diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-03-03 09:00:18 +0100 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-03-14 11:23:24 +0100 |
| commit | 369d1c90453be23270a30229cbf4f731e4080407 (patch) | |
| tree | b96c57777e24e44f6fbfd715df2e2eb655d646cb /src/lib/crypt | |
| parent | 4ec416e77395df1cccee39a57a826ff751cbecd7 (diff) | |
| download | ouroboros-369d1c90453be23270a30229cbf4f731e4080407.tar.gz ouroboros-369d1c90453be23270a30229cbf4f731e4080407.zip | |
lib: Fix missing cleanup in authentication path
When auth_verify_crt fails (e.g., missing root CA),
crypt_get_pubkey_crt has already allocated pk but only crt was freed.
Adds a crypt_cleanup() function to wrap OpenSSL_cleanup(), as OpenSSL
lazily initializes a global decoder/provider registry the first time
PEM_read_bio or OSSL_DECODER_CTX_new_for_pkey is called, and this
leaves some memory owned by OpenSSL that triggers the leak sanitizer.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/lib/crypt')
| -rw-r--r-- | src/lib/crypt/openssl.c | 4 | ||||
| -rw-r--r-- | src/lib/crypt/openssl.h | 2 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/crypt/openssl.c b/src/lib/crypt/openssl.c index 573bc0b3..f94fb327 100644 --- a/src/lib/crypt/openssl.c +++ b/src/lib/crypt/openssl.c @@ -1878,3 +1878,7 @@ void openssl_secure_clear(void * ptr, { OPENSSL_cleanse(ptr, size); } +void openssl_cleanup(void) +{ + OPENSSL_cleanup(); +} diff --git a/src/lib/crypt/openssl.h b/src/lib/crypt/openssl.h index b95d1b0b..af285232 100644 --- a/src/lib/crypt/openssl.h +++ b/src/lib/crypt/openssl.h @@ -169,4 +169,6 @@ void openssl_secure_free(void * ptr, void openssl_secure_clear(void * ptr, size_t size); +void openssl_cleanup(void); + #endif /* OUROBOROS_LIB_CRYPT_OPENSSL_H */ |