libcrypto: fix resource leak in hmac_final

Fix a resource leak in `hmac_final`: say `HMAC_CTX_free` instead of `HMAC_CTX_reset`. This matches the error handling as done in `hmac_init`. Introduced with cf1e808e2ffa1f26644fb5d2cb82a919f323deba. The problem is reproducible running the `pkd_hello` test with: valgrind --leak-check=full ./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_default Resolves https://red.libssh.org/issues/252. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-07-10 17:20:42 -04:00 · 2017-07-10 17:20:42 -04:00 · a64ddff3fe
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@ -422,7 +422,8 @@ void hmac_final(HMACCTX ctx, unsigned char *hashmacbuf, unsigned int *len) {
  HMAC_Final(ctx,hashmacbuf,len);

 #ifndef OLD_CRYPTO
-  HMAC_CTX_reset(ctx);
+  HMAC_CTX_free(ctx);
+  ctx = NULL;
 #else
  HMAC_cleanup(ctx);
 #endif