Yes, but EVP_PKEY_CTX_new() may be called and is really called
sometimes in OpenSSL functions with NULL engine. In that case
ENGINE_init(e) is not called in int_ctx_new() but then we get engine with
e = ENGINE_get_pkey_meth_engine(id);
and assign it to ret->engine without ENGINE_init(e).
We checked engine references with OpenSSL debugging options and found
real engine reference error using PKCS7_verify() iteratively.
02.11.2010 19:10, Dr. Stephen Henson пишет:
On Tue, Nov 02, 2010, Valery Blazhnov wrote:
Hi,
Let us see into int_ctx_new() function in the pmeth_lib.c file. We see
there
ret->engine = e;
for EVP_PKEY_CTX context ret without any attempt to increase engine
references.
It is incremented higher up int_ctx_new():
/* Try to find an ENGINE which implements this method */
if (e)
{
if (!ENGINE_init(e))
{
EVPerr(EVP_F_INT_CTX_NEW,ERR_R_ENGINE_LIB);
return NULL;
}
}
else
e = ENGINE_get_pkey_meth_engine(id);
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
Valery Blazhnov
LISSI ltd.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
