From a64ddff3fe16f938b99130d2a4928cda33cfcd36 Mon Sep 17 00:00:00 2001
From: Jon Simons <jon@jonsimons.org>
Date: Mon, 10 Jul 2017 17:20:42 -0400
Subject: [PATCH] libcrypto: fix resource leak in hmac_final

Fix a resource leak in `hmac_final`: say `HMAC_CTX_free` instead
of `HMAC_CTX_reset`.  This matches the error handling as done in
`hmac_init`.  Introduced with cf1e808e2ffa1f26644fb5d2cb82a919f323deba.

The problem is reproducible running the `pkd_hello` test with:

    valgrind --leak-check=full ./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_default

Resolves https://red.libssh.org/issues/252.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/libcrypto.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/libcrypto.c b/src/libcrypto.c
index 867bf227..3bed5042 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -422,7 +422,8 @@ void hmac_final(HMACCTX ctx, unsigned char *hashmacbuf, unsigned int *len) {
   HMAC_Final(ctx,hashmacbuf,len);
 
 #ifndef OLD_CRYPTO
-  HMAC_CTX_reset(ctx);
+  HMAC_CTX_free(ctx);
+  ctx = NULL;
 #else
   HMAC_cleanup(ctx);
 #endif