Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
OpenSSL: Clean up leaks in TPM ENGINE handling
The key, in the ctx, holds a reference on the engine. We should be dropping
our own.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jun 12, 2012
1 parent 443e7e5 commit 0a9919b
Showing 1 changed file with 10 additions and 7 deletions.
17 changes: 10 additions & 7 deletions openssl.c
Expand Up @@ -510,6 +510,8 @@ static int load_tpm_certificate(struct openconnect_info *vpninfo)
ENGINE *e;
EVP_PKEY *key;
UI_METHOD *meth = NULL;
int ret = 0;

ENGINE_load_builtin_engines();

e = ENGINE_by_id("tpm");
Expand Down Expand Up @@ -546,18 +548,19 @@ static int load_tpm_certificate(struct openconnect_info *vpninfo)
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM private key\n"));
openconnect_report_ssl_errors(vpninfo);
ENGINE_free(e);
ENGINE_finish(e);
return -EINVAL;
ret = -EINVAL;
goto out;
}
if (!SSL_CTX_use_PrivateKey(vpninfo->https_ctx, key)) {
vpn_progress(vpninfo, PRG_ERR, _("Add key from TPM failed\n"));
openconnect_report_ssl_errors(vpninfo);
ENGINE_free(e);
ENGINE_finish(e);
return -EINVAL;
ret = -EINVAL;
}
return 0;
EVP_PKEY_free(key);
out:
ENGINE_finish(e);
ENGINE_free(e);
return ret;
}
#else
static int load_tpm_certificate(struct openconnect_info *vpninfo)
Expand Down

0 comments on commit 0a9919b

Please sign in to comment.