ENGINE_load_private_key, ENGINE_load_public_key, and ENGINE_ctrl all had

error-handling that could return without releasing a lock. These have been
fixed by moving (and copying) the unlock functions relative to the error
checking, but without introducing any new code constructs (we're too late
in the build up to 0.9.6a to risk a warning or error on any system).

diff --git a/crypto/engine/engine_lib.c b/crypto/engine/engine_lib.c
index 1df07af03a68c1e17bcc7583349e06d67382462a..d6e9109f6ead0953547542c95c5b299efb784211 100644 (file)
--- a/crypto/engine/engine_lib.c
+++ b/crypto/engine/engine_lib.c
@@ -230,17 +230,18 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
        if(e->funct_ref == 0)
                {
+               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
                        ENGINE_R_NOT_INITIALISED);
                return 0;
                }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
        if (!e->load_privkey)
                {
                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
                        ENGINE_R_NO_LOAD_FUNCTION);
                return 0;
                }
-       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
        pkey = e->load_privkey(key_id, passphrase);
        if (!pkey)
                {
@@ -265,17 +266,18 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
        if(e->funct_ref == 0)
                {
+               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
                        ENGINE_R_NOT_INITIALISED);
                return 0;
                }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
        if (!e->load_pubkey)
                {
                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
                        ENGINE_R_NO_LOAD_FUNCTION);
                return 0;
                }
-       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
        pkey = e->load_pubkey(key_id, passphrase);
        if (!pkey)
                {
@@ -286,8 +288,6 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
        return pkey;
        }
 
-/* Initialise a engine type for use (or up its functional reference count
- * if it's already in use). */
 int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
        {
        if(e == NULL)
@@ -298,15 +298,16 @@ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
        if(e->struct_ref == 0)
                {
+               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
                ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
                return 0;
                }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
        if (!e->ctrl)
                {
                ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
                return 0;
                }
-       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
        return e->ctrl(cmd, i, p, f);
        }