From 963eb12dbd551df71d7eb054e095c1b85f4aaab9 Mon Sep 17 00:00:00 2001
From: x2018 <xkernel.wang@foxmail.com>
Date: Tue, 26 Oct 2021 11:31:11 +0800
Subject: [PATCH] free the Post-Handshake Auth digest when there is an error
 saving the digest

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16917)
---
 ssl/statem/statem_lib.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index eef2fe4367e..79ac9be04ba 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -2381,6 +2381,8 @@ int tls13_save_handshake_digest_for_pha(SSL *s)
         if (!EVP_MD_CTX_copy_ex(s->pha_dgst,
                                 s->s3.handshake_dgst)) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+            EVP_MD_CTX_free(s->pha_dgst);
+            s->pha_dgst = NULL;
             return 0;
         }
     }
-- 
2.47.3