[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] libcrypto-compat: fix HMAC_CTX_free for OpenSSL < 1.1.0
[Thread Prev] | [Thread Next]
- Subject: [PATCH] libcrypto-compat: fix HMAC_CTX_free for OpenSSL < 1.1.0
- From: Jon Simons <jon@xxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Wed, 12 Jul 2017 15:23:03 -0700
- To: libssh@xxxxxxxxxx
From b636badcf4bc083e1dfa2b5879838ef5e88b6525 Mon Sep 17 00:00:00 2001
From: Jon Simons <jon@xxxxxxxxxxxxx>
Date: Mon, 10 Jul 2017 17:20:33 -0400
Subject: [PATCH] libcrypto-compat: fix HMAC_CTX_free for OpenSSL < 1.1.0
On older OpenSSL versions, the EVP_MD_CTX fields within an HMAC_CTX
structure are contained inlined (change here [1]): be sure to not
try to free those fields on those builds.
Found running the `pkd_hello` test with:
valgrind ./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_default
^ valgrind will cite "Invalid free() ..." errors which are present
before this fix and absent after, when building with OpenSSL 1.0.1.
[1] https://github.com/openssl/openssl/commit/6e59a892db781658c050e5217127c4147c116ac9
Signed-off-by: Jon Simons <jon@xxxxxxxxxxxxx>
---
src/libcrypto-compat.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/libcrypto-compat.c b/src/libcrypto-compat.c
index 3e1bc71a..45dffbb4 100644
--- a/src/libcrypto-compat.c
+++ b/src/libcrypto-compat.c
@@ -304,9 +304,11 @@ void HMAC_CTX_free(HMAC_CTX *ctx)
{
if (ctx != NULL) {
hmac_ctx_cleanup(ctx);
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
EVP_MD_CTX_free(&ctx->i_ctx);
EVP_MD_CTX_free(&ctx->o_ctx);
EVP_MD_CTX_free(&ctx->md_ctx);
+#endif
OPENSSL_free(ctx);
}
}
--
2.13.2
| Re: [PATCH] libcrypto-compat: fix HMAC_CTX_free for OpenSSL < 1.1.0 | Andreas Schneider <asn@xxxxxxxxxxxxxx> |