summaryrefslogtreecommitdiff
path: root/src/libstrongswan/plugins/openssl/openssl_plugin.c
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2016-07-16 15:19:53 +0200
committerYves-Alexis Perez <corsac@debian.org>2016-07-16 15:19:53 +0200
commitbf372706c469764d59e9f29c39e3ecbebd72b8d2 (patch)
tree0f0e296e2d50e4a7faf99ae6fa428d2681e81ea1 /src/libstrongswan/plugins/openssl/openssl_plugin.c
parent518dd33c94e041db0444c7d1f33da363bb8e3faf (diff)
downloadvyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.tar.gz
vyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.zip
Imported Upstream version 5.5.0
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_plugin.c')
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.c41
1 files changed, 34 insertions, 7 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index aeb9be409..3e3b986df 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -66,6 +66,11 @@ struct private_openssl_plugin_t {
};
/**
+ * OpenSSL is thread-safe since 1.1.0
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+/**
* Array of static mutexs, with CRYPTO_num_locks() mutex
*/
static mutex_t **mutex = NULL;
@@ -227,6 +232,14 @@ static void threading_cleanup()
cleanup->destroy(cleanup);
}
+#else /* OPENSSL_VERSION_NUMBER */
+
+#define threading_init()
+
+#define threading_cleanup()
+
+#endif
+
/**
* Seed the OpenSSL RNG, if required
*/
@@ -502,8 +515,14 @@ METHOD(plugin_t, get_features, int,
METHOD(plugin_t, destroy, void,
private_openssl_plugin_t *this)
{
+/* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
+ * can't call it as we couldn't re-initialize the library (as required by the
+ * unit tests and the Android app) */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifndef OPENSSL_IS_BORINGSSL
CONF_modules_free();
OBJ_cleanup();
+#endif
EVP_cleanup();
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
@@ -511,6 +530,7 @@ METHOD(plugin_t, destroy, void,
CRYPTO_cleanup_all_ex_data();
threading_cleanup();
ERR_free_strings();
+#endif /* OPENSSL_VERSION_NUMBER */
free(this);
}
@@ -553,10 +573,23 @@ plugin_t *openssl_plugin_create()
},
);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ /* note that we can't call OPENSSL_cleanup() when the plugin is destroyed
+ * as we couldn't initialize the library again afterwards */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG |
+ OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
+#else /* OPENSSL_VERSION_NUMBER */
threading_init();
-
+#ifndef OPENSSL_IS_BORINGSSL
OPENSSL_config(NULL);
+#endif
OpenSSL_add_all_algorithms();
+#ifndef OPENSSL_NO_ENGINE
+ /* activate support for hardware accelerators */
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_complete();
+#endif /* OPENSSL_NO_ENGINE */
+#endif /* OPENSSL_VERSION_NUMBER */
#ifdef OPENSSL_FIPS
/* we do this here as it may have been enabled via openssl.conf */
@@ -565,12 +598,6 @@ plugin_t *openssl_plugin_create()
"openssl FIPS mode(%d) - %sabled ", fips_mode, fips_mode ? "en" : "dis");
#endif /* OPENSSL_FIPS */
-#ifndef OPENSSL_NO_ENGINE
- /* activate support for hardware accelerators */
- ENGINE_load_builtin_engines();
- ENGINE_register_all_complete();
-#endif /* OPENSSL_NO_ENGINE */
-
if (!seed_rng())
{
DBG1(DBG_CFG, "no RNG found to seed OpenSSL");