[openssl-users] Possible bug in crypto/engine

Dmitry Belyavsky beldmit at gmail.com
Sun Jan 6 19:03:27 UTC 2019


вс, 6 янв. 2019 г., 21:55 Antonio Iacono antiac at gmail.com:

> Hi,
> I sign a text file with:
> openssl cms -sign -signer cert.pem -inkey 01 -keyform engine -engine
> pkcs11
> in openssl.cnf
> [pkcs11_section]
> engine_id = pkcs11
> dynamic_path = /path/pkcs11.so
> MODULE_PATH = /path/opensc-pkcs11.so
> everything works well but if I write a wrong key, es. -inkey 101, this is
> gdb result:
> PKCS11_get_private_key returned NULL
> cannot load signing key file from engine
> 140737353990592:error:26096080:engine
> routines:ENGINE_load_private_key:failed loading private
> key:crypto/engine/eng_pkey.c:78:
> unable to load signing key file
> Program received signal SIGSEGV, Segmentation fault.
> __GI___pthread_rwlock_wrlock (rwlock=0x0) at pthread_rwlock_wrlock.c:27
> 27    pthread_rwlock_wrlock.c: No *such* file or directory
> I realized that the error is probably here:
> crypto/engine/eng_lib.c line 93
> if (e->destroy)
>         e->destroy(e);
> CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
> if I comment these lines openssl does not crash
> I do not know engine well and I do not know what these two lines do, if
> anyone has any suggestions I can do some tests

I am not sure that the bug you found is in OpenSSL. I suspect it can be in
pkcs11 engine. The lines you've commented are a call of the engine cleanup

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190106/ff2dd383/attachment.html>

More information about the openssl-users mailing list