threads: Cleanup master key sparse array in OPENSSL_thread_stop()

author Ondřej Surý <ondrej@sury.org>

Wed, 8 Oct 2025 09:06:00 +0000 (11:06 +0200)

committer Neil Horman <nhorman@openssl.org>

Thu, 23 Oct 2025 13:13:53 +0000 (09:13 -0400)
author Ondřej Surý <ondrej@sury.org>
Wed, 8 Oct 2025 09:06:00 +0000 (11:06 +0200)
committer Neil Horman <nhorman@openssl.org>
Thu, 23 Oct 2025 13:13:53 +0000 (09:13 -0400)
diff --git a/crypto/initthread.c b/crypto/initthread.c

index 4c6a53fd602e7bd038dfda35a37497f70bffaded..07f0cc1c5fe781871aa375866b11272d84549a12 100644 (file)
--- a/crypto/initthread.c
+++ b/crypto/initthread.c
@@ -272,6 +272,8 @@ void OPENSSL_thread_stop(void)
  
          init_thread_remove_handlers(hands);
          OPENSSL_free(hands);
+
+        CRYPTO_THREAD_clean_local();
      }
  }
  
diff --git a/crypto/threads_common.c b/crypto/threads_common.c

index 3a5597266be5bde096a086ceb7e2a10f6e2c48ab..e626e3168a5937fc7249a4a60a4dd197d5379f3f 100644 (file)
--- a/crypto/threads_common.c
+++ b/crypto/threads_common.c
@@ -192,6 +192,9 @@ static void clean_master_key(void *data)
      MASTER_KEY_ENTRY *mkey = data;
      int i;
  
+    if (data == NULL)
+        return;
+
      for (i = 0; i < CRYPTO_THREAD_LOCAL_KEY_MAX; i++) {
          if (mkey[i].ctx_table != NULL)
              clean_master_key_id(&mkey[i]);
@@ -392,6 +395,24 @@ int CRYPTO_THREAD_set_local_ex(CRYPTO_THREAD_LOCAL_KEY_ID id,
                                         (uintptr_t)ctx, data);
  }
  
+void CRYPTO_THREAD_clean_local(void)
+{
+    MASTER_KEY_ENTRY *mkey;
+
+    /*
+     * If we never initialized the master key, there
+     * is no data to clean, so we are done here
+     */
+    if (master_key_init == 0)
+        return;
+
+    mkey = CRYPTO_THREAD_get_local(&master_key);
+    if (mkey != NULL) {
+        clean_master_key(mkey);
+        CRYPTO_THREAD_set_local(&master_key, NULL);
+    }
+}
+
  #ifdef FIPS_MODULE
  void CRYPTO_THREAD_clean_local_for_fips(void)
  {
diff --git a/include/internal/threads_common.h b/include/internal/threads_common.h

index 5992d65add260a1aa01a7596f265280ab136e4e5..f42d601e74abb5875f5a5f1f60f02166fdf629ba 100644 (file)
--- a/include/internal/threads_common.h
+++ b/include/internal/threads_common.h
@@ -28,6 +28,8 @@ void *CRYPTO_THREAD_get_local_ex(CRYPTO_THREAD_LOCAL_KEY_ID id,
  int CRYPTO_THREAD_set_local_ex(CRYPTO_THREAD_LOCAL_KEY_ID id,
                                 OSSL_LIB_CTX *ctx, void *data);
  
+void CRYPTO_THREAD_clean_local(void);
+
  # ifdef FIPS_MODULE
  void CRYPTO_THREAD_clean_local_for_fips(void);
  # endif
author	Ondřej Surý <ondrej@sury.org>
	Wed, 8 Oct 2025 09:06:00 +0000 (11:06 +0200)
committer	Neil Horman <nhorman@openssl.org>
	Thu, 23 Oct 2025 13:13:53 +0000 (09:13 -0400)
crypto/initthread.c		patch \| blob \| blame \| history
crypto/threads_common.c		patch \| blob \| blame \| history
include/internal/threads_common.h		patch \| blob \| blame \| history