diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-03-03 09:00:18 +0100 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-03-14 11:23:24 +0100 |
| commit | 369d1c90453be23270a30229cbf4f731e4080407 (patch) | |
| tree | b96c57777e24e44f6fbfd715df2e2eb655d646cb /src/lib/crypt.c | |
| parent | 4ec416e77395df1cccee39a57a826ff751cbecd7 (diff) | |
| download | ouroboros-369d1c90453be23270a30229cbf4f731e4080407.tar.gz ouroboros-369d1c90453be23270a30229cbf4f731e4080407.zip | |
lib: Fix missing cleanup in authentication path
When auth_verify_crt fails (e.g., missing root CA),
crypt_get_pubkey_crt has already allocated pk but only crt was freed.
Adds a crypt_cleanup() function to wrap OpenSSL_cleanup(), as OpenSSL
lazily initializes a global decoder/provider registry the first time
PEM_read_bio or OSSL_DECODER_CTX_new_for_pkey is called, and this
leaves some memory owned by OpenSSL that triggers the leak sanitizer.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/lib/crypt.c')
| -rw-r--r-- | src/lib/crypt.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/crypt.c b/src/lib/crypt.c index cd3421dd..71197f6e 100644 --- a/src/lib/crypt.c +++ b/src/lib/crypt.c @@ -1094,6 +1094,13 @@ void crypt_secure_malloc_fini(void) #endif } +void crypt_cleanup(void) +{ +#ifdef HAVE_OPENSSL + openssl_cleanup(); +#endif +} + void * crypt_secure_malloc(size_t size) { #ifdef HAVE_OPENSSL |