OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
28-Mar-2006 19:23:48
Branch: HEAD Handle:
2006032818234503
Modified files:
openssl CHANGES FAQ
openssl/apps apps.h dgst.c
openssl/crypto/evp names.c
openssl/crypto/objects obj_dat.c
Log:
Fix bug where freed OIDs could be accessed in
EVP_cleanup() by
defering freeing in OBJ_cleanup().
Summary:
Revision Changes Path
1.1296 +4 -0 openssl/CHANGES
1.113 +1 -1 openssl/FAQ
1.75 +2 -2 openssl/apps/apps.h
1.37 +1 -4 openssl/apps/dgst.c
1.9 +11 -0 openssl/crypto/evp/names.c
1.39 +18 -0 openssl/crypto/objects/obj_dat.c
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/CHANGES
============================================================
================
$ cvs diff -u -r1.1295 -r1.1296 CHANGES
--- openssl/CHANGES 28 Mar 2006 14:35:28 -0000 1.1295
+++ openssl/CHANGES 28 Mar 2006 17:23:45 -0000 1.1296
-4,6 +4,10
Changes between 0.9.8a and 0.9.9 [xx XXX xxxx]
+ *) Don't free up OIDs in OBJ_cleanup() if they are in
use by EVP_MD or
+ EVP_CIPHER structures to avoid later problems in
EVP_cleanup().
+ [Steve Henson]
+
*) New utilities pkey and pkeyparam. These are similar
to algorithm specific
utilities such as rsa, dsa, dsaparam etc except they
processes any key
type.
.
patch -p0 <<' .'
Index: openssl/FAQ
============================================================
================
$ cvs diff -u -r1.112 -r1.113 FAQ
--- openssl/FAQ 28 Mar 2006 14:48:42 -0000 1.112
+++ openssl/FAQ 28 Mar 2006 17:23:46 -0000 1.113
-430,7 +430,7
It doesn't: this extension is often the cause of
confusion.
-Consider a certificate chain A->B->C so that A
signs, B and B signs C. Suppose
+Consider a certificate chain A->B->C so that A
signs B and B signs C. Suppose
certificate C contains AKID.
The purpose of this extension is to identify the
authority certificate B. This
.
patch -p0 <<' .'
Index: openssl/apps/apps.h
============================================================
================
$ cvs diff -u -r1.74 -r1.75 apps.h
--- openssl/apps/apps.h 6 Nov 2005 11:40:59 -0000 1.74
+++ openssl/apps/apps.h 28 Mar 2006 17:23:47 -0000 1.75
-177,7 +177,7
ENGINE_load_builtin_engines(); setup_ui_method(); }
while(0)
# define apps_shutdown() \
do { CONF_modules_unload(1); destroy_ui_method(); \
- EVP_cleanup(); ENGINE_cleanup(); \
+ OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
ERR_free_strings(); } while(0)
# else
-187,7 +187,7
setup_ui_method(); } while(0)
# define apps_shutdown() \
do { CONF_modules_unload(1); destroy_ui_method(); \
- EVP_cleanup(); \
+ OBJ_cleanup(); EVP_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
ERR_free_strings(); } while(0)
# endif
.
patch -p0 <<' .'
Index: openssl/apps/dgst.c
============================================================
================
$ cvs diff -u -r1.36 -r1.37 dgst.c
--- openssl/apps/dgst.c 30 Nov 2005 20:58:41 -0000 1.36
+++ openssl/apps/dgst.c 28 Mar 2006 17:23:47 -0000 1.37
-180,6 +180,7
{
if (--argc < 1) break;
engine= *(++argv);
+ e = setup_engine(bio_err, engine, 0);
}
#endif
else if (strcmp(*argv,"-hex") == 0)
-257,10 +258,6
goto end;
}
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
in=BIO_new(BIO_s_file());
bmd=BIO_new(BIO_f_md());
if (debug)
.
patch -p0 <<' .'
Index: openssl/crypto/evp/names.c
============================================================
================
$ cvs diff -u -r1.8 -r1.9 names.c
--- openssl/crypto/evp/names.c 5 Apr 2005 10:29:41
-0000 1.8
+++ openssl/crypto/evp/names.c 28 Mar 2006 17:23:48
-0000 1.9
-62,12 +62,16
#include <openssl/objects.h>
#include <openssl/x509.h>
+extern int obj_cleanup_defer;
+extern void check_defer(int nid);
+
int EVP_add_cipher(const EVP_CIPHER *c)
{
int r;
r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_M
ETH,(const char *)c);
if (r == 0) return(0);
+ check_defer(c->nid);
r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_M
ETH,(const char *)c);
return(r);
}
-80,6 +84,7
name=OBJ_nid2sn(md->type);
r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char
*)md);
if (r == 0) return(0);
+ check_defer(md->type);
r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_MET
H,(const char *)md);
if (r == 0) return(0);
-88,6 +93,7
r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
OBJ_NAME_TYPE_MD_METH BJ_NAME_A
LIAS,name);
if (r == 0) return(0);
+ check_defer(md->pkey_type);
r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
OBJ_NAME_TYPE_MD_METHBJ_NAME_A
LIAS,name);
}
-120,4 +126,9
OBJ_NAME_cleanup(-1);
EVP_PBE_cleanup();
+ if (obj_cleanup_defer == 2)
+ {
+ obj_cleanup_defer = 0;
+ OBJ_cleanup();
+ }
}
.
patch -p0 <<' .'
Index: openssl/crypto/objects/obj_dat.c
============================================================
================
$ cvs diff -u -r1.38 -r1.39 obj_dat.c
--- openssl/crypto/objects/obj_dat.c 15 Feb 2006 15:04:42
-0000 1.38
+++ openssl/crypto/objects/obj_dat.c 28 Mar 2006 17:23:48
-0000 1.39
-208,8 +208,26
static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *)
static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *)
+/* The purpose of obj_cleanup_defer is to avoid
EVP_cleanup() attempting
+ * to use freed up OIDs. If neccessary the actual freeing
up of OIDs is
+ * delayed.
+ */
+
+int obj_cleanup_defer = 0;
+
+void check_defer(int nid)
+ {
+ if (obj_cleanup_defer && nid >= NUM_NID)
+ obj_cleanup_defer = 1;
+ }
+
void OBJ_cleanup(void)
{
+ if (obj_cleanup_defer)
+ {
+ obj_cleanup_defer = 2;
+ return ;
+ }
if (added == NULL) return;
added->down_load=0;
lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero
counters */
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|