From: Matt Caswell <matt@openssl.org>
Date: Thu, 30 Jul 2020 14:15:05 +0000 (+0100)
Subject: Fix an ENGINE leak in asn1_item_digest_with_libctx
X-Git-Tag: openssl-3.0.0-alpha6~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0f9fdefeb05768b86f4364a8e976c87ee197638e;p=thirdparty%2Fopenssl.git

Fix an ENGINE leak in asn1_item_digest_with_libctx

Commit 6725682d introduced a call to ENGINE_get_digest_engine() into
the function asn1_item_digest_with_libctx() to determine whether there
is an ENGINE registered to handle the specified digest. However that
function increases the ref count on the returned ENGINE object, so it
must be freed.

Fixes #12558

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12560)
---

diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c
index c0c1cda2727..3e7b418a194 100644
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -68,7 +68,11 @@ int asn1_item_digest_with_libctx(const ASN1_ITEM *it, const EVP_MD *md,
 
     if (EVP_MD_provider(md) == NULL) {
 #if !defined(OPENSSL_NO_ENGINE)
-        if (ENGINE_get_digest_engine(EVP_MD_type(md)) == NULL)
+        ENGINE *tmpeng = ENGINE_get_digest_engine(EVP_MD_type(md));
+
+        if (tmpeng != NULL)
+            ENGINE_finish(tmpeng);
+        else
 #endif
             fetched_md = EVP_MD_fetch(libctx, EVP_MD_name(md), propq);
     }