OpenSSL: Do not use library init/deinit functions with 1.1.0

SSL_library_init() does not work properly after EVP_cleanup() starting
from OpenSSL 1.1.0 pre release 3. The automated library init/deinit
functions in that pre release are supposed to handle all initialization
and deinitialiation, so comment out the explicit calls to these function
with OpenSSL 1.1.0 and newer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index a03d8d817eb3e079a521082b8cb80a23d0fe0af7..7ef6214480e15b29098d9e348be9ae153be81dc6 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -900,6 +900,7 @@ void * tls_init(const struct tls_config *conf)
                }
 #endif /* OPENSSL_FIPS */
 #endif /* CONFIG_FIPS */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
                SSL_load_error_strings();
                SSL_library_init();
 #ifndef OPENSSL_NO_SHA256
@@ -921,6 +922,7 @@ void * tls_init(const struct tls_config *conf)
 #endif /* OPENSSL_NO_RC2 */
                PKCS12_PBE_add();
 #endif  /* PKCS12_FUNCS */
+#endif /* < 1.1.0 */
        } else {
                context = tls_context_new(conf);
                if (context == NULL)
@@ -1022,6 +1024,7 @@ void tls_deinit(void *ssl_ctx)
 
        tls_openssl_ref_count--;
        if (tls_openssl_ref_count == 0) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #ifndef OPENSSL_NO_ENGINE
                ENGINE_cleanup();
 #endif /* OPENSSL_NO_ENGINE */
@@ -1029,6 +1032,7 @@ void tls_deinit(void *ssl_ctx)
                ERR_remove_thread_state(NULL);
                ERR_free_strings();
                EVP_cleanup();
+#endif /* < 1.1.0 */
                os_free(tls_global->ocsp_stapling_response);
                tls_global->ocsp_stapling_response = NULL;
                os_free(tls_global);