Greetings! On Thu, Sep 22, 2011 at 3:00 AM, Roumen Petrov <open...@roumenpetrov.info> wrote: > Hi Dmitry, > > Dmitry Belyavsky wrote: >> >> Greetings! >> >> During the 1.x version the current scheme of >> algorithms providing through engines was implemented. >> >> Debugging our (Cryptocom LTD) engines, I’ve found some troubles in the >> way it works, please tell me >> where I’m mistaken. >> >> Openssl is configured with shared zlib enable-rfc3779 options. System >> is Linux. Version is 1.0.0d. >> >> The engine section is >> >> [gost_section] >> engine_id=gost default_algorithms = ALL >> RNG=PROGRAM >> # dynamic_path = /opt/openssl/lib/engines/libgost.so >> >> (the dynamic_path parameter is commented out) >> >> The command is >> $ ./bin/openssl speed -engine gost -evp gost89 >> >> It causes a SEGFAULT with diagnostics >> >> *** glibc detected *** >> ./apps/openssl: double free or corruption (!prev): 0x097a4cd8 *** >> >> When debugging, I’ve found that dynamically allocated >> EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD structs are allocated twice, >> because the openssl app causes two-times loading engine in such a >> case. It happens because ENGINE_by_id does not find the gost engine >> loaded before. Also this two-times allocation causes memory leaks >> (DEBUG_OPENSSL_MEMORY shows them). >> >> The sympthoms were fixed by the patch (rt #2598), though I prefer to >> fix it more systematically. >> >> When we try to prevent two-times engine loading and memory allocating >> providing the DSO object (for example, nuron engine works so), it did >> not help because the structs are allocated before the DSO check. >> >> What should we do to fix the two-times engine loading, allocation and >> especially double-free? For our commercial engine we can use the >> static instances of the internal structs of openssl instead of >> allocating them, but it is very bad idea... >> >> The other suspicious part of code is freeing the structs allocating >> from the engine. They are freed from the libcrypto ENGINE_cleanup >> code. AFAIK it can cause troubles at least in Windows systems where >> the resources should be freed where thay are acquired, especially when >> they are linked using different compiler versions. >> >> Please tell me where I’m mistaken. >> >> Thank you! >> > > What is result if register_XXXX_gost methotds are moved from bind to init ?
Double-free occurs too. The openssl speed -engine gost -evp gost89 is successful, but the openssl engine gost fails with the same diagnostics. BTW it seems to be a bug in engine command, because when I use the DSO object to protect double-load, the speed command reports "can't use that engine" (./apps/apps.c line 1492) and the engine command does not. -- SY, Dmitry Belyavsky ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
