[openssl-dev] OpenSSL version 1.1.0 pre release 3 published
Jouni Malinen
j at w1.fi
Mon Feb 15 21:50:40 UTC 2016
On Mon, Feb 15, 2016 at 09:34:33PM +0000, Matt Caswell wrote:
> On 15/02/16 21:25, Jouni Malinen wrote:
> > Is this change in OpenSSL behavior expected? Is it not allowed to call
> > EVP_cleanup() and then re-initialize OpenSSL digests with
> > SSL_library_init()?
>
> Correct, you cannot reinit once you have deinit.
OK.. That used to work, though, so it would be good to mention this
clearly in the release notes since this can cause a difficult to find
issues for existing programs. Luckily I happened to have automated test
cases that found this now with wpa_supplicant.
> You should not need to explicitly init or deinit at all. Try removing
> all such calls. If you are getting memory leaks not caused by your
> application then that is a bug in OpenSSL.
I agree with the "should not need" part, but there is a reason why I
added those calls in the first place, i.e., these were needed with older
OpenSSL releases (well, all releases so far since 1.1.0 has not been
released). I guess I can remove these calls with #ifdef
OPENSSL_VERSION_NUMBER < 0x10100000L to maintain support for older
versions.
I'd also recommend updating EVP_cleanup man page to be clearer about
EVP_cleanup() being something that must not be called if there is going
to be any future calls to OpenSSL before the process exits.
--
Jouni Malinen PGP id EFC895FA
More information about the openssl-dev
mailing list