SIGSEV when re-loading opensc-pkcs11.so

[commonism]

The following code can be used to reproduce

#include <stdio.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/engine.h>
#include <openssl/conf.h>

#define KEY_ID "slot_X-id_Y"
#define PIN "0000"

ENGINE *ENGINE_pkcs11(void)
{
    struct command
    {
        char *cmd;
        char *arg;
    } commands[] =
    {
        {"SO_PATH", "/opt/opensc/lib/engines/engine_pkcs11.so"},
        {"ID","pkcs11"},
//      {"LIST_ADD","1"},
        {"LOAD", NULL},
        {"MODULE_PATH","/opt/opensc/lib/opensc-pkcs11.so"},
        {"PIN", PIN},
        {"VERBOSE", NULL}
    };

    ENGINE_load_dynamic();
    ENGINE *e = ENGINE_by_id("dynamic");
    if( e == NULL )
    {
        perror("ENGINE_by_id");
        ERR_print_errors_fp(stderr);
        exit(1);
    }

    for (int i = 0; i < sizeof(commands) / sizeof(commands[0]); i++)
    {
        struct command *cmd = &commands[i];
        if( ENGINE_ctrl_cmd_string(e, cmd->cmd, cmd->arg, 0) != 1 )
        {
            printf("ENGINE_ctrl_cmd_string %s %s \n", cmd->cmd, cmd->arg);
            ERR_print_errors_fp(stderr);
            exit(1);
        }
    }
    return e;
}

int main() {

    ERR_load_crypto_strings();
    ENGINE_load_dynamic();

    ENGINE *e = ENGINE_pkcs11();

    for (int i=0; i<2; i++)
    {
        ENGINE_init(e);
        /* Read private key */
        EVP_PKEY *pkey = ENGINE_load_private_key(e, KEY_ID, NULL, NULL);
        if (pkey == NULL) {
            perror("ENGINE_load_private_key");
            ERR_print_errors_fp(stderr);
            exit(1);
        }
        EVP_PKEY_free(pkey);
        ENGINE_finish(e);
    }

    ENGINE_free(e);

#define CRASH_NOW 1
#ifdef CRASH_NOW
    SSL_CTX *ctx = NULL;
    ctx = SSL_CTX_new(TLSv1_2_method());
    SSL_CTX_free(ctx);
#endif

    /* OpenSSL cleanup */
    ERR_free_strings();
    ERR_remove_state(0);
    COMP_zlib_cleanup();
    CONF_modules_unload(1);
    OBJ_cleanup();
    OBJ_NAME_cleanup(-1);
    BIO_sock_cleanup();
    EVP_cleanup();

    /* if not CRASH_NOW - we will crash here */
    ENGINE_cleanup();

    CRYPTO_cleanup_all_ex_data();
    ERR_free_strings();
    ASN1_STRING_TABLE_cleanup();
    CRYPTO_set_locking_callback(NULL);
    RAND_cleanup();
    // The SSL compression method stack doesn't get freed properly by any of the functions above.
    // This was necessary as of 1.0.0-beta3, but may be fixed.
    sk_pop_free((_STACK *)SSL_COMP_get_compression_methods(), free);

    return (0);
}

Set your keyid and pin, compile with

gcc -O0 -g -std=c99 -Wall -Werror gost.c -o gost -lcrypto -lssl

run and it'll crash, maybe not directly but you can see the memory corruption with valgrind

If CRASH_NOW is set, valgrind will provide a trace similar to

==30882== Invalid read of size 8
==30882==    at 0x4F0EF53: look_str_cb (tb_asnmth.c:216)
==30882==    by 0x4F1BDDE: lh_doall_arg (lhash.c:292)
==30882==    by 0x4F0D71B: engine_table_doall (eng_table.c:349)
==30882==    by 0x4F0F312: ENGINE_pkey_asn1_find_str (tb_asnmth.c:236)
==30882==    by 0x4F417C4: EVP_PKEY_asn1_find_str (ameth_lib.c:213)
==30882==    by 0x524A2E3: get_optional_pkey_id (ssl_ciph.c:356)
==30882==    by 0x524B41E: ssl_create_cipher_list (ssl_ciph.c:733)
==30882==    by 0x5244D2F: SSL_CTX_new (ssl_lib.c:1762)
==30882==    by 0x4011EC: main (gost.c:79)
==30882==  Address 0x5cbd980 is 96 bytes inside a block of size 216 free'd
==30882==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30882==    by 0x4E933EC: CRYPTO_free (mem.c:397)
==30882==    by 0x4F0BB67: engine_free_util (eng_lib.c:136)
==30882==    by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==30882==    by 0x4F0D3C1: engine_table_register (eng_table.c:178)
==30882==    by 0x4F0F091: ENGINE_set_default_pkey_asn1_meths (tb_asnmth.c:106)
==30882==    by 0x4F0E007: ENGINE_set_default (eng_fat.c:96)
==30882==    by 0x6464D35: ???
==30882==    by 0x6464A68: ???
==30882==    by 0x6466AB5: ???
==30882==    by 0x6461D58: ???
==30882==    by 0x646218E: ???

in case it is not set, it will fault in ENGINE_cleanup() similar to

--4389-- Discarding syms at 0x624be50-0x62507d8 in /opt/opensc/lib/libp11.so.2.2.0 due to munmap()
==4389== Invalid read of size 1
==4389==    at 0x4F2D535: EVP_PKEY_meth_free (pmeth_lib.c:293)
==4389==    by 0x4F0EE94: engine_pkey_meths_free (tb_pkmeth.c:163)
==4389==    by 0x4F0BB35: engine_free_util (eng_lib.c:129)
==4389==    by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==4389==    by 0x4F0D25C: int_cleanup_cb_LHASH_DOALL (eng_table.c:220)
==4389==    by 0x4F1BD6C: lh_doall (lhash.c:294)
==4389==    by 0x4F0D582: engine_table_cleanup (eng_table.c:230)
==4389==    by 0x4F0B8C5: engine_cleanup_cb_free (eng_lib.c:186)
==4389==    by 0x4F1B47F: sk_pop_free (stack.c:283)
==4389==    by 0x4F0BC71: ENGINE_cleanup (eng_lib.c:193)
==4389==    by 0x401103: main (gost.c:98)
==4389==  Address 0x5d08634 is 4 bytes inside a block of size 208 free'd
==4389==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4389==    by 0x4E933EC: CRYPTO_free (mem.c:397)
==4389==    by 0x4F0EE94: engine_pkey_meths_free (tb_pkmeth.c:163)
==4389==    by 0x4F0BB35: engine_free_util (eng_lib.c:129)
==4389==    by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==4389==    by 0x4F0D3C1: engine_table_register (eng_table.c:178)
==4389==    by 0x4F0F091: ENGINE_set_default_pkey_asn1_meths (tb_asnmth.c:106)
==4389==    by 0x4F0E007: ENGINE_set_default (eng_fat.c:96)
==4389==    by 0x6464D2F: ???
==4389==    by 0x6464A68: ???
==4389==    by 0x6466A75: ???
==4389==    by 0x6461D58: ???
==4389== 
==4389== Invalid free() / delete / delete[] / realloc()
==4389==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4389==    by 0x4E933EC: CRYPTO_free (mem.c:397)
==4389==    by 0x4F0EE94: engine_pkey_meths_free (tb_pkmeth.c:163)
==4389==    by 0x4F0BB35: engine_free_util (eng_lib.c:129)
==4389==    by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==4389==    by 0x4F0D25C: int_cleanup_cb_LHASH_DOALL (eng_table.c:220)
==4389==    by 0x4F1BD6C: lh_doall (lhash.c:294)
==4389==    by 0x4F0D582: engine_table_cleanup (eng_table.c:230)
==4389==    by 0x4F0B8C5: engine_cleanup_cb_free (eng_lib.c:186)
==4389==    by 0x4F1B47F: sk_pop_free (stack.c:283)
==4389==    by 0x4F0BC71: ENGINE_cleanup (eng_lib.c:193)
==4389==    by 0x401103: main (gost.c:98)
==4389==  Address 0x5d08630 is 0 bytes inside a block of size 208 free'd
==4389==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4389==    by 0x4E933EC: CRYPTO_free (mem.c:397)
==4389==    by 0x4F0EE94: engine_pkey_meths_free (tb_pkmeth.c:163)
==4389==    by 0x4F0BB35: engine_free_util (eng_lib.c:129)
==4389==    by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==4389==    by 0x4F0D3C1: engine_table_register (eng_table.c:178)
==4389==    by 0x4F0F091: ENGINE_set_default_pkey_asn1_meths (tb_asnmth.c:106)
==4389==    by 0x4F0E007: ENGINE_set_default (eng_fat.c:96)
==4389==    by 0x6464D2F: ???
==4389==    by 0x6464A68: ???
==4389==    by 0x6466A75: ???
==4389==    by 0x6461D58: ???

The problem is in OpenSSL here.

#include <openssl/engine.h>
#include <openssl/ssl.h>

#define GOST    "gost"

void load(void)
{
    ENGINE *e = ENGINE_by_id(GOST);
    ENGINE_set_default(e, ENGINE_METHOD_ALL);
    ENGINE_free(e);
}

int main(void)
{
    ENGINE_load_builtin_engines();
    load();
    load();
    SSL_CTX *ctx = SSL_CTX_new(SSLv3_client_method());
    return 0;
}

crashes the same way without using OpenSC at all.

The actual problem is in the gost engine.
The gost engine uses global statics,which do not get unregistered when unloading the engine.
Loading/ENGINE_set_default gost the first time, things get initialized and registered within OpenSSL, doing it the second time, gost gets finished without unregistering the registered 'things', but they get free'd.
This way, loading gost twice destroys OpenSSL internally.

To OpenSC this is a real problem.
ENGINE_init for a engine_pkcs11 will load opensc-pkcs11.so.
Loading opensc-pkcs11.so loads gost in sc_pkcs11_register_openssl_mechanisms().
ENGINE_finish() for will call the engine_pkcs11 pkcs11_finish, which will unmapp the pkcs11 library opensc-pkcs11.so.
Second time ENGINE_init is called, gost is loaded and set default the second time, things break.

This can be fixed in OpenSSL, it should be fixed in OpenSSL.
I provided different patches patching it in multiple ways in OpenSSL, no patch was accepted by OpenSSL.

Therefore I propose to remove gost from OpenSC, using it breaks everything else.
Just do not load it, it'll be broken, but does not work reliable anyway and OpenSC is the wrong scope for repair.

[dengert]

What are your patches to OpenSSL?

Turning off GOST in OpenSC does not sound like the solution.

On 10/16/2013 5:38 PM, commonism wrote:

The following code can be used to reproduce

#include <stdio.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/engine.h>
#include <openssl/conf.h>

#define KEY_ID "slot_X-id_Y"
#define PIN "0000"

ENGINE *ENGINE_pkcs11(void)
{
struct command
{
char *cmd;
char *arg;
} commands[] =
{
{"SO_PATH", "/opt/opensc/lib/engines/engine_pkcs11.so"},
{"ID","pkcs11"},
// {"LIST_ADD","1"},
{"LOAD", NULL},
{"MODULE_PATH","/opt/opensc/lib/opensc-pkcs11.so"},
{"PIN", PIN},
{"VERBOSE", NULL}
};

 ENGINE_load_dynamic();
 ENGINE  *e  =  ENGINE_by_id("dynamic");
 if(  e  ==  NULL  )
 {
     perror("ENGINE_by_id");
     ERR_print_errors_fp(stderr);
     exit(1);
 }

 for  (int  i  =  0;  i  <  sizeof(commands)  /  sizeof(commands[0]);  i++)
 {
     struct  command  *cmd  =  &commands[i];
     if(  ENGINE_ctrl_cmd_string(e,  cmd->cmd,  cmd->arg,  0)  !=  1  )
     {
         printf("ENGINE_ctrl_cmd_string %s %s\n",  cmd->cmd,  cmd->arg);
         ERR_print_errors_fp(stderr);
         exit(1);
     }
 }
 return  e;

}

int main() {

 ERR_load_crypto_strings();
 ENGINE_load_dynamic();

 ENGINE  *e  =  ENGINE_pkcs11();

 for  (int  i=0;  i<2;  i++)
 {
     ENGINE_init(e);
     /* Read private key */
     EVP_PKEY  *pkey  =  ENGINE_load_private_key(e,  KEY_ID,  NULL,  NULL);
     if  (pkey  ==  NULL)  {
         perror("ENGINE_load_private_key");
         ERR_print_errors_fp(stderr);
         exit(1);
     }
     EVP_PKEY_free(pkey);
     ENGINE_finish(e);
 }

 ENGINE_free(e);

#define CRASH_NOW 1
#ifdef CRASH_NOW
SSL_CTX *ctx = NULL;
ctx = SSL_CTX_new(TLSv1_2_method());
SSL_CTX_free(ctx);
#endif

 /* OpenSSL cleanup */
 ERR_free_strings();
 ERR_remove_state(0);
 COMP_zlib_cleanup();
 CONF_modules_unload(1);
 OBJ_cleanup();
 OBJ_NAME_cleanup(-1);
 BIO_sock_cleanup();
 EVP_cleanup();

 /* if not CRASH_NOW - we will crash here */
 ENGINE_cleanup();

 CRYPTO_cleanup_all_ex_data();
 ERR_free_strings();
 ASN1_STRING_TABLE_cleanup();
 CRYPTO_set_locking_callback(NULL);
 RAND_cleanup();
 // The SSL compression method stack doesn't get freed properly by any of the functions above.
 // This was necessary as of 1.0.0-beta3, but may be fixed.
 sk_pop_free((_STACK  *)SSL_COMP_get_compression_methods(),  free);

 return  (0);

}

Set your keyid and pin, compile with

|gcc -O0 -g -std=c99 -Wall -Werror gost.c -o gost -lcrypto -lssl
|

run and it'll crash, maybe not directly but you can see the memory corruption with valgrind

If CRASH_NOW is set, valgrind will provide a trace similar to

|==30882== Invalid read of size 8
==30882== at 0x4F0EF53: look_str_cb (tb_asnmth.c:216)
==30882== by 0x4F1BDDE: lh_doall_arg (lhash.c:292)
==30882== by 0x4F0D71B: engine_table_doall (eng_table.c:349)
==30882== by 0x4F0F312: ENGINE_pkey_asn1_find_str (tb_asnmth.c:236)
==30882== by 0x4F417C4: EVP_PKEY_asn1_find_str (ameth_lib.c:213)
==30882== by 0x524A2E3: get_optional_pkey_id (ssl_ciph.c:356)
==30882== by 0x524B41E: ssl_create_cipher_list (ssl_ciph.c:733)
==30882== by 0x5244D2F: SSL_CTX_new (ssl_lib.c:1762)
==30882== by 0x4011EC: main (gost.c:79)
==30882== Address 0x5cbd980 is 96 bytes inside a block of size 216 free'd
==30882== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30882== by 0x4E933EC: CRYPTO_free (mem.c:397)
==30882== by 0x4F0BB67: engine_free_util (eng_lib.c:136)
==30882== by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==30882== by 0x4F0D3C1: engine_table_register (eng_table.c:178)
==30882== by 0x4F0F091: ENGINE_set_default_pkey_asn1_meths (tb_asnmth.c:106)
==30882== by 0x4F0E007: ENGINE_set_default (eng_fat.c:96)
==30882== by 0x6464D35: ???
==30882== by 0x6464A68: ???
==30882== by 0x6466AB5: ???
==30882== by 0x6461D58: ???
==30882== by 0x646218E: ???
|

