Fix is here: https://github.com/openssl/openssl/pull/18247 On Thu, 2022-05-05 at 07:54 +0200, Tomas Mraz wrote: > Yes, this is unfortunately a bug in 3.0.3 release. Calling > OPENSSL_init_crypto should not be necessary. > > Tomas Mraz > > On Wed, 2022-05-04 at 21:58 +0200, Klaus Keppler wrote: > > Hello, > > > > yesterday we updated OpenSSL from 3.0.2 to 3.0.3, what made some of > > our > > unit tests crash. > > > > I've boiled the problem down to the following example code: > > > > ---cut--- > > #include <openssl/crypto.h> > > #include <openssl/ec.h> > > #include <openssl/evp.h> > > > > int main(int argc, const char *argv[]) { > > //OPENSSL_init_crypto(0, NULL); > > if (! EVP_EC_gen("P-384")) return -1; > > return 0; > > } > > ---/cut--- > > > > Compile with: > > > > gcc -Wall -Werror -pedantic -o test test.c -lcrypto > > > > With OpenSSL 3.0.2 this runs just fine, with OpenSSL 3.0.3 we get a > > segmentation fault during a string comparison within > > EVP_PKEY_Q_keygen > > (EVP_EC_gen is just a macro). > > > > I assume that the curve names are not properly initialized, when you > > uncomment the call to "OPENSSL_init_crypto()", everything works just > > fine. > > > > The documentation [1] of OPENSSL_init_crypto() states that explicit > > initialization is not required. Man page of EVP_EC_gen [2] says > > nothing > > about initialization. > > Considering that 3.0.3 is only a minor update and 3.0.2 worked as > > expected, we might have hit a bug. If this (above) is "just" a usage > > error, the documentation should describe in which cases an explicit > > initialization is required. > > > > Anyway, thank you for all your efforts! > > > > Best regards > > > > -Klaus Keppler > > > > > > [1] https://www.openssl.org/docs/man3.0/man3/OPENSSL_init_crypto.html > > [2] https://www.openssl.org/docs/man3.0/man3/EVP_EC_gen.html > -- Tomáš Mráz, OpenSSL
