From b042477f83dc8b1701456621505440dcc8148393 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 5 Nov 2025 15:47:32 +0100
Subject: [PATCH] Suppress remaining OpenSSL 3.5 memory leaks

Reported as

https://github.com/openssl/openssl/issues/29077

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 tests/valgrind.supp | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/tests/valgrind.supp b/tests/valgrind.supp
index 57dd24b1..ef3da8b5 100644
--- a/tests/valgrind.supp
+++ b/tests/valgrind.supp
@@ -140,6 +140,40 @@
    fun:FIPS_mode_set
    fun:OPENSSL_init_library
 }
+{
+   Threads + Failed PEM decoder do not play well openssl/openssl#29077
+   Memcheck:Leak
+   match-leak-kinds: definite
+   fun:malloc
+   fun:CRYPTO_malloc
+   fun:CRYPTO_zalloc
+   fun:ossl_rcu_read_lock
+   fun:module_find
+   fun:module_run
+   fun:CONF_modules_load
+   fun:CONF_modules_load_file_ex
+   fun:ossl_config_int
+   fun:ossl_config_int
+   fun:ossl_init_config
+   fun:ossl_init_config_ossl_
+   fun:__pthread_once_slow.isra.0
+   fun:pthread_once@@GLIBC_2.34
+   fun:CRYPTO_THREAD_run_once
+   fun:OPENSSL_init_crypto
+   fun:ossl_provider_doall_activated
+   fun:ossl_algorithm_do_all
+   fun:ossl_method_construct.constprop.0
+   fun:inner_evp_generic_fetch.constprop.0
+   fun:evp_generic_do_all
+   fun:EVP_KEYMGMT_do_all_provided
+   fun:ossl_decoder_ctx_setup_for_pkey
+   fun:OSSL_DECODER_CTX_new_for_pkey
+   fun:pem_read_bio_key_decoder
+   fun:pem_read_bio_key
+   fun:PEM_read_bio_PrivateKey_ex
+   fun:pki_private_key_from_base64
+   ...
+}
 # Cmocka
 {
    This looks like leak from cmocka when the forked server is not properly terminated