OPENSSL_cleanup: cleanup secure memory
authorDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Mon, 12 Feb 2018 01:37:27 +0000 (02:37 +0100)
committerDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Tue, 13 Feb 2018 16:32:54 +0000 (17:32 +0100)
If the global DRBGs are allocated on the secure heap, then calling
CRYPTO_secure_malloc_done() inside main() will have no effect, unless
OPENSSL_cleanup() has been called explicitely before that, because
otherwise the DRBGs will still be allocated. So it is better to cleanup
the secure heap automatically at the end of OPENSSL_cleanup().

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5294)

crypto/init.c

index 1b94d07..4a88e9c 100644 (file)
@@ -502,6 +502,8 @@ void OPENSSL_cleanup(void)
     obj_cleanup_int();
     err_cleanup();
 
+    CRYPTO_secure_malloc_done();
+
     base_inited = 0;
 }