Fix doublefree after failure in ossl_siv128_init()

The issue was reported by Ronald Crane from Zippenhop LLC.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28644)

(cherry picked from commit 3185e2762402dffba569d9a7377d51d5bb0e4382)

diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c
index e6348a8d3753cc818ea681616d43f0880f1d0616..42d7ecedff1749e146c87da1f8883b1cc543cb06 100644 (file)
--- a/crypto/modes/siv128.c
+++ b/crypto/modes/siv128.c
@@ -202,9 +202,12 @@ int ossl_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
             || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len,
                               sizeof(ctx->d.byte))) {
         EVP_CIPHER_CTX_free(ctx->cipher_ctx);
+        ctx->cipher_ctx = NULL;
         EVP_MAC_CTX_free(ctx->mac_ctx_init);
+        ctx->mac_ctx_init = NULL;
         EVP_MAC_CTX_free(mac_ctx);
         EVP_MAC_free(ctx->mac);
+        ctx->mac = NULL;
         return 0;
     }
     EVP_MAC_CTX_free(mac_ctx);