QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-28 18:54:36 +00:00
Code Issues Projects Releases Wiki Activity

If an engine comes up explicitely, it must also come down explicitely

Browse Source 
In apps/apps.c, one can set up an engine with setup_engine().
However, we freed the structural reference immediately, which means
that for engines that don't already have a structural reference
somewhere else (because it has registered at least one cipher or digest
algorithm method, and therefore gets a functional reference through the
ENGINE_set_default() call), we end up returning an invalid reference.

Instead, the function release_engine() is added, and called at the end
of the routines that call setup_engine().

Originally, the ENGINE API wasn't designed for this to happen, an
engine had to register at least one algorithm method, and was
especially expected to register the algorithms corresponding to the
key types that could be stored and hidden in hardware.  However, it
turns out that some engines will not register those algorithms with
the ENGINE_set_{algo}, ENGINE_set_cipher or ENGINE_set_digest
functions, as they only want the methods to be used for keys, not as
general crypto accelerator methods.  That may cause ENGINE_set_default()
to do nothing, and no functional reference is therefore made, leading
to a premature deallocation of the engine and it thereby becoming
unavailable when trying to fetch a key.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1644)
This commit is contained in:
Richard Levitte 2016-09-29 00:40:20 +02:00
parent 10e60f26ce
commit aa01b82c69
32 changed files with 158 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/apps.c
View File

@ -1564,12 +1564,16 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug)
}
BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
/* Free our "structural" reference. */
ENGINE_free(e);
}
return e;
}
void release_engine(ENGINE *e)
{
if (e != NULL)
/* Free our "structural" reference. */
ENGINE_free(e);
}
#endif
int load_config(BIO *err, CONF *cnf)

1
apps/apps.h
View File

@ -261,6 +261,7 @@ STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
# ifndef OPENSSL_NO_ENGINE
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
void release_engine(ENGINE *e);
# endif
# ifndef OPENSSL_NO_OCSP

4
apps/ca.c
View File

@ -1485,6 +1485,10 @@ int MAIN(int argc, char **argv)
X509_CRL_free(crl);
NCONF_free(conf);
NCONF_free(extconf);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);

4
apps/cms.c
View File

@ -1170,6 +1170,10 @@ int MAIN(int argc, char **argv)
EVP_PKEY_free(key);
CMS_ContentInfo_free(cms);
CMS_ContentInfo_free(rcms);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
BIO_free(rctin);
BIO_free(in);
BIO_free(indata);

4
apps/dgst.c
View File

@ -537,6 +537,10 @@ int MAIN(int argc, char **argv)
OPENSSL_free(sigbuf);
if (bmd != NULL)
BIO_free(bmd);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
apps_shutdown();
OPENSSL_EXIT(err);
}

7
apps/dhparam.c
View File

@ -161,6 +161,7 @@ int MAIN(int argc, char **argv)
char *inrand = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
ENGINE *e = NULL;
# endif
int num = 0, g = 0;
@ -271,7 +272,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
e = setup_engine(bio_err, engine, 0);
# endif
if (g && !num)
@ -512,6 +513,10 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dh != NULL)
DH_free(dh);
# ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
# endif
apps_shutdown();
OPENSSL_EXIT(ret);
}

4
apps/dsa.c
View File

@ -358,6 +358,10 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
# ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
# endif
if (passin)
OPENSSL_free(passin);
if (passout)

7
apps/dsaparam.c
View File

@ -123,6 +123,7 @@ int MAIN(int argc, char **argv)
int need_rand = 0;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
ENGINE *e = NULL;
# endif
# ifdef GENCB_TEST
int timebomb = 0;
@ -264,7 +265,7 @@ int MAIN(int argc, char **argv)
}
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
e = setup_engine(bio_err, engine, 0);
# endif
if (need_rand) {
@ -433,6 +434,10 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
apps_shutdown();
OPENSSL_EXIT(ret);
}

9
apps/ec.c
View File

@ -95,6 +95,9 @@ int MAIN(int argc, char **argv)
int informat, outformat, text = 0, noout = 0;
int pubin = 0, pubout = 0, param_out = 0;
char *infile, *outfile, *prog, *engine;
# ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
# endif
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
@ -236,7 +239,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
e = setup_engine(bio_err, engine, 0);
# endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
@ -349,6 +352,10 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (eckey)
EC_KEY_free(eckey);
# ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
# endif
if (passin)
OPENSSL_free(passin);
if (passout)

