Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / bef0021cfe167ccb6ae2e71f546ecb21ccf1c204 / . / meta-openembedded / meta-networking / recipes-support / strongswan / files / 0001-openssl-Don-t-unload-providers.patch
blob: 7da48cd2cfef85057ae4e16ec9c37bee698a4bcf [file] [log] [blame]
Patrick Williams45852732022-04-02 08:58:32 -0500[diff] [blame]1From 3eecd40cec6415fc033f8d9141ab652047e71524 Mon Sep 17 00:00:00 2001
2From: Tobias Brunner <tobias@strongswan.org>
3Date: Wed, 23 Feb 2022 17:29:02 +0100
4Subject: [PATCH] openssl: Don't unload providers
5
6There is a conflict between atexit() handlers registered by OpenSSL and
7some executables (e.g. swanctl or pki) to deinitialize libstrongswan.
8Because plugins are usually loaded after atexit() has been called, the
9handler registered by OpenSSL will run before our handler. So when the
10latter destroys the plugins it's a bad idea to try to access any OpenSSL
11objects as they might already be invalid.
12
13Fixes: f556fce16b60 ("openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.")
14Closes strongswan/strongswan#921
15
16Upstream-Status: Backport
17[https://github.com/strongswan/strongswan/commit/3eecd40cec6415fc033f8d9141ab652047e71524]
18
19Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
20---
21 .../plugins/openssl/openssl_plugin.c | 27 +++----------------
22 1 file changed, 3 insertions(+), 24 deletions(-)
23
24diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
25index 6b4923649..1491d5cf8 100644
26--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
27+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
28@@ -16,7 +16,6 @@
29
30 #include <library.h>
31 #include <utils/debug.h>
32-#include <collections/array.h>
33 #include <threading/thread.h>
34 #include <threading/mutex.h>
35 #include <threading/thread_value.h>
36@@ -74,13 +73,6 @@ struct private_openssl_plugin_t {
37 * public functions
38 */
39 openssl_plugin_t public;
40-
41-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
42- /**
43- * Loaded providers
44- */
45- array_t *providers;
46-#endif
47 };
48
49 /**
50@@ -887,15 +879,6 @@ METHOD(plugin_t, get_features, int,
51 METHOD(plugin_t, destroy, void,
52 private_openssl_plugin_t *this)
53 {
54-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
55- OSSL_PROVIDER *provider;
56- while (array_remove(this->providers, ARRAY_TAIL, &provider))
57- {
58- OSSL_PROVIDER_unload(provider);
59- }
60- array_destroy(this->providers);
61-#endif /* OPENSSL_VERSION_NUMBER */
62-
63 /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
64 * can't call it as we couldn't re-initialize the library (as required by the
65 * unit tests and the Android app) */
66@@ -1009,20 +992,16 @@ plugin_t *openssl_plugin_create()
67 DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider");
68 return NULL;
69 }
70- array_insert_create(&this->providers, ARRAY_TAIL, fips);
71 /* explicitly load the base provider containing encoding functions */
72- array_insert_create(&this->providers, ARRAY_TAIL,
73- OSSL_PROVIDER_load(NULL, "base"));
74+ OSSL_PROVIDER_load(NULL, "base");
75 }
76 else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
77 TRUE, lib->ns))
78 {
79 /* load the legacy provider for algorithms like MD4, DES, BF etc. */
80- array_insert_create(&this->providers, ARRAY_TAIL,
81- OSSL_PROVIDER_load(NULL, "legacy"));
82+ OSSL_PROVIDER_load(NULL, "legacy");
83 /* explicitly load the default provider, as mentioned by crypto(7) */
84- array_insert_create(&this->providers, ARRAY_TAIL,
85- OSSL_PROVIDER_load(NULL, "default"));
86+ OSSL_PROVIDER_load(NULL, "default");
87 }
88 ossl_provider_names_t data = {};
89 OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data);
90--
912.25.1
92