Add OPENSSL_cleanup to tls_shutdown function

author Matthijs Mekking <matthijs@isc.org>

Thu, 25 Nov 2021 14:10:00 +0000 (15:10 +0100)

committer Matthijs Mekking <matthijs@isc.org>

Fri, 26 Nov 2021 07:20:10 +0000 (08:20 +0100)
author Matthijs Mekking <matthijs@isc.org>
Thu, 25 Nov 2021 14:10:00 +0000 (15:10 +0100)
committer Matthijs Mekking <matthijs@isc.org>
Fri, 26 Nov 2021 07:20:10 +0000 (08:20 +0100)
diff --git a/configure.ac b/configure.ac

index ffcc69f3255abda6bbaa11e980db907d601b28f9..817a01d0883314a26a6589e8b7920711a698757e 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -624,7 +624,7 @@ AC_COMPILE_IFELSE(
  # Check for functions added in OpenSSL or LibreSSL
  #
  
-AC_CHECK_FUNCS([OPENSSL_init_ssl OPENSSL_init_crypto])
+AC_CHECK_FUNCS([OPENSSL_init_ssl OPENSSL_init_crypto OPENSSL_cleanup])
  AC_CHECK_FUNCS([CRYPTO_zalloc])
  AC_CHECK_FUNCS([EVP_PKEY_new_raw_private_key EVP_PKEY_eq])
  AC_CHECK_FUNCS([EVP_CIPHER_CTX_new EVP_CIPHER_CTX_free])
diff --git a/lib/isc/openssl_shim.c b/lib/isc/openssl_shim.c

index d75c9db86b176c8f5dbc22fdbab047954f2ae234..140d6d71cf7f4d54e83f2b1096959db92d07c022 100644 (file)
--- a/lib/isc/openssl_shim.c
+++ b/lib/isc/openssl_shim.c
@@ -160,3 +160,10 @@ OPENSSL_init_ssl(uint64_t opts, const void *settings) {
         return (1);
  }
  #endif
+
+#if !HAVE_OPENSSL_CLEANUP
+void
+OPENSSL_cleanup(void) {
+       return;
+}
+#endif
diff --git a/lib/isc/openssl_shim.h b/lib/isc/openssl_shim.h

index 57465ba01240656d2830a6bddbf104718c60b4ce..55e3187d5fa2ca93cc36e535a39dcaf10edbb647 100644 (file)
--- a/lib/isc/openssl_shim.h
+++ b/lib/isc/openssl_shim.h
@@ -106,6 +106,11 @@ OPENSSL_init_ssl(uint64_t opts, const void *settings);
  
  #endif
  
+#if !HAVE_OPENSSL_CLEANUP
+void
+OPENSSL_cleanup(void);
+#endif
+
  #if !HAVE_TLS_SERVER_METHOD
  #define TLS_server_method SSLv23_server_method
  #endif
diff --git a/lib/isc/tls.c b/lib/isc/tls.c

index cc63e2e9cd2371d903a76ccc42a8da2f8a817a46..a59bb4f2adc1283cf96af2fd76e752cb6c68f04d 100644 (file)
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -17,6 +17,7 @@
  
  #include <openssl/bn.h>
  #include <openssl/conf.h>
+#include <openssl/crypto.h>
  #include <openssl/dh.h>
  #include <openssl/err.h>
  #include <openssl/opensslv.h>
@@ -128,8 +129,9 @@ tls_shutdown(void) {
         REQUIRE(atomic_load(&init_done));
         REQUIRE(!atomic_load(&shut_done));
  
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+       OPENSSL_cleanup();
+#else
         CONF_modules_unload(1);
         OBJ_cleanup();
         EVP_cleanup();
author	Matthijs Mekking <matthijs@isc.org>
	Thu, 25 Nov 2021 14:10:00 +0000 (15:10 +0100)
committer	Matthijs Mekking <matthijs@isc.org>
	Fri, 26 Nov 2021 07:20:10 +0000 (08:20 +0100)
configure.ac		patch \| blob \| blame \| history
lib/isc/openssl_shim.c		patch \| blob \| blame \| history
lib/isc/openssl_shim.h		patch \| blob \| blame \| history
lib/isc/tls.c		patch \| blob \| blame \| history