From: Andre Noll Date: Wed, 11 Sep 2019 20:12:32 +0000 (+0200) Subject: openssl: Fix (harmless) memory leaks at exit. X-Git-Tag: v0.6.3~27 X-Git-Url: http://git.tue.mpg.de/?a=commitdiff_plain;h=267c322e02364c331f523ce16bdadb46fd3449f8;p=paraslash.git openssl: Fix (harmless) memory leaks at exit. Without this, valgrind --leak-check=full --show-leak-kinds=all complains about four memory blocks reachable at exit, see below. The first leak is fixed by the new call to ERR_remove_thread_state(), which frees the error queue of the current thread. To squash the other three, the call to EVP_cleanup() is needed to remove all of openssl's internal ciphers and digests. To make this work on both openssl-1.0 and for openssl-1.1, we need to add additional header checks for configure. --- ==2818== 12 bytes in 1 blocks are still reachable in loss record 1 of 4 ==2818== at 0x40355EE: malloc (vg_replace_malloc.c:309) ==2818== by 0x41B887C: CRYPTO_malloc (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x42459B7: lh_insert (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x4248542: int_thread_set_item (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x4249920: ERR_get_state (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x424A255: ERR_put_error (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x4222EF6: RSA_padding_check_PKCS1_OAEP_mgf1 (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x422306A: RSA_padding_check_PKCS1_OAEP (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x421F921: RSA_eay_private_decrypt (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x804F2E9: apc_priv_decrypt (openssl.c:206) ==2818== by 0x804DB59: client_post_select (client_common.c:321) ==2818== by 0x804CC57: call_post_select (sched.c:80) ==2818== by 0x804CC57: sched_post_select (sched.c:106) ==2818== by 0x804CC57: schedule (sched.c:159) ==2818== ==2818== 64 bytes in 1 blocks are still reachable in loss record 2 of 4 ==2818== at 0x40355EE: malloc (vg_replace_malloc.c:309) ==2818== by 0x41B887C: CRYPTO_malloc (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x4245643: lh_new (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x424811F: int_thread_get (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x4248511: int_thread_set_item (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x4249920: ERR_get_state (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x424A255: ERR_put_error (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x4222EF6: RSA_padding_check_PKCS1_OAEP_mgf1 (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x422306A: RSA_padding_check_PKCS1_OAEP (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x421F921: RSA_eay_private_decrypt (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x804F2E9: apc_priv_decrypt (openssl.c:206) ==2818== by 0x804DB59: client_post_select (client_common.c:321) ==2818== ==2818== 96 bytes in 1 blocks are still reachable in loss record 3 of 4 ==2818== at 0x40355EE: malloc (vg_replace_malloc.c:309) ==2818== by 0x41B887C: CRYPTO_malloc (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x4245628: lh_new (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x424811F: int_thread_get (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x4248511: int_thread_set_item (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x4249920: ERR_get_state (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x424A255: ERR_put_error (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x4222EF6: RSA_padding_check_PKCS1_OAEP_mgf1 (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x422306A: RSA_padding_check_PKCS1_OAEP (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x421F921: RSA_eay_private_decrypt (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x804F2E9: apc_priv_decrypt (openssl.c:206) ==2818== by 0x804DB59: client_post_select (client_common.c:321) ==2818== ==2818== 400 bytes in 1 blocks are still reachable in loss record 4 of 4 ==2818== at 0x40355EE: malloc (vg_replace_malloc.c:309) ==2818== by 0x41B887C: CRYPTO_malloc (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x424988C: ERR_get_state (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x424A255: ERR_put_error (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x4222EF6: RSA_padding_check_PKCS1_OAEP_mgf1 (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x422306A: RSA_padding_check_PKCS1_OAEP (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x421F921: RSA_eay_private_decrypt (in /usr/local/lib/libcrypto.so.1.0.0) ==2818== by 0x804F2E9: apc_priv_decrypt (openssl.c:206) ==2818== by 0x804DB59: client_post_select (client_common.c:321) ==2818== by 0x804CC57: call_post_select (sched.c:80) ==2818== by 0x804CC57: sched_post_select (sched.c:106) ==2818== by 0x804CC57: schedule (sched.c:159) ==2818== by 0x804AB2D: main (client.c:656) --- diff --git a/configure.ac b/configure.ac index d993e526..f518f89a 100644 --- a/configure.ac +++ b/configure.ac @@ -114,6 +114,15 @@ if test $HAVE_OPENSSL = yes; then test $HAVE_CRYPTO_CLEANUP_ALL_EX_DATA = yes && AC_DEFINE([HAVE_CRYPTO_CLEANUP_ALL_EX_DATA], [1], [not available on FreeBSD 12]) + HAVE_OPENSSL_THREAD_STOP=yes + AC_CHECK_DECL([OPENSSL_thread_stop], [], + [HAVE_OPENSSL_THREAD_STOP=no], + [#include ]) + AC_CHECK_LIB([crypto], [OPENSSL_thread_stop], [], + [HAVE_OPENSSL_THREAD_STOP=no]) + test $HAVE_OPENSSL_THREAD_STOP = yes && + AC_DEFINE([HAVE_OPENSSL_THREAD_STOP], [1], + [not available on openssl-1.0]) fi UNSTASH_FLAGS ######################################################################### gcrypt diff --git a/openssl.c b/openssl.c index 5f04c845..0ad9d7db 100644 --- a/openssl.c +++ b/openssl.c @@ -60,6 +60,12 @@ void crypt_shutdown(void) #ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA CRYPTO_cleanup_all_ex_data(); #endif +#ifdef HAVE_OPENSSL_THREAD_STOP /* openssl-1.1 or later */ + OPENSSL_thread_stop(); +#else /* openssl-1.0 */ + ERR_remove_thread_state(NULL); +#endif + EVP_cleanup(); } /*