From fdf6118b1552bc723aeba726174b14ca07b5170a Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Tue, 11 Aug 2020 16:28:00 +1000
Subject: [PATCH] Fix coverity CID #1458647 - Use after free in clean_tbuf()
 which uses ctx->rsa

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
---
 providers/implementations/signature/rsa.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c
index 1f1aab2c30..7e2de96e83 100644
--- a/providers/implementations/signature/rsa.c
+++ b/providers/implementations/signature/rsa.c
@@ -832,12 +832,12 @@ static void rsa_freectx(void *vprsactx)
     if (prsactx == NULL)
         return;
 
-    RSA_free(prsactx->rsa);
     EVP_MD_CTX_free(prsactx->mdctx);
     EVP_MD_free(prsactx->md);
     EVP_MD_free(prsactx->mgf1_md);
     OPENSSL_free(prsactx->propq);
     free_tbuf(prsactx);
+    RSA_free(prsactx->rsa);
 
     OPENSSL_clear_free(prsactx, sizeof(*prsactx));
 }
-- 
2.34.1