From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 11 Dec 2018 13:53:23 +0000 (+0100)
Subject: openssl: Make sure to release the functional ENGINE reference
X-Git-Tag: 5.7.2rc1~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=322daff844c1c479e12dc261e37d94adde3f5d93;p=thirdparty%2Fstrongswan.git

openssl: Make sure to release the functional ENGINE reference

The functional reference created by ENGINE_init() was never released,
only the structural one created by ENGINE_by_id().  The functional
reference includes an implicit structural reference, which is also
released by ENGINE_finish().

Closes strongswan/strongswan#119.
---

diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index c5f1c5b14e..cbeb6c3b71 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -436,21 +436,21 @@ static private_key_t *openssl_private_key_connect(key_type_t type,
 		ENGINE_free(engine);
 		return NULL;
 	}
+	ENGINE_free(engine);
 	if (!login(engine, keyid))
 	{
 		DBG1(DBG_LIB, "login to engine '%s' failed", engine_id);
-		ENGINE_free(engine);
+		ENGINE_finish(engine);
 		return NULL;
 	}
 	key = ENGINE_load_private_key(engine, keyname, NULL, NULL);
+	ENGINE_finish(engine);
 	if (!key)
 	{
 		DBG1(DBG_LIB, "failed to load private key with ID '%s' from "
 			 "engine '%s'", keyname, engine_id);
-		ENGINE_free(engine);
 		return NULL;
 	}
-	ENGINE_free(engine);
 
 	switch (EVP_PKEY_base_id(key))
 	{