13
apps/ecparam.c
View File

@ -131,6 +131,9 @@ int MAIN(int argc, char **argv)
BIO *in = NULL, *out = NULL;
int informat, outformat, noout = 0, C = 0, ret = 1;
char *engine = NULL;
# ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
# endif
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
@ -312,7 +315,7 @@ int MAIN(int argc, char **argv)
}
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
e = setup_engine(bio_err, engine, 0);
# endif
if (list_curves) {
@ -620,12 +623,16 @@ int MAIN(int argc, char **argv)
BN_free(ec_cofactor);
if (buffer)
OPENSSL_free(buffer);
if (group != NULL)
EC_GROUP_free(group);
# ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
# endif
if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
if (group != NULL)
EC_GROUP_free(group);
apps_shutdown();
OPENSSL_EXIT(ret);
}

7
apps/enc.c
View File

@ -128,6 +128,7 @@ int MAIN(int argc, char **argv)
char pname[PROG_NAME_SIZE + 1];
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
ENGINE *e = NULL;
#endif
const EVP_MD *dgst = NULL;
int non_fips_allow = 0;
@ -323,7 +324,7 @@ int MAIN(int argc, char **argv)
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
e = setup_engine(bio_err, engine, 0);
#endif
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
@ -673,6 +674,10 @@ int MAIN(int argc, char **argv)
#ifdef ZLIB
if (bzl != NULL)
BIO_free(bzl);
#endif
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
if (pass)
OPENSSL_free(pass);

7
apps/gendsa.c
View File

@ -87,6 +87,7 @@ int MAIN(int argc, char **argv)
const EVP_CIPHER *enc = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
ENGINE *e = NULL;
# endif
apps_startup();
@ -207,7 +208,7 @@ int MAIN(int argc, char **argv)
goto end;
}
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
e = setup_engine(bio_err, engine, 0);
# endif
if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
@ -273,6 +274,10 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
# ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
# endif
if (passout)
OPENSSL_free(passout);
apps_shutdown();

5
apps/genpkey.c
View File

@ -275,9 +275,12 @@ int MAIN(int argc, char **argv)
if (out)
BIO_free_all(out);
BIO_free(in);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
if (pass)
OPENSSL_free(pass);
return ret;
}

4
apps/genrsa.c
View File

@ -314,6 +314,10 @@ int MAIN(int argc, char **argv)
RSA_free(rsa);
if (out)
BIO_free_all(out);
# ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
# endif
if (passout)
OPENSSL_free(passout);
if (ret != 0)

4
apps/pkcs12.c
View File

@ -755,6 +755,10 @@ int MAIN(int argc, char **argv)
app_RAND_write_file(NULL, bio_err);
# ifdef CRYPTO_MDEBUG
CRYPTO_remove_all_info();
# endif
# ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
# endif
BIO_free(in);
BIO_free_all(out);

7
apps/pkcs7.c
View File

@ -92,6 +92,7 @@ int MAIN(int argc, char **argv)
int ret = 1;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
ENGINE *e = NULL;
#endif
apps_startup();
@ -176,7 +177,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
e = setup_engine(bio_err, engine, 0);
#endif
in = BIO_new(BIO_s_file());
@ -303,6 +304,10 @@ int MAIN(int argc, char **argv)
end:
if (p7 != NULL)
PKCS7_free(p7);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
if (in != NULL)
BIO_free(in);
if (out != NULL)

4
apps/pkcs8.c
View File

@ -391,6 +391,10 @@ int MAIN(int argc, char **argv)
X509_SIG_free(p8);
PKCS8_PRIV_KEY_INFO_free(p8inf);
EVP_PKEY_free(pkey);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
BIO_free_all(out);
BIO_free(in);
if (passin)

4
apps/pkey.c
View File

@ -240,6 +240,10 @@ int MAIN(int argc, char **argv)
end:
EVP_PKEY_free(pkey);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
BIO_free_all(out);
BIO_free(in);
if (passin)

7
apps/pkeyparam.c
View File

@ -76,6 +76,7 @@ int MAIN(int argc, char **argv)
int badarg = 0;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
ENGINE *e = NULL;
#endif
int ret = 1;
@ -135,7 +136,7 @@ int MAIN(int argc, char **argv)
return 1;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
e = setup_engine(bio_err, engine, 0);
#endif
if (infile) {
@ -178,6 +179,10 @@ int MAIN(int argc, char **argv)
end:
EVP_PKEY_free(pkey);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
BIO_free_all(out);
BIO_free(in);

