Skip to content

Comments

Avoid loading of a dynamic engine twice#17073

Closed
bernd-edlinger wants to merge 8 commits intoopenssl:masterfrom
bernd-edlinger:fix_duplicate_engine_loading
Closed

Avoid loading of a dynamic engine twice#17073
bernd-edlinger wants to merge 8 commits intoopenssl:masterfrom
bernd-edlinger:fix_duplicate_engine_loading

Conversation

@bernd-edlinger
Copy link
Member

Use the address of the bind function as a DYNAMIC_ID,
since the true name of the engine is not known
before the bind function returns,
but invoking the bind function before the engine
is unloaded results in memory corruption.

Fixes #17023

This is an alternative to #17055

@bernd-edlinger bernd-edlinger added branch: master Applies to master branch branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL) branch: 3.0 Applies to openssl-3.0 branch labels Nov 19, 2021
Use the address of the bind function as a DYNAMIC_ID,
since the true name of the engine is not known
before the bind function returns,
but invoking the bind function before the engine
is unloaded results in memory corruption.

Fixes openssl#17023
@bernd-edlinger bernd-edlinger force-pushed the fix_duplicate_engine_loading branch from 1faf666 to 4ce8760 Compare November 19, 2021 11:15
@t8m t8m added the triaged: bug The issue/pr is/fixes a bug label Nov 19, 2021
@t8m t8m added the approval: done This pull request has the required number of approvals label Nov 19, 2021
@t8m
Copy link
Member

t8m commented Nov 19, 2021

This looks much better than the alternative solution.

@beldmit
Copy link
Member

beldmit commented Nov 19, 2021

I like this approach and kindly ask to add a test.

@bernd-edlinger
Copy link
Member Author

okay, thanks for reminding me about the test case, one simple thing that was broken before this and gets fixed is
the memory leak I mentioned here:
#17025 (comment)
../util/shlib_wrap.sh ./openssl s_client -engine $PWD/../engines/ossltest.so -engine $PWD/../engines/ossltest.so
so it is a bit O/S dependent, though.

Copy link
Member

@t8m t8m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah adding a test case would be nice.

@beldmit
Copy link
Member

beldmit commented Nov 19, 2021

I'd suggest to withdraw an approval for now.

@bernd-edlinger
Copy link
Member Author

Test case added, please re-confirm. Thanks!

@t8m t8m removed the approval: done This pull request has the required number of approvals label Nov 19, 2021
@t8m
Copy link
Member

t8m commented Nov 19, 2021

Good for all branches, I suppose cherry-pick to 1.1.1 will require separate PR.

@t8m t8m added the approval: done This pull request has the required number of approvals label Nov 19, 2021
Copy link
Member

@beldmit beldmit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Nice work!

@openssl-machine
Copy link
Collaborator

24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually.

@bernd-edlinger
Copy link
Member Author

Hi @t8m @beldmit
I think the PR is now finalized.
Please re-confirm your approvals.

Thanks
Bernd.

@petrovr
Copy link

petrovr commented Nov 21, 2021

I'm still not convinced that exist defect that needs code correction.
Now I waste some time to test engines and result is #17023 (comment) .

@eitkin-nvidia
Copy link

eitkin-nvidia commented Nov 21, 2021

I agree, and prefer this suggested fix over my approach in #17055. I think this is a good solution to the multi-load issue.

Thanks for taking the time to implement it on your side.

@t8m t8m added approval: done This pull request has the required number of approvals and removed approval: done This pull request has the required number of approvals labels Nov 21, 2021
@openssl-machine openssl-machine removed the approval: done This pull request has the required number of approvals label Nov 23, 2021
@openssl-machine
Copy link
Collaborator

This pull request is ready to merge

@openssl-machine openssl-machine added the approval: ready to merge The 24 hour grace period has passed, ready to merge label Nov 23, 2021
openssl-machine pushed a commit that referenced this pull request Nov 23, 2021
Use the address of the bind function as a DYNAMIC_ID,
since the true name of the engine is not known
before the bind function returns,
but invoking the bind function before the engine
is unloaded results in memory corruption.

Fixes #17023

Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Dmitry Belyavskiy <[email protected]>
(Merged from #17073)

(cherry picked from commit e2571e0)
openssl-machine pushed a commit that referenced this pull request Nov 23, 2021
Use the address of the bind function as a DYNAMIC_ID,
since the true name of the engine is not known
before the bind function returns,
but invoking the bind function before the engine
is unloaded results in memory corruption.

Fixes #17023

Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Dmitry Belyavskiy <[email protected]>
(Merged from #17073)
openssl-machine pushed a commit that referenced this pull request Nov 23, 2021
Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Dmitry Belyavskiy <[email protected]>
(Merged from #17073)
openssl-machine pushed a commit that referenced this pull request Nov 23, 2021
Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Dmitry Belyavskiy <[email protected]>
(Merged from #17073)

(cherry picked from commit 2595eef)
@bernd-edlinger
Copy link
Member Author

Merged to all branches. Thanks!

openssl-machine pushed a commit that referenced this pull request Nov 23, 2021
Use the address of the bind function as a DYNAMIC_ID,
since the true name of the engine is not known
before the bind function returns,
but invoking the bind function before the engine
is unloaded results in memory corruption.

Fixes #17023

Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Dmitry Belyavskiy <[email protected]>
(Merged from #17073)

(cherry picked from commit e2571e0)
baentsch added a commit to open-quantum-safe/openssl that referenced this pull request Jun 23, 2022