`gcry_md_open' needs to be paired with `gcry_md_close' to ensure
resources are released. Since our internal APIs don't have
separate close/release callbacks, sticking it into the finalization
callback seems appropriate.
Building with SANITIZE=leak and running `git fsck' on a SHA-256
repository no longer reports leaks.
Signed-off-by: Eric Wong <e@xxxxxxxxx>
---
sha256/gcrypt.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/sha256/gcrypt.h b/sha256/gcrypt.h
index 68cf6b6a54..1d06a778af 100644
--- a/sha256/gcrypt.h
+++ b/sha256/gcrypt.h
@@ -20,6 +20,7 @@ static inline void gcrypt_SHA256_Update(gcrypt_SHA256_CTX *ctx, const void *data
static inline void gcrypt_SHA256_Final(unsigned char *digest, gcrypt_SHA256_CTX *ctx)
{
memcpy(digest, gcry_md_read(*ctx, GCRY_MD_SHA256), SHA256_DIGEST_SIZE);
+ gcry_md_close(*ctx);
}
static inline void gcrypt_SHA256_Clone(gcrypt_SHA256_CTX *dst, const gcrypt_SHA256_CTX *src)
