From 1f3b65801b1b0bf11e18c318f7b2c6fcd357e3aa Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Tue, 28 Aug 2001 13:45:41 +0000
Subject: [PATCH] Fix SSL memory leak.

---
 crypto/engine/hw_openbsd_dev_crypto.c |  6 +++++-
 crypto/evp/digest.c                   | 16 +++++++++++++++-
 crypto/evp/evp.h                      |  6 ++++++
 ssl/s3_lib.c                          |  3 +++
 4 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/crypto/engine/hw_openbsd_dev_crypto.c b/crypto/engine/hw_openbsd_dev_crypto.c
index 3e11fc59aa..6479a7c249 100644
--- a/crypto/engine/hw_openbsd_dev_crypto.c
+++ b/crypto/engine/hw_openbsd_dev_crypto.c
@@ -80,4 +80,8 @@ ENGINE *ENGINE_openbsd_dev_crypto(void)
 	return engine;
 	}
 
-#endif /* defined(OPENSSL_OPENBSD_DEV_CRYPTO) */
+#else  /* !defined(OPENSSL_OPENBSD_DEV_CRYPTO) */
+
+static void *dummy=&dummy;
+
+#endif  /* !defined(OPENSSL_OPENBSD_DEV_CRYPTO) */
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index f1c905ab75..5c5b118486 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -75,13 +75,22 @@ EVP_MD_CTX *EVP_MD_CTX_create(void)
 	return ctx;
 	}
 
+#ifdef CRYPTO_MDEBUG
+int EVP_DigestInit_dbg(EVP_MD_CTX *ctx, const EVP_MD *type,const char *file,
+		       int line)
+#else
 int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
+#endif
 	{
 	if(ctx->digest != type)
 		{
 		OPENSSL_free(ctx->md_data);
 		ctx->digest=type;
+#ifdef CRYPTO_MDEBUG
+		ctx->md_data=CRYPTO_malloc(type->ctx_size,file,line);
+#else
 		ctx->md_data=OPENSSL_malloc(type->ctx_size);
+#endif
 		}
 	return type->init(ctx->md_data);
 	}
@@ -142,7 +151,12 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 /* This call frees resources associated with the context */
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 	{
-	/* assume ctx->md_data was cleaned in EVP_Digest_Final */
+	/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
+	 * because sometimes only copies of the context are ever finalised.
+	 */
+	if(ctx->md_data)
+	    memset(ctx->md_data,0,ctx->digest->ctx_size);
+
 	OPENSSL_free(ctx->md_data);
 	memset(ctx,'\0',sizeof *ctx);
 
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 435f2b36e6..ef77db499e 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -443,7 +443,13 @@ int	EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
 EVP_MD_CTX *EVP_MD_CTX_create(void);
 void	EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
 int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+#ifdef CRYPTO_MDEBUG
+int	EVP_DigestInit_dbg(EVP_MD_CTX *ctx, const EVP_MD *type,
+			   const char *file,int line);
+#define EVP_DigestInit(ctx,type) EVP_DigestInit_dbg(ctx,type,__FILE__,__LINE__)
+#else
 int	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+#endif
 int	EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
 			 unsigned int cnt);
 int	EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 8fbb2c2501..4575eeecc0 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1009,6 +1009,9 @@ void ssl3_clear(SSL *s)
 	rp=s->s3->rbuf.buf;
 	wp=s->s3->wbuf.buf;
 
+	EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+	EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+
 	memset(s->s3,0,sizeof *s->s3);
 	if (rp != NULL) s->s3->rbuf.buf=rp;
 	if (wp != NULL) s->s3->wbuf.buf=wp;
-- 
GitLab