File gnutls-PSK-hash-fix-memleak.patch of Package gnutls.42640

From a29aa9cda32d3ab0de137d3815536db4b4289599 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Thu, 21 Aug 2025 07:03:38 +0900
Subject: [PATCH 601/713] pre_shared_key: fix memleak when retrying with
 different binder algo

As the PSK entry is reallocated, free it upon retry. Also use
_gnutls_free_key_datum instead of _gnutls_free_temp_key_datum
consistently.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

Index: gnutls-3.8.3/lib/ext/pre_shared_key.c
===================================================================
--- gnutls-3.8.3.orig/lib/ext/pre_shared_key.c
+++ gnutls-3.8.3/lib/ext/pre_shared_key.c
@@ -785,8 +785,8 @@ cleanup:
 	if (free_username)
 		_gnutls_free_datum(&username);
 
-	_gnutls_free_temp_key_datum(&user_key);
-	_gnutls_free_temp_key_datum(&rkey);
+	_gnutls_free_key_datum(&user_key);
+	_gnutls_free_key_datum(&rkey);
 
 	return ret;
 }
@@ -926,11 +926,11 @@ retry_binder:
 
 				ret = derive_ipsk(prf, &psk.identity, &key,
 						  ipsk);
-				_gnutls_free_temp_key_datum(&key);
 				if (ret < 0) {
 					gnutls_assert();
 					goto fail;
 				}
+				_gnutls_free_key_datum(&key);
 				ret = _gnutls_set_datum(&key, ipsk,
 							prf->output_size);
 				zeroize_key(ipsk, sizeof(ipsk));
@@ -986,6 +986,7 @@ retry_binder:
 		if (pskcred && pskcred->binder_algo == NULL &&
 		    mac == GNUTLS_MAC_SHA384) {
 			mac = GNUTLS_MAC_SHA256;
+			_gnutls_free_key_datum(&key);
 			goto retry_binder;
 		}
 		gnutls_assert();
@@ -1086,7 +1087,7 @@ retry_binder:
 	}
 
 fail:
-	_gnutls_free_datum(&key);
+	_gnutls_free_key_datum(&key);
 	return ret;
 }