| Message ID | 20211025145314.23009-1-maximilian.fillinger@foxcrypto.com |
|---|---|
| State | Accepted |
| Headers |
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id CL88Li7FdmEZKgAAIUCqbw (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) for <patchwork@openvpn.net>; Mon, 25 Oct 2021 10:54:38 -0400 Received: from proxy4.mail.ord1c.rsapps.net ([172.28.255.1]) by director10.mail.ord1d.rsapps.net with LMTP id cK64LS7FdmEgCgAApN4f7A (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) for <patchwork@openvpn.net>; Mon, 25 Oct 2021 10:54:38 -0400 Received: from smtp11.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.ord1c.rsapps.net with LMTPS id AGyGOi3FdmFYNwAAjcXvpA (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) for <patchwork@openvpn.net>; Mon, 25 Oct 2021 10:54:37 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp11.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (key not found in DNS) header.d=foxcrypto.com; dmarc=fail (p=none; dis=none) header.from=foxcrypto.com X-Suspicious-Flag: YES X-Classification-ID: 79a34f04-35a3-11ec-9eb5-bc305beffa54-1-1 Received: from [216.105.38.7] ([216.105.38.7:45612] helo=lists.sourceforge.net) by smtp11.gate.ord1c.rsapps.net (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 24/2B-03661-E25C6716; Mon, 25 Oct 2021 10:54:38 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) id 1mf1M5-0000P2-6L; Mon, 25 Oct 2021 14:53:41 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from <maximilian.fillinger@foxcrypto.com>) id 1mf1M4-0000Om-IU for openvpn-devel@lists.sourceforge.net; Mon, 25 Oct 2021 14:53:40 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:MIME-Version:Message-ID:Date:Subject: CC:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=VaovLdiH8RSMjKVDe3TaPRJzOrvJKLBXeBchG0g9er4=; b=hkkubJZY1BR44uF8hI2GjbL8I/ O0M74drNU699yMRG7LQtxJHsqPdJc5n5/wem0Y4KTzobRoBSVRXxb5BoWw0syNORHfgwbOpjEXNQr HGU0OCYx+RQEPYwVEU9X4MhC73G5x7EOWY1jpDT3iPyqx+NM0Z3nsaAqHAhcN241k2ow=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:MIME-Version:Message-ID:Date:Subject:CC:To:From:Sender: Reply-To:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date :Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=VaovLdiH8RSMjKVDe3TaPRJzOrvJKLBXeBchG0g9er4=; b=V L151jpMc9vUmr/srSD1STkmhkseh0b6JD0PGHeFYzu9l9LV0S69kcAO9r41a5KPCnVYaENjqGgmJ+ sOK37W/OePnH3nAwxmwQKqYt+p89L9cMr26YHm6roDr0yKu2N3GIAfcONHA+CCJ8RV+zdKIVZ0nsx uyA5TH+bDPhBcpS8=; Received: from nl-dft-mx-01.fox-it.com ([178.250.144.135]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mf1Lw-0006o7-2x for openvpn-devel@lists.sourceforge.net; Mon, 25 Oct 2021 14:53:40 +0000 From: Max Fillinger <maximilian.fillinger@foxcrypto.com> To: <openvpn-devel@lists.sourceforge.net> Date: Mon, 25 Oct 2021 16:53:14 +0200 Message-ID: <20211025145314.23009-1-maximilian.fillinger@foxcrypto.com> X-Mailer: git-send-email 2.11.0 MIME-Version: 1.0 X-ClientProxiedBy: FOXDFT1EX01.FOX.local (10.0.0.129) To FOXDFT1EX01.FOX.local (10.0.0.129) X-FE-Policy-ID: 13:3:2:SYSTEM DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=foxcrypto.com; s=NL-DFT-MX-01; c=relaxed/relaxed; h=from:to:cc:subject:date:message-id:mime-version:content-type; bh=VaovLdiH8RSMjKVDe3TaPRJzOrvJKLBXeBchG0g9er4=; b=gjNuiOyc4DSsvTBnO8hVPi0mPj8l0jN/MF7zvxwuPAETvQ3cTMugaPI9iTkPmJERgMfkAETi4JyY RtUnSUMGdZHpemCr+qhw+Yp+m0suB7txpAJ3B+B1NXE03AtNmXrXVs/c/+GRpWhhgJDd+JrTmuPB bD0T+omDAJYquRvUzbKX71NdIMoKKcoiJ36vYqe9c34EPVif1odn6Jaq2EyV2erTMaWft/DkBJoX rG4LgXJx0ruD0WN6yUnHpvqnkG33IaomGaxVyGuWQes6TxTYo/PA61Ksy6YfY0T2BCPaHijctXZV UET56tZ7BLyWNJgMSySSBOj8sDX+AjeVyJ8vRw== X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: When the EVP_PKEY object with the Diffie-Hellman parameters is passed to SSL_CTX_set0_tmp_dh_pkey, it does not create a copy but stores the pointer in the SSL_CTX. Therefore, we should not free it. The EVP_PKEY will be freed automatically when we free the SSL_CTX. Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid X-Headers-End: 1mf1Lw-0006o7-2x Subject: [Openvpn-devel] [PATCH] Don't manually free DH params in OpenSSL 3 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: <openvpn-devel.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel> List-Post: <mailto:openvpn-devel@lists.sourceforge.net> List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox |
| Series |
[Openvpn-devel] Don't manually free DH params in OpenSSL 3
|
|
Commit Message
Maximilian Fillinger
Oct. 25, 2021, 3:53 a.m. UTC
When the EVP_PKEY object with the Diffie-Hellman parameters is passed
to SSL_CTX_set0_tmp_dh_pkey, it does not create a copy but stores the
pointer in the SSL_CTX. Therefore, we should not free it.
The EVP_PKEY will be freed automatically when we free the SSL_CTX.
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
---
src/openvpn/ssl_openssl.c | 2 --
1 file changed, 2 deletions(-)
Comments
Am 25.10.21 um 16:53 schrieb Max Fillinger: > When the EVP_PKEY object with the Diffie-Hellman parameters is passed > to SSL_CTX_set0_tmp_dh_pkey, it does not create a copy but stores the > pointer in the SSL_CTX. Therefore, we should not free it. > > The EVP_PKEY will be freed automatically when we free the SSL_CTX. > Yes. The set0 indicates that it does a direct reference. Acked-By: Arne Schwabe <arne@rfc2549.org>
Great find.
I had this trac ticket (1436) about weird hanging/looping on signal exit,
inside openssl cleanup, and your patch fixes this :-)
Your patch has been applied to the master branch.
commit 4daed27f28f6bb3033e659328fe80322a8f4b5e1
Author: Max Fillinger
Date: Mon Oct 25 16:53:14 2021 +0200
Don't manually free DH params in OpenSSL 3
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Message-Id: <20211025145314.23009-1-maximilian.fillinger@foxcrypto.com>
URL: https://www.mail-archive.com/search?l=mid&q=20211025145314.23009-1-maximilian.fillinger@foxcrypto.com
Signed-off-by: Gert Doering <gert@greenie.muc.de>
--
kind regards,
Gert Doering
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 2414fc5e..6f2d6d57 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -685,8 +685,6 @@ tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key", 8 * EVP_PKEY_get_size(dh)); - - EVP_PKEY_free(dh); #else DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); BIO_free(bio);