[openssl] master update

Dr. Paul Dale pauli at openssl.org
Sat Aug 1 01:56:15 UTC 2020

The branch master has been updated
       via  0f9fdefeb05768b86f4364a8e976c87ee197638e (commit)
      from  790a1b030ac6f968104e17fe5b721c581ebd1d3e (commit)

- Log -----------------------------------------------------------------
commit 0f9fdefeb05768b86f4364a8e976c87ee197638e
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Jul 30 15:15:05 2020 +0100

    Fix an ENGINE leak in asn1_item_digest_with_libctx
    Commit 6725682d introduced a call to ENGINE_get_digest_engine() into
    the function asn1_item_digest_with_libctx() to determine whether there
    is an ENGINE registered to handle the specified digest. However that
    function increases the ref count on the returned ENGINE object, so it
    must be freed.
    Fixes #12558
    [extended tests]
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/12560)


Summary of changes:
 crypto/asn1/a_digest.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c
index c0c1cda272..3e7b418a19 100644
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -68,7 +68,11 @@ int asn1_item_digest_with_libctx(const ASN1_ITEM *it, const EVP_MD *md,
     if (EVP_MD_provider(md) == NULL) {
 #if !defined(OPENSSL_NO_ENGINE)
-        if (ENGINE_get_digest_engine(EVP_MD_type(md)) == NULL)
+        ENGINE *tmpeng = ENGINE_get_digest_engine(EVP_MD_type(md));
+        if (tmpeng != NULL)
+            ENGINE_finish(tmpeng);
+        else
             fetched_md = EVP_MD_fetch(libctx, EVP_MD_name(md), propq);

More information about the openssl-commits mailing list