On Thu, Apr 16, 2020 at 09:45:45AM -0600, Theo de Raadt wrote:
> I don't understand the point of any of this cleanup.  The process
> is dying and none of these things maintain external state.
> 
> I'm going to call it what it is: stylistically stupid and rigid.
> 
> Why?  Because it would mean every call to errx() in the program is
> wrong because they don't attempt this, and only this one exit() call
> needs this kind of cleanup.  That is simply not plausible.

Indeed, also I noticed that ERR_remove_thread_state() was deprecated in
OpenSSL 1.1 and so I'm kind of back to square 1 again regarding the use of
deprecated functions.

All this cleanup before exit(3) is done mostly to please runtime memory
leak checkers.

Also EVP_cleanup() and ERR_free_strings() are deprecated according to
their man page. There is no documentation for CRYPTO_cleanup_all_ex_data()
but looking at the code it seems to be not important.

Removing all of them seems to be the best move forward.

> Claudio Jeker <[email protected]> wrote:
> 
> > ERR_remove_state(0) is deprecated use the new api
> > ERR_remove_thread_state(NULL) instead.
> > 
> > -- 
> > :wq Claudio
> > 
> > Index: main.c
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
> > retrieving revision 1.61
> > diff -u -p -r1.61 main.c
> > --- main.c  1 Apr 2020 14:15:49 -0000       1.61
> > +++ main.c  16 Apr 2020 10:01:56 -0000
> > @@ -1250,7 +1250,7 @@ out:
> >  
> >     EVP_cleanup();
> >     CRYPTO_cleanup_all_ex_data();
> > -   ERR_remove_state(0);
> > +   ERR_remove_thread_state(NULL);
> >     ERR_free_strings();
> >  
> >     exit(rc);
> > 
> 

-- 
:wq Claudio

Reply via email to