From 3101ab603cd82cdbc81de0902b2b4718e8f1279b Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 3 Sep 2020 11:50:30 +0100
Subject: Fix an EVP_MD_CTX leak

If we initialise an EVP_MD_CTX with a legacy MD, and then reuse the same
EVP_MD_CTX with a provided MD then we end up leaking the md_data.

We need to ensure we free the md_data if we change to a provided MD.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12779)
---
 include/crypto/evp.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include')

diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 9d9b0a7298..bdff97f639 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -808,3 +808,5 @@ int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx);
 void evp_method_store_flush(OPENSSL_CTX *libctx);
 int evp_set_default_properties_int(OPENSSL_CTX *libctx, const char *propq,
                                    int loadconfig);
+
+void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force);
-- 
cgit v1.2.3