Call CONF_modules_free() before ENGINE_cleanup() in auto-deinit

During auto de-init we were calling ENGINE_cleanup(), and then later
CONF_modules_free(). However the latter function can end up calling
engine code, which can lead to a use of the global_engine_lock after it
has already been freed. Therefore we should swap the calling order of
these two functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/crypto/init.c b/crypto/init.c
index 1cac74193fc431eb822010a3c85457a4277c3a5d..aac87deb4e56a323044af2c89e481de55484dd86 100644 (file)
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -468,13 +468,13 @@ void OPENSSL_cleanup(void)
     fprintf(stderr, "OPENSSL_INIT: OPENSSL_INIT_library_stop: "
                     "RAND_cleanup()\n");
 
     fprintf(stderr, "OPENSSL_INIT: OPENSSL_INIT_library_stop: "
                     "RAND_cleanup()\n");
 

-#endif
-#ifndef OPENSSL_NO_ENGINE
-    ENGINE_cleanup();

 #endif
     CRYPTO_cleanup_all_ex_data();
     EVP_cleanup();
     CONF_modules_free();
 #endif
     CRYPTO_cleanup_all_ex_data();
     EVP_cleanup();
     CONF_modules_free();

+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_cleanup();
+#endif

     RAND_cleanup();
     base_inited = 0;
 }
     RAND_cleanup();
     base_inited = 0;
 }