Engines memory-management problems

Tue, 20 Sep 2011 09:51:12 -0700 

Greetings!

During the 1.x version the current scheme of
algorithms providing through engines was implemented.

Debugging our (Cryptocom LTD) engines, I’ve found some troubles in the
way it works, please tell me
where I’m mistaken.

Openssl is configured with shared zlib enable-rfc3779 options. System
is Linux. Version is 1.0.0d.

The engine section is

[gost_section]
      engine_id=gost        default_algorithms = ALL
      RNG=PROGRAM
#       dynamic_path = /opt/openssl/lib/engines/libgost.so

(the dynamic_path parameter is commented out)

The command is
$ ./bin/openssl speed -engine gost -evp gost89

It causes a SEGFAULT with diagnostics

*** glibc detected ***
./apps/openssl: double free or corruption (!prev): 0x097a4cd8 ***

When debugging, I’ve found that dynamically allocated
EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD structs are allocated twice,
because the openssl app causes two-times loading engine in such a
case. It happens because ENGINE_by_id does not find the gost engine
loaded before. Also this two-times allocation causes memory leaks
(DEBUG_OPENSSL_MEMORY shows them).

The sympthoms were fixed by the patch (rt #2598), though I prefer to
fix it more systematically.

When we try to prevent two-times engine loading and memory allocating
providing the DSO object (for example, nuron engine works so), it did
not  help because the structs are allocated before the DSO check.

What should we do to fix the two-times engine loading, allocation and
especially double-free? For our commercial engine we can use the
static instances of the internal structs of openssl instead of
allocating them, but it is very bad idea...

The other suspicious part of code is freeing the structs allocating
from the engine. They are freed from the libcrypto ENGINE_cleanup
code. AFAIK it can cause troubles at least in Windows systems where
the resources should be freed where thay are acquired, especially when
they are linked using different compiler versions.

Please tell me where I’m mistaken.

Thank you!


-- 
SY, Dmitry Belyavsky
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to