From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Thu, 27 Mar 2025 01:34:50 +0000 (+1100)
Subject: Avoid potential double-free with duplicated hybrid ML-KEM keys
X-Git-Tag: openssl-3.5.0~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=428d2901a21abef7739143f7641aa3a157762aeb;p=thirdparty%2Fopenssl.git

Avoid potential double-free with duplicated hybrid ML-KEM keys

Issue reported by Apple Inc on 2025-03-26.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27173)

(cherry picked from commit 02cada2e45a2867e304542f9c5440bfb29af0283)
---

diff --git a/providers/implementations/keymgmt/mlx_kmgmt.c b/providers/implementations/keymgmt/mlx_kmgmt.c
index b8c3dd45c27..bea87832760 100644
--- a/providers/implementations/keymgmt/mlx_kmgmt.c
+++ b/providers/implementations/keymgmt/mlx_kmgmt.c
@@ -737,6 +737,21 @@ static void *mlx_kem_dup(const void *vkey, int selection)
         || (ret = OPENSSL_memdup(key, sizeof(*ret))) == NULL)
         return NULL;
 
+    if (ret->propq != NULL
+        && (ret->propq = OPENSSL_strdup(ret->propq)) == NULL) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    /* Absent key material, nothing left to do */
+    if (ret->mkey == NULL) {
+        if (ret->xkey == NULL)
+            return ret;
+        /* Fail if the source key is an inconsistent state */
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
     switch (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) {
     case 0:
         ret->xkey = ret->mkey = NULL;