On 15/02/16 21:50, Jouni Malinen wrote: > On Mon, Feb 15, 2016 at 09:34:33PM +0000, Matt Caswell wrote: >> On 15/02/16 21:25, Jouni Malinen wrote: >>> Is this change in OpenSSL behavior expected? Is it not allowed to call >>> EVP_cleanup() and then re-initialize OpenSSL digests with >>> SSL_library_init()? >> >> Correct, you cannot reinit once you have deinit. > > OK.. That used to work, though, so it would be good to mention this > clearly in the release notes since this can cause a difficult to find > issues for existing programs. Luckily I happened to have automated test > cases that found this now with wpa_supplicant. > >> You should not need to explicitly init or deinit at all. Try removing >> all such calls. If you are getting memory leaks not caused by your >> application then that is a bug in OpenSSL. > > I agree with the "should not need" part, but there is a reason why I > added those calls in the first place, i.e., these were needed with older > OpenSSL releases (well, all releases so far since 1.1.0 has not been > released). I guess I can remove these calls with #ifdef > OPENSSL_VERSION_NUMBER < 0x10100000L to maintain support for older > versions. > > I'd also recommend updating EVP_cleanup man page to be clearer about > EVP_cleanup() being something that must not be called if there is going > to be any future calls to OpenSSL before the process exits.
Maybe EVP_cleanup() and other similar explicit deinit functions should be deprecated, and do nothing in 1.1.0? The auto-deinit capability should handle it. That way you would not need to do anything "special" for 1.1.0 with "#ifdef" etc. What do you think? If applications *must* do explicit cleanup they can always use the new OPENSSL_cleanup() function (which is clear in the docs that you cannot reinit afterwards). Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
