From: Zijie Zhao <zijie4@illinois.edu>
Date: Thu, 15 Jan 2026 17:55:53 +0000 (-0600)
Subject: Fix double-free in TLS1-PRF KDF when digest change fails
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=72029afd912e05b74d337bb9749a41795b23baa0;p=thirdparty%2Fopenssl.git

Fix double-free in TLS1-PRF KDF when digest change fails

When changing the digest from MD5-SHA1 to a non-MD5-SHA1 digest,
`ctx->P_sha1` is freed but not set to NULL. If `ossl_prov_macctx_load()`
subsequently fails, `ctx->P_sha1` remains as a dangling pointer.
When the context is later freed via `kdf_tls1_prf_reset()`, this
causes a double-free.

Fix by setting `ctx->P_sha1` to NULL immediately after freeing it.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Jan 20 18:21:38 2026
(Merged from https://github.com/openssl/openssl/pull/29649)
---

diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c
index 13bc4d890a..77911c9591 100644
--- a/providers/implementations/kdfs/tls1_prf.c
+++ b/providers/implementations/kdfs/tls1_prf.c
@@ -325,6 +325,7 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
                 return 0;
         } else {
             EVP_MAC_CTX_free(ctx->P_sha1);
+            ctx->P_sha1 = NULL;
             if (!ossl_prov_macctx_load(&ctx->P_hash, NULL, NULL, p.digest,
                     p.propq,
                     OSSL_MAC_NAME_HMAC, NULL, NULL, libctx))