From patchwork Thu Aug 11 02:07:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maximilian Fillinger X-Patchwork-Id: 2651 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id AAN5C07x9GLFVQAAIUCqbw (envelope-from ) for ; Thu, 11 Aug 2022 08:08:46 -0400 Received: from proxy17.mail.ord1d.rsapps.net ([172.30.191.6]) by director11.mail.ord1d.rsapps.net with LMTP id WN9EC07x9GL/QgAAvGGmqA (envelope-from ) for ; Thu, 11 Aug 2022 08:08:46 -0400 Received: from smtp33.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy17.mail.ord1d.rsapps.net with LMTPS id eLrvCk7x9GKscwAAWC7mWg (envelope-from ) for ; Thu, 11 Aug 2022 08:08:46 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp33.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (key not found in DNS) header.d=foxcrypto.com; dmarc=fail (p=none; dis=none) header.from=foxcrypto.com X-Suspicious-Flag: YES X-Classification-ID: 5902417e-196e-11ed-bf30-54520067fec4-1-1 Received: from [216.105.38.7] ([216.105.38.7:41904] helo=lists.sourceforge.net) by smtp33.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 3A/C2-22647-D41F4F26; Thu, 11 Aug 2022 08:08:45 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1oM6yf-0000A8-Tt; Thu, 11 Aug 2022 12:07:52 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1oM6ye-0000A0-Dd for openvpn-devel@lists.sourceforge.net; Thu, 11 Aug 2022 12:07:51 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Date:Subject:CC:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=F1IQTibTi4hu4EPXmDXSwTlSLteTDwVT6R/n9NyKv/o=; b=I/mTvYBDpVDzFzAOo3cV4N2rIl nCpxAcufJggD5DtYR6c58Ne/XN/8eC0+HMETMlATkvHaoNvOQbCB979YuSheDOuqx2w1RP5jtEkZy RbA4YisXwO04/VCzKivAzohl6KVs1vQ84XrWlWa3SBgVMBpgdwNq29XHpZy0AL7jvKgQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Date: Subject:CC:To:From:Sender:Reply-To:Content-ID:Content-Description:Resent-Date :Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=F1IQTibTi4hu4EPXmDXSwTlSLteTDwVT6R/n9NyKv/o=; b=j fACtKTy3U2qWyG+T/wvLXzGxlcGFN8BagfFiZTli384D2zUxPML5srAjtaZ6gw/TQBb0O1db4RGyz 39hrVYzmphQ8LBTSG8BlDjtYMX3/5/+L/qhZi4KbvkBe20OpctCwAQVjB3uFQdB6yogvDGN06csA3 VlxBKWmWetldze0Y=; Received: from nl-dft-mx-01.fox-it.com ([178.250.144.135]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oM6yW-00Bfxq-BA for openvpn-devel@lists.sourceforge.net; Thu, 11 Aug 2022 12:07:49 +0000 From: Max Fillinger To: Date: Thu, 11 Aug 2022 14:07:21 +0200 Message-ID: <20220811120722.29168-1-maximilian.fillinger@foxcrypto.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-ClientProxiedBy: FOXDFT1EX01.FOX.local (10.0.0.129) To FOXDFT1EX01.FOX.local (10.0.0.129) X-FE-Policy-ID: 13:3:2:SYSTEM DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=foxcrypto.com; s=NL-DFT-MX-01; c=relaxed/relaxed; h=from:to:cc:subject:date:message-id:mime-version:content-type; bh=F1IQTibTi4hu4EPXmDXSwTlSLteTDwVT6R/n9NyKv/o=; b=nkKpvWnTcE1tr/vOyEt9aUXj7Imnpz8kYFcvQjBVOM0t4u3ZTRTCrn3GB5/3iK7kkkL1d4TW2/mn MnBPDnqnE+AxC8pfRsYmGNmWhbB7OkwTT3As8QZ7A4+cO++BzyXEAgqsyRjYLH7AehnaiK8jtA/m 3q30rD8JZJNAG1+VVgUQSjho2k3x4VnKk8kWfNPzGhv1Dc4ZS/3Ap6cgdZkDsbfnPuSalU2Rp6jR opU0kDZ1RjS5NO4CkO0msFRQvnQ4A+RfO4OuD36v94I2ehENuA9AT1SV71mA/NtGA3zDEcFDUmhP IOVyw2KUeatKU/BARJsxTGVbcv8rYilHtHsqfw== X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: LibreSSL has added some of the functions that are defined here. However, we still need RSA_F_RSA_OSSL_PRIVATE_ENCRYPT. Signed-off-by: Max Fillinger --- src/openvpn/openssl_compat.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 T_SCC_BODY_TEXT_LINE No description available. 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid X-Headers-End: 1oM6yW-00Bfxq-BA Subject: [Openvpn-devel] [PATCH 1/2] Update openssl_compat.h for newer LibreSSL X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox LibreSSL has added some of the functions that are defined here. However, we still need RSA_F_RSA_OSSL_PRIVATE_ENCRYPT. Signed-off-by: Max Fillinger --- src/openvpn/openssl_compat.