[Bug 1921518] Re: OpenSSL "double free" error
Julian Andres Klode
1921518 at bugs.launchpad.net
Fri Nov 12 17:06:29 UTC 2021
In wget, this was fixed upstream in
commit 14e3712b8c39165219fa227bd11f6feae7b09a33
Author: Eneas U de Queiroz <cote2004-github at yahoo.com>
Date: Mon Apr 22 11:03:25 2019 -0300
* src/openssl.c: fix ssl_init for openssl 1.1.1
ssl_init fails with openssl 1.1.1 when openssl.cnf is not found.
Redundant calls to intialization functions were removed as
OPENSSL_config takes care of them for openssl versions < 1.1.0.
For versions > 1.1.0, OPENSSL_init_ssl is preferred.
Signed-off-by: Eneas U de Queiroz <cote2004-github at yahoo.com>
Copyright-paperwork-exempt: Yes
diff --git a/src/openssl.c b/src/openssl.c
index a1502173..03737d7a 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -174,7 +174,9 @@ ssl_init (void)
#if OPENSSL_VERSION_NUMBER >= 0x00907000
if (ssl_true_initialized == 0)
{
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ OPENSSL_init_ssl (OPENSSL_INIT_LOAD_CONFIG | OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
+#else
OPENSSL_config (NULL);
#endif
ssl_true_initialized = 1;
@@ -194,21 +196,9 @@ ssl_init (void)
goto error;
}
-#if OPENSSL_VERSION_NUMBER >= 0x00907000
- OPENSSL_load_builtin_modules();
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_load_builtin_engines();
-#endif
- CONF_modules_load_file(NULL, NULL,
- CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE);
-#endif
-#if OPENSSL_API_COMPAT >= 0x10100000L
- OPENSSL_init_ssl(0, NULL);
-#else
+#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
SSL_library_init ();
SSL_load_error_strings ();
-#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSLeay_add_all_algorithms ();
SSLeay_add_ssl_algorithms ();
#endif
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/1921518
Title:
OpenSSL "double free" error
Status in curl package in Ubuntu:
Fix Released
Status in openssl package in Ubuntu:
Incomplete
Status in wget package in Ubuntu:
Fix Released
Status in curl source package in Focal:
Triaged
Status in openssl source package in Focal:
Incomplete
Status in wget source package in Focal:
Triaged
Bug description:
"double free" error is seen when using curl utility. Error is from
libcrypto.so which is part of the OpenSSL package. This happens only
when OpenSSL is configured to use a dynamic engine.
OpenSSL version is 1.1.1f
The issue is not encountered if
http://www.openssl.org/source/openssl-1.1.1f.tar.gz is used instead.
OpenSSL can be configured to use a dynamic engine by editing the default openssl config file which is located at '/etc/ssl/openssl.cnf' on Ubuntu systems.
On Bluefield systems, config diff to enable PKA dynamic engine, is as
below:
+openssl_conf = conf_section
+
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
+[ conf_section ]
+engines = engine_section
+
+[ engine_section ]
+bf = bf_section
+
+[ bf_section ]
+engine_id=pka
+dynamic_path=/usr/lib/aarch64-linux-gnu/engines-1.1/pka.so
+init=0
+
engine_id above refers to dynamic engine name/identifier.
dynamic_path points to the .so file for the dynamic engine.
# curl -O https://tpo.pe/pathogen.vim
double free or corruption (out)
Aborted (core dumped)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1921518/+subscriptions
More information about the foundations-bugs
mailing list