Re: Shutting down openssl - is the correct thing to do nothing?

Graham Leggett <minfrin@xxxxxxxx> · Fri, 14 Jun 2019 10:17:08 +0200

On 14 Jun 2019, at 09:41, Matt Caswell <matt@xxxxxxxxxxx> wrote:
Correct. *All* of the above calls are no-ops in 1.1.0+, e.g:

#  define EVP_cleanup() while(0) continue

There are one or two caveats around auto-init and auto-deinit of the library.
The documentation for it is here:

https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_crypto.html

Further to the above question, having read the documentation, it looks like all of these init routines should be removed in v1.1.0 and above:

https://svn.apache.org/viewvc/httpd/httpd/tags/2.4.39/modules/ssl/mod_ssl.c?view=markup#l398

CRYPTO_malloc_init();
OPENSSL_malloc_init();
ERR_load_crypto_strings();
SSL_load_error_strings();
SSL_library_init();
ENGINE_load_builtin_engines();
OpenSSL_add_all_algorithms();
OPENSSL_load_builtin_modules();

https://svn.apache.org/viewvc/apr/apr-util/tags/1.6.1/crypto/apr_crypto_openssl.c?view=markup#l133

CRYPTO_malloc_init();
OPENSSL_malloc_init();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();

Can you confirm I’ve interpreted this correctly?

Regards,
Graham
—

Attachment:
smime.p7s

Description: S/MIME cryptographic signature