[Bug 1921518] Re: OpenSSL "double free" error

Dimitri John Ledkov 1921518 at bugs.launchpad.net
Fri Aug 20 13:27:18 UTC 2021 

Whilst I have identified broken/racy/incomplete behaviours in both curl
and openssl in ubuntu focal 20.04 and created SRUs for them in the above
mentioned bug reports; these do not fix crashes of the old PKA 1.0.0
engine.

Also PKA 1.0.0 does not appear to be compatible with 20.04 userspace
anymore.

The fix I have proposed for the PKA engine
https://github.com/Mellanox/pka/pull/37/files must be shipped on all
systems / any distribution.

If you can reproduce any new issues whilst using openssl & curl from
https://launchpad.net/~ci-train-ppa-
service/+archive/ubuntu/4654/+packages and whilst using up to date PKA
with my pull request merged, please provide further details.

As it stands, I don't see any crashes on any systems, once _all_ of the
above are applied.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1921518

Title:
  OpenSSL "double free" error

Status in openssl package in Ubuntu:
  Incomplete
Status in openssl source package in Focal:
  Incomplete

Bug description:
  "double free" error is seen when using curl utility. Error is from
  libcrypto.so which is part of the OpenSSL package. This happens only
  when OpenSSL is configured to use a dynamic engine.

  OpenSSL version is 1.1.1f

  The issue is not encountered if
  http://www.openssl.org/source/openssl-1.1.1f.tar.gz is used instead.

  
  OpenSSL can be configured to use a dynamic engine by editing the default openssl config file which is located at '/etc/ssl/openssl.cnf' on Ubuntu systems.

  On Bluefield systems, config diff to enable PKA dynamic engine, is as
  below:

  +openssl_conf = conf_section
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file              = $ENV::HOME/.oid
   oid_section            = new_oids
   
  +[ conf_section ]
  +engines = engine_section
  +
  +[ engine_section ]
  +bf = bf_section
  +
  +[ bf_section ]
  +engine_id=pka
  +dynamic_path=/usr/lib/aarch64-linux-gnu/engines-1.1/pka.so
  +init=0
  +

  engine_id above refers to dynamic engine name/identifier.
  dynamic_path points to the .so file for the dynamic engine.

  # curl -O https://tpo.pe/pathogen.vim

  double free or corruption (out)

  Aborted (core dumped)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1921518/+subscriptions

More information about the foundations-bugs mailing list