Here is a backtrace with debug symbols: Program received signal SIGSEGV, Segmentation fault. 0xbb7376c3 in EVP_PKEY_meth_free (pmeth=0xbb1d0f94) at /opnenssl/crypto/evp/pmeth_lib.c:295 295 if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC)) (gdb) bt #0 0xbb7376c3 in EVP_PKEY_meth_free (pmeth=0xbb1d0f94) at /openssl/crypto/evp/pmeth_lib.c:295 #1 0xbb7407c6 in engine_pkey_meths_free (e=0xbb0c8f90) at /openssl/crypto/engine/tb_pkmeth.c:163 #2 0xbb777ff8 in engine_free_util (e=0xbb0c8f90, locked=0) at /openssl/crypto/engine/eng_lib.c:129 #3 0xbb741a96 in engine_list_remove (e=0xbb0c8f90) at /openssl/crypto/engine/eng_list.c:187 #4 ENGINE_remove (e=0xbb0c8f90) at /openssl/crypto/engine/eng_list.c:306 #5 0xbb741b00 in engine_list_cleanup () at /openssl/crypto/engine/eng_list.c:88 #6 0xbb777e4d in engine_cleanup_cb_free (item=0xbb3d7ffc) at /openssl/crypto/engine/eng_lib.c:186 #7 0xbb720c44 in sk_pop_free (st=0xbb3d3fec, func=0xbb777e44 <engine_cleanup_cb_free>) at /openssl/crypto/stack/stack.c:283 #8 0xbb778122 in ENGINE_cleanup () at /openssl/crypto/engine/eng_lib.c:193 #9 0x080487e2 in main () at test.c:9
Logging EVP_PKEY_meth_new / EVP_PKEY_meth_free shows this is a double free, and probably a malloc leak as well that gets unnoticed if we do not crash: EVP_PKEY_meth_new => 0xbb0dcf94 EVP_PKEY_meth_new => 0xbb0e0f94 EVP_PKEY_meth_new => 0xbb0e2f94 EVP_PKEY_meth_new => 0xbb1d0f94 EVP_PKEY_meth_new => 0xbb1d2f94 EVP_PKEY_meth_new => 0xbb1d4f94 EVP_PKEY_meth_free(0xbb1d0f94) EVP_PKEY_meth_free(0xbb1d2f94) EVP_PKEY_meth_free(0xbb1d4f94) EVP_PKEY_meth_free(0xbb1d0f94) gdb tells me this about it, in case it helps: (gdb) print pmeth_GostR3410_94 $3 = (EVP_PKEY_METHOD *) 0xbb1d0f94 Here is the first EVP_PKEY_meth_free(0xbb1d0f94) call backtrace: #0 EVP_PKEY_meth_free (pmeth=0xbb1d0f94) at /openssl/crypto/evp/pmeth_lib.c:294 #1 0xbb7407c6 in engine_pkey_meths_free (e=0xbb2e8f90) at /openssl/crypto/engine/tb_pkmeth.c:163 #2 0xbb778038 in engine_free_util (e=0xbb2e8f90, locked=1) at /openssl/crypto/engine/eng_lib.c:129 #3 0xbb7780c2 in ENGINE_free (e=0xbb2e8f90) at /openssl/crypto/engine/eng_lib.c:142 #4 0xbb6dc4eb in ENGINE_load_gost () at /openssl/engines/ccgost/gost_eng.c:269 #5 0xbb6d2e9a in ENGINE_load_builtin_engines () at /openssl/crypto/engine/eng_all.c:117 The patch below avoid the crash, but worsen the leak as no EVP_PKEY_meth_free() are called anymore. --- engines/ccgost/gost_eng.c.orig 2013-02-03 18:57:18.000000000 +0100 +++ engines/ccgost/gost_eng.c 2013-02-03 18:57:34.000000000 +0100 @@ -265,9 +265,8 @@ { ENGINE *toadd =engine_gost(); if (!toadd) return; ENGINE_add(toadd); - ENGINE_free(toadd); ERR_clear_error(); } #endif -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz m...@netbsd.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org