Fix bug where freed OIDs could be accessed in EVP_cleanup() by

defering freeing in OBJ_cleanup().

CHANGES

@@ -4,6 +4,10 @@
 
  Changes between 0.9.8a and 0.9.9  [xx XXX xxxx]
 
+  *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
+     EVP_CIPHER structures to avoid later problems in EVP_cleanup().
+     [Steve Henson]
+
   *) New utilities pkey and pkeyparam. These are similar to algorithm specific
      utilities such as rsa, dsa, dsaparam etc except they processes any key
      type.

FAQ

@@ -430,7 +430,7 @@ encryption so these certificates are now obsolete.
 
 It doesn't: this extension is often the cause of confusion.
 
-Consider a certificate chain A->B->C so that A signs, B and B signs C. Suppose
+Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose
 certificate C contains AKID.
 
 The purpose of this extension is to identify the authority certificate B. This

apps/apps.h

@@ -177,7 +177,7 @@ extern BIO *bio_err;
 			ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
 #    define apps_shutdown() \
 			do { CONF_modules_unload(1); destroy_ui_method(); \
-			EVP_cleanup(); ENGINE_cleanup(); \
+			OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
 			CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
 			ERR_free_strings(); } while(0)
 #  else
@@ -187,7 +187,7 @@ extern BIO *bio_err;
 			setup_ui_method(); } while(0)
 #    define apps_shutdown() \
 			do { CONF_modules_unload(1); destroy_ui_method(); \
-			EVP_cleanup(); \
+			OBJ_cleanup(); EVP_cleanup(); \
 			CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
 			ERR_free_strings(); } while(0)
 #  endif

apps/dgst.c

@@ -180,6 +180,7 @@ int MAIN(int argc, char **argv)
 			{
 			if (--argc < 1) break;
 			engine= *(++argv);
+        		e = setup_engine(bio_err, engine, 0);
 			}
 #endif
 		else if (strcmp(*argv,"-hex") == 0)
@@ -257,10 +258,6 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}
 
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
-
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
 	if (debug)

crypto/evp/names.c

@@ -62,12 +62,16 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
+extern int obj_cleanup_defer;
+extern void check_defer(int nid);
+
 int EVP_add_cipher(const EVP_CIPHER *c)
 	{
 	int r;
 
 	r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
 	if (r == 0) return(0);
+	check_defer(c->nid);
 	r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
 	return(r);
 	}
@@ -80,6 +84,7 @@ int EVP_add_digest(const EVP_MD *md)
 	name=OBJ_nid2sn(md->type);
 	r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
 	if (r == 0) return(0);
+	check_defer(md->type);
 	r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md);
 	if (r == 0) return(0);
 
@@ -88,6 +93,7 @@ int EVP_add_digest(const EVP_MD *md)
 		r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
 			OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
 		if (r == 0) return(0);
+		check_defer(md->pkey_type);
 		r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
 			OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
 		}
@@ -120,4 +126,9 @@ void EVP_cleanup(void)
 	OBJ_NAME_cleanup(-1);
 
 	EVP_PBE_cleanup();
+	if (obj_cleanup_defer == 2)
+		{
+		obj_cleanup_defer = 0;
+		OBJ_cleanup();
+		}
 	}

crypto/objects/obj_dat.c

@@ -208,8 +208,26 @@ static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *)
 static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *)
 static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *)
 
+/* The purpose of obj_cleanup_defer is to avoid EVP_cleanup() attempting
+ * to use freed up OIDs. If neccessary the actual freeing up of OIDs is
+ * delayed.
+ */
+
+int obj_cleanup_defer = 0;
+
+void check_defer(int nid)
+	{
+	if (obj_cleanup_defer && nid >= NUM_NID)
+			obj_cleanup_defer = 1;
+	}
+
 void OBJ_cleanup(void)
 	{
+	if (obj_cleanup_defer)
+		{
+		obj_cleanup_defer = 2;
+		return ;
+		}
 	if (added == NULL) return;
 	added->down_load=0;
 	lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */