LWS_VISIBLE void
lws_ssl_destroy(struct lws_vhost *vhost)
{
if (!lws_check_opt(vhost->context->options,
LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
return;
#if defined(LWS_USE_POLARSSL)
#else
#if defined(LWS_USE_MBEDTLS)
#else
if (vhost->ssl_ctx)
SSL_CTX_free(vhost->ssl_ctx);
if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx)
SSL_CTX_free(vhost->ssl_client_ctx);
#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_WOLFSSL)
ERR_remove_state(0);
#else
#if (OPENSSL_VERSION_NUMBER >= 0x10100005L) && \
!defined(LIBRESSL_VERSION_NUMBER) && \
!defined(OPENSSL_IS_BORINGSSL)
ERR_remove_thread_state();
#else
ERR_remove_thread_state(NULL);
#endif
#endif
ERR_free_strings();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
#endif
#endif
}
void
lws_ssl_context_destroy(struct lws_context *context)
{
#if defined(LWS_USE_POLARSSL)
#else
#if defined(LWS_USE_MBEDTLS)
#else
#if (OPENSSL_VERSION_NUMBER < 0x10100006L)
#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_WOLFSSL)
ERR_remove_state(0);
#else
#if (OPENSSL_VERSION_NUMBER >= 0x10100005L) && \
!defined(LIBRESSL_VERSION_NUMBER) && \
!defined(OPENSSL_IS_BORINGSSL)
ERR_remove_thread_state();
#else
ERR_remove_thread_state(NULL);
#endif
#endif
ERR_free_strings();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
#endif
#endif
#endif
}
void
lws_ssl_context_destroy(struct lws_context *context)
{
#if !defined(LWS_WITH_MBEDTLS)
// after 1.1.0 no need
#if (OPENSSL_VERSION_NUMBER < 0x10100000)
// <= 1.0.1f = old api, 1.0.1g+ = new api
#if (OPENSSL_VERSION_NUMBER <= 0x1000106f) || defined(USE_WOLFSSL)
ERR_remove_state(0);
#else
#if OPENSSL_VERSION_NUMBER >= 0x1010005f && \
!defined(LIBRESSL_VERSION_NUMBER) && \
!defined(OPENSSL_IS_BORINGSSL)
ERR_remove_thread_state();
#else
ERR_remove_thread_state(NULL);
#endif
#endif
// after 1.1.0 no need
#if (OPENSSL_VERSION_NUMBER >= 0x10002000) && (OPENSSL_VERSION_NUMBER <= 0x10100000)
SSL_COMP_free_compression_methods();
#endif
ERR_free_strings();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
#endif
#endif
}
LWS_VISIBLE void
lws_ssl_destroy(struct lws_vhost *vhost)
{
if (!lws_check_opt(vhost->context->options,
LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
return;
if (vhost->tls.ssl_ctx)
SSL_CTX_free(vhost->tls.ssl_ctx);
if (!vhost->tls.user_supplied_ssl_ctx && vhost->tls.ssl_client_ctx)
SSL_CTX_free(vhost->tls.ssl_client_ctx);
// after 1.1.0 no need
#if (OPENSSL_VERSION_NUMBER < 0x10100000)
// <= 1.0.1f = old api, 1.0.1g+ = new api
#if (OPENSSL_VERSION_NUMBER <= 0x1000106f) || defined(USE_WOLFSSL)
ERR_remove_state(0);
#else
#if OPENSSL_VERSION_NUMBER >= 0x1010005f && \
!defined(LIBRESSL_VERSION_NUMBER) && \
!defined(OPENSSL_IS_BORINGSSL)
ERR_remove_thread_state();
#else
ERR_remove_thread_state(NULL);
#endif
#endif
// after 1.1.0 no need
#if (OPENSSL_VERSION_NUMBER >= 0x10002000) && (OPENSSL_VERSION_NUMBER <= 0x10100000)
SSL_COMP_free_compression_methods();
#endif
ERR_free_strings();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
#endif
}
/**
* xmlSecOpenSSLAppShutdown:
*
* General crypto engine shutdown. This function is used
* by XMLSec command line utility and called after
* @xmlSecShutdown function.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecOpenSSLAppShutdown(void) {
xmlSecOpenSSLAppSaveRANDFile(NULL);
RAND_cleanup();
EVP_cleanup();
#ifndef XMLSEC_NO_X509
X509_TRUST_cleanup();
#endif /* XMLSEC_NO_X509 */
ENGINE_cleanup();
CONF_modules_unload(1);
CRYPTO_cleanup_all_ex_data();
/* finally cleanup errors */
#if defined(XMLSEC_OPENSSL_110)
ERR_remove_thread_state();
#elif defined(XMLSEC_OPENSSL_100)
ERR_remove_thread_state(NULL);
#else
ERR_remove_state(0);
#endif /* defined(XMLSEC_OPENSSL_100) || defined(XMLSEC_OPENSSL_110) */
ERR_free_strings();
/* done */
return(0);
}
void sslCleanup()
{
// Various cleanup functions
// Maddeningly, 64 bytes still remains (see https://bugs.launchpad.net/percona-server/+bug/1205196)
//ENGINE_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_remove_thread_state(NULL);
#else
ERR_remove_thread_state();
#endif
EVP_cleanup();
}
static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
{
/* Can't do much about this */
if (locals == NULL)
return;
if (locals->async) {
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
"ASYNC_cleanup_thread()\n");
#endif
ASYNC_cleanup_thread();
}
if (locals->err_state) {
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
"ERR_remove_thread_state(NULL)\n");
#endif
ERR_remove_thread_state(NULL);
}
OPENSSL_free(locals);
ossl_init_thread_stop_cleanup();
}
BOOL winpr_CleanupSSL(DWORD flags)
{
if (flags & WINPR_SSL_CLEANUP_GLOBAL)
{
if (!g_winpr_openssl_initialized_by_winpr)
{
WLog_WARN(TAG, "ssl was not initialized by winpr");
return FALSE;
}
g_winpr_openssl_initialized_by_winpr = FALSE;
#ifdef WINPR_OPENSSL_LOCKING_REQUIRED
_winpr_openssl_cleanup_locking();
#endif
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
EVP_cleanup();
flags |= WINPR_SSL_CLEANUP_THREAD;
}
#ifdef WINPR_OPENSSL_LOCKING_REQUIRED
if (flags & WINPR_SSL_CLEANUP_THREAD)
{
#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
ERR_remove_state(0);
#else
ERR_remove_thread_state(NULL);
#endif
}
#endif
return TRUE;
}
int main(int argc, char **argv)
{
CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
ERR_load_crypto_strings();
OpenSSL_add_all_digests();
if (argc != 4) {
fprintf(stderr, "usage: verify_extra_test roots.pem untrusted.pem bad.pem\n");
return 1;
}
if (!test_alt_chains_cert_forgery(argv[1], argv[2], argv[3])) {
fprintf(stderr, "Test alt chains cert forgery failed\n");
return 1;
}
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
ERR_free_strings();
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (CRYPTO_mem_leaks_fp(stderr) <= 0)
return 1;
#endif
printf("PASS\n");
return 0;
}
int main(int argc, char **argv)
{
BIO *bio_err;
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
CRYPTO_malloc_debug_init();
CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
ERR_load_crypto_strings();
/* "Negative" test, expect a mismatch */
if(run_srp("alice", "password1", "password2") == 0)
{
fprintf(stderr, "Mismatched SRP run failed\n");
return 1;
}
/* "Positive" test, should pass */
if(run_srp("alice", "password", "password") != 0)
{
fprintf(stderr, "Plain SRP run failed\n");
return 1;
}
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
ERR_free_strings();
CRYPTO_mem_leaks(bio_err);
return 0;
}
/* Delete the memory used for string errors as well as memory allocated for
* certificates and private keys. */
void terminate_signature(void)
{
//TODO: once implemented, must free chain
//TODO: once implemented, must free crl
if (store) {
X509_STORE_free(store);
store = NULL;
}
if (x509_stack) {
sk_X509_pop_free(x509_stack, X509_free);
x509_stack = NULL;
}
ERR_free_strings();
if (pkey) {
EVP_PKEY_free(pkey);
pkey = NULL;
}
EVP_cleanup();
if (fp_pubkey) {
fclose(fp_pubkey);
}
if (cert) {
cert = NULL;
}
ERR_remove_thread_state(NULL);
CRYPTO_cleanup_all_ex_data();
}
int main(int argc, char **argv)
{
int i;
testdata *test = test_cases;
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
OpenSSL_add_all_digests();
# ifndef OPENSSL_NO_ENGINE
ENGINE_load_builtin_engines();
ENGINE_register_all_digests();
# endif
printf("PKCS5_PBKDF2_HMAC() tests ");
for (i = 0; test->pass != NULL; i++, test++) {
test_p5_pbkdf2(i, "sha1", test, sha1_results[i]);
test_p5_pbkdf2(i, "sha256", test, sha256_results[i]);
test_p5_pbkdf2(i, "sha512", test, sha512_results[i]);
printf(".");
}
printf(" done\n");
# ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
# endif
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
ERR_free_strings();
CRYPTO_mem_leaks_fp(stderr);
return 0;
}
static void internal_idevice_deinit(void)
{
#ifdef HAVE_OPENSSL
int i;
if (mutex_buf) {
CRYPTO_set_id_callback(NULL);
CRYPTO_set_locking_callback(NULL);
for (i = 0; i < CRYPTO_num_locks(); i++)
mutex_destroy(&mutex_buf[i]);
free(mutex_buf);
mutex_buf = NULL;
}
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
#ifdef HAVE_ERR_REMOVE_THREAD_STATE
ERR_remove_thread_state(NULL);
#else
ERR_remove_state(0);
#endif
#else
gnutls_global_deinit();
#endif
}
/*!
* \internal
* \brief fopencookie()/funopen() stream close function.
*
* \param cookie Stream control data.
*
* \retval 0 on success.
* \retval -1 on error.
*/
static int tcptls_stream_close(void *cookie)
{
struct ast_tcptls_stream *stream = cookie;
if (!stream) {
errno = EBADF;
return -1;
}
if (stream->fd != -1) {
#if defined(DO_SSL)
if (stream->ssl) {
int res;
/*
* According to the TLS standard, it is acceptable for an
* application to only send its shutdown alert and then
* close the underlying connection without waiting for
* the peer's response (this way resources can be saved,
* as the process can already terminate or serve another
* connection).
*/
res = SSL_shutdown(stream->ssl);
if (res < 0) {
ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n",
SSL_get_error(stream->ssl, res));
}
if (!stream->ssl->server) {
/* For client threads, ensure that the error stack is cleared */
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
ERR_remove_thread_state(NULL);
#else
ERR_remove_state(0);
#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L */
}
SSL_free(stream->ssl);
stream->ssl = NULL;
}
#endif /* defined(DO_SSL) */
/*
* Issuing shutdown() is necessary here to avoid a race
* condition where the last data written may not appear
* in the TCP stream. See ASTERISK-23548
*/
shutdown(stream->fd, SHUT_RDWR);
if (close(stream->fd)) {
ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
}
stream->fd = -1;
}
ao2_t_ref(stream, -1, "Closed tcptls stream cookie");
return 0;
}
static void aes_cleanup(EVP_CIPHER_CTX* ctx)
{
EVP_CIPHER_CTX_free(ctx);
#if(OPENSSL_VERSION_NUMBER<0x10000000L)
ERR_remove_state(0);
#elif(OPENSSL_VERSION_NUMBER<0x10100000L)
ERR_remove_thread_state(NULL);
#endif
}
int ssl_test_ecdh(int argc, char *argv[])
{
BN_CTX *ctx=NULL;
int ret=1;
BIO *out;
CRYPTO_malloc_debug_init();
CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#ifdef OPENSSL_SYS_WIN32
CRYPTO_malloc_init();
#endif
RAND_seed(rnd_seed, sizeof rnd_seed);
#ifndef OPENSSL_SYS_WINDOWS
out = BIO_new(BIO_s_mem());
if (out == NULL) return(1);
#else
out=BIO_new(BIO_s_file());
if (out == NULL) return(1);
BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE);
#endif
if ((ctx=BN_CTX_new()) == NULL) goto err;
/* NIST PRIME CURVES TESTS */
if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;
if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;
if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
/* NIST BINARY CURVES TESTS */
if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) goto err;
if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) goto err;
if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) goto err;
if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) goto err;
if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) goto err;
if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) goto err;
if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) goto err;
if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;
if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;
ret = 0;
err:
ERR_print_errors_fp(OPENSSL_TYPE__FILE_STDERR);
if (ctx) BN_CTX_free(ctx);
BIO_free(out);
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
CRYPTO_mem_leaks_fp(OPENSSL_TYPE__FILE_STDERR);
return(ret);
}
int main(void)
{
CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
ERR_load_crypto_strings();
/* Load up the software EVP_CIPHER and EVP_MD definitions */
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
if (!test_EVP_DigestSignInit()) {
fprintf(stderr, "EVP_DigestSignInit failed\n");
return 1;
}
if (!test_EVP_DigestVerifyInit()) {
fprintf(stderr, "EVP_DigestVerifyInit failed\n");
return 1;
}
if (!test_d2i_AutoPrivateKey(kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER),
EVP_PKEY_RSA)) {
fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyDER) failed\n");
return 1;
}
if (!test_d2i_AutoPrivateKey
(kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA)) {
fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyPKCS8) failed\n");
