Steve, thanks.
I'd be interested if someone knows any tool capable of detecting memory
leaks on Linux that I could use on an Openssl app; apparently Purify doesn't
have a Linux version.
Some precisions below:
> > > My application calls directly the following functions in OpenSSL:
> > >
> > > * EVP_CipherInit/Update/Final, etc..
> > > * PEM_read_PrivateKey, PEM_read_X509, etc...
> > >
> > > In a multithreaded context, do these calls need to be
> > > encapsulated by calls
> > > to CRYPTO_lock? I happen to have transient failures:
> > >
> > > * EVP_DecryptFinal: Bad Decrypt
> > > * PEM_do_header: Bad Decrypt
> > >
>
> What do you mean by "in a multithreaded context"?
>
Multithreaded app, each thread calling the openssl functions I mention
above.
> If each thread has its own EVP_CIPHER_CTX structure there are no known
> issues which could cause problems, that doesn't mean there aren't any
> though!
>
In the function I wrote and I'm suspecting, the EVP_CIPHER_CTX structure is
allocated on the stack.
> If however you are sharing an EVP_CIPHER_CTX between threads then that
> may well cause problems, but such a thing isn't likely to be
> thread safe
> unless you carefully synchronise operations.
>
Not the case.
> Hmmm PEM_do_header....
>
> Nothing obvious in there, unless you are using the old (broken)
> technique of passing pass phrases via global variables instead of the
> extra parameter.
>
I'm reading a private key file as follows:
if ((pkey = PEM_read_PrivateKey(fpk, NULL, sx_P7PasswordCb, NULL))
== NULL)
{
rc=LMSECPRIVLOAD;
break;
}
sx_P7PasswordCb doesn't use static variables, but uses the EVP_Cipher.. to
decrypt a passphrase stored in a file.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
