[openssl] master update

Matt Caswell matt at openssl.org
Thu Feb 13 14:31:36 UTC 2020


The branch master has been updated
       via  0618b62ca2a9c5fb7bf8421deabaee240c709040 (commit)
      from  06e62984c1e7cee5e50211dfb9a89d5095799133 (commit)


- Log -----------------------------------------------------------------
commit 0618b62ca2a9c5fb7bf8421deabaee240c709040
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Feb 12 11:55:30 2020 +0000

    Fix a mem leak in libssl
    
    Make sure we free up any ENGINE references after we have finished using
    them.
    
    Fixes #11064
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/11070)

-----------------------------------------------------------------------

Summary of changes:
 ssl/ssl_lib.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 08fcd83ea7..23101954ec 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -5849,12 +5849,17 @@ const EVP_CIPHER *ssl_evp_cipher_fetch(OPENSSL_CTX *libctx,
                                        const char *properties)
 {
 #ifndef OPENSSL_NO_ENGINE
+    ENGINE *eng;
+
     /*
      * If there is an Engine available for this cipher we use the "implicit"
      * form to ensure we use that engine later.
      */
-    if (ENGINE_get_cipher_engine(nid) != NULL)
+    eng = ENGINE_get_cipher_engine(nid);
+    if (eng != NULL) {
+        ENGINE_finish(eng);
         return EVP_get_cipherbynid(nid);
+    }
 #endif
 
     /* Otherwise we do an explicit fetch */
@@ -5894,12 +5899,17 @@ const EVP_MD *ssl_evp_md_fetch(OPENSSL_CTX *libctx,
                                const char *properties)
 {
 #ifndef OPENSSL_NO_ENGINE
+    ENGINE *eng;
+
     /*
      * If there is an Engine available for this digest we use the "implicit"
      * form to ensure we use that engine later.
      */
-    if (ENGINE_get_digest_engine(nid) != NULL)
+    eng = ENGINE_get_digest_engine(nid);
+    if (eng != NULL) {
+        ENGINE_finish(eng);
         return EVP_get_digestbynid(nid);
+    }
 #endif
 
     /* Otherwise we do an explicit fetch */


More information about the openssl-commits mailing list