libcrypto-compat: fix HMAC_CTX_free for OpenSSL < 1.1.0

On older OpenSSL versions, the EVP_MD_CTX fields within an HMAC_CTX structure are contained inlined (change here [1]): be sure to not try to free those fields on those builds. Found running the `pkd_hello` test with: valgrind ./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_default ^ valgrind will cite "Invalid free() ..." errors which are present before this fix and absent after, when building with OpenSSL 1.0.1. [1] 6e59a892db Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-07-10 17:20:33 -04:00 · 2017-07-10 17:20:33 -04:00 · 25384e9558
--- a/src/libcrypto-compat.c
+++ b/src/libcrypto-compat.c
@ -304,9 +304,11 @@ void HMAC_CTX_free(HMAC_CTX *ctx)
 {
    if (ctx != NULL) {
        hmac_ctx_cleanup(ctx);
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
        EVP_MD_CTX_free(&ctx->i_ctx);
        EVP_MD_CTX_free(&ctx->o_ctx);
        EVP_MD_CTX_free(&ctx->md_ctx);
+#endif
        OPENSSL_free(ctx);
    }
 }