From 9492424d3fa009011bfb10d6afe2a1b5e6190173 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 25 Oct 2005 19:01:48 +0000
Subject: [PATCH] Per comments at the bottom of openssl/FAQ, call even more
 functions to clean up OpenSSL's toys when it's done playing.  (Why isn't
 there an OpenSSL_free_everything() function?)

svn:r5321
---
 src/common/crypto.c | 11 +++++++++++
 src/common/crypto.h |  1 +
 src/or/cpuworker.c  |  1 +
 src/or/dns.c        |  3 +++
 4 files changed, 16 insertions(+)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 4857175e74..249be113ce 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -32,6 +32,7 @@ const char crypto_c_id[] = "$Id$";
 #include <openssl/dh.h>
 #include <openssl/rsa.h>
 #include <openssl/dh.h>
+#include <openssl/conf.h>
 
 #include <stdlib.h>
 #include <assert.h>
@@ -220,16 +221,26 @@ crypto_global_init(int useAccel)
   return 0;
 }
 
+/** Free crypto resources held by this thread. */
+void
+crypto_thread_cleanup(void)
+{
+  ERR_remove_state(0);
+}
+
 /** Uninitialize the crypto library. Return 0 on success, -1 on failure.
  */
 int
 crypto_global_cleanup(void)
 {
   EVP_cleanup();
+  //ERR_remove_state(0);
   ERR_free_strings();
 #ifndef NO_ENGINES
   ENGINE_cleanup();
 #endif
+  CONF_modules_unload(1);
+  CRYPTO_cleanup_all_ex_data();
 #ifdef TOR_IS_MULTITHREADED
   if (_n_openssl_mutexes) {
     int n = _n_openssl_mutexes;
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 4eb57e88e4..6b128fda63 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -53,6 +53,7 @@ typedef struct crypto_dh_env_t crypto_dh_env_t;
 
 /* global state */
 int crypto_global_init(int hardwareAccel);
+void crypto_thread_cleanup(void);
 int crypto_global_cleanup(void);
 
 /* environment setup */
diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c
index cfd578e492..bc31faaf8d 100644
--- a/src/or/cpuworker.c
+++ b/src/or/cpuworker.c
@@ -290,6 +290,7 @@ cpuworker_main(void *data)
   if (last_onion_key)
     crypto_free_pk_env(last_onion_key);
   tor_close_socket(fd);
+  crypto_thread_cleanup();
   spawn_exit();
   return 0; /* windows wants this function to return an int */
 }
diff --git a/src/or/dns.c b/src/or/dns.c
index da51ec57be..2534f3875f 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -793,12 +793,14 @@ dnsworker_main(void *data)
         info(LD_EXIT,"(Error on %d was %s)", fd, tor_socket_strerror(tor_socket_errno(fd)));
       }
       tor_close_socket(fd);
+      crypto_thread_cleanup();
       spawn_exit();
     }
 
     if (address_len && read_all(fd, address, address_len, 1) != address_len) {
       err(LD_BUG,"read hostname failed. Child exiting.");
       tor_close_socket(fd);
+      crypto_thread_cleanup();
       spawn_exit();
     }
     address[address_len] = 0; /* null terminate it */
@@ -826,6 +828,7 @@ dnsworker_main(void *data)
     if (write_all(fd, answer, 5, 1) != 5) {
       err(LD_NET,"writing answer failed. Child exiting.");
       tor_close_socket(fd);
+      crypto_thread_cleanup();
       spawn_exit();
     }
   }