openssl: Make sure to release the functional ENGINE reference
authorTobias Brunner <tobias@strongswan.org>
Tue, 11 Dec 2018 13:53:23 +0000 (14:53 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 12 Dec 2018 11:00:29 +0000 (12:00 +0100)
The functional reference created by ENGINE_init() was never released,
only the structural one created by ENGINE_by_id().  The functional
reference includes an implicit structural reference, which is also
released by ENGINE_finish().

Closes strongswan/strongswan#119.

src/libstrongswan/plugins/openssl/openssl_plugin.c

index c5f1c5b..cbeb6c3 100644 (file)
@@ -436,21 +436,21 @@ static private_key_t *openssl_private_key_connect(key_type_t type,
                ENGINE_free(engine);
                return NULL;
        }
+       ENGINE_free(engine);
        if (!login(engine, keyid))
        {
                DBG1(DBG_LIB, "login to engine '%s' failed", engine_id);
-               ENGINE_free(engine);
+               ENGINE_finish(engine);
                return NULL;
        }
        key = ENGINE_load_private_key(engine, keyname, NULL, NULL);
+       ENGINE_finish(engine);
        if (!key)
        {
                DBG1(DBG_LIB, "failed to load private key with ID '%s' from "
                         "engine '%s'", keyname, engine_id);
-               ENGINE_free(engine);
                return NULL;
        }
-       ENGINE_free(engine);
 
        switch (EVP_PKEY_base_id(key))
        {