From: Matt Caswell <matt@openssl.org>
Date: Thu, 17 Jun 2021 10:44:10 +0000 (+0100)
Subject: Ensure we remove libctx DRBG state before removing the provider store
X-Git-Tag: openssl-3.0.0-beta2~261
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=005505fbf84a93e6f1871c70cfc60bd1f3b86101;p=thirdparty%2Fopenssl.git

Ensure we remove libctx DRBG state before removing the provider store

Otherwise a heap use-after-free can result.

Fixes #15766

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15810)
---

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 62bd1d67967..8f76c8a5f02 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -492,7 +492,7 @@ static void rand_ossl_ctx_free(void *vdgbl)
 }
 
 static const OSSL_LIB_CTX_METHOD rand_drbg_ossl_ctx_method = {
-    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
+    OSSL_LIB_CTX_METHOD_PRIORITY_2,
     rand_ossl_ctx_new,
     rand_ossl_ctx_free,
 };