Wockenfuß wrote:
> Hi all,
>
> I have written a class in C++ to easily access functions from OpenSSL from our products.
> In the constructor of my class I do the following lines of code:
>
> threadSetup();
>
> OpenSSL_add_all_digests();
> OpenSSL_add_all_ciphers();
> OpenSSL_add_all_algorithms();
>
> ERR_load_PKCS7_strings();
> ERR_load_X509_strings();
> ERR_load_crypto_strings();
> ERR_load_ERR_strings();
>
> RAND_seed( rnd_seed, sizeof(rnd_seed) );
>
> ENGINE_load_builtin_engines();
>
> In the destructor I do the following:
>
> ENGINE_cleanup();
> RAND_cleanup();
> CRYPTO_cleanup_all_ex_data();
> ERR_free_strings();
> threadCleanUp();
>
> This leads to a memory leak, because of the OpenSSL_add_all_...-functions in the constructor. In the online manual I've read that I need to call
>
> EVP_cleanup();
>
> in the destructor too. So if I do this all memory leaks are gone, but the function
>
> X509_verify_cert()
>
> fails with the error 'certificate signature failure '.
> If I remove the EVP_cleanup() from the destructor the function works as fine as it should work.
>
> Could please anyone give me a hint what could be wrong?
> The destructor is called at least once before the constructor is called again and X509_verify_cert is called.
>


Ideally these steps should be done once per program life-time;
constructor steps at start-up, destructor steps at program exit (say in
an environment where the OS doesn't clean up the program's memory).

Doing it per-object creation is unnecessary and error prone (as maybe
the case here). I believe it should be possible to do it once per
program lifetime without changing your C++ class too much.

-jb
--
Real computer scientists don't comment their code. The identifiers are
so long they can't afford the disk space.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org