On Po, 2016-02-15 at 22:17 +0000, Matt Caswell wrote: > > On 15/02/16 21:50, Jouni Malinen wrote: > > On Mon, Feb 15, 2016 at 09:34:33PM +0000, Matt Caswell wrote: > > > On 15/02/16 21:25, Jouni Malinen wrote: > > > > Is this change in OpenSSL behavior expected? Is it not allowed > > > > to call > > > > EVP_cleanup() and then re-initialize OpenSSL digests with > > > > SSL_library_init()? > > > > > > Correct, you cannot reinit once you have deinit. > > > > OK.. That used to work, though, so it would be good to mention this > > clearly in the release notes since this can cause a difficult to > > find > > issues for existing programs. Luckily I happened to have automated > > test > > cases that found this now with wpa_supplicant. > > > > > You should not need to explicitly init or deinit at all. Try > > > removing > > > all such calls. If you are getting memory leaks not caused by > > > your > > > application then that is a bug in OpenSSL. > > > > I agree with the "should not need" part, but there is a reason why > > I > > added those calls in the first place, i.e., these were needed with > > older > > OpenSSL releases (well, all releases so far since 1.1.0 has not > > been > > released). I guess I can remove these calls with #ifdef > > OPENSSL_VERSION_NUMBER < 0x10100000L to maintain support for older > > versions. > > > > I'd also recommend updating EVP_cleanup man page to be clearer > > about > > EVP_cleanup() being something that must not be called if there is > > going > > to be any future calls to OpenSSL before the process exits. > > Maybe EVP_cleanup() and other similar explicit deinit functions > should > be deprecated, and do nothing in 1.1.0? The auto-deinit capability > should handle it. That way you would not need to do anything > "special" > for 1.1.0 with "#ifdef" etc. What do you think?
+1 I think this is "no brainer" change as the semantics of these functions changed anyway due to the auto-initialization. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev