Clean up hash and digest contexts in the back end to avoid refcount

leaks.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/nss@24367 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/crypto/nss/hash_provider/hash_gen.c b/src/lib/crypto/nss/hash_provider/hash_gen.c
index 98a8cc6c09b4e9df71e0b96035a63cf3cd203125..85cbde66f1dacd437a6741b9221220589c818014 100644 (file)
--- a/src/lib/crypto/nss/hash_provider/hash_gen.c
+++ b/src/lib/crypto/nss/hash_provider/hash_gen.c
@@ -61,6 +61,7 @@ k5_nss_gen_hash(HASH_HashType hashType, const krb5_crypto_iov *data,
 
     HASH_End(ctx, (unsigned char *)output->data,
              &output->length, output->length);
+    HASH_Destroy(ctx);
 
     return 0;
 }

diff --git a/src/lib/crypto/nss/hmac.c b/src/lib/crypto/nss/hmac.c
index a909e6ec1328c98ab18bd7b5d9df37e439013b37..a77f3d4adfba5ff46815a11d7936981553c52aa2 100644 (file)
--- a/src/lib/crypto/nss/hmac.c
+++ b/src/lib/crypto/nss/hmac.c
@@ -151,10 +151,9 @@ krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key,
     }
     rv = PK11_DigestFinal(ctx, (unsigned char *) output->data, &output->length,
                           output->length);
-    ctx = NULL;
     if (rv != SECSuccess)
         goto fail;
-
+    PK11_DestroyContext(ctx, PR_TRUE);
     return 0;
 fail:
     ret = k5_nss_map_last_error();