Use OPENSSL_secure_clear_free in PEM_read_bio_PrivateKey and PEM_read_bio_ex

[openssl.git] / crypto / init.c

diff --git a/crypto/init.c b/crypto/init.c
index 2d2b07dd75f9f5fadd8c3433ca2c76ee0463488a..b7c77154b4648f44e077f182c32722b97df7e55b 100644 (file)
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -9,7 +9,7 @@
 
 #include <internal/cryptlib_int.h>
 #include <openssl/err.h>
-#include <internal/rand.h>
+#include <internal/rand_int.h>
 #include <internal/bio.h>
 #include <openssl/evp.h>
 #include <internal/evp_int.h>
@@ -24,6 +24,7 @@
 #include <assert.h>
 #include <internal/thread_once.h>
 #include <internal/dso.h>
+#include <internal/store.h>
 
 static int stopped = 0;
 
@@ -491,6 +492,7 @@ void OPENSSL_cleanup(void)
 #ifndef OPENSSL_NO_ENGINE
     engine_cleanup_int();
 #endif
+    ossl_store_cleanup_int();
     crypto_cleanup_all_ex_data_int();
     bio_cleanup();
     evp_cleanup_int();
@@ -550,6 +552,10 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
             && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
         return 0;
 
+    if ((opts & OPENSSL_INIT_ATFORK)
+            && !openssl_init_fork_handlers())
+        return 0;
+
     if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
             && !RUN_ONCE(&config, ossl_init_no_config))
         return 0;
@@ -675,3 +681,28 @@ int OPENSSL_atexit(void (*handler)(void))
 
     return 1;
 }
+
+#ifdef OPENSSL_SYS_UNIX
+/*
+ * The following three functions are for OpenSSL developers.  This is
+ * where we set/reset state across fork (called via pthread_atfork when
+ * it exists, or manually by the application when it doesn't).
+ *
+ * WARNING!  If you put code in either OPENSSL_fork_parent or
+ * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
+ * safe.  See this link, for example:
+ *      http://man7.org/linux/man-pages/man7/signal-safety.7.html
+ */
+
+void OPENSSL_fork_prepare(void)
+{
+}
+
+void OPENSSL_fork_parent(void)
+{
+}
+
+void OPENSSL_fork_child(void)
+{
+}
+#endif