Skip to content

engine loaded twice, leading to name conflict #9481

@p-steuer

Description

@p-steuer

In int_engine_configure in eng_cnf.c

The config file's engine section is parsed from top to bottom.
The items dynamic_path and engine_id (and soft_load) are special cases.
All other items are processed as the "else"-case.

If an "else"-case item is the topmost item in the engine's section, the engine must already be loaded at that point ie before dynamic_path value is known. (*)

At the dynamic_path item, the engine will be loaded again, leading to the name conflict.

Possible workarounds:

  • remove dynamic_path item from config file. If the engine is installed in openssl's engine dir, it will be found by its id only (openssl version -a shows engine dir).
  • move all "else"-case items below dynamic_path item eg make dynamic_path the topmost item.

(source opencryptoki/openssl-ibmpkcs11#15)

I think at least config(5) should be updated to say that dynamic_path must precede all "else"-case items. What do you think ?

(*) config(5) actually states that engine_id must be the first but this is not enough. Eg

engine_id = <id>
<some "else"-case item>
dynamic_path = <path>

will still produce the issue.

Metadata

Metadata

Assignees

Labels

triaged: bugThe issue/pr is/fixes a bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions