Skip Menu |
 
Ticket metadata
The Basics
Id: 1631
Status: resolved
Priority: 0/
Queue: OpenSSL-Bugs

Custom Fields
Milestone: (no value)
Subsystem: (no value)
Severity: (no value)
Broken in: (no value)

People
Owner: Nobody in particular
Requestors: Scratch
Cc:
AdminCc:

More about the requestors

Scratch

Comments about this user: No comment entered about this user
Groups this user belongs to
  • Everyone
  • Unprivileged

New reminder:
Subject:
Owner:
Due:

Dates
Created: Mon Jan 14 09:31:12 2008
Starts: Not set
Started: Sat Jul 26 22:43:08 2014
Last Contact: Sat Jul 26 22:43:08 2014
Due: Not set
Closed: Sat Jul 26 22:43:08 2014
Updated: Sat Jul 26 22:43:08 2014 by Rich Salz



Subject: OpenSSL loading engines multiple times in interactive mode
Date: Fri, 11 Jan 2008 15:17:10 -0700
To: openssl-bugs@openssl.org
From: Scratch <scratch@nineball.us>
Download (untitled) / with headers
text/plain 4.2k
Hello...

I am experiencing the exact problem described in ticket #1242
(http://rt.openssl.org/Ticket/Display.html?id=1242) with 0.9.8e and
0.9.8g. The ticket claims that this was fixed, but that doesn't seem to
be the case.

If I launch OpenSSL with no parameters, then the first command run at
the OpenSSL> prompt will work normally. Any subsequent command produces
the following error:

Error configuring OpenSSL
7244:error:26078067:engine routines:ENGINE_LIST_ADD:conflicting engine
id:eng_list.c:116:
7244:error:2606906E:engine routines:ENGINE_add:internal list
error:eng_list.c:288:
7244:error:260B6067:engine routines:DYNAMIC_LOAD:conflicting engine
id:eng_dyn.c:540:
7244:error:0E07606D:configuration file routines:MODULE_RUN:module
initialization error:conf_mod.c:234:module=engines,
value=engine_section, retcode=-1
error in engine

This occurs using the stock RedHat packages on RHEL5 (x86_64), as well
as a built-from-source version of 0.9.8g on the same system.

My openssl.cnf file contains the following (everything below this is
stock/default as installed from a 'make install'):

===========================================================================
Show quoted text
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#

Show quoted text
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd

openssl_conf = openssl_init

[ openssl_init ]
Show quoted text
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section

[ engine_section ]
LunaCA3 = luna_section

[ luna_section ]
dynamic_path = /usr/local/ssl/lib/engines/liblunaca3.so
init = 0

Show quoted text
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)

[ new_oids ]

Show quoted text
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6

####################################################################
[ ca ]
default_ca = CA_default # The default ca section
===========================================================================


My rather quick and poor solution to this problem was to modify
conf_mod.c (0.9.8g) as follows, but there's probably a better way to do
it:
===========================================================================
diff -ruN a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
--- a/crypto/conf/conf_mod.c 2007-09-06 05:43:49.000000000 -0700
+++ b/crypto/conf/conf_mod.c 2008-01-11 15:13:30.000000000 -0700
@@ -58,6 +58,7 @@

#include <stdio.h>
#include <ctype.h>
+#include <string.h>
#include <openssl/crypto.h>
#include "cryptlib.h"
#include <openssl/conf.h>
@@ -119,6 +120,8 @@
static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char
*value,

unsigned long flags);

+int engines_already_loaded=0;
+
/* Main function: load modules from a CONF structure */

int CONF_modules_load(const CONF *cnf, const char *appname,
@@ -153,10 +156,20 @@
for (i = 0; i < sk_CONF_VALUE_num(values); i++)
{
vl = sk_CONF_VALUE_value(values, i);
- ret = module_run(cnf, vl->name, vl->value, flags);
+ if (!(strcmp(vl->name, "engines")) &&
engines_already_loaded)
+ ret = 1;
+ else
+ ret = module_run(cnf, vl->name, vl->value,
flags);
if (ret <= 0)
+ {
if(!(flags & CONF_MFLAGS_IGNORE_ERRORS))
return ret;
+ }
+ else
+ {
+ if(!(strcmp(vl->name, "engines")))
+ engines_already_loaded = 1;
+ }
}

return 1;
===========================================================================

--
Ryan
Will be fixed in post-1.0.2 which doesn't re-init every single time.  To test it out, try the rsalz-monolith branch on github.