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index b3ee94f1..38eb760b 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -51,8 +51,8 @@ #define SSL_CTX_set1_groups SSL_CTX_set1_curves #endif -/* Functionality missing in LibreSSL and OpenSSL 1.0.2 */ -#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) && !defined(ENABLE_CRYPTO_WOLFSSL) +/* Functionality missing in LibreSSL before 3.5 and OpenSSL 1.0.2 */ +#if (OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050000fL)) && !defined(ENABLE_CRYPTO_WOLFSSL) /** * Destroy a X509 object * @@ -68,11 +68,13 @@ X509_OBJECT_free(X509_OBJECT *obj) } } -#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT #define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG #define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG #endif +#if !defined(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT) +#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT +#endif /* Functionality missing in 1.0.2 */ #if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(ENABLE_CRYPTO_WOLFSSL) From patchwork Thu Aug 11 02:07:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maximilian Fillinger X-Patchwork-Id: 2652 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id YNvmI1nx9GIBVgAAIUCqbw (envelope-from ) for ; Thu, 11 Aug 2022 08:08:57 -0400 Received: from proxy7.mail.ord1d.rsapps.net ([172.30.191.6]) by director13.mail.ord1d.rsapps.net with LMTP id 6Ai5I1nx9GJrIwAA91zNiA (envelope-from ) for ; Thu, 11 Aug 2022 08:08:57 -0400 Received: from smtp28.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy7.mail.ord1d.rsapps.net with LMTPS id SH95I1nx9GLpcAAAMe1Fpw (envelope-from ) for ; Thu, 11 Aug 2022 08:08:57 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp28.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (key not found in DNS) header.d=foxcrypto.com; dmarc=fail (p=none; dis=none) header.from=foxcrypto.com X-Suspicious-Flag: YES X-Classification-ID: 600ecadc-196e-11ed-9808-a0369f1890f1-1-1 Received: from [216.105.38.7] ([216.105.38.7:50238] helo=lists.sourceforge.net) by smtp28.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 65/EC-31059-951F4F26; Thu, 11 Aug 2022 08:08:57 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1oM6ys-0006oq-Dw; Thu, 11 Aug 2022 12:08:06 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1oM6yq-0006oa-A9 for openvpn-devel@lists.sourceforge.net; Thu, 11 Aug 2022 12:08:04 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :References:In-Reply-To:Message-ID:Date:Subject:CC:To:From:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=cSriVsG1Izuiv4oHHsdl2cLPxafoGtArGexJvNeamqk=; b=K86DoRmVfrdrc02wuaUWmR0u8w WM15k1NXpS1iTwZhL/1M8Tv8T6KfIvkn2g+b1UxJm7YKLzvrtMVp8Tpdgl6OBEHoXKw3+VZ9NhJHj pKk8dajGNUU7d9vRSoEyzRLHgTQ8m60jVFK4oQ+GKwjm1QrBtwQmyrF4auA2rvFPlda0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:CC:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=cSriVsG1Izuiv4oHHsdl2cLPxafoGtArGexJvNeamqk=; b=g/PSDV1Ti+xNKxq662Tk7GNEql NLiEdPJccg0w6U7LpsEivzarlyYITJ6/7yPqQV7mvtoDmJPyyn1FCViTPN+3VloPsxvD6fMXNbj2r NfftTM7xogqinsas3AlYBF8b/VClN6HipZDnO0hSnPfRr/pr7LlhMVMkAEKKT7NoTpfs=; Received: from nl-dft-mx-01.fox-it.com ([178.250.144.135]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1oM6yi-0008U9-Me for openvpn-devel@lists.sourceforge.net; Thu, 11 Aug 2022 12:08:03 +0000 From: Max Fillinger To: Date: Thu, 11 Aug 2022 14:07:22 +0200 Message-ID: <20220811120722.29168-2-maximilian.fillinger@foxcrypto.