[openssl-dev] OPENSSL_cleanup new issue

Roumen Petrov openssl at roumenpetrov.info
Tue Mar 15 21:22:20 UTC 2016

Hi Matt,

Matt Caswell wrote:
> Hi Roumen
> On 10/03/16 22:21, Roumen Petrov wrote:
>> Hello,
>> With new thread model in some configurations openssl hands on unload of
>> engine.
> I just pushed commit 773fd0bad4 to master which should hopefully resolve
> this issue.
It seems to me hang is resolved after recent changes in init.c - commit 
"Fix the init cleanup order" (


May be cleanup function could free error list after all other clean-up code.

I would like to test engine "reference counters but build fail - please 
apply patch 0003-build-with-defined-ENGINE_REF_COUNT_DEBUG.patch.

I'm not sure that memory leaks are resolved - valgrind report that 
err_string_lock and ex_data_lock are not freed.

Now some regression tests of an engine fail with "corrupted 
double-linked list" .Tests call openssl dgst command with key from file 
or engine. Keys are rsa, dsa and ec. Digest verify command fail only if 
key format is from engine , key is EC key with prime256v1 or secp521r1. 
Tests pass with EC secp384r1. Also all test pass if engine code print 
debug messages to stderr.

Stack trace
*** Error in '<BUILDDIR>/apps/openssl': corrupted double-linked list: 
0x00000000006de730 ***
Program received signal SIGINT, Interrupt.
0x00007ffff6fb338b in __lll_lock_wait_private () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff6fb338b in __lll_lock_wait_private () from /lib64/libc.so.6
#1  0x00007ffff6f3024a in _L_lock_12669 () from /lib64/libc.so.6
#2  0x00007ffff6f2d975 in malloc () from /lib64/libc.so.6
#3  0x00007ffff7de1b26 in _dl_map_object () from /lib64/ld-linux-x86-64.so.2
#4  0x00007ffff7ded387 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
#5  0x00007ffff7de8924 in _dl_catch_error () from 
#6  0x00007ffff7decc7b in _dl_open () from /lib64/ld-linux-x86-64.so.2
#7  0x00007ffff6fe0752 in do_dlopen () from /lib64/libc.so.6
#8  0x00007ffff7de8924 in _dl_catch_error () from 
#9  0x00007ffff6fe0812 in __libc_dlopen_mode () from /lib64/libc.so.6
#10 0x00007ffff6fb9825 in init () from /lib64/libc.so.6
#11 0x00007ffff7282120 in pthread_once () from /lib64/libpthread.so.0
#12 0x00007ffff6fb993c in backtrace () from /lib64/libc.so.6
#13 0x00007ffff6f232a4 in __libc_message () from /lib64/libc.so.6
#14 0x00007ffff6f293d7 in malloc_printerr () from /lib64/libc.so.6
#15 0x00007ffff6f2ab0c in _int_free () from /lib64/libc.so.6
#16 0x00007ffff781b962 in CRYPTO_free (str=0x6de850, file=0x7ffff78eb3e6 
"crypto/threads_pthread.c", line=99) at crypto/mem.c:226
#17 0x00007ffff787e7f5 in CRYPTO_THREAD_lock_free (lock=0x6de850) at 
#18 0x00007ffff780eda5 in EVP_PKEY_free_it (x=0x6e9310) at 
#19 0x00007ffff780ecf4 in EVP_PKEY_free (x=0x6e9310) at 
#20 0x00007ffff7811307 in EVP_PKEY_CTX_free (ctx=0x6de3a0) at 
#21 0x00007ffff77f7cd3 in EVP_MD_CTX_reset (ctx=0x6be5d0) at 
#22 0x00007ffff77f7d34 in EVP_MD_CTX_free (ctx=0x6be5d0) at 
#23 0x00007ffff77f59a3 in md_free (a=0x6be510) at crypto/evp/bio_md.c:116
#24 0x00007ffff77359b8 in BIO_free (a=0x6be510) at crypto/bio/bio_lib.c:138
#25 0x000000000042d54a in dgst_main (argc=1, argv=0x7fffffffd950) at 
#26 0x0000000000438844 in do_cmd (prog=0x6b5f20, argc=11, 
argv=0x7fffffffd900) at apps/openssl.c:570
#27 0x0000000000437ff3 in main (argc=11, argv=0x7fffffffd900) at 

I use "0004-avoid-corrupted-double-linked-list-in-EVP_PKEY.patch" as 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-build-with-defined-ENGINE_REF_COUNT_DEBUG.patch
Type: text/x-diff
Size: 775 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160315/b62e023a/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-avoid-corrupted-double-linked-list-in-EVP_PKEY.patch
Type: text/x-diff
Size: 660 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160315/b62e023a/attachment-0001.patch>

More information about the openssl-dev mailing list