From ccef4e8b8efe964a6fb6443da2a48a9f30ecf296 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 11 Jun 2025 09:50:16 +0100 Subject: [PATCH] Allow our *_gen_cleanup functions to tolerate a NULL ctx Our *_gen_cleanup functions are essentially "free" functions. Our free functions tolerate NULL being passed. We are being inconsistent with our *_gen_cleanup functions. Some of them tolerate NULL and others do not. We should consistently tolerate NULL. See also #27795 Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/27807) (cherry picked from commit fcc5df53697a63d0f153b0086054f509aad8e6bb) --- providers/implementations/keymgmt/ecx_kmgmt.c | 3 +++ providers/implementations/keymgmt/mac_legacy_kmgmt.c | 3 +++ providers/implementations/keymgmt/ml_dsa_kmgmt.c | 3 +++ providers/implementations/keymgmt/ml_kem_kmgmt.c | 3 +++ providers/implementations/keymgmt/slh_dsa_kmgmt.c | 3 +++ providers/implementations/keymgmt/template_kmgmt.c | 3 +++ 6 files changed, 18 insertions(+) diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index 230a75cc579..6ea0001e578 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -843,6 +843,9 @@ static void ecx_gen_cleanup(void *genctx) { struct ecx_gen_ctx *gctx = genctx; + if (gctx == NULL) + return; + OPENSSL_clear_free(gctx->dhkem_ikm, gctx->dhkem_ikmlen); OPENSSL_free(gctx->propq); OPENSSL_free(gctx); diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c index 161a433caf5..a83017e3aeb 100644 --- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c +++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c @@ -519,6 +519,9 @@ static void mac_gen_cleanup(void *genctx) { struct mac_gen_ctx *gctx = genctx; + if (gctx == NULL) + return; + OPENSSL_secure_clear_free(gctx->priv_key, gctx->priv_key_len); ossl_prov_cipher_reset(&gctx->cipher); OPENSSL_free(gctx); diff --git a/providers/implementations/keymgmt/ml_dsa_kmgmt.c b/providers/implementations/keymgmt/ml_dsa_kmgmt.c index a31a308c9c7..53feeba4ac3 100644 --- a/providers/implementations/keymgmt/ml_dsa_kmgmt.c +++ b/providers/implementations/keymgmt/ml_dsa_kmgmt.c @@ -529,6 +529,9 @@ static void ml_dsa_gen_cleanup(void *genctx) { struct ml_dsa_gen_ctx *gctx = genctx; + if (gctx == NULL) + return; + OPENSSL_cleanse(gctx->entropy, gctx->entropy_len); OPENSSL_free(gctx->propq); OPENSSL_free(gctx); diff --git a/providers/implementations/keymgmt/ml_kem_kmgmt.c b/providers/implementations/keymgmt/ml_kem_kmgmt.c index ba854c66378..3936b6c3cd4 100644 --- a/providers/implementations/keymgmt/ml_kem_kmgmt.c +++ b/providers/implementations/keymgmt/ml_kem_kmgmt.c @@ -794,6 +794,9 @@ static void ml_kem_gen_cleanup(void *vgctx) { PROV_ML_KEM_GEN_CTX *gctx = vgctx; + if (gctx == NULL) + return; + if (gctx->seed != NULL) OPENSSL_cleanse(gctx->seed, ML_KEM_RANDOM_BYTES); OPENSSL_free(gctx->propq); diff --git a/providers/implementations/keymgmt/slh_dsa_kmgmt.c b/providers/implementations/keymgmt/slh_dsa_kmgmt.c index d3803424a6a..cd2ebea72ab 100644 --- a/providers/implementations/keymgmt/slh_dsa_kmgmt.c +++ b/providers/implementations/keymgmt/slh_dsa_kmgmt.c @@ -406,6 +406,9 @@ static void slh_dsa_gen_cleanup(void *genctx) { struct slh_dsa_gen_ctx *gctx = genctx; + if (gctx == NULL) + return; + OPENSSL_cleanse(gctx->entropy, gctx->entropy_len); OPENSSL_free(gctx->propq); OPENSSL_free(gctx); diff --git a/providers/implementations/keymgmt/template_kmgmt.c b/providers/implementations/keymgmt/template_kmgmt.c index b8e377a7f91..c54ad7837e5 100644 --- a/providers/implementations/keymgmt/template_kmgmt.c +++ b/providers/implementations/keymgmt/template_kmgmt.c @@ -387,6 +387,9 @@ static void template_gen_cleanup(void *genctx) { struct template_gen_ctx *gctx = genctx; + if (gctx == NULL) + return; + debug_print("gen cleanup for %p\n", gctx); OPENSSL_free(gctx); } -- 2.47.2