Clear md_data only when necessary

PR #17255 fixed a bug in EVP_DigestInit_ex(). While backporting the PR
to 1.1.1 (see #17472) I spotted an error in the original patch. This fixes
it.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17473)

(cherry picked from commit 8086b267fb3395c53cd5fc29eea68ba4826b333d)

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index eb6ccfaca260c59c8c2ca1746f3fa53476156519..066f2a4af95c3159af25da5dffe263bc9d22c648 100644 (file)
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -33,9 +33,10 @@ static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force)
             ctx->digest->cleanup(ctx);
         if (ctx->md_data != NULL && ctx->digest->ctx_size > 0
                 && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)
-                    || force))
+                    || force)) {
             OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
-        ctx->md_data = NULL;
+            ctx->md_data = NULL;
+        }
     }
 }