Fix double-free in TLS1-PRF KDF when digest change fails
When changing the digest from MD5-SHA1 to a non-MD5-SHA1 digest,
`ctx->P_sha1` is freed but not set to NULL. If `ossl_prov_macctx_load()`
subsequently fails, `ctx->P_sha1` remains as a dangling pointer.
When the context is later freed via `kdf_tls1_prf_reset()`, this
causes a double-free.
Fix by setting `ctx->P_sha1` to NULL immediately after freeing it.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Jan 20 18:21:38 2026
(Merged from https://github.com/openssl/openssl/pull/29649)
projects / thirdparty / openssl.git / commit
