From 634a4da58460979fa0fcad5304b810d189f9cf49 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 27 Aug 2007 03:04:17 +0000
Subject: [PATCH] 2214.   [bug]           Deregister OpenSSL lock callback when
 cleaning                         up.  Reorder OpenSSL cleanup so that
 RAND_cleanup()                         is called before the locks are
 destroyed. [RT #17098]

---
 CHANGES                |  4 ++++
 lib/dns/openssl_link.c | 12 +++++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index bf9f0b8ffa..b5a1a0d9f2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2214.	[bug]		Deregister OpenSSL lock callback when cleaning
+			up.  Reorder OpenSSL cleanup so that RAND_cleanup()
+			is called before the locks are destroyed. [RT #17098]
+
 2213.	[bug]		SIG0 diagnostic failure messages were looking at the
 			wrong status code. [RT #17101]
 
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index d3e000236f..c60a241b06 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -31,7 +31,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: openssl_link.c,v 1.14 2007/06/19 23:47:16 tbox Exp $
+ * $Id: openssl_link.c,v 1.15 2007/08/27 03:03:41 marka Exp $
  */
 #ifdef OPENSSL
 
@@ -197,6 +197,7 @@ dst__openssl_init() {
 	mem_free(rm);
 #endif
  cleanup_mutexinit:
+	CRYPTO_set_locking_callback(NULL);
 	DESTROYMUTEXBLOCK(locks, nlocks);
  cleanup_mutexalloc:
 	mem_free(locks);
@@ -240,16 +241,17 @@ dst__openssl_destroy() {
 	}
 #endif
 #endif
-	if (locks != NULL) {
-		DESTROYMUTEXBLOCK(locks, nlocks);
-		mem_free(locks);
-	}
 	if (rm != NULL) {
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
 		RAND_cleanup();
 #endif
 		mem_free(rm);
 	}
+	if (locks != NULL) {
+		CRYPTO_set_locking_callback(NULL);
+		DESTROYMUTEXBLOCK(locks, nlocks);
+		mem_free(locks);
+	}
 }
 
 isc_result_t