Skip to content

Fix OSSL_STORE_INFO leak#129446

Merged
vcsjones merged 2 commits into
dotnet:mainfrom
vcsjones:ossl-fix-store-leak
Jun 17, 2026
Merged

Fix OSSL_STORE_INFO leak#129446
vcsjones merged 2 commits into
dotnet:mainfrom
vcsjones:ossl-fix-store-leak

Conversation

@vcsjones

Copy link
Copy Markdown
Member

Nothing was freeing the OSSL_STORE_INFO when the type was OSSL_STORE_INFO_PKEY.

@vcsjones

Copy link
Copy Markdown
Member Author

Draft until #129435 is merged as that re-enables the test that will exercise this PR.

@dotnet-policy-service

Copy link
Copy Markdown
Contributor

Tagging subscribers to this area: @bartonjs, @vcsjones, @dotnet/area-system-security
See info in area-owners.md if you want to be subscribed.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a resource leak in the OpenSSL 3 provider-based key-loading path by ensuring OSSL_STORE_INFO* is freed when a private key (OSSL_STORE_INFO_PKEY) entry is encountered.

Changes:

  • Free OSSL_STORE_INFO* info after extracting the EVP_PKEY* via OSSL_STORE_INFO_get1_PKEY(info) in CryptoNative_LoadKeyFromProvider, preventing a leak on the break path.
Show a summary per file
File Description
src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey.c Ensures OSSL_STORE_INFO is freed on the OSSL_STORE_INFO_PKEY early-exit path to prevent leaking store entries.

Copilot's findings

  • Files reviewed: 1/1 changed files
  • Comments generated: 0

@vcsjones

Copy link
Copy Markdown
Member Author

/ba-g timeout on Windows NAOT is for a platform this does not affect; browser-wasm failure is unrelated.

@vcsjones vcsjones merged commit ef0084c into dotnet:main Jun 17, 2026
113 of 116 checks passed
@dotnet-milestone-bot dotnet-milestone-bot Bot added this to the 11.0-preview6 milestone Jun 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants