OpenSSL: Unload providers on deinit
This frees up the allocated resources and makes memory leak detection more convenient without the known allocations being left behind. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
092efd45a6
commit
097ca6bf0b
2 changed files with 25 additions and 8 deletions
|
|
@ -130,20 +130,34 @@ static int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
|
||||||
#endif /* OpenSSL version < 1.1.1 */
|
#endif /* OpenSSL version < 1.1.1 */
|
||||||
|
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
|
static OSSL_PROVIDER *openssl_default_provider = NULL;
|
||||||
|
static OSSL_PROVIDER *openssl_legacy_provider = NULL;
|
||||||
|
#endif /* OpenSSL version >= 3.0 */
|
||||||
|
|
||||||
void openssl_load_legacy_provider(void)
|
void openssl_load_legacy_provider(void)
|
||||||
{
|
{
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
static bool loaded = false;
|
if (openssl_legacy_provider)
|
||||||
OSSL_PROVIDER *legacy;
|
|
||||||
|
|
||||||
if (loaded)
|
|
||||||
return;
|
return;
|
||||||
|
|
||||||
legacy = OSSL_PROVIDER_load(NULL, "legacy");
|
openssl_legacy_provider = OSSL_PROVIDER_load(NULL, "legacy");
|
||||||
|
if (openssl_legacy_provider && !openssl_default_provider)
|
||||||
|
openssl_default_provider = OSSL_PROVIDER_load(NULL, "default");
|
||||||
|
#endif /* OpenSSL version >= 3.0 */
|
||||||
|
}
|
||||||
|
|
||||||
if (legacy) {
|
|
||||||
OSSL_PROVIDER_load(NULL, "default");
|
void openssl_unload_legacy_provider(void)
|
||||||
loaded = true;
|
{
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
|
if (openssl_legacy_provider) {
|
||||||
|
OSSL_PROVIDER_unload(openssl_legacy_provider);
|
||||||
|
openssl_legacy_provider = NULL;
|
||||||
|
}
|
||||||
|
if (openssl_default_provider) {
|
||||||
|
OSSL_PROVIDER_unload(openssl_default_provider);
|
||||||
|
openssl_default_provider = NULL;
|
||||||
}
|
}
|
||||||
#endif /* OpenSSL version >= 3.0 */
|
#endif /* OpenSSL version >= 3.0 */
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1130,6 +1130,8 @@ void tls_deinit(void *ssl_ctx)
|
||||||
|
|
||||||
tls_openssl_ref_count--;
|
tls_openssl_ref_count--;
|
||||||
if (tls_openssl_ref_count == 0) {
|
if (tls_openssl_ref_count == 0) {
|
||||||
|
void openssl_unload_legacy_provider(void);
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||||
(defined(LIBRESSL_VERSION_NUMBER) && \
|
(defined(LIBRESSL_VERSION_NUMBER) && \
|
||||||
LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
||||||
|
|
@ -1145,6 +1147,7 @@ void tls_deinit(void *ssl_ctx)
|
||||||
tls_global->ocsp_stapling_response = NULL;
|
tls_global->ocsp_stapling_response = NULL;
|
||||||
os_free(tls_global);
|
os_free(tls_global);
|
||||||
tls_global = NULL;
|
tls_global = NULL;
|
||||||
|
openssl_unload_legacy_provider();
|
||||||
}
|
}
|
||||||
|
|
||||||
os_free(data->check_cert_subject);
|
os_free(data->check_cert_subject);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue