On Tue, 2010-07-20 at 00:59 +0200, Stephen Henson via RT wrote:
> OK forget all my other ramblings I'm pretty sure I know the cause now.
>
> The change suggested in PR#2045 has problems if the ENGINE_add() call
> fails: it ends up adding a reference to a freed up ENGINE which is
> likely to subsequently contain garbage and generally spoil your whole day.
>
> This will happen if an ENGINE with the same name is added multiple
> times, for example different libraries, in your case curl and mod_ssl.
>
> There is a second problem: cpuid isn't setup correctly and the mod_ssl
> only adds the dummy ENGINE as a result.
>
> Solutions...
>
> 1. The patch in PR#2045 should check the return value of ENGINE_add() so
> you now have:
>
> if (ENGINE_add(toadd))
> ENGINE_register_complete(toadd);
Thank you. And sorry. I've updated the patch in PR#2045 accordingly.
I've also updated the patches in PR#2065 and PR#2067, with this and the
following:
> 2. CPU ID needs to be set up so the aesni ENGINE can see it.
>
> I'd suggest adding OPENSSL_cpuid_setup() at the top of
> ENGINE_load_builtin_engines().
Such as the attached.
Miroslav, please could you rebuild with the latest patch from PR#2067 in
place of the existing debian/patches/aesni.patch?
http://rt.openssl.org/Ticket/Display.html?id=2067&user=guest&pass=guest
--
David Woodhouse Open Source Technology Centre
[email protected] Intel Corporation
Index: crypto/engine/eng_all.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/crypto/engine/eng_all.c,v
retrieving revision 1.19
diff -u -p -r1.19 eng_all.c
--- crypto/engine/eng_all.c 1 Mar 2010 00:40:10 -0000 1.19
+++ crypto/engine/eng_all.c 20 Jul 2010 08:12:24 -0000
@@ -61,6 +61,8 @@
void ENGINE_load_builtin_engines(void)
{
+ /* Engines may depend on CPU capabilities */
+ OPENSSL_cpuid_setup();
#if 0
/* There's no longer any need for an "openssl" ENGINE unless, one day,
* it is the *only* way for standard builtin implementations to be be
