[openssl-dev] build with defined ENGINE_REF_COUNT_DEBUG
Hi, Please see attached file 0003-build-with-defined-ENGINE_REF_COUNT_DEBUG.patch . If ENGINE_REF_COUNT_DEBUG is defined build fail. Proposed patch resolve issue. Regards, Roumen >From 3db4a9eb01f6caf1c59c50d8f6a3f6ec73cc71df Mon Sep 17 00:00:00 2001 From: Roumen Petrov Date: Sun, 13 Mar 2016 20:02:42 +0200 Subject: [PATCH 3/3] build with defined ENGINE_REF_COUNT_DEBUG --- crypto/engine/eng_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index d0bc716..185cb9c 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -122,7 +122,7 @@ int engine_free_util(ENGINE *e, int locked) CRYPTO_atomic_add(&e->struct_ref, -1, &i, global_engine_lock); else i = --e->struct_ref; -engine_ref_debug(e, 0, -1) +engine_ref_debug(e, 0, -1); if (i > 0) return 1; REF_ASSERT_ISNT(i < 0); -- 1.8.4 -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] OPENSSL_cleanup now error is "invalid pointer"
Hi With current master "corrupted double-linked list" disappear but error still exist, see below Roumen Petrov wrote: [SNIP] Stack trace *** Error in '/apps/openssl': corrupted double-linked list: 0x006de730 *** ^C Program received signal SIGINT, Interrupt. 0x76fb338b in __lll_lock_wait_private () from /lib64/libc.so.6 (gdb) bt #0 0x76fb338b in __lll_lock_wait_private () from /lib64/libc.so.6 #1 0x76f3024a in _L_lock_12669 () from /lib64/libc.so.6 #2 0x76f2d975 in malloc () from /lib64/libc.so.6 #3 0x77de1b26 in _dl_map_object () from /lib64/ld-linux-x86-64.so.2 #4 0x77ded387 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2 #5 0x77de8924 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 #6 0x77decc7b in _dl_open () from /lib64/ld-linux-x86-64.so.2 #7 0x76fe0752 in do_dlopen () from /lib64/libc.so.6 #8 0x77de8924 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 #9 0x76fe0812 in __libc_dlopen_mode () from /lib64/libc.so.6 #10 0x76fb9825 in init () from /lib64/libc.so.6 #11 0x77282120 in pthread_once () from /lib64/libpthread.so.0 #12 0x76fb993c in backtrace () from /lib64/libc.so.6 #13 0x76f232a4 in __libc_message () from /lib64/libc.so.6 #14 0x76f293d7 in malloc_printerr () from /lib64/libc.so.6 #15 0x76f2ab0c in _int_free () from /lib64/libc.so.6 #16 0x7781b962 in CRYPTO_free (str=0x6de850, file=0x778eb3e6 "crypto/threads_pthread.c", line=99) at crypto/mem.c:226 #17 0x7787e7f5 in CRYPTO_THREAD_lock_free (lock=0x6de850) at crypto/threads_pthread.c:99 #18 0x7780eda5 in EVP_PKEY_free_it (x=0x6e9310) at crypto/evp/p_lib.c:447 #19 0x7780ecf4 in EVP_PKEY_free (x=0x6e9310) at crypto/evp/p_lib.c:431 #20 0x77811307 in EVP_PKEY_CTX_free (ctx=0x6de3a0) at crypto/evp/pmeth_lib.c:331 #21 0x777f7cd3 in EVP_MD_CTX_reset (ctx=0x6be5d0) at crypto/evp/digest.c:138 #22 0x777f7d34 in EVP_MD_CTX_free (ctx=0x6be5d0) at crypto/evp/digest.c:154 #23 0x777f59a3 in md_free (a=0x6be510) at crypto/evp/bio_md.c:116 #24 0x777359b8 in BIO_free (a=0x6be510) at crypto/bio/bio_lib.c:138 #25 0x0042d54a in dgst_main (argc=1, argv=0x7fffd950) at apps/dgst.c:444 #26 0x00438844 in do_cmd (prog=0x6b5f20, argc=11, argv=0x7fffd900) at apps/openssl.c:570 #27 0x00437ff3 in main (argc=11, argv=0x7fffd900) at apps/openssl.c:274 (gdb) I use "0004-avoid-corrupted-double-linked-list-in-EVP_PKEY.patch" as work-around. Local repository is updated up to: commit acde647fb0347f64af8f8678b73ce41f2f499c02 Author: Kazuki Yamaguchi Date: Thu Apr 21 17:35:53 2016 +0900 Fix EC_KEY_set_private_key() to call key->group->meth->set_private() Now error is: *** Error in `/util/../apps/openssl': munmap_chunk(): invalid pointer: 0x00fbe590 *** === Backtrace: = /lib64/libc.so.6(+0x7e3d7)[0x7f95457ec3d7] /util/../libcrypto.so.1.1(CRYPTO_free+0x57)[0x7f954635e0e2] /util/../libcrypto.so.1.1(CRYPTO_THREAD_lock_free+0x39)[0x7f95463c19f1] /util/../libcrypto.so.1.1(+0x17951d)[0x7f954635151d] /util/../libcrypto.so.1.1(EVP_PKEY_free+0x70)[0x7f954635146c] /util/../libcrypto.so.1.1(EVP_PKEY_CTX_free+0x55)[0x7f9546353a7f] /util/../libcrypto.so.1.1(EVP_MD_CTX_reset+0xd7)[0x7f954633a487] /util/../libcrypto.so.1.1(EVP_MD_CTX_free+0x18)[0x7f954633a4e8] /util/../libcrypto.so.1.1(+0x1600b9)[0x7f95463380b9] /util/../libcrypto.so.1.1(BIO_free+0x11d)[0x7f954627abcc] /util/../apps/openssl[0x42d879] /util/../apps/openssl[0x438cf8] /util/../apps/openssl[0x4384b5] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f954578fd05] /util/../apps/openssl[0x41ba99] === Memory map: Work-around "avoid-corrupted-double-linked-list-in-EVP_PKEY" from my previous post resolve issue: Roumen P.S. diff for protocol diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index a8fa301..0dfb93b 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -436,6 +436,7 @@ static void EVP_PKEY_free_it(EVP_PKEY *x) x->engine = NULL; #endif CRYPTO_THREAD_lock_free(x->lock); +x->lock = NULL; } static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] get engine function for EC key
Hi, Currently access to engine member is available for some keys: $ grep -r get0_engine include/ include/openssl/dh.h:ENGINE *DH_get0_engine(DH *d); include/openssl/dsa.h:ENGINE *DSA_get0_engine(DSA *d); include/openssl/rsa.h:ENGINE *RSA_get0_engine(RSA *r); Please add function for EC_KEY. If possible constify key argument and result for all those access functions. Roumen -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?
