Release the drbg in the global default context before engines

Fixes #17995
Fixes #18578

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/19386)

diff --git a/crypto/context.c b/crypto/context.c
index a7b1832cbcf96ac6299dddedb6e37ed227faf088..173256bcfb19149a7943db65492bf967c936e51b 100644 (file)
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -472,6 +472,15 @@ OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx)
 
     return NULL;
 }
+
+void ossl_release_default_drbg_ctx(void)
+{
+    /* early release of the DRBG in global default libctx */
+    if (default_context_int.drbg != NULL) {
+        ossl_rand_ctx_free(default_context_int.drbg);
+        default_context_int.drbg = NULL;
+    }
+}
 #endif
 
 OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx)

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 7140729bd2f7b21507501e1a07beac93f1d45f08..ce95bf6210b15dc8bb951f6cdf3ba5f09c10d1c5 100644 (file)
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -97,6 +97,7 @@ void ossl_rand_cleanup_int(void)
     CRYPTO_THREAD_lock_free(rand_meth_lock);
     rand_meth_lock = NULL;
 # endif
+    ossl_release_default_drbg_ctx();
     rand_inited = 0;
 }
 

diff --git a/include/crypto/context.h b/include/crypto/context.h
index 950d6f11e43ef1b3533db76efdffab7cc47ffd1e..56c68f4ec114fa1db592adc01a97b700e64d80fd 100644 (file)
--- a/include/crypto/context.h
+++ b/include/crypto/context.h
@@ -41,6 +41,7 @@ void ossl_self_test_set_callback_free(void *);
 void ossl_rand_crng_ctx_free(void *);
 void ossl_thread_event_ctx_free(void *);
 void ossl_fips_prov_ossl_ctx_free(void *);
+void ossl_release_default_drbg_ctx(void);
 #if defined(OPENSSL_THREADS)
 void ossl_threads_ctx_free(void *);
 #endif