lib: Fix missing cleanup in authentication path

When auth_verify_crt fails (e.g., missing root CA), crypt_get_pubkey_crt has already allocated pk but only crt was freed. Adds a crypt_cleanup() function to wrap OpenSSL_cleanup(), as OpenSSL lazily initializes a global decoder/provider registry the first time PEM_read_bio or OSSL_DECODER_CTX_new_for_pkey is called, and this leaves some memory owned by OpenSSL that triggers the leak sanitizer. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
author: Dimitri Staessens <dimitri@ouroboros.rocks> 2026-03-03 09:00:18 +0100
committer: Sander Vrijders <sander@ouroboros.rocks> 2026-03-14 11:23:24 +0100
commit: 369d1c90453be23270a30229cbf4f731e4080407 (patch)
tree: b96c57777e24e44f6fbfd715df2e2eb655d646cb /include
parent: 4ec416e77395df1cccee39a57a826ff751cbecd7 (diff)
download: ouroboros-369d1c90453be23270a30229cbf4f731e4080407.tar.gz
ouroboros-369d1c90453be23270a30229cbf4f731e4080407.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/include/ouroboros/crypt.h b/include/ouroboros/crypt.h
index 806d39ab..c0b001d1 100644
--- a/include/ouroboros/crypt.h
+++ b/include/ouroboros/crypt.h
@@ -358,6 +358,8 @@ int                crypt_check_crt_name(void *       crt,
 int                crypt_get_crt_name(void * crt,
                                      char * name);
 
+void               crypt_cleanup(void);
+
 /* Secure memory allocation for sensitive data (keys, secrets) */
 int                crypt_secure_malloc_init(size_t max);
author	Dimitri Staessens <dimitri@ouroboros.rocks>	2026-03-03 09:00:18 +0100
committer	Sander Vrijders <sander@ouroboros.rocks>	2026-03-14 11:23:24 +0100
commit	369d1c90453be23270a30229cbf4f731e4080407 (patch)
tree	b96c57777e24e44f6fbfd715df2e2eb655d646cb /include
parent	4ec416e77395df1cccee39a57a826ff751cbecd7 (diff)
download	ouroboros-369d1c90453be23270a30229cbf4f731e4080407.tar.gz ouroboros-369d1c90453be23270a30229cbf4f731e4080407.zip