From 3224a282a65bfcabfb730112b53a89f95341f8b3 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Fri, 11 May 2018 21:31:34 +1000 Subject: [PATCH] hcrypto WinCNG backend: don't leak handles on crypto reinit Similar fix to a88d0066, but for the WinCNG EVP backend. However this is just a fix for leaking handles if the same EVP context is used with a new key; there is no functionality issue as cipherstate is maintained directly in the EVP context, not internally by WinCNG. --- lib/hcrypto/evp-wincng.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/hcrypto/evp-wincng.c b/lib/hcrypto/evp-wincng.c index d97a80d14..a9b14e3bb 100644 --- a/lib/hcrypto/evp-wincng.c +++ b/lib/hcrypto/evp-wincng.c @@ -196,6 +196,11 @@ wincng_key_init(EVP_CIPHER_CTX *ctx, if (ctx->cipher->app_data == NULL) return 0; + if (cng->hKey) { + BCryptDestroyKey(cng->hKey); /* allow reinitialization */ + cng->hKey = (BCRYPT_KEY_HANDLE)0; + } + /* * Note: ctx->key_len not EVP_CIPHER_CTX_key_length() for * variable length key support.