tests: Cleanup OpenSSL in tests when GSSAPI is built

also from the fuzzer tests Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2025-07-31 00:03:07 +03:00 · 2025-06-19 19:08:34 +02:00
parent 62762bbbc9
commit 08a32ac381
5 changed files with 30 additions and 7 deletions
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@ -23,6 +23,11 @@ if (NOT WIN32)
        ${TORTURE_LINK_LIBRARIES}
        pthread)
 endif(NOT WIN32)
+if (WITH_GSSAPI AND GSSAPI_FOUND)
+    set(TORTURE_LINK_LIBRARIES
+        ${TORTURE_LINK_LIBRARIES}
+        crypto)
+endif (WITH_GSSAPI AND GSSAPI_FOUND)

 # create test library
 add_library(${TORTURE_LIBRARY}
--- a/tests/fuzz/CMakeLists.txt
+++ b/tests/fuzz/CMakeLists.txt
@ -2,9 +2,7 @@ project(fuzzing CXX)

 macro(fuzzer name)
    add_executable(${name} ${name}.c)
-    target_link_libraries(${name}
-                          PRIVATE
-                              ssh::static pthread)
+    target_link_libraries(${name} PRIVATE ${TORTURE_LINK_LIBRARIES})
    if (CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
        set_target_properties(${name}
                              PROPERTIES
--- a/tests/fuzz/fuzzer.c
+++ b/tests/fuzz/fuzzer.c
@ -1,8 +1,14 @@
 /* Simpler gnu89 version of StandaloneFuzzTargetMain.c from LLVM */

+#include "config.h"
+
 #include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
+#if defined(HAVE_LIBCRYPTO) || defined(WITH_GSSAPI)
+/* for OPENSSL_cleanup() of GSSAPI's OpenSSL context */
+#include <openssl/crypto.h>
+#endif

 int LLVMFuzzerTestOneInput (const unsigned char *data, size_t size);
 __attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv);
@ -35,5 +41,9 @@ main (int argc, char **argv)

    free (buf);
    printf ("Done!\n");
+
+#if defined(HAVE_LIBCRYPTO) || defined(WITH_GSSAPI)
+    OPENSSL_cleanup();
+#endif
    return 0;
 }
--- a/tests/torture.c
+++ b/tests/torture.c
@ -53,6 +53,11 @@
 #include <valgrind/valgrind.h>
 #endif

+#ifdef WITH_GSSAPI
+/* for OPENSSL_cleanup() of GSSAPI's OpenSSL context */
+#include <openssl/crypto.h>
+#endif
+
 #define TORTURE_SSHD_SRV_IPV4 "127.0.0.10"
 #define TORTURE_SSHD_SRV1_IPV4 "127.0.0.11"
 /* socket wrapper IPv6 prefix  fd00::5357:5fxx */
@ -1977,18 +1982,21 @@ __attribute__((weak)) int torture_run_tests(void)
 #endif /* defined(HAVE_WEAK_ATTRIBUTE) && defined(TORTURE_SHARED) */

 /**
- * Finalize the torture context. No-op except for OpenSSL.
+ * Finalize the torture context. No-op except for OpenSSL or GSSAPI
 *
 * When OpenSSL is built without the at-exit handlers, it won't call the
 * OPENSSL_cleanup() from destructor or at-exit handler, which means we need to
 * do it manually in the tests.
 *
 * It is never a good idea to call this function from the library context as we
- * can not be sure the libssh is really the last one using the OpenSSL
+ * can not be sure the libssh is really the last one using the OpenSSL.
+ *
+ * This needs to be called at the end of the main function or any time before
+ * any forked process (servers) exits.
 */
-static void torture_finalize(void)
+void torture_finalize(void)
 {
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(WITH_GSSAPI)
    OPENSSL_cleanup();
 #endif
 }
--- a/tests/torture.h
+++ b/tests/torture.h
@ -194,4 +194,6 @@ void torture_unsetenv(char const *variable);
 int torture_setup_ssh_agent(struct torture_state *s, const char *add_key);
 int torture_cleanup_ssh_agent(void);

+void torture_finalize(void);
+
 #endif /* _TORTURE_H */