-
Notifications
You must be signed in to change notification settings - Fork 484
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid OpenSSL functions are unconditionally called at OQS_destroy #1982
Conversation
13168c8
to
96d0cba
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR begs 1-2 questions in my mind: If the purpose is
to avoid OpenSSL functions being used when they are overridden with OQS_*_set_callbacks
then a) why did free_ossl_objects
get called in the first place and/or b) why is EVP_MD_free not also replaced with an "alternative TLS lib" variant?
Let me answer (b) first: the objects being freed here (i.e., fetched algorithm implementations) are exclusively used by the OpenSSL implementation, not used nor needed for alternative TLS lib variants. For (a), to avoid calling |
That's the explanation I've been looking for, Thanks @ueno . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Conceptually LGTM, but a macro may make this more readable.
When OQS_DLOPEN_OPENSSL is designated and low-level primitives are overridden with OQS_*_set_callbacks, OQS_destroy still indirectly calls EVP_*_free from OpenSSL. This adds a extra NULL check to avoid that. Signed-off-by: Daiki Ueno <[email protected]>
96d0cba
to
28e2f34
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks @ueno.
OQS_destroy in liboqs 0.11.0 unconditionally calls OpenSSL functions for cleanup; see: open-quantum-safe/liboqs#1982 As it doesn't do anything other than that so far, just skip it for now. Signed-off-by: Daiki Ueno <[email protected]>
When OQS_DLOPEN_OPENSSL is designated and low-level primitives are overridden with OQS_set_callbacks, OQS_destroy still indirectly calls EVP_free from OpenSSL. This adds a extra NULL check to avoid that.