Greetings! During the 1.x version the current scheme of algorithms providing through engines was implemented.
Debugging our (Cryptocom LTD) engines, I’ve found some troubles in the way it works, please tell me where I’m mistaken. Openssl is configured with shared zlib enable-rfc3779 options. System is Linux. Version is 1.0.0d. The engine section is [gost_section] engine_id=gost default_algorithms = ALL RNG=PROGRAM # dynamic_path = /opt/openssl/lib/engines/libgost.so (the dynamic_path parameter is commented out) The command is $ ./bin/openssl speed -engine gost -evp gost89 It causes a SEGFAULT with diagnostics *** glibc detected *** ./apps/openssl: double free or corruption (!prev): 0x097a4cd8 *** When debugging, I’ve found that dynamically allocated EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD structs are allocated twice, because the openssl app causes two-times loading engine in such a case. It happens because ENGINE_by_id does not find the gost engine loaded before. Also this two-times allocation causes memory leaks (DEBUG_OPENSSL_MEMORY shows them). The sympthoms were fixed by the patch (rt #2598), though I prefer to fix it more systematically. When we try to prevent two-times engine loading and memory allocating providing the DSO object (for example, nuron engine works so), it did not help because the structs are allocated before the DSO check. What should we do to fix the two-times engine loading, allocation and especially double-free? For our commercial engine we can use the static instances of the internal structs of openssl instead of allocating them, but it is very bad idea... The other suspicious part of code is freeing the structs allocating from the engine. They are freed from the libcrypto ENGINE_cleanup code. AFAIK it can cause troubles at least in Windows systems where the resources should be freed where thay are acquired, especially when they are linked using different compiler versions. Please tell me where I’m mistaken. Thank you! -- SY, Dmitry Belyavsky ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org