From 08cad1d5d4e840186d932d4ee28fa6e1463e3f28 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 3 Sep 2022 17:47:47 +0000 Subject: Prepare to provide OPENSSL_cleanup. OPENSSL_cleanup() cleans up and deallocates memory in use by the library. There are a couple of use cases for this, primarily related to memory leak testing. This will not be called automatically in LibreSSL, which means that OpenSSL's OPENSSL_NO_INIT_ATEXIT is implied. If code wants to clean up then they need to explicitly call this themselves. ok tb@ --- src/lib/libcrypto/crypto.h | 5 ++++- src/lib/libcrypto/crypto_init.c | 28 ++++++++++++++++++++++++---- src/lib/libcrypto/x509/x509_issuer_cache.h | 3 ++- 3 files changed, 30 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h index 82372537e1..2d934413ea 100644 --- a/src/lib/libcrypto/crypto.h +++ b/src/lib/libcrypto/crypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.h,v 1.55 2022/07/12 14:42:48 kn Exp $ */ +/* $OpenBSD: crypto.h,v 1.56 2022/09/03 17:47:47 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * @@ -562,6 +562,9 @@ void ERR_load_CRYPTO_strings(void); #define OPENSSL_INIT_ENGINE_ALL_BUILTIN _OPENSSL_INIT_FLAG_NOOP int OPENSSL_init_crypto(uint64_t opts, const void *settings); +#if defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL) +void OPENSSL_cleanup(void); +#endif #ifdef __cplusplus } diff --git a/src/lib/libcrypto/crypto_init.c b/src/lib/libcrypto/crypto_init.c index 67e7920890..69ba62991e 100644 --- a/src/lib/libcrypto/crypto_init.c +++ b/src/lib/libcrypto/crypto_init.c @@ -19,17 +19,21 @@ #include #include -#include #include -#include +#include #include +#include +#include #include "cryptlib.h" +#include "x509_issuer_cache.h" int OpenSSL_config(const char *); int OpenSSL_no_config(void); +static pthread_once_t crypto_init_once = PTHREAD_ONCE_INIT; static pthread_t crypto_init_thread; +static int crypto_init_cleaned_up; static void OPENSSL_init_crypto_internal(void) @@ -45,12 +49,15 @@ OPENSSL_init_crypto_internal(void) int OPENSSL_init_crypto(uint64_t opts, const void *settings) { - static pthread_once_t once = PTHREAD_ONCE_INIT; + if (crypto_init_cleaned_up) { + CRYPTOerror(ERR_R_INIT_FAIL); + return 0; + } if (pthread_equal(pthread_self(), crypto_init_thread)) return 1; /* don't recurse */ - if (pthread_once(&once, OPENSSL_init_crypto_internal) != 0) + if (pthread_once(&crypto_init_once, OPENSSL_init_crypto_internal) != 0) return 0; if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) && @@ -63,3 +70,16 @@ OPENSSL_init_crypto(uint64_t opts, const void *settings) return 1; } + +void +OPENSSL_cleanup(void) +{ + /* This currently calls init... */ + ERR_free_strings(); + + ENGINE_cleanup(); + EVP_cleanup(); + x509_issuer_cache_free(); + + crypto_init_cleaned_up = 1; +} diff --git a/src/lib/libcrypto/x509/x509_issuer_cache.h b/src/lib/libcrypto/x509/x509_issuer_cache.h index 6dedde75f1..3afe65bd49 100644 --- a/src/lib/libcrypto/x509/x509_issuer_cache.h +++ b/src/lib/libcrypto/x509/x509_issuer_cache.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_issuer_cache.h,v 1.1 2020/09/11 14:30:51 beck Exp $ */ +/* $OpenBSD: x509_issuer_cache.h,v 1.2 2022/09/03 17:47:47 jsing Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -41,6 +41,7 @@ int x509_issuer_cache_set_max(size_t max); int x509_issuer_cache_find(unsigned char *parent_md, unsigned char *child_md); void x509_issuer_cache_add(unsigned char *parent_md, unsigned char *child_md, int valid); +void x509_issuer_cache_free(); __END_HIDDEN_DECLS -- cgit v1.2.3-55-g6feb