[openssl-users] Possible bug in crypto/engine

Sun Jan 6 23:51:09 UTC 2019

Thanks Dmitry and Matthias,

I solved, as suggested the problem was not openssl, but libp11 I had
compiled with version 1.1 of libcrypto instead version 3.

Antonio

Il giorno dom 6 gen 2019 alle ore 23:53 Dr. Matthias St. Pierre <
Matthias.St.Pierre at ncp-e.com> ha scritto:

> Antonio,
>
>
>
> did you debug the preinstalled openssl app or have you tried to debug your
> own version, built with a debug configuration?
>
>
>
> You get the best results in the debugger if you use the
> `debug-linux-x86_64` config target and
> after building (you only need to run `make`, not `make install`) run it in
> the debugger directly from the source
>
> directory as follows:
>
>
>
>     util/shlib_wrap.sh  gdb  apps/openssl cms -sign -signer cert.pem -
> inkey 101 -keyform engine -engine pkcs11
>
>
>
> If you can reproduce the crash with your debug version, please post a
> backtrace of the call stack when it’s stopped
>
> at the segmentation fault.
>
>
>
> HTH,
>
> Matthias
>
>
>
> *Von:* openssl-users <openssl-users-bounces at openssl.org> *Im Auftrag von *Antonio
> Iacono
> *Gesendet:* Sonntag, 6. Januar 2019 19:55
> *An:* openssl-users at openssl.org
> *Betreff:* [openssl-users] Possible bug in crypto/engine
>
>
>
> Hi,
>
>
>
> I sign a text file with:
>
> openssl cms -sign -signer cert.pem -inkey 01 -keyform engine -engine
> pkcs11
>
> in openssl.cnf
>
> [pkcs11_section]
> engine_id = pkcs11
> dynamic_path = /path/pkcs11.so
> MODULE_PATH = /path/opensc-pkcs11.so
>
> everything works well but if I write a wrong key, es. -inkey 101, this is
> gdb result:
>
>
>
> PKCS11_get_private_key returned NULL
> cannot load signing key file from engine
> 140737353990592:error:26096080:engine
> routines:ENGINE_load_private_key:failed loading private
> key:crypto/engine/eng_pkey.c:78:
> unable to load signing key file
> Program received signal SIGSEGV, Segmentation fault.
> __GI___pthread_rwlock_wrlock (rwlock=0x0) at pthread_rwlock_wrlock.c:27
> 27    pthread_rwlock_wrlock.c: No *such* file or directory
>
>
>
> I realized that the error is probably here:
>
> crypto/engine/eng_lib.c line 93
>
> if (e->destroy)
>         e->destroy(e);
>
> CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
>
> if I comment these lines openssl does not crash
>
>
>
> I do not know engine well and I do not know what these two lines do, if
> anyone has any suggestions I can do some tests
>
>
>
> Thanks,
>
> Antonio Iacono
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190107/f18b8b6a/attachment.html>