git.ipfire.org Git - thirdparty/openssl.git/commit

author	Neil Horman <nhorman@openssl.org>
	Wed, 28 Jan 2026 20:25:20 +0000 (15:25 -0500)
committer	Neil Horman <nhorman@openssl.org>
	Thu, 5 Feb 2026 17:08:03 +0000 (12:08 -0500)
commit	156347ff2cc9145fa5f4f4a3a7f7546e242accc8
tree	10e37d6669cfecf24ed126d30793082871f4c9e6	tree \| snapshot
parent	1f23e4102971d1986dec66e5eebffd001e71e3f5	commit \| diff

Don't setup a default context while tearing down private contexts

In providers/applications that create custom libctx'es via
OSSL_LIB_CTX_new, its possible, if the default provider has never been
initaialized during the lifetime of the linked libcrypto, that we
actually wind up creating the default libctx when we free the
aforementioned custom libctx via, as an example:

legacy_teardown->
OSSL_LIB_CTX_free->
  ossl_lib_ctx_is_default->
   get_default_context->
    get_thread_default_context->
     default_context_do_init

While this isn't catastrophic, its needless, and in some cases has the
potential to leak memory (for instance if a provider is loaded and
unloaded repeatedly in an environment in which the provider is linked to
libcrypto.so while the calling application is statically linked to
libcrypto.a

Its also fairly easy to clean up, by adding an internal parameter to
gate the creation of the default libctx on the request of the caller, so
do that here

Fixes openssl/project#1846

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Thu Feb  5 17:08:13 2026
(Merged from https://github.com/openssl/openssl/pull/29830)

crypto/context.c		diff \| blob \| blame \| history
include/internal/cryptlib.h		diff \| blob \| blame \| history