** Description changed: [Impact] openssl config file is being loaded twice, causing engines to be loaded twice if specified therein, causing double free errors and other strange behavior. [Test plan] Run the command of the package being tested in gdb -ex "break CONF_modules_load_file" -ex "run" --args and make sure it only breaks one. + Regression test: + + In default Ubuntu configuration, either no openssl configuration is provided, or it contains no settings that affect wget. This code path changes how/when openssl configuration is loaded and used by openssl. One should verify that: + 1) wget continues to work without openssl.cnf + 2) wget continues to work with stock ubuntu unmodified openssl.cnf + 3) wget continue to honor and use custom TLS settings that one may have specified in openssl.cnf (for example custom engine) + + [Where problems could occur] wget: This is an upstream change that changes initialization and is in use in later releases. Since it mostly removes an unneeded call to the load file function, a regression could be a config file being ignored, but it seems unlikely given the use in later releases + [Original bug report] "double free" error is seen when using curl utility. Error is from libcrypto.so which is part of the OpenSSL package. This happens only when OpenSSL is configured to use a dynamic engine. OpenSSL version is 1.1.1f The issue is not encountered if http://www.openssl.org/source/openssl-1.1.1f.tar.gz is used instead. OpenSSL can be configured to use a dynamic engine by editing the default openssl config file which is located at '/etc/ssl/openssl.cnf' on Ubuntu systems. On Bluefield systems, config diff to enable PKA dynamic engine, is as below: +openssl_conf = conf_section + # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid oid_section = new_oids +[ conf_section ] +engines = engine_section + +[ engine_section ] +bf = bf_section + +[ bf_section ] +engine_id=pka +dynamic_path=/usr/lib/aarch64-linux-gnu/engines-1.1/pka.so +init=0 + engine_id above refers to dynamic engine name/identifier. dynamic_path points to the .so file for the dynamic engine. # curl -O https://tpo.pe/pathogen.vim double free or corruption (out) Aborted (core dumped)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921518 Title: OpenSSL "double free" error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1921518/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
