From e2abe7ae975fa55d4d21210de7186c74a03604d4 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 27 Jun 2016 11:02:36 +0200 Subject: openssl: Update initialization and cleanup for OpenSSL 1.1.0 We can't call OPENSSL_cleanup() as that would prevent us from re-initializing the library again (which we use in the Android app, that loads/unloads plugins). --- src/libstrongswan/plugins/openssl/openssl_plugin.c | 24 +++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) (limited to 'src/libstrongswan/plugins/openssl/openssl_plugin.c') diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index ef02676f4..3e3b986df 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -515,6 +515,10 @@ METHOD(plugin_t, get_features, int, METHOD(plugin_t, destroy, void, private_openssl_plugin_t *this) { +/* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we + * can't call it as we couldn't re-initialize the library (as required by the + * unit tests and the Android app) */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L #ifndef OPENSSL_IS_BORINGSSL CONF_modules_free(); OBJ_cleanup(); @@ -526,6 +530,7 @@ METHOD(plugin_t, destroy, void, CRYPTO_cleanup_all_ex_data(); threading_cleanup(); ERR_free_strings(); +#endif /* OPENSSL_VERSION_NUMBER */ free(this); } @@ -568,12 +573,23 @@ plugin_t *openssl_plugin_create() }, ); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + /* note that we can't call OPENSSL_cleanup() when the plugin is destroyed + * as we couldn't initialize the library again afterwards */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG | + OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); +#else /* OPENSSL_VERSION_NUMBER */ threading_init(); - #ifndef OPENSSL_IS_BORINGSSL OPENSSL_config(NULL); #endif OpenSSL_add_all_algorithms(); +#ifndef OPENSSL_NO_ENGINE + /* activate support for hardware accelerators */ + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); +#endif /* OPENSSL_NO_ENGINE */ +#endif /* OPENSSL_VERSION_NUMBER */ #ifdef OPENSSL_FIPS /* we do this here as it may have been enabled via openssl.conf */ @@ -582,12 +598,6 @@ plugin_t *openssl_plugin_create() "openssl FIPS mode(%d) - %sabled ", fips_mode, fips_mode ? "en" : "dis"); #endif /* OPENSSL_FIPS */ -#ifndef OPENSSL_NO_ENGINE - /* activate support for hardware accelerators */ - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); -#endif /* OPENSSL_NO_ENGINE */ - if (!seed_rng()) { DBG1(DBG_CFG, "no RNG found to seed OpenSSL"); -- cgit v1.2.3