On 8/16/2010 8:11 AM, Jan Pechanec wrote:
On Fri, 13 Aug 2010, Ladar Levison wrote:I was able to dynamically load OpenSSL, initialize it, unload it, and then reload it back up again using your example along with some of my cleanup code. Since I don't know your specific use case, I don't know if something like this will work for you, but figured I'd send it along just in case. Here's the console output: [la...@magma Desktop]$ gcc -std=gnu99 -g -ldl ssl-dlopen-crash.c 2>&1 ; /a.out ; valgrind --tool=memcheck --leak-check=yes ./a.out Opening libssl.so... Initializing with OpenSSL... Closing libssl.so... Opening libssl.so... Initializing with OpenSSL... Closing libssl.so... ==21089== Memcheck, a memory error detector ==21089== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==21089== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info ==21089== Command: ./a.out ==21089== Opening libssl.so... Initializing with OpenSSL... Closing libssl.so... Opening libssl.so... Initializing with OpenSSL... Closing libssl.so... ==21089== ==21089== HEAP SUMMARY: ==21089== in use at exit: 0 bytes in 0 blocks ==21089== total heap usage: 5,293 allocs, 5,293 frees, 207,568 bytes allocated ==21089== ==21089== All heap blocks were freed -- no leaks are possible ==21089== ==21089== For counts of detected and suppressed errors, rerun with: -v ==21089== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 22 from 9) And a variant of the cleanup function I took from my actual application: void ssl_stop(void) { if (ssl_locks != NULL) { ERR_remove_state_d(0); COMP_zlib_cleanup_d(); CONF_modules_unload_d(1); OBJ_cleanup_d(); OBJ_NAME_cleanup_d(-1); BIO_sock_cleanup_d(); EVP_cleanup_d(); ENGINE_cleanup_d(); CRYPTO_cleanup_all_ex_data_d(); ERR_free_strings_d();hi Ladar, this frees all the strings, not just SSL strings referenced from the hash table created by the libcrypto code. So, if some code will use some libcrypto error strings after unloading libssl and calling this stop function, I believe we may end up in a similar situation and crash again. Jan.
You could try omitting the functions that cleanup libcrypto related state information, although I can't tell you off the top of my head which of the above that statement applies to. Ultimately though, my suggestion would only work if you can control access to the OpenSSL libraries. If other libraries you've linked in are loading/unloading OpenSSL outside of your control, you will likely continue to see segfaults.
My code was developed to make it easier for me to detect memory leaks by leaving nothing allocated at exit, and if it ever became necessary, possible for me to upgrade my dynamic libraries (including OpenSSL) without restarting my daemon process. To do the latter I needed to be able to unload and reload OpenSSL...
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
