Make EVP_{CIPHER,MD}_CTX_{cleanup,reset}() NULL-safe

We have a bunch of code that relies on this. Surely there is code out
there in the wider ecosystem that relies on these being NULL-safe by
now since upstream sprinkles NULL checks wherever they can.

ok beck joshua

2 files changed, 8 insertions, 3 deletions

diff --git a/src/lib/libcrypto/evp/evp_cipher.c b/src/lib/libcrypto/evp/evp_cipher.c
index 51bbf70654..abdc33eace 100644
--- a/src/lib/libcrypto/evp/evp_cipher.c
+++ b/src/lib/libcrypto/evp/evp_cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_cipher.c,v 1.16 2024/01/07 15:21:04 tb Exp $ */
+/* $OpenBSD: evp_cipher.c,v 1.17 2024/01/30 17:41:01 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -627,6 +627,9 @@ EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
 int
 EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx)
 {
+        if (ctx == NULL)
+                return 1;
+
         if (ctx->cipher != NULL) {
                 /* XXX - Avoid leaks, so ignore return value of cleanup()... */
                 if (ctx->cipher->cleanup != NULL)
diff --git a/src/lib/libcrypto/evp/evp_digest.c b/src/lib/libcrypto/evp/evp_digest.c
index 166b045625..9d8d94afb1 100644
--- a/src/lib/libcrypto/evp/evp_digest.c
+++ b/src/lib/libcrypto/evp/evp_digest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_digest.c,v 1.7 2023/12/29 07:22:47 tb Exp $ */
+/* $OpenBSD: evp_digest.c,v 1.8 2024/01/30 17:41:01 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -258,10 +258,12 @@ EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
         return EVP_MD_CTX_cleanup(ctx);
 }
 
-/* This call frees resources associated with the context */
 int
 EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 {
+        if (ctx == NULL)
+                return 1;
+
         /*
          * Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
          * because sometimes only copies of the context are ever finalised.