Commit 0a9919b5 authored by David Woodhouse's avatar David Woodhouse

OpenSSL: Clean up leaks in TPM ENGINE handling

The key, in the ctx, holds a reference on the engine. We should be dropping
our own.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 443e7e54
......@@ -510,6 +510,8 @@ static int load_tpm_certificate(struct openconnect_info *vpninfo)
ENGINE *e;
EVP_PKEY *key;
UI_METHOD *meth = NULL;
int ret = 0;
ENGINE_load_builtin_engines();
e = ENGINE_by_id("tpm");
......@@ -546,18 +548,19 @@ static int load_tpm_certificate(struct openconnect_info *vpninfo)
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM private key\n"));
openconnect_report_ssl_errors(vpninfo);
ENGINE_free(e);
ENGINE_finish(e);
return -EINVAL;
ret = -EINVAL;
goto out;
}
if (!SSL_CTX_use_PrivateKey(vpninfo->https_ctx, key)) {
vpn_progress(vpninfo, PRG_ERR, _("Add key from TPM failed\n"));
openconnect_report_ssl_errors(vpninfo);
ENGINE_free(e);
ENGINE_finish(e);
return -EINVAL;
ret = -EINVAL;
}
return 0;
EVP_PKEY_free(key);
out:
ENGINE_finish(e);
ENGINE_free(e);
return ret;
}
#else
static int load_tpm_certificate(struct openconnect_info *vpninfo)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment