diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-06-27 11:02:36 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-06-29 11:09:36 +0200 |
| commit | e2abe7ae975fa55d4d21210de7186c74a03604d4 (patch) | |
| tree | af113dc5060268ce1eaecc0ce497329fe65086ef /src/libstrongswan/plugins/openssl/openssl_plugin.c | |
| parent | a6c43a8d8acd3eceeaa3992a368374759bb838c8 (diff) | |
| download | strongswan-e2abe7ae975fa55d4d21210de7186c74a03604d4.tar.bz2 strongswan-e2abe7ae975fa55d4d21210de7186c74a03604d4.tar.xz | |
openssl: Update initialization and cleanup for OpenSSL 1.1.0
We can't call OPENSSL_cleanup() as that would prevent us from
re-initializing the library again (which we use in the Android app, that
loads/unloads plugins).
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_plugin.c')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_plugin.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index ef02676f4..3e3b986df 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -515,6 +515,10 @@ METHOD(plugin_t, get_features, int, METHOD(plugin_t, destroy, void, private_openssl_plugin_t *this) { +/* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we + * can't call it as we couldn't re-initialize the library (as required by the + * unit tests and the Android app) */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L #ifndef OPENSSL_IS_BORINGSSL CONF_modules_free(); OBJ_cleanup(); @@ -526,6 +530,7 @@ METHOD(plugin_t, destroy, void, CRYPTO_cleanup_all_ex_data(); threading_cleanup(); ERR_free_strings(); +#endif /* OPENSSL_VERSION_NUMBER */ free(this); } @@ -568,12 +573,23 @@ plugin_t *openssl_plugin_create() }, ); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + /* note that we can't call OPENSSL_cleanup() when the plugin is destroyed + * as we couldn't initialize the library again afterwards */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG | + OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); +#else /* OPENSSL_VERSION_NUMBER */ threading_init(); - #ifndef OPENSSL_IS_BORINGSSL OPENSSL_config(NULL); #endif OpenSSL_add_all_algorithms(); +#ifndef OPENSSL_NO_ENGINE + /* activate support for hardware accelerators */ + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); +#endif /* OPENSSL_NO_ENGINE */ +#endif /* OPENSSL_VERSION_NUMBER */ #ifdef OPENSSL_FIPS /* we do this here as it may have been enabled via openssl.conf */ @@ -582,12 +598,6 @@ plugin_t *openssl_plugin_create() "openssl FIPS mode(%d) - %sabled ", fips_mode, fips_mode ? "en" : "dis"); #endif /* OPENSSL_FIPS */ -#ifndef OPENSSL_NO_ENGINE - /* activate support for hardware accelerators */ - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); -#endif /* OPENSSL_NO_ENGINE */ - if (!seed_rng()) { DBG1(DBG_CFG, "no RNG found to seed OpenSSL"); |