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220811120722.29168-1-maximilian.fillinger@foxcrypto.com> References: <20220811120722.29168-1-maximilian.fillinger@foxcrypto.com> MIME-Version: 1.0 X-ClientProxiedBy: FOXDFT1EX01.FOX.local (10.0.0.129) To FOXDFT1EX01.FOX.local (10.0.0.129) X-FE-Policy-ID: 13:3:2:SYSTEM DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=foxcrypto.com; s=NL-DFT-MX-01; c=relaxed/relaxed; h=from:to:cc:subject:date:message-id:references:mime-version:content-type; bh=cSriVsG1Izuiv4oHHsdl2cLPxafoGtArGexJvNeamqk=; b=daOYy7TzrIpxKUdj2k3pJUZK9ZapSFAldg6o4VwMbvx39K3CsmXm/EBk5E+c31h/hTwip5RiYRQT rNQOe412HPJqsHctSSYAC6myhEllqoedmilitnFvxmmDWfY50s8+Sqt4o3+724SO16ZoLTcbSo6i JpfoIGhKODbKo2NvRFK3sFfM7VlJvLxhFe7+dg8RFh9itIkiFfKHlgtzmVd/2/abs+AAzKQMRJ5C 5Z2ei6LcxsTdQjZUqkHdT3A6q33cgzGG2a+DGzIjmC9eq4DLuCmd+fCBnoDmNUFqxI6OSNmEGudi +xjk7BFzvQkx5I89nwHML72LoorL3wSfoz9H4Q== X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Building OpenVPN on the latest OpenBSD snapshot failed because EVP_MD_CTX is an opaque struct in LibreSSL now. Therefore, call md_ctx_new() instead of declaring them on the stack. When they're not on [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid X-Headers-End: 1oM6yi-0008U9-Me Subject: [Openvpn-devel] [PATCH 2/2] Handle EVP_MD_CTX as an opaque struct X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Building OpenVPN on the latest OpenBSD snapshot failed because EVP_MD_CTX is an opaque struct in LibreSSL now. Therefore, call md_ctx_new() instead of declaring them on the stack. When they're not on the stack anymore, we don't have to call EVP_MD_CTX_init() anymore, but we need to call EVP_MD_CTX_free() instead of cleanup. Signed-off-by: Max Fillinger Acked-By: Arne Schwabe --- src/openvpn/crypto_openssl.c | 38 ++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 5cd09e33..5c86268d 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -1492,7 +1492,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, { int chunk; size_t j; - EVP_MD_CTX ctx, ctx_tmp, ctx_init; + EVP_MD_CTX *ctx, *ctx_tmp, *ctx_init; EVP_PKEY *mac_key; unsigned char A1[EVP_MAX_MD_SIZE]; size_t A1_len = EVP_MAX_MD_SIZE; @@ -1501,28 +1501,28 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, chunk = EVP_MD_size(md); OPENSSL_assert(chunk >= 0); - EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_init(&ctx_tmp); - EVP_MD_CTX_init(&ctx_init); - EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + ctx = md_ctx_new(); + ctx_tmp = md_ctx_new(); + ctx_init = md_ctx_new(); + EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); if (!mac_key) { goto err; } - if (!EVP_DigestSignInit(&ctx_init, NULL, md, NULL, mac_key)) + if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key)) { goto err; } - if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init)) + if (!EVP_MD_CTX_copy_ex(ctx, ctx_init)) { goto err; } - if (!EVP_DigestSignUpdate(&ctx, seed, seed_len)) + if (!EVP_DigestSignUpdate(ctx, seed, seed_len)) { goto err; } - if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) { goto err; } @@ -1530,19 +1530,19 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, for (;; ) { /* Reinit mac contexts */ - if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init)) + if (!EVP_MD_CTX_copy_ex(ctx, ctx_init)) { goto err; } - if (!EVP_DigestSignUpdate(&ctx, A1, A1_len)) + if (!EVP_DigestSignUpdate(ctx, A1, A1_len)) { goto err; } - if (olen > chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp, &ctx)) + if (olen > chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx)) { goto err; } - if (!EVP_DigestSignUpdate(&ctx, seed, seed_len)) + if (!EVP_DigestSignUpdate(ctx, seed, seed_len)) { goto err; } @@ -1550,14 +1550,14 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, if (olen > chunk) { j = olen; - if (!EVP_DigestSignFinal(&ctx, out, &j)) + if (!EVP_DigestSignFinal(ctx, out, &j)) { goto err; } out += j; olen -= j; /* calc the next A1 value */ - if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len)) { goto err; } @@ -1566,7 +1566,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, { A1_len = EVP_MAX_MD_SIZE; /* last one */ - if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) { goto err; } @@ -1577,9 +1577,9 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, ret = true; err: EVP_PKEY_free(mac_key); - EVP_MD_CTX_cleanup(&ctx); - EVP_MD_CTX_cleanup(&ctx_tmp); - EVP_MD_CTX_cleanup(&ctx_init); + EVP_MD_CTX_free(ctx); + EVP_MD_CTX_free(ctx_tmp); + EVP_MD_CTX_free(ctx_init); OPENSSL_cleanse(A1, sizeof(A1)); return ret; }