[openssl-dev] [openssl.org #4437] invalid free() by ENGINE_cleanup()

Matt Caswell matt at openssl.org
Thu Mar 17 11:12:17 UTC 2016

On 17/03/16 10:49, Daniel Stenberg via RT wrote:
> Hey,
> In curl we call ENGINE_cleanup() as part of our OpenSSL specific cleanup 
> function. When I do this with OpenSSL from git master as of right now 
> (OpenSSL_1_1_0-pre4-7-ga717738) valgrind catches an illegal free:

Auto deinit automatically calls ENGINE_cleanup() so there is no need to
call it explicitly. The bug here is that ENGINE_cleanup() should really
be a no-op and deprecated in 1.1.0 to prevent double frees occuring.


More information about the openssl-dev mailing list