return 1;
}
#ifndef OPENSSL_NO_EC
if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER),
EVP_PKEY_EC)) {
fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n");
return 1;
}
if (!test_EVP_PKCS82PKEY()) {
fprintf(stderr, "test_EVP_PKCS82PKEY failed\n");
return 1;
}
#endif
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
ERR_free_strings();
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (CRYPTO_mem_leaks_fp(stderr) <= 0)
return 1;
#endif
printf("PASS\n");
return 0;
}
EXPORT void STDCALL TaggantFinalizeLibrary(void)
{
lib_initialized = 0;
OBJ_cleanup();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
ERR_free_strings();
}
int main(int argc, char *argv[])
{
BN_CTX *ctx = NULL;
int nid, ret = 1;
EC_builtin_curve *curves = NULL;
size_t crv_len = 0, n = 0;
BIO *out;
CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
RAND_seed(rnd_seed, sizeof rnd_seed);
out = BIO_new(BIO_s_file());
if (out == NULL)
EXIT(1);
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
if ((ctx = BN_CTX_new()) == NULL)
goto err;
/* get a list of all internal curves */
crv_len = EC_get_builtin_curves(NULL, 0);
curves = OPENSSL_malloc(sizeof(*curves) * crv_len);
if (curves == NULL) goto err;
if (!EC_get_builtin_curves(curves, crv_len)) goto err;
/* NAMED CURVES TESTS */
for (n = 0; n < crv_len; n++) {
nid = curves[n].nid;
if (!test_ecdh_curve(nid, ctx, out)) goto err;
}
/* KATs */
for (n = 0; n < (sizeof(ecdh_kats)/sizeof(ecdh_kat_t)); n++) {
if (!ecdh_kat(out, &ecdh_kats[n]))
goto err;
}
ret = 0;
err:
ERR_print_errors_fp(stderr);
OPENSSL_free(curves);
BN_CTX_free(ctx);
BIO_free(out);
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (CRYPTO_mem_leaks_fp(stderr) <= 0)
ret = 1;
#endif
EXIT(ret);
}
static void rsa_remove(void)
{
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
#ifdef HAVE_ERR_REMOVE_THREAD_STATE
ERR_remove_thread_state(NULL);
#else
ERR_remove_state(0);
#endif
EVP_cleanup();
}
int main(int argc, char *argv[]) {
int ret = 1;
BIO *out;
CRYPTO_malloc_debug_init();
CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#ifdef OPENSSL_SYS_WIN32
CRYPTO_malloc_init();
#endif
RAND_seed(rnd_seed, sizeof rnd_seed);
out = BIO_new(BIO_s_file());
if (out == NULL) EXIT(1);
BIO_set_fp(out, stdout, BIO_NOCLOSE);
if (argc == 1) {
if (!test_lwekex(out, 1)) goto err;
} else if (argc == 2 && !strcmp((const char *)argv[1], "cont")) {
BIO_printf(out, "Running continuous test. ^C to quit.\n\n");
int iterations = 0;
int failures = 0;
time_t starttime = time(NULL);
while (1) {
iterations++;
if (test_lwekex(out, 0) == 1) {
} else {
failures++;
}
if ((iterations % 100) == 0) {
BIO_printf(out, "Iterations: %d, failures: %d, elapsed time: %ld\n",
iterations, failures, time(NULL) - starttime);
if (iterations > (1 << 20)) break;
}
}
} else {
BIO_printf(out,
"Error: argument must be \"cont\" for invoking \
continuously run test.\n");
}
ret = 0;
err:
ERR_print_errors_fp(stderr);
BIO_free(out);
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
CRYPTO_mem_leaks_fp(stderr);
EXIT(ret);
return (ret);
}
/*
* Make sure openssl does not introduce memory leaks for valgrind
*/
__attribute__((destructor)) void cleanup_openssl (void)
{
//http://www.openssl.org/support/faq.html#PROG13
ERR_remove_thread_state(NULL);
ENGINE_cleanup();
CONF_modules_unload(1);
ERR_free_strings();
OBJ_cleanup();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
}
void CSSLInitializer::CleanupThreadState(DWORD dwThreadID)
{
#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0
CRYPTO_THREADID tid = {nullptr, dwThreadID};
CRYPTO_THREADID_current(&tid);
ERR_remove_thread_state(&tid);
#else
OPENSSL_thread_stop();
#endif
}
static void
openssl_shutdown(void)
{
CONF_modules_unload(1);
destroy_ui();
OBJ_cleanup();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
ERR_free_strings();
}
static void openssl_remove_thread_state(void)
{
/* ERR_remove_thread_state() is available since OpenSSL 1.0.0-beta1, but
