Release the drbg in the global default context before engines

Fixes #17995 Fixes #18578 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/19390)
2022-10-11 17:26:23 +02:00 · 2022-10-11 17:26:23 +02:00 · d0f8056c47
parent aa97297427
commit d0f8056c47
4 changed files with 21 additions and 2 deletions
--- a/crypto/context.c
+++ b/crypto/context.c
@ -15,6 +15,7 @@
 #include "internal/bio.h"
 #include "internal/provider.h"
 #include "crypto/ctype.h"
+#include "crypto/rand.h"

 struct ossl_lib_ctx_onfree_list_st {
    ossl_lib_ctx_onfree_fn *fn;
@ -271,6 +272,20 @@ OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx)

    return NULL;
 }
+
+void ossl_release_default_drbg_ctx(void)
+{
+    int dynidx = default_context_int.dyn_indexes[OSSL_LIB_CTX_DRBG_INDEX];
+
+    /* early release of the DRBG in global default libctx, no locking */
+    if (dynidx != -1) {
+        void *data;
+
+        data = CRYPTO_get_ex_data(&default_context_int.data, dynidx);
+        ossl_rand_ctx_free(data);
+        CRYPTO_set_ex_data(&default_context_int.data, dynidx, NULL);
+    }
+}
 #endif

 OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx)
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@ -96,6 +96,7 @@ void ossl_rand_cleanup_int(void)
    CRYPTO_THREAD_lock_free(rand_meth_lock);
    rand_meth_lock = NULL;
 # endif
+    ossl_release_default_drbg_ctx();
    rand_inited = 0;
 }

@ -469,7 +470,7 @@ static void *rand_ossl_ctx_new(OSSL_LIB_CTX *libctx)
    return NULL;
 }

-static void rand_ossl_ctx_free(void *vdgbl)
+void ossl_rand_ctx_free(void *vdgbl)
 {
    RAND_GLOBAL *dgbl = vdgbl;

@ -494,7 +495,7 @@ static void rand_ossl_ctx_free(void *vdgbl)
 static const OSSL_LIB_CTX_METHOD rand_drbg_ossl_ctx_method = {
    OSSL_LIB_CTX_METHOD_PRIORITY_2,
    rand_ossl_ctx_new,
-    rand_ossl_ctx_free,
+    ossl_rand_ctx_free,
 };

 static RAND_GLOBAL *rand_get_global(OSSL_LIB_CTX *libctx)
--- a/include/crypto/rand.h
+++ b/include/crypto/rand.h
@ -125,4 +125,5 @@ void ossl_rand_cleanup_nonce(ossl_unused const OSSL_CORE_HANDLE *handle,
 size_t ossl_pool_acquire_entropy(RAND_POOL *pool);
 int ossl_pool_add_nonce_data(RAND_POOL *pool);

+void ossl_rand_ctx_free(void *vdgbl);
 #endif
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@ -199,6 +199,8 @@ int ossl_lib_ctx_run_once(OSSL_LIB_CTX *ctx, unsigned int idx,
 int ossl_lib_ctx_onfree(OSSL_LIB_CTX *ctx, ossl_lib_ctx_onfree_fn onfreefn);
 const char *ossl_lib_ctx_get_descriptor(OSSL_LIB_CTX *libctx);

+void ossl_release_default_drbg_ctx(void);
+
 OSSL_LIB_CTX *ossl_crypto_ex_data_get_ossl_lib_ctx(const CRYPTO_EX_DATA *ad);
 int ossl_crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj,
                               CRYPTO_EX_DATA *ad);