From: Selva Nair <selva.n...@gmail.com>
In OpenSSL 3.0, fetched algorithms must be freed
(down referenced). In this case, though EVP_MAC_CTX_new()
keeps a reference to 'hmac', it up-refs it. So we have to free
it here before return.
(Tested using an enable-asan build).
Signed-off-by: Selva Nair <selva.n...@gmail.com>
---
src/openvpn/crypto_openssl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 6b18551e..9d823add 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -1063,6 +1063,9 @@ hmac_ctx_new(void)
EVP_MAC *hmac = EVP_MAC_fetch(NULL, "HMAC", NULL);
ctx->ctx = EVP_MAC_CTX_new(hmac);
check_malloc_return(ctx->ctx);
+
+ EVP_MAC_free(hmac);
+
return ctx;
}
--
2.30.2
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
