sha: Use EVP_DigestInit_ex for resetting EVP_MD_CTX

ueno · ueno · commit 2e20ea86964c · 2023-05-08T16:58:20.000+09:00
Calling EVP_DigestInit on an already initialized EVP_MD_CTX results in
memory leak on OpenSSL 1.0.2.  This switches to using
EVP_DigestInit_ex to ensure that the underlying EVP_MD_CTX is reset.

Signed-off-by: Daiki Ueno &lt;dueno@redhat.com&gt;
diff --git a/openssl/sha.go b/openssl/sha.go
@@ -103,8 +103,8 @@ func (h *evpHash) finalize() {
 func (h *evpHash) Reset() {
 	// There is no need to reset h.ctx2 because it is always reset after
 	// use in evpHash.sum.
-	if C.go_openssl_EVP_DigestInit(h.ctx, h.md) != 1 {
-		panic(newOpenSSLError("EVP_DigestInit"))
+	if C.go_openssl_EVP_DigestInit_ex(h.ctx, h.md, nil) != 1 {
+		panic(newOpenSSLError("EVP_DigestInit_ex"))
 	}
 	runtime.KeepAlive(h)
 }

Original file line number	Diff line number	Diff line change
`@@ -103,8 +103,8 @@ func (h *evpHash) finalize() {`
`103`	`103`	`func (h *evpHash) Reset() {`
`104`	`104`	`// There is no need to reset h.ctx2 because it is always reset after`
`105`	`105`	`// use in evpHash.sum.`
`106`		`- if C.go_openssl_EVP_DigestInit(h.ctx, h.md) != 1 {`
`107`		`- panic(newOpenSSLError("EVP_DigestInit"))`
	`106`	`+ if C.go_openssl_EVP_DigestInit_ex(h.ctx, h.md, nil) != 1 {`
	`107`	`+ panic(newOpenSSLError("EVP_DigestInit_ex"))`
`108`	`108`	`}`
`109`	`109`	`runtime.KeepAlive(h)`
`110`	`110`	`}`