#3562: fixed OpenSSL setup/shutdown

Crypto/include/Poco/Crypto/OpenSSLInitializer.h

@@ -74,16 +74,22 @@ protected:
 		SEEDSIZE = 256
 	};
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	// OpenSSL multithreading support
 	static void lock(int mode, int n, const char* file, int line);
 	static unsigned long id();
 	static struct CRYPTO_dynlock_value* dynlockCreate(const char* file, int line);
 	static void dynlock(int mode, struct CRYPTO_dynlock_value* lock, const char* file, int line);
 	static void dynlockDestroy(struct CRYPTO_dynlock_value* lock, const char* file, int line);
+#endif
 
 private:
-	static Poco::FastMutex* _mutexes;
 	static Poco::AtomicCounter _rc;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	static Poco::FastMutex* _mutexes;
+#endif
+
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	static OSSL_PROVIDER* _defaultProvider;
 	static OSSL_PROVIDER* _legacyProvider;

Crypto/src/OpenSSLInitializer.cpp

@@ -13,12 +13,15 @@
 
 
 #include "Poco/Crypto/OpenSSLInitializer.h"
+#include "Poco/Crypto/CryptoException.h"
 #include "Poco/RandomStream.h"
 #include "Poco/Thread.h"
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
+
+
 #if OPENSSL_VERSION_NUMBER >= 0x0907000L
 #include <openssl/conf.h>
 #endif
@@ -58,8 +61,12 @@ namespace Poco {
 namespace Crypto {
 
 
-Poco::FastMutex* OpenSSLInitializer::_mutexes(0);
 Poco::AtomicCounter OpenSSLInitializer::_rc;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+Poco::FastMutex* OpenSSLInitializer::_mutexes(0);
+#endif
+
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 OSSL_PROVIDER* OpenSSLInitializer::_defaultProvider(0);
 OSSL_PROVIDER* OpenSSLInitializer::_legacyProvider(0);
@@ -94,20 +101,12 @@ void OpenSSLInitializer::initialize()
 #elif OPENSSL_VERSION_NUMBER >= 0x0907000L
 		OPENSSL_config(NULL);
 #endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		SSL_library_init();
 		SSL_load_error_strings();
 		OpenSSL_add_all_algorithms();
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-		_defaultProvider = OSSL_PROVIDER_load(NULL, "default");
-		_legacyProvider  = OSSL_PROVIDER_load(NULL, "legacy");
-#endif
-
-		char seed[SEEDSIZE];
-		RandomInputStream rnd;
-		rnd.read(seed, sizeof(seed));
-		RAND_seed(seed, SEEDSIZE);
-
 		int nMutexes = CRYPTO_num_locks();
 		_mutexes = new Poco::FastMutex[nMutexes];
 		CRYPTO_set_locking_callback(&OpenSSLInitializer::lock);
@@ -124,6 +123,25 @@ void OpenSSLInitializer::initialize()
 		CRYPTO_set_dynlock_create_callback(&OpenSSLInitializer::dynlockCreate);
 		CRYPTO_set_dynlock_lock_callback(&OpenSSLInitializer::dynlock);
 		CRYPTO_set_dynlock_destroy_callback(&OpenSSLInitializer::dynlockDestroy);
+
+		char seed[SEEDSIZE];
+		RandomInputStream rnd;
+		rnd.read(seed, sizeof(seed));
+		RAND_seed(seed, SEEDSIZE);
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		if (!_defaultProvider)
+		{
+			_defaultProvider = OSSL_PROVIDER_load(NULL, "default");
+			if (!_defaultProvider) throw CryptoException("Failed to load OpenSSL default provider");
+		}
+		if (!_legacyProvider)
+		{
+			_legacyProvider  = OSSL_PROVIDER_load(NULL, "legacy");
+			if (!_defaultProvider) throw CryptoException("Failed to load OpenSSL legacy provider");
+		}
+#endif
 	}
 }
 
@@ -132,6 +150,7 @@ void OpenSSLInitializer::uninitialize()
 {
 	if (--_rc == 0)
 	{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		EVP_cleanup();
 		ERR_free_strings();
 		CRYPTO_set_locking_callback(0);
@@ -139,17 +158,15 @@ void OpenSSLInitializer::uninitialize()
 		CRYPTO_set_id_callback(0);
 #endif
 		delete [] _mutexes;
-
-		CONF_modules_free();
-
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-		OSSL_PROVIDER_unload(_defaultProvider);
-		OSSL_PROVIDER_unload(_legacyProvider);
 #endif
+
 	}
 }
 
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+
 void OpenSSLInitializer::lock(int mode, int n, const char* file, int line)
 {
 	if (mode & CRYPTO_LOCK)
@@ -191,6 +208,9 @@ void OpenSSLInitializer::dynlockDestroy(struct CRYPTO_dynlock_value* lock, const
 }
 
 
+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
+
+
 void initializeCrypto()
 {
 	OpenSSLInitializer::initialize();