Add NULL checks to HKDF and TLS1-PRF EVP_PKEY cleanup functions

Check if ctx->data is NULL before calling freezero(). Also add HKDF and TLS1-PRF to the EVP_PKEY cleanup regression test, as they no longer crash with this change. ok tb@
author: kenjiro <> 2025-05-21 03:53:20 +0000
committer: kenjiro <> 2025-05-21 03:53:20 +0000
commit: 4db1ecb865af08af076b8b5a429aee1f1f7d64ec (patch)
tree: 780bf80ce8f6bacfb3f6997c28e6a7d1f82cf725 /src/lib/libcrypto/kdf/hkdf_evp.c
parent: 0719e035f0b9e8de3f6970bafad840881e1e9b86 (diff)
download: openbsd-4db1ecb865af08af076b8b5a429aee1f1f7d64ec.tar.gz
openbsd-4db1ecb865af08af076b8b5a429aee1f1f7d64ec.tar.bz2
openbsd-4db1ecb865af08af076b8b5a429aee1f1f7d64ec.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/libcrypto/kdf/hkdf_evp.c b/src/lib/libcrypto/kdf/hkdf_evp.c
index 90686a56f9..dee6e35d82 100644
--- a/src/lib/libcrypto/kdf/hkdf_evp.c
+++ b/src/lib/libcrypto/kdf/hkdf_evp.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: hkdf_evp.c,v 1.21 2025/05/10 05:54:38 tb Exp $ */
+/*      $OpenBSD: hkdf_evp.c,v 1.22 2025/05/21 03:53:20 kenjiro Exp $ */
 /* ====================================================================
 * Copyright (c) 2016-2018 The OpenSSL Project.  All rights reserved.
 *
@@ -90,6 +90,9 @@ pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx)
 {
        HKDF_PKEY_CTX *kctx = ctx->data;
+        if (kctx == NULL)
+                return;
        freezero(kctx->salt, kctx->salt_len);
        freezero(kctx->key, kctx->key_len);
        freezero(kctx, sizeof(*kctx));
author	kenjiro <>	2025-05-21 03:53:20 +0000
committer	kenjiro <>	2025-05-21 03:53:20 +0000
commit	4db1ecb865af08af076b8b5a429aee1f1f7d64ec (patch)
tree	780bf80ce8f6bacfb3f6997c28e6a7d1f82cf725 /src/lib/libcrypto/kdf/hkdf_evp.c
parent	0719e035f0b9e8de3f6970bafad840881e1e9b86 (diff)
download	openbsd-4db1ecb865af08af076b8b5a429aee1f1f7d64ec.tar.gz openbsd-4db1ecb865af08af076b8b5a429aee1f1f7d64ec.tar.bz2 openbsd-4db1ecb865af08af076b8b5a429aee1f1f7d64ec.zip