Make {RSA,DSA,DH}_new_method obtain and release an ENGINE functional reference in all cases.

0c372b94 · Dr. Stephen Henson · 26e12373 · 0c372b94 · 0c372b94 · 0c372b94
7 changed file
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -195,7 +195,7 @@ void ERR_load_DH_strings(void);
 #define DH_F_DH_COMPUTE_KEY				 102
 #define DH_F_DH_GENERATE_KEY				 103
 #define DH_F_DH_GENERATE_PARAMETERS			 104
-#define DH_F_DH_NEW					 105
+#define DH_F_DH_NEW_METHOD				 105

 /* Reason codes. */
 #define DH_R_NO_PRIVATE_VALUE				 100

--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -71,7 +71,7 @@ static ERR_STRING_DATA DH_str_functs[]=
 {ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0),	"DH_compute_key"},
 {ERR_PACK(0,DH_F_DH_GENERATE_KEY,0),	"DH_generate_key"},
 {ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0),	"DH_generate_parameters"},
-{ERR_PACK(0,DH_F_DH_NEW,0),	"DH_new"},
+{ERR_PACK(0,DH_F_DH_NEW_METHOD,0),	"DH_new_method"},
 {0,NULL}
 	};


--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -107,20 +107,29 @@ DH *DH_new_method(ENGINE *engine)
 	ret=(DH *)OPENSSL_malloc(sizeof(DH));
 	if (ret == NULL)
 		{
-		DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
+		DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}

 	ret->meth = DH_get_default_method();
-	ret->engine = engine;
-	if(!ret->engine)
+	if (engine)
+		{
+		if (!ENGINE_init(engine))
+			{
+			DSAerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		ret->engine = engine;
+		}
+	else
 		ret->engine = ENGINE_get_default_DH();
 	if(ret->engine)
 		{
 		ret->meth = ENGINE_get_DH(ret->engine);
 		if(!ret->meth)
 			{
-			DHerr(DH_F_DH_NEW,ERR_R_ENGINE_LIB);
+			DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB);
 			ENGINE_finish(ret->engine);
 			OPENSSL_free(ret);
 			return NULL;
@@ -145,6 +154,8 @@ DH *DH_new_method(ENGINE *engine)
 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
+		if (ret->engine)
+			ENGINE_finish(ret->engine);
 		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
 		OPENSSL_free(ret);
 		ret=NULL;

--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -230,7 +230,7 @@ void ERR_load_DSA_strings(void);
 #define DSA_F_DSAPARAMS_PRINT_FP			 101
 #define DSA_F_DSA_DO_SIGN				 112
 #define DSA_F_DSA_DO_VERIFY				 113
-#define DSA_F_DSA_NEW					 103
+#define DSA_F_DSA_NEW_METHOD				 103
 #define DSA_F_DSA_PRINT					 104
 #define DSA_F_DSA_PRINT_FP				 105
 #define DSA_F_DSA_SIGN					 106

--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -71,7 +71,7 @@ static ERR_STRING_DATA DSA_str_functs[]=
 {ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0),	"DSAparams_print_fp"},
 {ERR_PACK(0,DSA_F_DSA_DO_SIGN,0),	"DSA_do_sign"},
 {ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0),	"DSA_do_verify"},
-{ERR_PACK(0,DSA_F_DSA_NEW,0),	"DSA_new"},
+{ERR_PACK(0,DSA_F_DSA_NEW_METHOD,0),	"DSA_new_method"},
 {ERR_PACK(0,DSA_F_DSA_PRINT,0),	"DSA_print"},
 {ERR_PACK(0,DSA_F_DSA_PRINT_FP,0),	"DSA_print_fp"},
 {ERR_PACK(0,DSA_F_DSA_SIGN,0),	"DSA_sign"},

--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -110,19 +110,28 @@ DSA *DSA_new_method(ENGINE *engine)
 	ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
 	if (ret == NULL)
 		{
-		DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
+		DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
 	ret->meth = DSA_get_default_method();
-	ret->engine = engine;
-	if(!ret->engine)
+	if (engine)
+		{
+		if (!ENGINE_init(engine))
+			{
+			DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		ret->engine = engine;
+		}
+	else
 		ret->engine = ENGINE_get_default_DSA();
 	if(ret->engine)
 		{
 		ret->meth = ENGINE_get_DSA(ret->engine);
 		if(!ret->meth)
 			{
-			DSAerr(DSA_F_DSA_NEW,
+			DSAerr(DSA_F_DSA_NEW_METHOD,
 				ERR_R_ENGINE_LIB);
 			ENGINE_finish(ret->engine);
 			OPENSSL_free(ret);
@@ -149,6 +158,8 @@ DSA *DSA_new_method(ENGINE *engine)
 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
+		if (ret->engine)
+			ENGINE_finish(ret->engine);
 		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
 		OPENSSL_free(ret);
 		ret=NULL;

--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -130,8 +130,17 @@ RSA *RSA_new_method(ENGINE *engine)
 		}

 	ret->meth = RSA_get_default_method();
-	ret->engine = engine;
-	if(!ret->engine)
+	if (engine)
+		{
+		if (!ENGINE_init(engine))
+			{
+			RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		ret->engine = engine;
+		}
+	else
 		ret->engine = ENGINE_get_default_RSA();
 	if(ret->engine)
 		{
@@ -166,6 +175,8 @@ RSA *RSA_new_method(ENGINE *engine)
 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
+		if (ret->engine)
+			ENGINE_finish(ret->engine);
 		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
 		OPENSSL_free(ret);
 		ret=NULL;