|
0 |
From: Tomas Mraz <tomas@openssl.org>
|
|
1 |
Date: Tue, 11 Oct 2022 17:26:23 +0200
|
|
2 |
Subject: Release the drbg in the global default context before engines
|
|
3 |
|
|
4 |
Fixes #17995
|
|
5 |
Fixes #18578
|
|
6 |
|
|
7 |
Reviewed-by: Paul Dale <pauli@openssl.org>
|
|
8 |
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
|
|
9 |
(Merged from https://github.com/openssl/openssl/pull/19390)
|
|
10 |
---
|
|
11 |
crypto/context.c | 15 +++++++++++++++
|
|
12 |
crypto/rand/rand_lib.c | 5 +++--
|
|
13 |
include/crypto/rand.h | 1 +
|
|
14 |
include/internal/cryptlib.h | 2 ++
|
|
15 |
4 files changed, 21 insertions(+), 2 deletions(-)
|
|
16 |
|
|
17 |
diff --git a/crypto/context.c b/crypto/context.c
|
|
18 |
index bdfc4d02a3f0..548665fba265 100644
|
|
19 |
--- a/crypto/context.c
|
|
20 |
+++ b/crypto/context.c
|
|
21 |
@@ -15,6 +15,7 @@
|
|
22 |
#include "internal/bio.h"
|
|
23 |
#include "internal/provider.h"
|
|
24 |
#include "crypto/ctype.h"
|
|
25 |
+#include "crypto/rand.h"
|
|
26 |
|
|
27 |
struct ossl_lib_ctx_onfree_list_st {
|
|
28 |
ossl_lib_ctx_onfree_fn *fn;
|
|
29 |
@@ -271,6 +272,20 @@ OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx)
|
|
30 |
|
|
31 |
return NULL;
|
|
32 |
}
|
|
33 |
+
|
|
34 |
+void ossl_release_default_drbg_ctx(void)
|
|
35 |
+{
|
|
36 |
+ int dynidx = default_context_int.dyn_indexes[OSSL_LIB_CTX_DRBG_INDEX];
|
|
37 |
+
|
|
38 |
+ /* early release of the DRBG in global default libctx, no locking */
|
|
39 |
+ if (dynidx != -1) {
|
|
40 |
+ void *data;
|
|
41 |
+
|
|
42 |
+ data = CRYPTO_get_ex_data(&default_context_int.data, dynidx);
|
|
43 |
+ ossl_rand_ctx_free(data);
|
|
44 |
+ CRYPTO_set_ex_data(&default_context_int.data, dynidx, NULL);
|
|
45 |
+ }
|
|
46 |
+}
|
|
47 |
#endif
|
|
48 |
|
|
49 |
OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx)
|
|
50 |
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
|
|
51 |
index c453d3226133..f341d915db76 100644
|
|
52 |
--- a/crypto/rand/rand_lib.c
|
|
53 |
+++ b/crypto/rand/rand_lib.c
|
|
54 |
@@ -96,6 +96,7 @@ void ossl_rand_cleanup_int(void)
|
|
55 |
CRYPTO_THREAD_lock_free(rand_meth_lock);
|
|
56 |
rand_meth_lock = NULL;
|
|
57 |
# endif
|
|
58 |
+ ossl_release_default_drbg_ctx();
|
|
59 |
rand_inited = 0;
|
|
60 |
}
|
|
61 |
|
|
62 |
@@ -469,7 +470,7 @@ static void *rand_ossl_ctx_new(OSSL_LIB_CTX *libctx)
|
|
63 |
return NULL;
|
|
64 |
}
|
|
65 |
|
|
66 |
-static void rand_ossl_ctx_free(void *vdgbl)
|
|
67 |
+void ossl_rand_ctx_free(void *vdgbl)
|
|
68 |
{
|
|
69 |
RAND_GLOBAL *dgbl = vdgbl;
|
|
70 |
|
|
71 |
@@ -494,7 +495,7 @@ static void rand_ossl_ctx_free(void *vdgbl)
|
|
72 |
static const OSSL_LIB_CTX_METHOD rand_drbg_ossl_ctx_method = {
|
|
73 |
OSSL_LIB_CTX_METHOD_PRIORITY_2,
|
|
74 |
rand_ossl_ctx_new,
|
|
75 |
- rand_ossl_ctx_free,
|
|
76 |
+ ossl_rand_ctx_free,
|
|
77 |
};
|
|
78 |
|
|
79 |
static RAND_GLOBAL *rand_get_global(OSSL_LIB_CTX *libctx)
|
|
80 |
diff --git a/include/crypto/rand.h b/include/crypto/rand.h
|
|
81 |
index 6a71a339c812..165deaf95c5e 100644
|
|
82 |
--- a/include/crypto/rand.h
|
|
83 |
+++ b/include/crypto/rand.h
|
|
84 |
@@ -125,4 +125,5 @@ void ossl_rand_cleanup_nonce(ossl_unused const OSSL_CORE_HANDLE *handle,
|
|
85 |
size_t ossl_pool_acquire_entropy(RAND_POOL *pool);
|
|
86 |
int ossl_pool_add_nonce_data(RAND_POOL *pool);
|
|
87 |
|
|
88 |
+void ossl_rand_ctx_free(void *vdgbl);
|
|
89 |
#endif
|
|
90 |
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
|
|
91 |
index 1291299b6e50..934d4b089c20 100644
|
|
92 |
--- a/include/internal/cryptlib.h
|
|
93 |
+++ b/include/internal/cryptlib.h
|
|
94 |
@@ -199,6 +199,8 @@ int ossl_lib_ctx_run_once(OSSL_LIB_CTX *ctx, unsigned int idx,
|
|
95 |
int ossl_lib_ctx_onfree(OSSL_LIB_CTX *ctx, ossl_lib_ctx_onfree_fn onfreefn);
|
|
96 |
const char *ossl_lib_ctx_get_descriptor(OSSL_LIB_CTX *libctx);
|
|
97 |
|
|
98 |
+void ossl_release_default_drbg_ctx(void);
|
|
99 |
+
|
|
100 |
OSSL_LIB_CTX *ossl_crypto_ex_data_get_ossl_lib_ctx(const CRYPTO_EX_DATA *ad);
|
|
101 |
int ossl_crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj,
|
|
102 |
CRYPTO_EX_DATA *ad);
|