kdf_scrypt_reset(): NULLify freed pointers

Otherwise doublefree happens with further usage.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26488)

(cherry picked from commit 901b108154fd8d28516b9b4bebde93ac5bc2a224)

diff --git a/providers/implementations/kdfs/scrypt.c b/providers/implementations/kdfs/scrypt.c
index a6f8ca03ee4f1da69e24be06b03fa3889bf9dee4..73faea9d183e7948f20f558043b926ceb883ffe8 100644 (file)
--- a/providers/implementations/kdfs/scrypt.c
+++ b/providers/implementations/kdfs/scrypt.c
@@ -92,7 +92,9 @@ static void kdf_scrypt_reset(void *vctx)
     KDF_SCRYPT *ctx = (KDF_SCRYPT *)vctx;
 
     OPENSSL_free(ctx->salt);
+    ctx->salt = NULL;
     OPENSSL_clear_free(ctx->pass, ctx->pass_len);
+    ctx->pass = NULL;
     kdf_scrypt_init(ctx);
 }