When the "dynamic" ENGINE loads another ENGINE from a shared-library, it

essentially overwrites itself with the new ENGINE, with the exception of
reference counts, ex_data structures, and other 'admin' elements. However
if the new ENGINE doesn't populate certain elements, there's the risk of
the "dynamic" ENGINE's elements showing through - the "cmd_defns" were just
one of the possibilities. This implements a more comprehensive cleanup.

diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index bac5e712022ca0f31400d9034b519a6bd32e4570..9eda5a7c89c7bf7dfbc2f9638bdf3cf1c17437bf 100644 (file)
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -405,9 +405,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
        fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
        fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
        fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
        fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
        fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
        fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();

-       /* Now that we've loaded the dynamic engine, initialise the command
-          array to contain none */
-       ENGINE_set_cmd_defns(e, dynamic_cmd_defns_empty);
+       /* Now that we've loaded the dynamic engine, make sure no "dynamic"
+        * ENGINE elements will show through. */
+       engine_set_all_null(e);

 
        /* Try to bind the ENGINE onto our own ENGINE structure */
        if(!ctx->bind_engine(e, ctx->engine_id, &fns))
 
        /* Try to bind the ENGINE onto our own ENGINE structure */
        if(!ctx->bind_engine(e, ctx->engine_id, &fns))

diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
index 7a74498930065f313d93cc5c5df213e5d596360f..38335f99cdaa5cde077bbbe7cb8bc9f19bdd65c0 100644 (file)
--- a/crypto/engine/eng_int.h
+++ b/crypto/engine/eng_int.h
@@ -129,6 +129,11 @@ int engine_unlocked_init(ENGINE *e);
 int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
 int engine_free_util(ENGINE *e, int locked);
 
 int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
 int engine_free_util(ENGINE *e, int locked);
 

+/* This function will reset all "set"able values in an ENGINE to NULL. This
+ * won't touch reference counts or ex_data, but is equivalent to calling all the
+ * ENGINE_set_***() functions with a NULL value. */
+void engine_set_all_null(ENGINE *e);
+

 /* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
  * in engine.h. */
 
 /* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
  * in engine.h. */
 

diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
index 5103fd4154983b11c63dc871748fe6b6da0cb48c..a66d0f08af26d8293aa768897138fb0a2f2ff365 100644 (file)
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -81,6 +81,29 @@ ENGINE *ENGINE_new(void)
        return ret;
        }
 
        return ret;
        }
 

+/* Placed here (close proximity to ENGINE_new) so that modifications to the
+ * elements of the ENGINE structure are more likely to be caught and changed
+ * here. */
+void engine_set_all_null(ENGINE *e)
+       {
+       e->id = NULL;
+       e->name = NULL;
+       e->rsa_meth = NULL;
+       e->dsa_meth = NULL;
+       e->dh_meth = NULL;
+       e->rand_meth = NULL;
+       e->ciphers = NULL;
+       e->digests = NULL;
+       e->destroy = NULL;
+       e->init = NULL;
+       e->finish = NULL;
+       e->ctrl = NULL;
+       e->load_privkey = NULL;
+       e->load_pubkey = NULL;
+       e->cmd_defns = NULL;
+       e->flags = 0;
+       }
+

 int engine_free_util(ENGINE *e, int locked)
        {
        int i;
 int engine_free_util(ENGINE *e, int locked)
        {
        int i;