From e4a6cf421a57cd59ad6944151fea07af51e5e0ed Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 22 Nov 2001 09:13:18 +0000 Subject: [PATCH] When the "dynamic" ENGINE loads another ENGINE from a shared-library, it essentially overwrites itself with the new ENGINE, with the exception of reference counts, ex_data structures, and other 'admin' elements. However if the new ENGINE doesn't populate certain elements, there's the risk of the "dynamic" ENGINE's elements showing through - the "cmd_defns" were just one of the possibilities. This implements a more comprehensive cleanup. --- crypto/engine/eng_dyn.c | 6 +++--- crypto/engine/eng_int.h | 5 +++++ crypto/engine/eng_lib.c | 23 +++++++++++++++++++++++ 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index bac5e71202..9eda5a7c89 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -405,9 +405,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback(); fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback(); fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback(); - /* Now that we've loaded the dynamic engine, initialise the command - array to contain none */ - ENGINE_set_cmd_defns(e, dynamic_cmd_defns_empty); + /* Now that we've loaded the dynamic engine, make sure no "dynamic" + * ENGINE elements will show through. */ + engine_set_all_null(e); /* Try to bind the ENGINE onto our own ENGINE structure */ if(!ctx->bind_engine(e, ctx->engine_id, &fns)) diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h index 7a74498930..38335f99cd 100644 --- a/crypto/engine/eng_int.h +++ b/crypto/engine/eng_int.h @@ -129,6 +129,11 @@ int engine_unlocked_init(ENGINE *e); int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers); int engine_free_util(ENGINE *e, int locked); +/* This function will reset all "set"able values in an ENGINE to NULL. This + * won't touch reference counts or ex_data, but is equivalent to calling all the + * ENGINE_set_***() functions with a NULL value. */ +void engine_set_all_null(ENGINE *e); + /* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed * in engine.h. */ diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 5103fd4154..a66d0f08af 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -81,6 +81,29 @@ ENGINE *ENGINE_new(void) return ret; } +/* Placed here (close proximity to ENGINE_new) so that modifications to the + * elements of the ENGINE structure are more likely to be caught and changed + * here. */ +void engine_set_all_null(ENGINE *e) + { + e->id = NULL; + e->name = NULL; + e->rsa_meth = NULL; + e->dsa_meth = NULL; + e->dh_meth = NULL; + e->rand_meth = NULL; + e->ciphers = NULL; + e->digests = NULL; + e->destroy = NULL; + e->init = NULL; + e->finish = NULL; + e->ctrl = NULL; + e->load_privkey = NULL; + e->load_pubkey = NULL; + e->cmd_defns = NULL; + e->flags = 0; + } + int engine_free_util(ENGINE *e, int locked) { int i; -- 2.34.1