liboqs: don't call OQS_destroy if the version is 0.11.0

author Daiki Ueno <ueno@gnu.org>

Thu, 7 Nov 2024 13:10:20 +0000 (22:10 +0900)

committer Daiki Ueno <ueno@gnu.org>

Fri, 8 Nov 2024 12:07:31 +0000 (21:07 +0900)
author Daiki Ueno <ueno@gnu.org>
Thu, 7 Nov 2024 13:10:20 +0000 (22:10 +0900)
committer Daiki Ueno <ueno@gnu.org>
Fri, 8 Nov 2024 12:07:31 +0000 (21:07 +0900)
diff --git a/lib/liboqs/liboqs.c b/lib/liboqs/liboqs.c

index da4d71f2682c7d8d41c930a873a92a0eac99ffb2..8dca41d0d03e68b7a0f37a8449a572bbc89906ca 100644 (file)
--- a/lib/liboqs/liboqs.c
+++ b/lib/liboqs/liboqs.c
@@ -142,11 +142,26 @@ out:
  void _gnutls_liboqs_deinit(void)
  {
         if (_liboqs_init) {
+               const char *version;
+
                 _gnutls_liboqs_rand_deinit();
                 _gnutls_liboqs_sha3x4_deinit();
                 _gnutls_liboqs_sha3_deinit();
                 _gnutls_liboqs_sha2_deinit();
-               GNUTLS_OQS_FUNC(OQS_destroy)();
+
+               /* OQS_destroy in liboqs 0.11.0 unconditionally calls
+                * OpenSSL functions for cleanup; see:
+                * https://github.com/open-quantum-safe/liboqs/pull/1982
+                *
+                * As it doesn't do anything other than that so far,
+                * just skip it for now */
+               version = GNUTLS_OQS_FUNC(OQS_version)();
+               if (unlikely(version == NULL)) {
+                       _gnutls_debug_log(
+                               "liboqs: unable to retrieve liboqs version\n");
+               } else if (check_version(version, 0, 11, 1)) {
+                       GNUTLS_OQS_FUNC(OQS_destroy)();
+               }
         }
  
         gnutls_oqs_unload_library();
author	Daiki Ueno <ueno@gnu.org>
	Thu, 7 Nov 2024 13:10:20 +0000 (22:10 +0900)
committer	Daiki Ueno <ueno@gnu.org>
	Fri, 8 Nov 2024 12:07:31 +0000 (21:07 +0900)