[openssl-dev] OpenSSL version 1.1.0 pre release 3 published

Tomas Mraz tmraz at redhat.com
Tue Feb 16 10:34:10 UTC 2016 

On Po, 2016-02-15 at 22:17 +0000, Matt Caswell wrote:
> 
> On 15/02/16 21:50, Jouni Malinen wrote:
> > On Mon, Feb 15, 2016 at 09:34:33PM +0000, Matt Caswell wrote:
> > > On 15/02/16 21:25, Jouni Malinen wrote:
> > > > Is this change in OpenSSL behavior expected? Is it not allowed
> > > > to call
> > > > EVP_cleanup() and then re-initialize OpenSSL digests with
> > > > SSL_library_init()?
> > > 
> > > Correct, you cannot reinit once you have deinit.
> > 
> > OK.. That used to work, though, so it would be good to mention this
> > clearly in the release notes since this can cause a difficult to
> > find
> > issues for existing programs. Luckily I happened to have automated
> > test
> > cases that found this now with wpa_supplicant.
> > 
> > > You should not need to explicitly init or deinit at all. Try
> > > removing
> > > all such calls. If you are getting memory leaks not caused by
> > > your
> > > application then that is a bug in OpenSSL.
> > 
> > I agree with the "should not need" part, but there is a reason why
> > I
> > added those calls in the first place, i.e., these were needed with
> > older
> > OpenSSL releases (well, all releases so far since 1.1.0 has not
> > been
> > released). I guess I can remove these calls with #ifdef
> > OPENSSL_VERSION_NUMBER < 0x10100000L to maintain support for older
> > versions.
> > 
> > I'd also recommend updating EVP_cleanup man page to be clearer
> > about
> > EVP_cleanup() being something that must not be called if there is
> > going
> > to be any future calls to OpenSSL before the process exits.
> 
> Maybe EVP_cleanup() and other similar explicit deinit functions
> should
> be deprecated, and do nothing in 1.1.0? The auto-deinit capability
> should handle it. That way you would not need to do anything
> "special"
> for 1.1.0 with "#ifdef" etc. What do you think?

+1
I think this is "no brainer" change as the semantics of these functions
changed anyway due to the auto-initialization.

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
(You'll never know whether the road is wrong though.)

More information about the openssl-dev mailing list