From 0f46ba6f5d82e01d44f23627505962a5692f807f Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 23 Sep 2025 17:00:00 +0200
Subject: [PATCH] Fix doublefree after failure in ossl_siv128_init()

The issue was reported by Ronald Crane from Zippenhop LLC.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28644)

(cherry picked from commit 3185e2762402dffba569d9a7377d51d5bb0e4382)
---
 crypto/modes/siv128.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c
index 72526b849ea..4e52d8eb878 100644
--- a/crypto/modes/siv128.c
+++ b/crypto/modes/siv128.c
@@ -202,9 +202,12 @@ int ossl_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
             || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len,
                               sizeof(ctx->d.byte))) {
         EVP_CIPHER_CTX_free(ctx->cipher_ctx);
+        ctx->cipher_ctx = NULL;
         EVP_MAC_CTX_free(ctx->mac_ctx_init);
+        ctx->mac_ctx_init = NULL;
         EVP_MAC_CTX_free(mac_ctx);
         EVP_MAC_free(ctx->mac);
+        ctx->mac = NULL;
         return 0;
     }
     EVP_MAC_CTX_free(mac_ctx);
-- 
2.47.3