Commit 8ff3238027 for strongswan.org

commit 8ff3238027f5774c74c8646e4226e38e8c2c6657
Author: Tobias Brunner <tobias@strongswan.org>
Date:   Mon May 4 15:06:49 2026 +0200

    openssl: Prevent OpenSSL from using posix_memalign() if LD is enabled

    The leak detective doesn't wrap this function and calling the original
    causes unknown memory frees and even segmentation faults.  This is now
    triggered with OpenSSL 4 as the implementation of ECP256 uses
    OPENSSL_aligned_alloc_array().

    Setting a custom memory functions forces OpenSSL to implement aligned
    allocations internally, using the registered allocation function.

diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index ef7fe8908f..a12e2ba8fc 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -777,6 +777,13 @@ PLUGIN_DEFINE(openssl)
 	private_openssl_plugin_t *this;
 	int fips_mode;

+	/* prevent OpenSSL from using posix_memalign() if leak detective is enabled,
+	 * which doesn't wrap it */
+	if (lib->leak_detective)
+	{
+		CRYPTO_set_mem_functions((void*)malloc, (void*)realloc, (void*)free);
+	}
+
 	fips_mode = lib->settings->get_int(lib->settings,
 							"%s.plugins.openssl.fips_mode", FIPS_MODE, lib->ns);
 #ifdef OPENSSL_FIPS