2 files changed, 10 insertions, 5 deletions

diff --git a/src/lib/libcrypto/kdf/hkdf_evp.c b/src/lib/libcrypto/kdf/hkdf_evp.c
index b33e2e0a26..dee6e35d82 100644
--- a/src/lib/libcrypto/kdf/hkdf_evp.c
+++ b/src/lib/libcrypto/kdf/hkdf_evp.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: hkdf_evp.c,v 1.20 2023/06/26 08:57:17 tb Exp $ */
+/*      $OpenBSD: hkdf_evp.c,v 1.22 2025/05/21 03:53:20 kenjiro Exp $ */
 /* ====================================================================
  * Copyright (c) 2016-2018 The OpenSSL Project.  All rights reserved.
  *
@@ -50,12 +50,11 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include <openssl/err.h>
-#include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/hkdf.h>
 #include <openssl/kdf.h>
 
+#include "err_local.h"
 #include "evp_local.h"
 
 #define HKDF_MAXBUF 1024
@@ -91,6 +90,9 @@ pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx)
 {
         HKDF_PKEY_CTX *kctx = ctx->data;
 
+        if (kctx == NULL)
+                return;
+
         freezero(kctx->salt, kctx->salt_len);
         freezero(kctx->key, kctx->key_len);
         freezero(kctx, sizeof(*kctx));
diff --git a/src/lib/libcrypto/kdf/tls1_prf.c b/src/lib/libcrypto/kdf/tls1_prf.c
index 7d6231e3c7..2b86ff744f 100644
--- a/src/lib/libcrypto/kdf/tls1_prf.c
+++ b/src/lib/libcrypto/kdf/tls1_prf.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls1_prf.c,v 1.40 2024/07/10 06:53:27 tb Exp $ */
+/*      $OpenBSD: tls1_prf.c,v 1.42 2025/05/21 03:53:20 kenjiro Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
  * 2016.
@@ -61,10 +61,10 @@
 #include <stdio.h>
 #include <string.h>
 
-#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
 
+#include "err_local.h"
 #include "evp_local.h"
 
 #define TLS1_PRF_MAXBUF 1024
@@ -96,6 +96,9 @@ pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
 {
         struct tls1_prf_ctx *kctx = ctx->data;
 
+        if (kctx == NULL)
+                return;
+
         freezero(kctx->secret, kctx->secret_len);
         freezero(kctx, sizeof(*kctx));
 }