* deprecated in OpenSSL 1.1.0 */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if OPENSSL_VERSION_NUMBER >= 0x10000001L
ERR_remove_thread_state(NULL);
#else
ERR_remove_state(0);
#endif
#endif
}
static int luaclose_openssl(lua_State *L)
{
if(atomic_fetch_sub(&init, 1) > 1)
return 0;
#if !defined(LIBRESSL_VERSION_NUMBER)
FIPS_mode_set(0);
#endif
OBJ_cleanup();
EVP_cleanup();
ENGINE_cleanup();
RAND_cleanup();
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
SSL_COMP_free_compression_methods();
#endif
COMP_zlib_cleanup();
#if OPENSSL_VERSION_NUMBER < 0x10000000L
ERR_remove_state(0);
#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ERR_remove_thread_state(NULL);
#endif
#if defined(OPENSSL_THREADS)
CRYPTO_thread_cleanup();
#endif
CRYPTO_set_locking_callback(NULL);
CRYPTO_set_id_callback(NULL);
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
CONF_modules_free();
CONF_modules_unload(1);
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
#if !(defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_FP_API))
#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10101000L
CRYPTO_mem_leaks_fp(stderr);
#else
if(CRYPTO_mem_leaks_fp(stderr)!=1)
{
fprintf(stderr,
"Please report a bug on https://github.com/zhaozg/lua-openssl."
"And if can, please provide a reproduce method and minimal code.\n"
"\n\tThank You.");
}
#endif
#endif /* OPENSSL_NO_STDIO or OPENSSL_NO_FP_API */
#endif /* OPENSSL_NO_CRYPTO_MDEBUG */
return 0;
}
static apr_status_t ssl_cleanup_pre_config(void *data)
{
/*
* Try to kill the internals of the SSL library.
*/
#ifdef HAVE_FIPS
FIPS_mode_set(0);
#endif
/* Corresponds to OBJ_create()s */
OBJ_cleanup();
/* Corresponds to OPENSSL_load_builtin_modules() */
CONF_modules_free();
/* Corresponds to SSL_library_init: */
EVP_cleanup();
#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
ENGINE_cleanup();
#endif
#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_COMP)
SSL_COMP_free_compression_methods();
#endif
/* Usually needed per thread, but this parent process is single-threaded */
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
ERR_remove_thread_state(NULL);
#else
ERR_remove_state(0);
#endif
#endif
/* Don't call ERR_free_strings in earlier versions, ERR_load_*_strings only
* actually loaded the error strings once per process due to static
* variable abuse in OpenSSL. */
#if (OPENSSL_VERSION_NUMBER >= 0x00090805f)
ERR_free_strings();
#endif
/* Also don't call CRYPTO_cleanup_all_ex_data when linked statically here;
* any registered ex_data indices may have been cached in static variables
* in OpenSSL; removing them may cause havoc. Notably, with OpenSSL
* versions >= 0.9.8f, COMP_CTX cleanups would not be run, which
* could result in a per-connection memory leak (!). */
if (!modssl_running_statically) {
CRYPTO_cleanup_all_ex_data();
}
/*
* TODO: determine somewhere we can safely shove out diagnostics
* (when enabled) at this late stage in the game:
* CRYPTO_mem_leaks_fp(stderr);
*/
return APR_SUCCESS;
}
/*
* Checks this thread's OpenSSL error queue and logs if
* necessary.
*/
static void logOpenSSLError(const char* location) {
int error = ERR_get_error();
if (error != 0) {
char message[256];
ERR_error_string_n(error, message, sizeof(message));
ALOGE("OpenSSL error in %s %d: %s", location, error, message);
}
ERR_clear_error();
ERR_remove_thread_state(NULL);
}
static void SQBIND_ffmpeg_cleanup()
{
// SSL cleanup sequence
ERR_remove_state( 0 );
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
CONF_modules_unload( 1 );
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
ERR_remove_thread_state(NULL);
EVP_cleanup();
}
void main_cleanup(void) {
ecies_group_free();
// As a child I was taught that your done eating until your plate is completely clean.
// The following should release _all_ of the memory allocated by the OpenSSL functions used.
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
ERR_remove_thread_state(NULL);
sk_pop_free((_STACK *)SSL_COMP_get_compression_methods(), CRYPTO_free);
return;
}
