Allow our *_gen_cleanup functions to tolerate a NULL ctx

Our *_gen_cleanup functions are essentially "free" functions. Our
free functions tolerate NULL being passed. We are being inconsistent with
our *_gen_cleanup functions. Some of them tolerate NULL and others do not.

We should consistently tolerate NULL.

See also #27795

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27807)

diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c
index 3324eab99eb48d6ee0fe196729c655f7ef4b59cd..294b8839aa32f4c6c8ca366f170b55e2c05148b1 100644 (file)
--- a/providers/implementations/keymgmt/ecx_kmgmt.c
+++ b/providers/implementations/keymgmt/ecx_kmgmt.c
@@ -848,6 +848,9 @@ static void ecx_gen_cleanup(void *genctx)
 {
     struct ecx_gen_ctx *gctx = genctx;
 
+    if (gctx == NULL)
+        return;
+
     OPENSSL_clear_free(gctx->dhkem_ikm, gctx->dhkem_ikmlen);
     OPENSSL_free(gctx->propq);
     OPENSSL_free(gctx);

diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
index 161a433caf5a1eee3e45c6a4e128e9989203d905..a83017e3aebf287597bb16456195e71e24823a66 100644 (file)
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -519,6 +519,9 @@ static void mac_gen_cleanup(void *genctx)
 {
     struct mac_gen_ctx *gctx = genctx;
 
+    if (gctx == NULL)
+        return;
+
     OPENSSL_secure_clear_free(gctx->priv_key, gctx->priv_key_len);
     ossl_prov_cipher_reset(&gctx->cipher);
     OPENSSL_free(gctx);

diff --git a/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in b/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in
index 5ab8fb741fca6363cf5e0c99a31c56f86fc13f3a..c6b8c6a09189463cddeec8b87fadcc1fa023ff76 100644 (file)
--- a/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in
+++ b/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in
@@ -573,6 +573,9 @@ static void ml_dsa_gen_cleanup(void *genctx)
 {
     struct ml_dsa_gen_ctx *gctx = genctx;
 
+    if (gctx == NULL)
+        return;
+
     OPENSSL_cleanse(gctx->entropy, gctx->entropy_len);
     OPENSSL_free(gctx->propq);
     OPENSSL_free(gctx);

diff --git a/providers/implementations/keymgmt/ml_kem_kmgmt.c.in b/providers/implementations/keymgmt/ml_kem_kmgmt.c.in
index 348a950fbbbb6edfb86bb8691a40a4c2555f5757..21cc69acd153d429ff29e16fe41ea3fe78e30236 100644 (file)
--- a/providers/implementations/keymgmt/ml_kem_kmgmt.c.in
+++ b/providers/implementations/keymgmt/ml_kem_kmgmt.c.in
@@ -816,6 +816,9 @@ static void ml_kem_gen_cleanup(void *vgctx)
 {
     PROV_ML_KEM_GEN_CTX *gctx = vgctx;
 
+    if (gctx == NULL)
+        return;
+
     if (gctx->seed != NULL)
         OPENSSL_cleanse(gctx->seed, ML_KEM_RANDOM_BYTES);
     OPENSSL_free(gctx->propq);

diff --git a/providers/implementations/keymgmt/slh_dsa_kmgmt.c b/providers/implementations/keymgmt/slh_dsa_kmgmt.c
index 6afe0a07df31925af447d645cc0cb6e8ec8eb045..b7f8f351b1fd863473a1f83db0041afac41682de 100644 (file)
--- a/providers/implementations/keymgmt/slh_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/slh_dsa_kmgmt.c
@@ -410,6 +410,9 @@ static void slh_dsa_gen_cleanup(void *genctx)
 {
     struct slh_dsa_gen_ctx *gctx = genctx;
 
+    if (gctx == NULL)
+        return;
+
     OPENSSL_cleanse(gctx->entropy, gctx->entropy_len);
     OPENSSL_free(gctx->propq);
     OPENSSL_free(gctx);

diff --git a/providers/implementations/keymgmt/template_kmgmt.c b/providers/implementations/keymgmt/template_kmgmt.c
index b8e377a7f91247b319a3a3db2d4ccfd0bd5dae32..c54ad7837e5c45c8bf1b546800dec9cd11934e82 100644 (file)
--- a/providers/implementations/keymgmt/template_kmgmt.c
+++ b/providers/implementations/keymgmt/template_kmgmt.c
@@ -387,6 +387,9 @@ static void template_gen_cleanup(void *genctx)
 {
     struct template_gen_ctx *gctx = genctx;
 
+    if (gctx == NULL)
+        return;
+
     debug_print("gen cleanup for %p\n", gctx);
     OPENSSL_free(gctx);
 }