From 2fbdb4b0166f2045307f159118bab16fecbe9eaf Mon Sep 17 00:00:00 2001
From: tb <>
Date: Tue, 30 Jan 2024 17:41:01 +0000
Subject: Make EVP_{CIPHER,MD}_CTX_{cleanup,reset}() NULL-safe

We have a bunch of code that relies on this. Surely there is code out
there in the wider ecosystem that relies on these being NULL-safe by
now since upstream sprinkles NULL checks wherever they can.

ok beck joshua
---
 src/lib/libcrypto/evp/evp_cipher.c | 5 ++++-
 src/lib/libcrypto/evp/evp_digest.c | 6 ++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/evp/evp_cipher.c b/src/lib/libcrypto/evp/evp_cipher.c
index 51bbf70654..abdc33eace 100644
--- a/src/lib/libcrypto/evp/evp_cipher.c
+++ b/src/lib/libcrypto/evp/evp_cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_cipher.c,v 1.16 2024/01/07 15:21:04 tb Exp $ */
+/* $OpenBSD: evp_cipher.c,v 1.17 2024/01/30 17:41:01 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -627,6 +627,9 @@ EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
 int
 EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx)
 {
+	if (ctx == NULL)
+		return 1;
+
 	if (ctx->cipher != NULL) {
 		/* XXX - Avoid leaks, so ignore return value of cleanup()... */
 		if (ctx->cipher->cleanup != NULL)
diff --git a/src/lib/libcrypto/evp/evp_digest.c b/src/lib/libcrypto/evp/evp_digest.c
index 166b045625..9d8d94afb1 100644
--- a/src/lib/libcrypto/evp/evp_digest.c
+++ b/src/lib/libcrypto/evp/evp_digest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_digest.c,v 1.7 2023/12/29 07:22:47 tb Exp $ */
+/* $OpenBSD: evp_digest.c,v 1.8 2024/01/30 17:41:01 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -258,10 +258,12 @@ EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
 	return EVP_MD_CTX_cleanup(ctx);
 }
 
-/* This call frees resources associated with the context */
 int
 EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 {
+	if (ctx == NULL)
+		return 1;
+
 	/*
 	 * Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
 	 * because sometimes only copies of the context are ever finalised.
-- 
cgit v1.2.3-55-g6feb