improve init/finish engine funcs, do a better job inc/dec struct/func refs

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2013-12-31 12:00:37 -0600
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2013-12-31 13:14:45 -0600
commit: 53473d3447fd6ad5d70810da3e638e6e7a59afbb (patch)
tree: 889e8a5af9b0b68b8d66de50adb4df203760a50f
parent: 3f2524572d6efedb413558c50ba875256eadfaab (diff)
download: cryptography-53473d3447fd6ad5d70810da3e638e6e7a59afbb.tar.gz
cryptography-53473d3447fd6ad5d70810da3e638e6e7a59afbb.tar.bz2
cryptography-53473d3447fd6ad5d70810da3e638e6e7a59afbb.zip
3 files changed, 22 insertions, 26 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index cfd0cfab..93d15740 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -183,10 +183,10 @@ class Backend(object):
             assert name != self.ffi.NULL
             if name == self.lib.Cryptography_urandom_engine_name:
                 self.lib.ENGINE_unregister_RAND(e)
-                res = self.lib.ENGINE_free(e)
-                assert res == 1
                 # this resets the RNG to use the new engine
                 self.lib.RAND_cleanup()
+            res = self.lib.ENGINE_finish(e)
+            assert res == 1
 
     def register_urandom_engine(self):
         current_rand = self.lib.ENGINE_get_default_RAND()
@@ -207,10 +207,12 @@ class Backend(object):
         assert res == 1
         res = self.lib.ENGINE_set_default_RAND(e)
         assert res == 1
-        res = self.lib.ENGINE_finish(e)
-        assert res == 1
+        # decrement the structural ref incremented by ENGINE_by_id
         res = self.lib.ENGINE_free(e)
         assert res == 1
+        # decrement the functional ref incremented by ENGINE_init
+        res = self.lib.ENGINE_finish(e)
+        assert res == 1
         # this resets the RNG to use the new engine
         self.lib.RAND_cleanup()
 
diff --git a/cryptography/hazmat/backends/openssl/urand_engine.py b/cryptography/hazmat/backends/openssl/urand_engine.py
index e97476a4..673b1480 100644
--- a/cryptography/hazmat/backends/openssl/urand_engine.py
+++ b/cryptography/hazmat/backends/openssl/urand_engine.py
@@ -60,6 +60,9 @@ static int urandom_rand_status(void) {
 }
 
 static int urandom_init(ENGINE *e) {
+    if (urandom_fd > -1) {
+        return 1;
+    }
     urandom_fd = open("/dev/urandom", O_RDONLY);
     if (urandom_fd > -1) {
         return 1;
@@ -76,6 +79,7 @@ static int urandom_finish(ENGINE *e) {
     if (n < 0) {
         return 0;
     } else {
+        urandom_fd = -1;
         return 1;
     }
 }
@@ -87,6 +91,9 @@ static int urandom_finish(ENGINE *e) {
 static HCRYPTPROV hCryptProv = 0;
 
 static int urandom_init(ENGINE *e) {
+    if (hCryptProv > 0) {
+        return 1;
+    }
     if (CryptAcquireContext(&hCryptProv, NULL, NULL,
                             PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
         return 1;
@@ -114,7 +121,12 @@ static int urandom_rand_bytes(unsigned char *buffer, int size) {
 }
 
 static int urandom_finish(ENGINE *e) {
-    return 1;
+    if (CryptReleaseContext(hCryptProv, 0)) {
+        hCryptProv = 0;
+        return 1;
+    } else {
+        return 0;
+    }
 }
 
 static int urandom_rand_status(void) {
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 4be5cd03..82832b10 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -31,7 +31,6 @@ ffi.cdef("""
 static const char *const Cryptography_faux_engine_name;
 static const char *const Cryptography_faux_engine_id;
 int Cryptography_add_faux_engine(void);
-int Cryptography_remove_faux_engine(void);
 """)
 dummy_engine = ffi.verify(
     source="""
@@ -77,21 +76,6 @@ dummy_engine = ffi.verify(
 
             return 1;
         }
-
-        int Cryptography_remove_faux_engine(void) {
-            ENGINE *e = ENGINE_by_id(Cryptography_faux_engine_id);
-            if (e == NULL) {
-                return 0;
-            }
-            if (!ENGINE_remove(e)) {
-                ENGINE_free(e);
-                return 0;
-            }
-            if (!ENGINE_free(e)) {
-                return 0;
-            }
-            return 1;
-        }
     """,
     libraries=["crypto", "ssl"],
 )
@@ -103,6 +87,8 @@ def register_dummy_engine():
     name = backend.lib.ENGINE_get_name(current_rand)
     assert name != backend.ffi.NULL
     assert name != dummy_engine.Cryptography_faux_engine_id
+    res = backend.lib.ENGINE_finish(current_rand)
+    assert res == 1
     e = backend.lib.ENGINE_by_id(dummy_engine.Cryptography_faux_engine_id)
     assert e != backend.ffi.NULL
     res = backend.lib.ENGINE_init(e)
@@ -115,8 +101,6 @@ def register_dummy_engine():
     assert res == 1
     # this resets the RNG to use the new engine
     backend.lib.RAND_cleanup()
-    res = backend.lib.ENGINE_finish(current_rand)
-    assert res == 1
 
 
 def unregister_dummy_engine():
@@ -126,10 +110,8 @@ def unregister_dummy_engine():
         assert name != backend.ffi.NULL
         if name == dummy_engine.Cryptography_faux_engine_name:
             backend.lib.ENGINE_unregister_RAND(e)
-            res = backend.lib.ENGINE_finish(e)
-            assert res == 1
             backend.lib.RAND_cleanup()
-        res = backend.lib.ENGINE_free(e)
+        res = backend.lib.ENGINE_finish(e)
         assert res == 1
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2013-12-31 12:00:37 -0600
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2013-12-31 13:14:45 -0600
commit	53473d3447fd6ad5d70810da3e638e6e7a59afbb (patch)
tree	889e8a5af9b0b68b8d66de50adb4df203760a50f
parent	3f2524572d6efedb413558c50ba875256eadfaab (diff)
download	cryptography-53473d3447fd6ad5d70810da3e638e6e7a59afbb.tar.gz cryptography-53473d3447fd6ad5d70810da3e638e6e7a59afbb.tar.bz2 cryptography-53473d3447fd6ad5d70810da3e638e6e7a59afbb.zip