From 18e1dba89cc7fe8fb5c145d47d93bef24f4caa35 Mon Sep 17 00:00:00 2001
From: kenjiro <>
Date: Wed, 21 May 2025 03:53:20 +0000
Subject: Add NULL checks to HKDF and TLS1-PRF EVP_PKEY cleanup functions

Check if ctx->data is NULL before calling freezero(). Also add
HKDF and TLS1-PRF to the EVP_PKEY cleanup regression test, as
they no longer crash with this change.

ok tb@
---
 src/lib/libcrypto/kdf/hkdf_evp.c | 5 ++++-
 src/lib/libcrypto/kdf/tls1_prf.c | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

(limited to 'src/lib/libcrypto/kdf')

diff --git a/src/lib/libcrypto/kdf/hkdf_evp.c b/src/lib/libcrypto/kdf/hkdf_evp.c
index 90686a56f9..dee6e35d82 100644
--- a/src/lib/libcrypto/kdf/hkdf_evp.c
+++ b/src/lib/libcrypto/kdf/hkdf_evp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: hkdf_evp.c,v 1.21 2025/05/10 05:54:38 tb Exp $ */
+/*	$OpenBSD: hkdf_evp.c,v 1.22 2025/05/21 03:53:20 kenjiro Exp $ */
 /* ====================================================================
  * Copyright (c) 2016-2018 The OpenSSL Project.  All rights reserved.
  *
@@ -90,6 +90,9 @@ pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx)
 {
 	HKDF_PKEY_CTX *kctx = ctx->data;
 
+	if (kctx == NULL)
+		return;
+
 	freezero(kctx->salt, kctx->salt_len);
 	freezero(kctx->key, kctx->key_len);
 	freezero(kctx, sizeof(*kctx));
diff --git a/src/lib/libcrypto/kdf/tls1_prf.c b/src/lib/libcrypto/kdf/tls1_prf.c
index fb7b718339..2b86ff744f 100644
--- a/src/lib/libcrypto/kdf/tls1_prf.c
+++ b/src/lib/libcrypto/kdf/tls1_prf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls1_prf.c,v 1.41 2025/05/10 05:54:38 tb Exp $ */
+/*	$OpenBSD: tls1_prf.c,v 1.42 2025/05/21 03:53:20 kenjiro Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
  * 2016.
@@ -96,6 +96,9 @@ pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
 {
 	struct tls1_prf_ctx *kctx = ctx->data;
 
+	if (kctx == NULL)
+		return;
+
 	freezero(kctx->secret, kctx->secret_len);
 	freezero(kctx, sizeof(*kctx));
 }
-- 
cgit v1.2.3-55-g6feb