diff options
| author | Matt Caswell <matt@openssl.org> | 2019-09-26 14:55:00 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2019-10-03 09:47:34 +0100 |
| commit | 14bec2c4b4a74f7de3bdf4b3fff764d8842c27ab (patch) | |
| tree | 12b850f4f0ceaa39d456eab22399a491254c6ce7 /crypto/evp/digest.c | |
| parent | 15de965ff04ccecb068f3ce6c643555dce9372c6 (diff) | |
Free a fetched digest during EVP_MD_CTX_reset() not EVP_MD_free()
Otherwise a mem leak can occur since EVP_MD_free() calls
EVP_MD_CTX_reset() which then clears the contents of the ctx.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10013)
Diffstat (limited to 'crypto/evp/digest.c')
| -rw-r--r-- | crypto/evp/digest.c | 19 |
1 files changed, 6 insertions, 13 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 6609e8f541..874b16b6ee 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -34,8 +34,9 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) EVP_PKEY_CTX_free(ctx->pctx); #endif - if (ctx->digest == NULL || ctx->digest->prov == NULL) - goto legacy; + EVP_MD_free(ctx->fetched_digest); + ctx->fetched_digest = NULL; + ctx->reqdigest = NULL; if (ctx->provctx != NULL) { if (ctx->digest->freectx != NULL) @@ -44,13 +45,7 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); } - if (ctx->pctx != NULL) - goto legacy; - - return 1; - /* TODO(3.0): Remove legacy code below */ - legacy: /* * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because @@ -67,6 +62,9 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) #if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE) ENGINE_finish(ctx->engine); #endif + + /* TODO(3.0): End of legacy code */ + OPENSSL_cleanse(ctx, sizeof(*ctx)); return 1; @@ -84,11 +82,6 @@ void EVP_MD_CTX_free(EVP_MD_CTX *ctx) EVP_MD_CTX_reset(ctx); - EVP_MD_free(ctx->fetched_digest); - ctx->fetched_digest = NULL; - ctx->digest = NULL; - ctx->reqdigest = NULL; - OPENSSL_free(ctx); return; } |