Bug 1771988

Summary: SoftHSM makes openssl to crash on exit
Product: [Fedora] Fedora Reporter: Anderson Sasaki <ansasaki>
Component: softhsmAssignee: Paul Wouters <pwouters>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 30CC: nmavrogi, pwouters
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: softhsm-2.6.0-1.fc33 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-27 15:28:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Anderson Sasaki 2019-11-13 10:50:11 UTC 
Description of problem:
SoftHSM does not correctly reset its state after running the destructor, causing OpenSSL to re-try to deallocate already freed memory causing a crash.

This happens when running OpenSSL + openssl-pkcs11 engine and SoftHSM.

Version-Release number of selected component (if applicable):
softhsm-2.5.0-3.fc30.1.x86_64
openssl-pkcs11-0.4.10-3.fc32.x86_64
openssl-1.1.1d-2.fc30.x86_64

How reproducible:
always

Steps to Reproduce:
1. Setup a Softhsm device containing a private key

2. Request a signature of a file using openssl and provide a *wrong pin*

$ openssl pkeyutl -engine pkcs11 -keyform engine -inkey "pkcs11:token=softhsm;object=test;type=private" -sign -out signature -in input_file

Actual results:
engine "pkcs11" set.
Enter PKCS#11 token PIN for softhsm:
Login failed
Login to token failed, returning NULL...
PKCS11_get_private_key returned NULL
cannot load Private Key from engine
140485847750464:error:820740A0:PKCS#11 module:pkcs11_login:PIN incorrect:p11_slot.c:240:
140485847750464:error:26096080:engine routines:ENGINE_load_private_key:failed loading private key:crypto/engine/eng_pkey.c:77:
unable to load Private Key
pkeyutl: Error initializing context
free(): double free detected in tcache 2
Aborted (core dumped)

Expected results:
Same error messages but without double free and core dump at the end.

Additional info:
There is a proposed fix upstream: https://github.com/opendnssec/SoftHSMv2/pull/503