fix hash hrbg memory leaks

ctaocrypt/src/pkcs7.c

@@ -1442,7 +1442,7 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     XMEMCPY(output + idx, encryptedContent, desOutSz);
     idx += desOutSz;
 
-#ifdef NO_RC4
+#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
     FreeRng(&rng);
 #endif
 

ctaocrypt/test/test.c

@@ -4704,6 +4704,10 @@ int ecc_test(void)
     ecc_free(&userB);
     ecc_free(&userA);
 
+#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
+    FreeRng(&rng);
+#endif
+
     return 0;
 }
 
@@ -5267,6 +5271,10 @@ int pkcs7signed_test(void)
     free(out);
     PKCS7_Free(&msg);
 
+#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
+    FreeRng(&rng);
+#endif
+
     if (ret > 0)
         return 0;
 

src/ssl.c

@@ -10263,6 +10263,7 @@ int CyaSSL_RAND_seed(const void* seed, int len)
 int CyaSSL_RAND_bytes(unsigned char* buf, int num)
 {
     int    ret = 0;
+    int    initTmpRng = 0;
     RNG*   rng = NULL;
 #ifdef CYASSL_SMALL_STACK
     RNG*   tmpRNG = NULL;
@@ -10278,8 +10279,10 @@ int CyaSSL_RAND_bytes(unsigned char* buf, int num)
         return ret;
 #endif
 
-    if (InitRng(tmpRNG) == 0)
+    if (InitRng(tmpRNG) == 0) {
         rng = tmpRNG;
+        initTmpRng = 1;
+    }
     else if (initGlobalRNG)
         rng = &globalRNG;
 
@@ -10290,6 +10293,12 @@ int CyaSSL_RAND_bytes(unsigned char* buf, int num)
             ret = SSL_SUCCESS;
     }
 
+    if (initTmpRng) {
+        #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
+            FreeRng(tmpRNG);
+        #endif
+    }
+
 #ifdef CYASSL_SMALL_STACK
     XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif