void socket_terminate()
{
pthread_mutex_lock(&avail_lock);
pthread_cancel(http_listener);
pthread_join(http_listener, 0);
pthread_cancel(https_listener);
pthread_join(https_listener, 0);
socket_writebans();
pthread_mutex_lock(&ban_lock);
struct lnode *cur = banned;
while (cur){
struct lnode *tmp = cur;
cur = cur->next;
free(tmp->data);
free(tmp);
}
close(srv_http.fd);
close(srv_https.fd);
SSL_CTX_free(ctx);
ERR_remove_state(0);
ERR_free_strings();
CRYPTO_cleanup_all_ex_data();
EVP_cleanup();
SSL_COMP_free_compression_methods();
free(openssl_locks);
}
void
lws_ssl_context_destroy(struct lws_context *context)
{
#if !defined(LWS_WITH_MBEDTLS)
// after 1.1.0 no need
#if (OPENSSL_VERSION_NUMBER < 0x10100000)
// <= 1.0.1f = old api, 1.0.1g+ = new api
#if (OPENSSL_VERSION_NUMBER <= 0x1000106f) || defined(USE_WOLFSSL)
ERR_remove_state(0);
#else
#if OPENSSL_VERSION_NUMBER >= 0x1010005f && \
!defined(LIBRESSL_VERSION_NUMBER) && \
!defined(OPENSSL_IS_BORINGSSL)
ERR_remove_thread_state();
#else
ERR_remove_thread_state(NULL);
#endif
#endif
// after 1.1.0 no need
#if (OPENSSL_VERSION_NUMBER >= 0x10002000) && (OPENSSL_VERSION_NUMBER <= 0x10100000)
SSL_COMP_free_compression_methods();
#endif
ERR_free_strings();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
#endif
#endif
}
CSSLInitializer::~CSSLInitializer()
{
CleanupThreadState();
#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0
CONF_modules_free();
ENGINE_cleanup();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
SSL_COMP_free_compression_methods();
CRYPTO_set_locking_callback (nullptr);
CRYPTO_set_dynlock_create_callback (nullptr);
CRYPTO_set_dynlock_destroy_callback (nullptr);
CRYPTO_set_dynlock_lock_callback (nullptr);
if(sm_iLockNum > 0)
{
delete[] sm_pcsLocks;
sm_pcsLocks = nullptr;
sm_iLockNum = 0;
}
#endif
}
static void ssl_library_stop(void)
{
/* Might be explicitly called and also by atexit */
if (stopped)
return;
stopped = 1;
if (ssl_base_inited) {
#ifndef OPENSSL_NO_COMP
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
"SSL_COMP_free_compression_methods()\n");
#endif
SSL_COMP_free_compression_methods();
#endif
}
if (ssl_strings_inited) {
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
"ERR_free_strings()\n");
#endif
/*
* If both crypto and ssl error strings are inited we will end up
* calling ERR_free_strings() twice - but that's ok. The second time
* will be a no-op. It's easier to do that than to try and track
* between the two libraries whether they have both been inited.
*/
ERR_free_strings();
}
}
LWS_VISIBLE void
lws_ssl_destroy(struct lws_vhost *vhost)
{
if (!lws_check_opt(vhost->context->options,
LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
return;
if (vhost->tls.ssl_ctx)
SSL_CTX_free(vhost->tls.ssl_ctx);
if (!vhost->tls.user_supplied_ssl_ctx && vhost->tls.ssl_client_ctx)
SSL_CTX_free(vhost->tls.ssl_client_ctx);
// after 1.1.0 no need
#if (OPENSSL_VERSION_NUMBER < 0x10100000)
// <= 1.0.1f = old api, 1.0.1g+ = new api
#if (OPENSSL_VERSION_NUMBER <= 0x1000106f) || defined(USE_WOLFSSL)
ERR_remove_state(0);
#else
#if OPENSSL_VERSION_NUMBER >= 0x1010005f && \
!defined(LIBRESSL_VERSION_NUMBER) && \
!defined(OPENSSL_IS_BORINGSSL)
ERR_remove_thread_state();
#else
ERR_remove_thread_state(NULL);
#endif
#endif
// after 1.1.0 no need
#if (OPENSSL_VERSION_NUMBER >= 0x10002000) && (OPENSSL_VERSION_NUMBER <= 0x10100000)
SSL_COMP_free_compression_methods();
#endif
ERR_free_strings();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
#endif
}
static apr_status_t ssl_cleanup_pre_config(void *data)
{
/*
* Try to kill the internals of the SSL library.
*/
#ifdef HAVE_FIPS
FIPS_mode_set(0);
#endif
/* Corresponds to OBJ_create()s */
OBJ_cleanup();
/* Corresponds to OPENSSL_load_builtin_modules() */
CONF_modules_free();
/* Corresponds to SSL_library_init: */
EVP_cleanup();
#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
ENGINE_cleanup();
#endif
#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_COMP)
SSL_COMP_free_compression_methods();
#endif
/* Usually needed per thread, but this parent process is single-threaded */
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
ERR_remove_thread_state(NULL);
#else
ERR_remove_state(0);
#endif
#endif
/* Don't call ERR_free_strings in earlier versions, ERR_load_*_strings only
* actually loaded the error strings once per process due to static
* variable abuse in OpenSSL. */
#if (OPENSSL_VERSION_NUMBER >= 0x00090805f)
ERR_free_strings();
#endif
/* Also don't call CRYPTO_cleanup_all_ex_data when linked statically here;
* any registered ex_data indices may have been cached in static variables
* in OpenSSL; removing them may cause havoc. Notably, with OpenSSL
* versions >= 0.9.8f, COMP_CTX cleanups would not be run, which
* could result in a per-connection memory leak (!). */
if (!modssl_running_statically) {
CRYPTO_cleanup_all_ex_data();
}
/*
* TODO: determine somewhere we can safely shove out diagnostics
* (when enabled) at this late stage in the game:
* CRYPTO_mem_leaks_fp(stderr);
*/
return APR_SUCCESS;
}
static int luaclose_openssl(lua_State *L)
{
if(atomic_fetch_sub(&init, 1) > 1)
return 0;
#if !defined(LIBRESSL_VERSION_NUMBER)
FIPS_mode_set(0);
#endif
OBJ_cleanup();
EVP_cleanup();
ENGINE_cleanup();
RAND_cleanup();
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
SSL_COMP_free_compression_methods();
#endif
COMP_zlib_cleanup();
#if OPENSSL_VERSION_NUMBER < 0x10000000L
ERR_remove_state(0);
#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ERR_remove_thread_state(NULL);
#endif
#if defined(OPENSSL_THREADS)
CRYPTO_thread_cleanup();
#endif
CRYPTO_set_locking_callback(NULL);
CRYPTO_set_id_callback(NULL);
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
CONF_modules_free();
CONF_modules_unload(1);
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
#if !(defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_FP_API))
#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10101000L
CRYPTO_mem_leaks_fp(stderr);
#else
if(CRYPTO_mem_leaks_fp(stderr)!=1)
{
fprintf(stderr,
"Please report a bug on https://github.com/zhaozg/lua-openssl."
"And if can, please provide a reproduce method and minimal code.\n"
"\n\tThank You.");
}
#endif
#endif /* OPENSSL_NO_STDIO or OPENSSL_NO_FP_API */
#endif /* OPENSSL_NO_CRYPTO_MDEBUG */
return 0;
}
static void apps_shutdown()
{
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
destroy_ui_method();
CONF_modules_unload(1);
#ifndef OPENSSL_NO_COMP
COMP_zlib_cleanup();
SSL_COMP_free_compression_methods();
#endif
OBJ_cleanup();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
RAND_cleanup();
ERR_free_strings();
}
//--------------------------------------------------------------------------------------------------
le_result_t secSocket_Delete
(
secSocket_Ctx_t* ctxPtr ///< [INOUT] Secure socket context pointer
)
{
if (!ctxPtr)
{
return LE_BAD_PARAMETER;
}
OpensslCtx_t* contextPtr = GetContext(ctxPtr);
if (!contextPtr)
{
return LE_BAD_PARAMETER;
}
BIO_free_all(contextPtr->bioPtr);
contextPtr->bioPtr = NULL;
SSL_CTX_free(contextPtr->sslCtxPtr);
contextPtr->sslCtxPtr = NULL;
#if OPENSSL_API_COMPAT < 0x10100000L
#if OPENSSL_API_COMPAT > 0x10002000L
// In versions of OpenSSL prior to 1.1.0 SSL_COMP_free_compression_methods() freed the
// internal table of compression methods that were built internally, and possibly augmented
// by adding SSL_COMP_add_compression_method().
// However this is now unnecessary from version 1.1.0. No explicit initialisation or
// de-initialisation is necessary.
SSL_COMP_free_compression_methods();
#endif
#endif
EVP_cleanup();
ERR_free_strings();
CRYPTO_cleanup_all_ex_data();
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_remove_state(0);
#endif
contextPtr->isInit = false;
le_mem_Release(contextPtr);
return LE_OK;
}
void tls_shutdown(void)
{
/*
* FIXME: Don't free global tables, program or other libraries may use
* openssl after libstrophe finalization. Maybe better leak some fixed
* memory rather than cause random crashes of the main program.
*/
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_free_strings();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_COMP_free_compression_methods();
#endif
#if OPENSSL_VERSION_NUMBER < 0x10000000L
ERR_remove_state(0);
#else
ERR_remove_thread_state(NULL);
#endif
#endif
}
static void internal_idevice_deinit(void)
{
#ifdef HAVE_OPENSSL
#if OPENSSL_VERSION_NUMBER < 0x10100000L
int i;
if (mutex_buf) {
CRYPTO_set_id_callback(NULL);
CRYPTO_set_locking_callback(NULL);
for (i = 0; i < CRYPTO_num_locks(); i++)
mutex_destroy(&mutex_buf[i]);
free(mutex_buf);
mutex_buf = NULL;
}
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
SSL_COMP_free_compression_methods();
openssl_remove_thread_state();
#endif
#else
gnutls_global_deinit();
#endif
}