`gcry_md_open' needs to be paired with `gcry_md_close' to ensure resources are released. Since our internal APIs don't have separate close/release callbacks, sticking it into the finalization callback seems appropriate. Building with SANITIZE=leak and running `git fsck' on a SHA-256 repository no longer reports leaks. Signed-off-by: Eric Wong <e@xxxxxxxxx> --- sha256/gcrypt.h | 1 + 1 file changed, 1 insertion(+) diff --git a/sha256/gcrypt.h b/sha256/gcrypt.h index 68cf6b6a54..1d06a778af 100644 --- a/sha256/gcrypt.h +++ b/sha256/gcrypt.h @@ -20,6 +20,7 @@ static inline void gcrypt_SHA256_Update(gcrypt_SHA256_CTX *ctx, const void *data static inline void gcrypt_SHA256_Final(unsigned char *digest, gcrypt_SHA256_CTX *ctx) { memcpy(digest, gcry_md_read(*ctx, GCRY_MD_SHA256), SHA256_DIGEST_SIZE); + gcry_md_close(*ctx); } static inline void gcrypt_SHA256_Clone(gcrypt_SHA256_CTX *dst, const gcrypt_SHA256_CTX *src)