The OpenSSL Library no longer registers an atexit function
Previous posts about features removed from OpenSSL 4.0:
Summary
The OPENSSL_cleanup() function is no longer registered to be called
upon the termination of the process. This means the OpenSSL Library
does not automatically free resources so the operating system reclaims
them when an application exits.
For most users, this will have no impact since the memory is freed one way or the other.
Tools such as Valgrind may report memory leaks as a result of this change. For details about how to suppress those reports, see NOTES-VALGRIND.md.
Details
As of 1.1.0, the OpenSSL Library allocates resources
automatically
to avoid explicit initialization. Since this memory is only allocated
once, failing to free it is not strictly speaking a memory leak. Even
so OpenSSL called the libc atexit
function to
clean up after itself when the process exits. For simple cases this
did no harm and satisfied tools that attempted to find memory leaks.
Given the variety of ways the OpenSSL Library is used, however, some
applications might load parts of the library, especially libcrypto,
more than once. In that case, the application could crash on
exit
when the second copy of OPENSSL_cleanup is called and attempts to
free already freed memory. This outcome is far worse than failing to
clean up memory that would shortly be reclaimed anyway.
Since not freeing these resources avoids the possibility of an
application crash and does not leak memory, PR
#29385 removes the
code that registers OPENSSL_cleanup via atexit. It’s generally not
necessary, but still possible for applications to do that in their
initialization process. If the goal is to quiet tools such as
Valgrind, a better option is to suppress the reports. The repository
includes a
valgrind.suppression
file for that
purpose. NOTES-VALGRIND.md
has instructions for how to use it.