4
apps/pkeyutl.c
View File

@ -357,6 +357,10 @@ int MAIN(int argc, char **argv)
end:
if (ctx)
EVP_PKEY_CTX_free(ctx);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
BIO_free(in);
BIO_free_all(out);
if (buf_in != NULL)

7
apps/rand.c
View File

@ -87,6 +87,7 @@ int MAIN(int argc, char **argv)
BIO *out = NULL;
int num = -1;
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
char *engine = NULL;
#endif
@ -163,7 +164,7 @@ int MAIN(int argc, char **argv)
goto err;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
e = setup_engine(bio_err, engine, 0);
#endif
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
@ -222,6 +223,10 @@ int MAIN(int argc, char **argv)
err:
ERR_print_errors(bio_err);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
if (out)
BIO_free_all(out);
apps_shutdown();

4
apps/req.c
View File

@ -1040,6 +1040,10 @@ int MAIN(int argc, char **argv)
X509_REQ_free(req);
X509_free(x509ss);
ASN1_INTEGER_free(serial);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
if (passargin && passin)
OPENSSL_free(passin);
if (passargout && passout)

4
apps/rsa.c
View File

@ -419,6 +419,10 @@ int MAIN(int argc, char **argv)
} else
ret = 0;
end:
# ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
# endif
if (out != NULL)
BIO_free_all(out);
if (rsa != NULL)

4
apps/rsautl.c
View File

@ -327,6 +327,10 @@ int MAIN(int argc, char **argv)
BIO_write(out, rsa_out, rsa_outlen);
end:
RSA_free(rsa);
# ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
# endif
BIO_free(in);
BIO_free_all(out);
if (rsa_in)

4
apps/s_client.c
View File

@ -2123,6 +2123,10 @@ int MAIN(int argc, char **argv)
OPENSSL_cleanse(mbuf, BUFSIZZ);
OPENSSL_free(mbuf);
}
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
if (bio_c_out != NULL) {
BIO_free(bio_c_out);
bio_c_out = NULL;

4
apps/s_server.c
View File

@ -2128,6 +2128,10 @@ int MAIN(int argc, char *argv[])
#ifndef OPENSSL_NO_JPAKE
if (jpake_secret && psk_key)
OPENSSL_free(psk_key);
#endif
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
if (bio_s_out != NULL) {
BIO_free(bio_s_out);

4
apps/smime.c
View File

@ -736,6 +736,10 @@ int MAIN(int argc, char **argv)
X509_free(signer);
EVP_PKEY_free(key);
PKCS7_free(p7);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
BIO_free(in);
BIO_free(indata);
BIO_free_all(out);

9
apps/speed.c
View File

@ -372,6 +372,9 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
# ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
unsigned char *buf = NULL, *buf2 = NULL;
int mret = 1;
long count = 0, save_count = 0;
@ -749,7 +752,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "no engine given\n");
goto end;
}
setup_engine(bio_err, *argv, 0);
e = setup_engine(bio_err, *argv, 0);
/*
* j will be increased again further down. We just don't want
* speed to confuse an engine with an algorithm, especially when
@ -2526,6 +2529,10 @@ int MAIN(int argc, char **argv)
}
# endif
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
apps_shutdown();
OPENSSL_EXIT(mret);
}

4
apps/spkac.c
View File

@ -305,6 +305,10 @@ int MAIN(int argc, char **argv)
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
if (passin)
OPENSSL_free(passin);
apps_shutdown();

7
apps/srp.c
View File

@ -294,6 +294,7 @@ int MAIN(int argc, char **argv)
long errorline = -1;
char *randfile = NULL;
# ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
char *engine = NULL;
# endif
char *tofree = NULL;
@ -412,7 +413,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
e = setup_engine(bio_err, engine, 0);
# endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
@ -760,6 +761,10 @@ int MAIN(int argc, char **argv)
if (db)
free_index(db);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);

4
apps/verify.c
View File

@ -255,6 +255,10 @@ int MAIN(int argc, char **argv)
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
apps_shutdown();
OPENSSL_EXIT(ret < 0 ? 2 : ret);
}

4
apps/x509.c
View File

@ -1040,6 +1040,10 @@ int MAIN(int argc, char **argv)
ASN1_INTEGER_free(sno);
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
#ifndef OPENSSL_NO_ENGINE
if (e != NULL)
release_engine(e);
#endif
if (passin)
OPENSSL_free(passin);
apps_shutdown();