ssl.c: fix hash state memory leaks in wolfSSL_clear() and wolfSSL_TicketKeyCb().

src/ssl.c

@@ -20576,55 +20576,8 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
         ssl->keys.encryptionOn = 0;
         XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
 
-        if (ssl->hsHashes != NULL) {
+        FreeHandshakeHashes(ssl);
-#ifndef NO_OLD_TLS
+
-#ifndef NO_MD5
-            if (wc_InitMd5_ex(&ssl->hsHashes->hashMd5, ssl->heap,
-                    ssl->devId) != 0) {
-                return WOLFSSL_FAILURE;
-            }
-        #ifdef WOLFSSL_HASH_FLAGS
-            wc_Md5SetFlags(&ssl->hsHashes->hashMd5, WC_HASH_FLAG_WILLCOPY);
-        #endif
-#endif
-#ifndef NO_SHA
-            if (wc_InitSha_ex(&ssl->hsHashes->hashSha, ssl->heap,
-                    ssl->devId) != 0) {
-                return WOLFSSL_FAILURE;
-            }
-        #ifdef WOLFSSL_HASH_FLAGS
-            wc_ShaSetFlags(&ssl->hsHashes->hashSha, WC_HASH_FLAG_WILLCOPY);
-        #endif
-#endif
-#endif
-#ifndef NO_SHA256
-            if (wc_InitSha256_ex(&ssl->hsHashes->hashSha256, ssl->heap,
-                    ssl->devId) != 0) {
-                return WOLFSSL_FAILURE;
-            }
-        #ifdef WOLFSSL_HASH_FLAGS
-            wc_Sha256SetFlags(&ssl->hsHashes->hashSha256, WC_HASH_FLAG_WILLCOPY);
-        #endif
-#endif
-#ifdef WOLFSSL_SHA384
-            if (wc_InitSha384_ex(&ssl->hsHashes->hashSha384, ssl->heap,
-                    ssl->devId) != 0) {
-                return WOLFSSL_FAILURE;
-            }
-        #ifdef WOLFSSL_HASH_FLAGS
-            wc_Sha384SetFlags(&ssl->hsHashes->hashSha384, WC_HASH_FLAG_WILLCOPY);
-        #endif
-#endif
-#ifdef WOLFSSL_SHA512
-            if (wc_InitSha512_ex(&ssl->hsHashes->hashSha512, ssl->heap,
-                    ssl->devId) != 0) {
-                return WOLFSSL_FAILURE;
-            }
-        #ifdef WOLFSSL_HASH_FLAGS
-            wc_Sha512SetFlags(&ssl->hsHashes->hashSha512, WC_HASH_FLAG_WILLCOPY);
-        #endif
-#endif
-        }
 #ifdef SESSION_CERTS
         ssl->session->chain.count = 0;
 #endif
@@ -51807,7 +51760,8 @@ static int wolfSSL_TicketKeyCb(WOLFSSL* ssl,
             iv, &evpCtx, &hmacCtx, enc);
     if (res != TICKET_KEY_CB_RET_OK && res != TICKET_KEY_CB_RET_RENEW) {
         WOLFSSL_MSG("Ticket callback error");
-        return WOLFSSL_TICKET_RET_FATAL;
+        ret = WOLFSSL_TICKET_RET_FATAL;
+        goto end;
     }
 
     if (enc)
@@ -51861,6 +51815,9 @@ static int wolfSSL_TicketKeyCb(WOLFSSL* ssl,
     else
         ret = WOLFSSL_TICKET_RET_OK;
 end:
+
+    (void)wc_HmacFree(&hmacCtx.hmac);
+
     return ret;
 }
 

tests/api.c

@@ -38690,6 +38690,14 @@ static void test_wolfSSL_BIO_connect(void)
 
     printf(testingFmt, "wolfSSL_BIO_new_connect()");
 
+    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+    AssertIntEQ(WOLFSSL_SUCCESS,
+            wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
+    AssertIntEQ(WOLFSSL_SUCCESS,
+          wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
+    AssertIntEQ(WOLFSSL_SUCCESS,
+            wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
+
     /* Setup server */
     XMEMSET(&server_args, 0, sizeof(func_args));
     StartTCP();
@@ -38708,13 +38716,6 @@ static void test_wolfSSL_BIO_connect(void)
     AssertNotNull(tcpBio = BIO_new_connect(wolfSSLIP));
     AssertIntEQ(BIO_set_conn_port(tcpBio, buff), 1);
     /* Setup the SSL object */
-    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
-    AssertIntEQ(WOLFSSL_SUCCESS,
-            wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
-    AssertIntEQ(WOLFSSL_SUCCESS,
-          wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
-    AssertIntEQ(WOLFSSL_SUCCESS,
-            wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
     AssertNotNull(ssl = SSL_new(ctx));
     SSL_set_connect_state(ssl);
     /* Setup the SSL BIO */