Hi Openssl developers,
Recent modification to X509... structures prevent external
implementation of X509_LOOKUP_METHOD.
Main issue that 1.1beta5 is not usable. A lot of X509... structures are
now opaque, but there is no access neither memory management functions.
I hop that soon will be provided API for X509_LOOKUP_METHOD and etc.,
and then we could discuss corresponding API.
This email is only for X509_OBJECT as the primary subject is use of
lookup methods.
1) X509_STORE_get_X509_by_subject
The new function is with argument type and return X509_OBJECT. If is
called with X509_LU_CRL returned X509_OBJECT will contain X509_CRL.
So the question is why to use this new method instead existing
X509_STORE_get_by_subject?
What about to declare method as:
X509* X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs,
X509_NAME *name)
and to declare another method as:
X509_CRL* X509_STORE_get_X509_CRL_by_subject(X509_STORE_CTX *vs,
X509_NAME *name)
Definition could use internally X509_OBJECT with corresponding search type.
2) X509_OBJECT allocation.
Function X509_STORE_get_by_subject require pointer to allocated
X509_OBJECT. This and implementation of X509_LOOKUP_METHOD require
X509_OBJECT allocation method.
Unfortunately X509_OBJECT_new is not defined in 1.1beta5.
3) release of X509_OBJECT content.
X509_OBJECT_free is a new function that call X509_OBJECT_free_contents.
Unfortunately public function X509_OBJECT_free_contents release content
but does not change content type nor clear (zero) content.
If program code call X509_OBJECT_free_contents and then at some point
call X509_OBJECT_free double free error occur.
It seems to me current OpenSSL code is not impacted as functions like
X509_STORE_add_ does not use X509_OBJECT_free
X509_OBJECT_free_contents(obj);
OPENSSL_free(obj);
If function X509_OBJECT_free_contents remain public please ensure that
double free will not occur.
It seems to me change of content type to X509_LU_RETRY will prevent
double free.
4) access to X509_OBJECT content.
Current API provide access to certificate content but lack for access to
revocation list content.
Function X509_OBJECT_get0_X509 returns always certificate if argument is
not null. This does not look correct.
The function must return X.509 certificate only if argument is not null
and content type is for certificate.
For instance
X509 *X509_OBJECT_get0_X509(X509_OBJECT *a)
{
return a != NULL && a->type == X509_LU_X509 ? a->data.x509 : NULL;
}
Please define content access function for revocation list:
X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a)
I'm concerned that according plan next release is final one.
Roumen
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?
> I'm concerned that according plan next release is final one. Thank you for the feedback! We know that various accessors still need to be provided, and things like what you pointed out are bugs to be fixed. If there are other things you find missing, please let us know. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] remove defines that access X.509 store
Hi, Please find attached file "0004-remove-defines-X509_STORE_set_verify_.-as-context-is.patch" with a patch that removes two defines that access X.509 store members directly. As the X509_STORE is opaque build of source that use those defines fail. Regards, Roumen >From 32b59c4406581d9e0418ba9b61a1abe2044468ff Mon Sep 17 00:00:00 2001 From: Roumen Petrov Date: Sat, 16 Apr 2016 19:10:19 +0300 Subject: [PATCH 4/4] remove defines X509_STORE_set_verify_... as context is now opaque --- include/openssl/x509_vfy.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 4bf27e9..fa186a0 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -104,9 +104,6 @@ DEFINE_STACK_OF(X509_VERIFY_PARAM) int X509_STORE_set_depth(X509_STORE *store, int depth); -# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) -# define X509_STORE_set_verify_func(ctx,func)((ctx)->verify=(func)) - void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_STORE_CTX_set_app_data(ctx,data) \ -- 1.8.4 -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
