 'help' to openssl-users-request@xxxxxxxxxxx You can reach the person managing the list at openssl-users-owner@xxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of openssl-users digest..." Today's Topics: 1. Re: [Openssl 1.1.1n] application core dump while calling sk_X509_pop_free(s->verified_chain, X509_free); (Viktor Dukhovni) 2. OpenSSL 3.0.7 + Kernel Crypto API (Hareesh Das Ulleri) ---------------------------------------------------------------------- Message: 1 Date: Fri, 3 Mar 2023 00:49:26 -0500 From: Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> To: openssl-users@xxxxxxxxxxx Subject: Re: [Openssl 1.1.1n] application core dump while calling sk_X509_pop_free(s->verified_chain, X509_free); Message-ID: <ZAGKZhl1tA1O0c//@straasha.imrryr.org> Content-Type: text/plain; charset=us-ascii On Fri, Mar 03, 2023 at 02:21:43AM +0000, Ma Zhenhua wrote: > My application core dumps twice in the same procedure while pop and > free s->verified_chain. I don't find possible cause until now. Any > constructive advice is highly appreciated. You've corrupted the heap prior to that call, or, ignoring the documentation, or previously freed the verified chain, which is owned by SSL handle, and must not be freed by the application. See SSL_get0_verified_chain(3). OpenSSL's handling of this object is correct. You'll have to figure out where you went wrong. -- Viktor. ------------------------------ Message: 2 Date: Fri, 3 Mar 2023 08:47:59 +0000 From: Hareesh Das Ulleri <hareesh.ulleri@xxxxxxx> To: "openssl-users@xxxxxxxxxxx" <openssl-users@xxxxxxxxxxx> Subject: OpenSSL 3.0.7 + Kernel Crypto API Message-ID: <07164a1ea09c45978876d04fadebcc4b@xxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="us-ascii" Hello OpenSSL users, Is it possible to integrate linux kernel 5.10 Crypto API module with OpenSSL 3.0.7 or above versions. If possible request to suggest any doc to start with if available. My requirement is to integrate a HW Cipher implementation (with or without OpenSSL custom provider). Is this possible ? Please let me know if anyone tried or knows this ! Thanks, Hareesh -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230303/d354dc1b/attachment-0001.htm> ------------------------------ Subject: Digest Footer _______________________________________________ openssl-users mailing list openssl-users@xxxxxxxxxxx https://mta.openssl.org/mailman/listinfo/openssl-users ------------------------------ End of openssl-users Digest, Vol 100, Issue 9 ********************************************* |
