Source: libp11-openssl1.1 Version: 0.4.4-4 Severity: important Tags: patch Control: forwarded -1 https://github.com/OpenSC/libp11/issues/185
Dear Maintainer, using the pkcs11 back end results in a double-free: kurt@kurt tmp % openssl dgst -sha256 -engine pkcs11 -keyform engine -sign "pkcs11:<key>" blub > blub.sig engine "pkcs11" set. No private keys found. PKCS#11 token PIN: *** Error in `openssl': double free or corruption (fasttop): 0x0000558e9ed49230 *** ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7f3ac5f40bfb] /lib/x86_64-linux-gnu/libc.so.6(+0x76fc6)[0x7f3ac5f46fc6] /lib/x86_64-linux-gnu/libc.so.6(+0x7780e)[0x7f3ac5f4780e] /usr/lib/softhsm/libsofthsm2.so(+0x709e8)[0x7f3ac56149e8] /usr/lib/softhsm/libsofthsm2.so(+0x70657)[0x7f3ac5614657] /usr/lib/softhsm/libsofthsm2.so(+0x2e967)[0x7f3ac55d2967] /usr/lib/softhsm/libsofthsm2.so(C_CloseSession+0x14)[0x7f3ac55b8234] /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so(+0x1f3dd)[0x7f3ac5a793dd] /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so(+0x39fe0)[0x7f3ac5a93fe0] /usr/lib/x86_64-linux-gnu/libffi.so.6(ffi_closure_unix64_inner+0x1cf)[0x7f3ac5856e2f] /usr/lib/x86_64-linux-gnu/libffi.so.6(ffi_closure_unix64+0x46)[0x7f3ac58571a0] /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so(+0x2302d)[0x7f3ac5a7d02d] /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so(+0x23190)[0x7f3ac5a7d190] /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so(+0x3a000)[0x7f3ac5a94000] /usr/lib/x86_64-linux-gnu/libffi.so.6(ffi_closure_unix64_inner+0x1cf)[0x7f3ac5856e2f] /usr/lib/x86_64-linux-gnu/libffi.so.6(ffi_closure_unix64+0x46)[0x7f3ac58571a0] /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so(+0xb2d5)[0x7f3ac5cca2d5] /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so(+0xb737)[0x7f3ac5cca737] /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so(+0x5cbe)[0x7f3ac5cc4cbe] /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(+0x14c13f)[0x7f3ac67dc13f] /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(+0x14dea2)[0x7f3ac67ddea2] /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(OPENSSL_LH_doall+0x41)[0x7f3ac67fd971] /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(+0x14e22d)[0x7f3ac67de22d] /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(+0x14c356)[0x7f3ac67dc356] /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(OPENSSL_sk_pop_free+0x31)[0x7f3ac6851ca1] /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(+0x14c6ac)[0x7f3ac67dc6ac] /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(OPENSSL_cleanup+0x11e)[0x7f3ac67fb9de] /lib/x86_64-linux-gnu/libc.so.6(+0x35940)[0x7f3ac5f05940] /lib/x86_64-linux-gnu/libc.so.6(+0x3599a)[0x7f3ac5f0599a] openssl(+0x2ee64)[0x558e9cab1e64] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f3ac5ef02e1] openssl(+0x2f09a)[0x558e9cab209a] ======= Memory map: ======== [...] This is already fixed upstream: https://github.com/OpenSC/libp11/commit/da725ab727342083478150a203a3c80c4551feb4 The function EVP_PKEY_set1_engine() is available in Stretch's OpenSSL 1.1. -- System Information: Debian Release: 9.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-0.bpo.2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
From da725ab727342083478150a203a3c80c4551feb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Trojnara?= <michal.trojn...@stunnel.org> Date: Sat, 4 Nov 2017 09:25:10 +0100 Subject: [PATCH] Invoke EVP_PKEY_set1_engine() if OpenSSL has it This approach was suggested by @mouse07410 in #185. --- src/eng_front.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/eng_front.c b/src/eng_front.c index 9633fe061c75..45f15a1b1f2e 100644 --- a/src/eng_front.c +++ b/src/eng_front.c @@ -195,11 +195,19 @@ static EVP_PKEY *load_privkey(ENGINE *engine, const char *s_key_id, UI_METHOD *ui_method, void *callback_data) { ENGINE_CTX *ctx; + EVP_PKEY *pkey; ctx = get_ctx(engine); if (ctx == NULL) return 0; - return ctx_load_privkey(ctx, s_key_id, ui_method, callback_data); + pkey = ctx_load_privkey(ctx, s_key_id, ui_method, callback_data); +#ifdef EVP_F_EVP_PKEY_SET1_ENGINE + /* EVP_PKEY_set1_engine() is required for OpenSSL 1.1.x, + * but otherwise setting pkey->engine breaks OpenSSL 1.0.2 */ + if (pkey) + EVP_PKEY_set1_engine(pkey, engine); +#endif /* EVP_F_EVP_PKEY_SET1_ENGINE */ + return pkey; } static int engine_ctrl(ENGINE *engine, int cmd, long i, void *p, void (*f) ()) -- 2.11.0
signature.asc
Description: PGP signature