mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free()

Commit ("openssl: Fix compilation without deprecated OpenSSL 1.1 APIs")
has removed the cipher_ctx_cleanup() API, as it is not anymore required
to be a distinct call. However, while doing so it also touched the
mbedtls backend in a wrong way causing a systematic segfault upon
connection.

Basically mbedtls_cipher_free(ctx) was moved from the defunct
cipher_ctx_cleanup()
to md_ctx_free(), while it was supposed to go into cipher_ctx_free().
This was clearly wrong as also the type of the ctx variable was not
correct anymore.

Fix this mistake by actually moving mbedtls_cipher_free(ctx) to
cipher_ctx_free().

Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20190816204945.7937-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18781.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 2a74fc3f66bb9f73fc957719d187256922ca003f)

diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 630578d4990eee6ae2f77e60b78023cbefa131eb..748043ec0a746ab73a55e87ece3f556b194e028c 100644 (file)
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -519,6 +519,7 @@ cipher_ctx_new(void)
 void
 cipher_ctx_free(mbedtls_cipher_context_t *ctx)
 {
+    mbedtls_cipher_free(ctx);
     free(ctx);
 }
 
@@ -782,7 +783,6 @@ md_ctx_new(void)
 
 void md_ctx_free(mbedtls_md_context_t *ctx)
 {
-    mbedtls_cipher_free(ctx);
     free(ctx);
 }