Don't free in cleanup routine

Cleanse instead, and free in the free routine.

Seems to have been introduced in commit
846ec07d904f9cc81d486db0db14fb84f61ff6e5 when EVP_CIPHER_CTX was made
opaque.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2798)

diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c
index c4f13a069f32b0bd91f463fd40d416222aa3a147..0f4ca26bc2834e38af3907dc48de1bc732d72ee3 100644 (file)
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
@@ -60,7 +60,7 @@ CMAC_CTX *CMAC_CTX_new(void)
 
 void CMAC_CTX_cleanup(CMAC_CTX *ctx)
 {
 
 void CMAC_CTX_cleanup(CMAC_CTX *ctx)
 {

-    EVP_CIPHER_CTX_free(ctx->cctx);
+    EVP_CIPHER_CTX_cleanup(ctx->cctx);

     OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
     OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
     OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH);
     OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
     OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
     OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH);


@@ -78,6 +78,7 @@ void CMAC_CTX_free(CMAC_CTX *ctx)
     if (!ctx)
         return;
     CMAC_CTX_cleanup(ctx);
     if (!ctx)
         return;
     CMAC_CTX_cleanup(ctx);

+    EVP_CIPHER_CTX_free(ctx->cctx);

     OPENSSL_free(ctx);
 }
 
     OPENSSL_free(ctx);
 }