[openssl-dev] [eng_rdrand] alloc and free
Catalin Vasile
cata.vasile at nxp.com
Thu Jan 21 10:57:19 UTC 2016
ENGINE_load_rdrand() creates a new engine, it adds it/registers it and then frees it. Looking further into these functions, the registration does NOT create a new object and then copy the data into it, so the registration is based on an object that it's later released.
Based on this[1] tutorial on using RNG engines, after ENGINE_load_rdrand(), ENGINE_by_id() is called, which looks in the registration list, which has a reference to a freed object.
Am I missing something? Is there an actual logic error, or is there something I did not understand?
Best regards,
Cata
[1] https://wiki.openssl.org/index.php/Random_Numbers#Hardware
More information about the openssl-dev
mailing list