回复: openssl-users Digest, Vol 100, Issue 9

Ma Zhenhua mazhh at outlook.com
Mon Mar 6 05:27:32 UTC 2023 

Thanks Viktor,

The crashed application doesn't call SSL_get0_verified_chain(). I'm not sure why the heap verified_chain is corrupted.

Besides, for the X509 object, if I call X509_free() twice no coredump is generated which is as expected. So my issue is still related with verified_chain heap.

________________________________
发件人: openssl-users <openssl-users-bounces at openssl.org> 代表 openssl-users-request at openssl.org <openssl-users-request at openssl.org>
发送时间: 2023年3月3日 20:00
收件人: openssl-users at openssl.org <openssl-users at openssl.org>
主题: openssl-users Digest, Vol 100, Issue 9

Send openssl-users mailing list submissions to
        openssl-users at openssl.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://mta.openssl.org/mailman/listinfo/openssl-users
or, via email, send a message with subject or body 'help' to
        openssl-users-request at openssl.org

You can reach the person managing the list at
        openssl-users-owner at openssl.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of openssl-users digest..."


Today's Topics:

   1. Re: [Openssl 1.1.1n] application core dump while calling
      sk_X509_pop_free(s->verified_chain, X509_free); (Viktor Dukhovni)
   2. OpenSSL 3.0.7 + Kernel Crypto API (Hareesh Das Ulleri)


----------------------------------------------------------------------

Message: 1
Date: Fri, 3 Mar 2023 00:49:26 -0500
From: Viktor Dukhovni <openssl-users at dukhovni.org>
To: openssl-users at openssl.org
Subject: Re: [Openssl 1.1.1n] application core dump while calling
        sk_X509_pop_free(s->verified_chain, X509_free);
Message-ID: <ZAGKZhl1tA1O0c//@straasha.imrryr.org>
Content-Type: text/plain; charset=us-ascii

On Fri, Mar 03, 2023 at 02:21:43AM +0000, Ma Zhenhua wrote:

> My application core dumps twice in the same procedure while pop and
> free s->verified_chain. I don't find possible cause until now. Any
> constructive advice is highly appreciated.

You've corrupted the heap prior to that call, or, ignoring the
documentation, or previously freed the verified chain, which is owned by
SSL handle, and must not be freed by the application.

See SSL_get0_verified_chain(3).  OpenSSL's handling of this object is
correct.  You'll have to figure out where you went wrong.

--
    Viktor.


------------------------------

Message: 2
Date: Fri, 3 Mar 2023 08:47:59 +0000
From: Hareesh Das Ulleri <hareesh.ulleri at ovt.com>
To: "openssl-users at openssl.org" <openssl-users at openssl.org>
Subject: OpenSSL 3.0.7 + Kernel Crypto API
Message-ID: <07164a1ea09c45978876d04fadebcc4b at ovtmail2.ovt.com>
Content-Type: text/plain; charset="us-ascii"

Hello OpenSSL users,

  Is it possible to integrate linux kernel 5.10 Crypto API module with OpenSSL 3.0.7 or above versions. If possible request to suggest any doc to start with if available.

  My requirement is to integrate a HW Cipher implementation (with or without OpenSSL custom provider). Is this possible ?

  Please let me know if anyone tried or knows this !

Thanks,
Hareesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230303/d354dc1b/attachment-0001.htm>

------------------------------

Subject: Digest Footer

_______________________________________________
openssl-users mailing list
openssl-users at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-users


------------------------------

End of openssl-users Digest, Vol 100, Issue 9
*********************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230306/023c0853/attachment.htm>

More information about the openssl-users mailing list