Don't manually free DH params in OpenSSL 3

When the EVP_PKEY object with the Diffie-Hellman parameters is passed
to SSL_CTX_set0_tmp_dh_pkey, it does not create a copy but stores the
pointer in the SSL_CTX. Therefore, we should not free it.

The EVP_PKEY will be freed automatically when we free the SSL_CTX.

Trac: #1436

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Acked-by:
Message-Id: <20211025145314.23009-1-maximilian.fillinger@foxcrypto.com>
URL: https://www.mail-archive.com/search?l=mid&q=20211025145314.23009-1-maximilian.fillinger@foxcrypto.com
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 2414fc5eb4cf2666f4367fe7925a8b7e10a3cb52..6f2d6d57a2557e9a2b20b77cc5909d35161a59f3 100644 (file)
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -685,8 +685,6 @@ tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file,
 
     msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key",
         8 * EVP_PKEY_get_size(dh));
-
-    EVP_PKEY_free(dh);
 #else
     DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
     BIO_free(bio);