From 4d566e3be67f9f595452169d6bf09015a2f0e087 Mon Sep 17 00:00:00 2001
From: Zijie Zhao <zijie4@illinois.edu>
Date: Thu, 15 Jan 2026 11:55:53 -0600
Subject: [PATCH] Fix double-free in TLS1-PRF KDF when digest change fails

When changing the digest from MD5-SHA1 to a non-MD5-SHA1 digest,
`ctx->P_sha1` is freed but not set to NULL. If `ossl_prov_macctx_load()`
subsequently fails, `ctx->P_sha1` remains as a dangling pointer.
When the context is later freed via `kdf_tls1_prf_reset()`, this
causes a double-free.

Fix by setting `ctx->P_sha1` to NULL immediately after freeing it.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Jan 20 18:23:59 2026
(Merged from https://github.com/openssl/openssl/pull/29657)

(cherry picked from commit f9106877fb1521e2d9e0f4b64ea514554cc4cce8)
---
 providers/implementations/kdfs/tls1_prf.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c
index f7c6e467ae2..f0c4e5172b8 100644
--- a/providers/implementations/kdfs/tls1_prf.c
+++ b/providers/implementations/kdfs/tls1_prf.c
@@ -184,6 +184,7 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
                 return 0;
         } else {
             EVP_MAC_CTX_free(ctx->P_sha1);
+            ctx->P_sha1 = NULL;
             if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params,
                     OSSL_MAC_NAME_HMAC,
                     NULL, NULL, libctx))
-- 
2.47.3