From patchwork Mon Oct 25 03:53:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maximilian Fillinger X-Patchwork-Id: 2048 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id CL88Li7FdmEZKgAAIUCqbw (envelope-from ) for ; Mon, 25 Oct 2021 10:54:38 -0400 Received: from proxy4.mail.ord1c.rsapps.net ([172.28.255.1]) by director10.mail.ord1d.rsapps.net with LMTP id cK64LS7FdmEgCgAApN4f7A (envelope-from ) for ; Mon, 25 Oct 2021 10:54:38 -0400 Received: from smtp11.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.ord1c.rsapps.net with LMTPS id AGyGOi3FdmFYNwAAjcXvpA (envelope-from ) for ; Mon, 25 Oct 2021 10:54:37 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp11.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (key not found in DNS) header.d=foxcrypto.com; dmarc=fail (p=none; dis=none) header.from=foxcrypto.com X-Suspicious-Flag: YES X-Classification-ID: 79a34f04-35a3-11ec-9eb5-bc305beffa54-1-1 Received: from [216.105.38.7] ([216.105.38.7:45612] helo=lists.sourceforge.net) by smtp11.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 24/2B-03661-E25C6716; Mon, 25 Oct 2021 10:54:38 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1mf1M5-0000P2-6L; Mon, 25 Oct 2021 14:53:41 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mf1M4-0000Om-IU for openvpn-devel@lists.sourceforge.net; Mon, 25 Oct 2021 14:53:40 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:MIME-Version:Message-ID:Date:Subject: CC:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=VaovLdiH8RSMjKVDe3TaPRJzOrvJKLBXeBchG0g9er4=; b=hkkubJZY1BR44uF8hI2GjbL8I/ O0M74drNU699yMRG7LQtxJHsqPdJc5n5/wem0Y4KTzobRoBSVRXxb5BoWw0syNORHfgwbOpjEXNQr HGU0OCYx+RQEPYwVEU9X4MhC73G5x7EOWY1jpDT3iPyqx+NM0Z3nsaAqHAhcN241k2ow=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:MIME-Version:Message-ID:Date:Subject:CC:To:From:Sender: Reply-To:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date :Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=VaovLdiH8RSMjKVDe3TaPRJzOrvJKLBXeBchG0g9er4=; b=V L151jpMc9vUmr/srSD1STkmhkseh0b6JD0PGHeFYzu9l9LV0S69kcAO9r41a5KPCnVYaENjqGgmJ+ sOK37W/OePnH3nAwxmwQKqYt+p89L9cMr26YHm6roDr0yKu2N3GIAfcONHA+CCJ8RV+zdKIVZ0nsx uyA5TH+bDPhBcpS8=; Received: from nl-dft-mx-01.fox-it.com ([178.250.144.135]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mf1Lw-0006o7-2x for openvpn-devel@lists.sourceforge.net; Mon, 25 Oct 2021 14:53:40 +0000 From: Max Fillinger To: Date: Mon, 25 Oct 2021 16:53:14 +0200 Message-ID: <20211025145314.23009-1-maximilian.fillinger@foxcrypto.com> X-Mailer: git-send-email 2.11.0 MIME-Version: 1.0 X-ClientProxiedBy: FOXDFT1EX01.FOX.local (10.0.0.129) To FOXDFT1EX01.FOX.local (10.0.0.129) X-FE-Policy-ID: 13:3:2:SYSTEM DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=foxcrypto.com; s=NL-DFT-MX-01; c=relaxed/relaxed; h=from:to:cc:subject:date:message-id:mime-version:content-type; bh=VaovLdiH8RSMjKVDe3TaPRJzOrvJKLBXeBchG0g9er4=; b=gjNuiOyc4DSsvTBnO8hVPi0mPj8l0jN/MF7zvxwuPAETvQ3cTMugaPI9iTkPmJERgMfkAETi4JyY RtUnSUMGdZHpemCr+qhw+Yp+m0suB7txpAJ3B+B1NXE03AtNmXrXVs/c/+GRpWhhgJDd+JrTmuPB bD0T+omDAJYquRvUzbKX71NdIMoKKcoiJ36vYqe9c34EPVif1odn6Jaq2EyV2erTMaWft/DkBJoX rG4LgXJx0ruD0WN6yUnHpvqnkG33IaomGaxVyGuWQes6TxTYo/PA61Ksy6YfY0T2BCPaHijctXZV UET56tZ7BLyWNJgMSySSBOj8sDX+AjeVyJ8vRw== X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: When the EVP_PKEY object with the Diffie-Hellman parameters is passed to SSL_CTX_set0_tmp_dh_pkey, it does not create a copy but stores the pointer in the SSL_CTX. Therefore, we should not free it. The EVP_PKEY will be freed automatically when we free the SSL_CTX. Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid X-Headers-End: 1mf1Lw-0006o7-2x Subject: [Openvpn-devel] [PATCH] Don't manually free DH params in OpenSSL 3 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox When the EVP_PKEY object with the Diffie-Hellman parameters is passed to SSL_CTX_set0_tmp_dh_pkey, it does not create a copy but stores the pointer in the SSL_CTX. Therefore, we should not free it. The EVP_PKEY will be freed automatically when we free the SSL_CTX. Signed-off-by: Max Fillinger Acked-By: Arne Schwabe --- src/openvpn/ssl_openssl.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 2414fc5e..6f2d6d57 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -685,8 +685,6 @@ tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key", 8 * EVP_PKEY_get_size(dh)); - - EVP_PKEY_free(dh); #else DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); BIO_free(bio);