From: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Date: Mon, 25 Oct 2021 14:53:14 +0000 (+0200)
Subject: Don't manually free DH params in OpenSSL 3
X-Git-Tag: v2.6_beta1~406
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4daed27f28f6bb3033e659328fe80322a8f4b5e1;p=thirdparty%2Fopenvpn.git

Don't manually free DH params in OpenSSL 3

When the EVP_PKEY object with the Diffie-Hellman parameters is passed
to SSL_CTX_set0_tmp_dh_pkey, it does not create a copy but stores the
pointer in the SSL_CTX. Therefore, we should not free it.

The EVP_PKEY will be freed automatically when we free the SSL_CTX.

Trac: #1436

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Acked-by:
Message-Id: <20211025145314.23009-1-maximilian.fillinger@foxcrypto.com>
URL: https://www.mail-archive.com/search?l=mid&q=20211025145314.23009-1-maximilian.fillinger@foxcrypto.com
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 2414fc5eb..6f2d6d57a 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -685,8 +685,6 @@ tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file,
 
     msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key",
         8 * EVP_PKEY_get_size(dh));
-
-    EVP_PKEY_free(dh);
 #else
     DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
     BIO_free(bio);