- Fix distinction between free and CRYPTO_free in dsa and ecdsa alloc.

git-svn-id: file:///svn/unbound/trunk@3745 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 411d2687cd43b546ac38190ea801cf942383d350..5b524539b6d80ffc92c02f520faac58e4a82838f 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,5 +1,6 @@
 2 June 2016: Wouter
        - Fix libubound for edns optlist feature.
+       - Fix distinction between free and CRYPTO_free in dsa and ecdsa alloc.
 
 31 May 2016: Wouter
        - Fix windows service to be created run with limited rights, as a

diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c
index 6ea82ba1ca27270eedf3cd3ac05b3c1919267f56..11c8cd16e8f9a2c3ecb2ac973d34a47248dd4e52 100644 (file)
--- a/validator/val_secalgo.c
+++ b/validator/val_secalgo.c
@@ -552,7 +552,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 {
        const EVP_MD *digest_type;
        EVP_MD_CTX* ctx;
-       int res, dofree = 0;
+       int res, dofree = 0, docrypto_free = 0;
        EVP_PKEY *evp_key = NULL;
        
        if(!setup_key_digest(algo, &evp_key, &digest_type, key, keylen)) {
@@ -571,7 +571,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
                        EVP_PKEY_free(evp_key);
                        return sec_status_bogus;
                }
-               dofree = 1;
+               docrypto_free = 1;
        }
 #endif
 #if defined(USE_ECDSA) && defined(USE_DSA)
@@ -601,6 +601,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
                log_err("EVP_MD_CTX_new: malloc failure");
                EVP_PKEY_free(evp_key);
                if(dofree) free(sigblock);
+               else if(docrypto_free) CRYPTO_free(sigblock);
                return sec_status_unchecked;
        }
        if(EVP_VerifyInit(ctx, digest_type) == 0) {
@@ -608,6 +609,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
                EVP_MD_CTX_destroy(ctx);
                EVP_PKEY_free(evp_key);
                if(dofree) free(sigblock);
+               else if(docrypto_free) CRYPTO_free(sigblock);
                return sec_status_unchecked;
        }
        if(EVP_VerifyUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf), 
@@ -616,15 +618,21 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
                EVP_MD_CTX_destroy(ctx);
                EVP_PKEY_free(evp_key);
                if(dofree) free(sigblock);
+               else if(docrypto_free) CRYPTO_free(sigblock);
                return sec_status_unchecked;
        }
 
        res = EVP_VerifyFinal(ctx, sigblock, sigblock_len, evp_key);
+#ifdef HAVE_EVP_MD_CTX_NEW
        EVP_MD_CTX_destroy(ctx);
+#else
+       EVP_MD_CTX_cleanup(ctx);
+       free(ctx);
+#endif
        EVP_PKEY_free(evp_key);
 
-       if(dofree)
-               free(sigblock);
+       if(dofree) free(sigblock);
+       else if(docrypto_free) CRYPTO_free(sigblock);
 
        if(res == 1) {
                return sec_status_secure;