The branch master has been updated via 0f9fdefeb05768b86f4364a8e976c87ee197638e (commit) from 790a1b030ac6f968104e17fe5b721c581ebd1d3e (commit)
- Log ----------------------------------------------------------------- commit 0f9fdefeb05768b86f4364a8e976c87ee197638e Author: Matt Caswell <m...@openssl.org> Date: Thu Jul 30 15:15:05 2020 +0100 Fix an ENGINE leak in asn1_item_digest_with_libctx Commit 6725682d introduced a call to ENGINE_get_digest_engine() into the function asn1_item_digest_with_libctx() to determine whether there is an ENGINE registered to handle the specified digest. However that function increases the ref count on the returned ENGINE object, so it must be freed. Fixes #12558 [extended tests] Reviewed-by: Paul Dale <paul.d...@oracle.com> Reviewed-by: Nicola Tuveri <nic....@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12560) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_digest.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c index c0c1cda272..3e7b418a19 100644 --- a/crypto/asn1/a_digest.c +++ b/crypto/asn1/a_digest.c @@ -68,7 +68,11 @@ int asn1_item_digest_with_libctx(const ASN1_ITEM *it, const EVP_MD *md, if (EVP_MD_provider(md) == NULL) { #if !defined(OPENSSL_NO_ENGINE) - if (ENGINE_get_digest_engine(EVP_MD_type(md)) == NULL) + ENGINE *tmpeng = ENGINE_get_digest_engine(EVP_MD_type(md)); + + if (tmpeng != NULL) + ENGINE_finish(tmpeng); + else #endif fetched_md = EVP_MD_fetch(libctx, EVP_MD_name(md), propq); }