diff options
| -rw-r--r-- | src/_cffi_src/openssl/crypto.py | 9 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/_conditional.py | 7 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl_memleak.py | 3 | 
3 files changed, 18 insertions, 1 deletions
| diff --git a/src/_cffi_src/openssl/crypto.py b/src/_cffi_src/openssl/crypto.py index 449fff5e..03672d55 100644 --- a/src/_cffi_src/openssl/crypto.py +++ b/src/_cffi_src/openssl/crypto.py @@ -11,6 +11,7 @@ INCLUDES = """  TYPES = """  static const long Cryptography_HAS_LOCKING_CALLBACKS;  static const long Cryptography_HAS_MEM_FUNCTIONS; +static const long Cryptography_HAS_OPENSSL_CLEANUP;  static const int SSLEAY_VERSION;  static const int SSLEAY_CFLAGS; @@ -34,8 +35,9 @@ static const int CRYPTO_LOCK_SSL;  FUNCTIONS = """  int CRYPTO_mem_ctrl(int); -/* CRYPTO_cleanup_all_ex_data became a macro in 1.1.0 */ +  void CRYPTO_cleanup_all_ex_data(void); +void OPENSSL_cleanup(void);  /* as of 1.1.0 OpenSSL does its own locking *angelic chorus*. These functions     have become macros that are no ops */ @@ -112,6 +114,10 @@ void (*CRYPTO_lock)(int, int, const char *, int) = NULL;  #endif  #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 +static const long Cryptography_HAS_OPENSSL_CLEANUP = 0; + +void (*OPENSSL_cleanup)(void) = NULL; +  /* This function has a significantly different signature pre-1.1.0. since it is   * for testing only, we don't bother to expose it on older OpenSSLs.   */ @@ -122,6 +128,7 @@ int (*Cryptography_CRYPTO_set_mem_functions)(      void (*)(void *, const char *, int)) = NULL;  #else +static const long Cryptography_HAS_OPENSSL_CLEANUP = 1;  static const long Cryptography_HAS_MEM_FUNCTIONS = 1;  int Cryptography_CRYPTO_set_mem_functions( diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py index 761124f5..b3e4e8bd 100644 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -240,6 +240,12 @@ def cryptography_has_custom_ext():      ] +def cryptography_has_openssl_cleanup(): +    return [ +        "OPENSSL_cleanup", +    ] + +  # This is a mapping of  # {condition: function-returning-names-dependent-on-that-condition} so we can  # loop over them and delete unsupported names at runtime. It will be removed @@ -292,4 +298,5 @@ CONDITIONAL_NAMES = {      "Cryptography_HAS_SIGALGS": cryptography_has_ssl_sigalgs,      "Cryptography_HAS_PSK": cryptography_has_psk,      "Cryptography_HAS_CUSTOM_EXT": cryptography_has_custom_ext, +    "Cryptography_HAS_OPENSSL_CLEANUP": cryptography_has_openssl_cleanup,  } diff --git a/tests/hazmat/backends/test_openssl_memleak.py b/tests/hazmat/backends/test_openssl_memleak.py index 74973fe5..cd453541 100644 --- a/tests/hazmat/backends/test_openssl_memleak.py +++ b/tests/hazmat/backends/test_openssl_memleak.py @@ -60,6 +60,9 @@ def main(argv):      gc.collect()      gc.collect() +    if lib.Cryptography_HAS_OPENSSL_CLEANUP: +        lib.OPENSSL_cleanup() +      # Swap back to the original functions so that if OpenSSL tries to free      # something from its atexit handle it won't be going through a Python      # function, which will be deallocated when this function returns | 