in case it is not set, it will fault in ENGINE_cleanup() similar to

|--4389-- Discarding syms at 0x624be50-0x62507d8 in /opt/opensc/lib/libp11.so.2.2.0 due to munmap()
==4389== Invalid read of size 1
==4389== at 0x4F2D535: EVP_PKEY_meth_free (pmeth_lib.c:293)
==4389== by 0x4F0EE94: engine_pkey_meths_free (tb_pkmeth.c:163)
==4389== by 0x4F0BB35: engine_free_util (eng_lib.c:129)
==4389== by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==4389== by 0x4F0D25C: int_cleanup_cb_LHASH_DOALL (eng_table.c:220)
==4389== by 0x4F1BD6C: lh_doall (lhash.c:294)
==4389== by 0x4F0D582: engine_table_cleanup (eng_table.c:230)
==4389== by 0x4F0B8C5: engine_cleanup_cb_free (eng_lib.c:186)
==4389== by 0x4F1B47F: sk_pop_free (stack.c:283)
==4389== by 0x4F0BC71: ENGINE_cleanup (eng_lib.c:193)
==4389== by 0x401103: main (gost.c:98)
==4389== Address 0x5d08634 is 4 bytes inside a block of size 208 free'd
==4389== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4389== by 0x4E933EC: CRYPTO_free (mem.c:397)
==4389== by 0x4F0EE94: engine_pkey_meths_free (tb_pkmeth.c:163)
==4389== by 0x4F0BB35: engine_free_util (eng_lib.c:129)
==4389== by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==4389== by 0x4F0D3C1: engine_table_register (eng_table.c:178)
==4389== by 0x4F0F091: ENGINE_set_default_pkey_asn1_meths (tb_asnmth.c:106)
==4389== by 0x4F0E007: ENGINE_set_default (eng_fat.c:96)
==4389== by 0x6464D2F: ???
==4389== by 0x6464A68: ???
==4389== by 0x6466A75: ???
==4389== by 0x6461D58: ???
==4389==
==4389== Invalid free() / delete / delete[] / realloc()
==4389== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4389== by 0x4E933EC: CRYPTO_free (mem.c:397)
==4389== by 0x4F0EE94: engine_pkey_meths_free (tb_pkmeth.c:163)
==4389== by 0x4F0BB35: engine_free_util (eng_lib.c:129)
==4389== by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==4389== by 0x4F0D25C: int_cleanup_cb_LHASH_DOALL (eng_table.c:220)
==4389== by 0x4F1BD6C: lh_doall (lhash.c:294)
==4389== by 0x4F0D582: engine_table_cleanup (eng_table.c:230)
==4389== by 0x4F0B8C5: engine_cleanup_cb_free (eng_lib.c:186)
==4389== by 0x4F1B47F: sk_pop_free (stack.c:283)
==4389== by 0x4F0BC71: ENGINE_cleanup (eng_lib.c:193)
==4389== by 0x401103: main (gost.c:98)
==4389== Address 0x5d08630 is 0 bytes inside a block of size 208 free'd
==4389== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4389== by 0x4E933EC: CRYPTO_free (mem.c:397)
==4389== by 0x4F0EE94: engine_pkey_meths_free (tb_pkmeth.c:163)
==4389== by 0x4F0BB35: engine_free_util (eng_lib.c:129)
==4389== by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==4389== by 0x4F0D3C1: engine_table_register (eng_table.c:178)
==4389== by 0x4F0F091: ENGINE_set_default_pkey_asn1_meths (tb_asnmth.c:106)
==4389== by 0x4F0E007: ENGINE_set_default (eng_fat.c:96)
==4389== by 0x6464D2F: ???
==4389== by 0x6464A68: ???
==4389== by 0x6466A75: ???
==4389== by 0x6461D58: ???
|

The problem is in OpenSSL here.

#include <openssl/engine.h>
#include <openssl/ssl.h>

#define GOST "gost"

void load(void)
{
ENGINE *e = ENGINE_by_id(GOST);
ENGINE_set_default(e, ENGINE_METHOD_ALL);
ENGINE_free(e);
}

int main(void)
{
ENGINE_load_builtin_engines();
load();
load();
SSL_CTX *ctx = SSL_CTX_new(SSLv3_client_method());
return 0;
}

crashes the same way without using OpenSC at all.

The actual problem is in the gost engine.
The gost engine uses global statics,which do not get unregistered when unloading the engine.
Loading/ENGINE_set_default gost the first time, things get initialized and registered within OpenSSL, doing it the second time, gost gets finished without unregistering the registered 'things', but
they get free'd.
This way, loading gost twice destroys OpenSSL internally.

To OpenSC this is a real problem.
ENGINE_init for a engine_pkcs11 will load opensc-pkcs11.so.
Loading opensc-pkcs11.so loads gost in sc_pkcs11_register_openssl_mechanisms().
ENGINE_finish() for will call the engine_pkcs11 pkcs11_finish, which will unmapp the pkcs11 library opensc-pkcs11.so.
Second time ENGINE_init is called, gost is loaded and set default the second time, things break.

This can be fixed in OpenSSL, it should be fixed in OpenSSL.
I provided different patches patching it in multiple ways in OpenSSL, no patch was accepted by OpenSSL.

Therefore I propose to remove gost from OpenSC, using it breaks everything else.
Just do not load it, it'll be broken, but does not work reliable anyway and OpenSC is the wrong scope for repair.

—
Reply to this email directly or view it on GitHub #192.

Douglas E. Engert DEEngert@anl.gov
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444

[commonism]

I'll fork OpenSSL on github and branch my patches.

[commonism]

openssl/openssl#25
openssl/openssl#26

A workaround in applications suffering from this should be loading gost via dynamic engine and using LIST_ADD

ENGINE *ENGINE_gost(void)
{
    struct command
    {
        char *cmd;
        char *arg;
    } commands[] =
    {
        {"SO_PATH", "/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so"},
        {"LIST_ADD","1"},
        {"LOAD", NULL},
    };

    ENGINE_load_dynamic();
    ENGINE *e = ENGINE_by_id("dynamic");
    if( e == NULL )
    {
        perror("ENGINE_by_id");
        ERR_print_errors_fp(stderr);
        exit(1);
    }

    for (int i = 0; i < sizeof(commands) / sizeof(commands[0]); i++)
    {
        struct command *cmd = &commands[i];
        if( ENGINE_ctrl_cmd_string(e, cmd->cmd, cmd->arg, 0) != 1 )
        {
            printf("ENGINE_ctrl_cmd_string %s %s \n", cmd->cmd, cmd->arg);
            ERR_print_errors_fp(stderr);
            exit(1);
        }
    }
    return e;
}

This way, gost won't be destroyed by openssl, as it always has a reference in the list.
Not possible to do in opensc-pkcs11, as it would leak one reference per ENGINE_init.

[frankmorgner]

I took your code as is and ran it with the most recent version of OpenSC and OpenSSL 1.0.2. There was no error. The output was as follows (identical for crash_now 1 and 0)

initializing engine
slot number not deciphered!
The key ID should be a valid PKCS#11 URI as defined by
RFC7512. The legacy ENGINE_pkcs11 ID format is also
still accepted for now.
PKCS11_get_private_key returned NULL
ENGINE_load_private_key: Success
73922236:error:26096080:engine routines:ENGINE_load_private_key:failed loading private key:eng_pkey.c:124:

please re-open if the problem still applies

[frankmorgner]

I forgot to mention that I ran the program in valgrind and gdb.