]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 31d61a1)
crypto/evp: fix double free of tmp_keymgmt in sig/kem/asym init master
authorrootvector2 <dxbnaveed.k@gmail.com>
Wed, 27 May 2026 18:14:23 +0000 (23:44 +0530)
committerEugene Syromiatnikov <esyr@openssl.org>
Sun, 31 May 2026 10:55:17 +0000 (12:55 +0200)
Commit ecb4757b377f "crypto/evp/m_sigver.c: fix potential double free
on error path in do_sigver_init" has fixed double-free of tmp_keymgmt
in do_sigver_init() by setting it to NULL after EVP_KEYMGMT_free() call;
the same issue present in evp_kem_init(), evp_pkey_asym_cipher_init(),
and evp_pkey_signature_init().  Address it similarly, by setting
the pointers to NULL after *_free() calls.

Complements: ecb4757b377f "crypto/evp/m_sigver.c: fix potential double free on error path in do_sigver_init"
Fixes: 839ffdd11cd4 "EVP: Allow a fallback for operations that work with an EVP_PKEY"
CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Sun May 31 11:03:15 2026
(Merged from https://github.com/openssl/openssl/pull/31312)

crypto/evp/asymcipher.c patch | blob | blame | history
crypto/evp/kem.c patch | blob | blame | history
crypto/evp/signature.c patch | blob | blame | history

diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c
index bdcb8b59dc04d42f0cf6fd2ed054287d03329fcb..e31e601c638ea905097f2bb999b5ee11d5c97784 100644 (file)
--- a/crypto/evp/asymcipher.c
+++ b/crypto/evp/asymcipher.c
@@ -102,7 +102,9 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation,
          * iteration we're on.
          */
         EVP_ASYM_CIPHER_free(cipher);
+        cipher = NULL;
         EVP_KEYMGMT_free(tmp_keymgmt);
+        tmp_keymgmt = NULL;
 
         switch (iter) {
         case 1:
diff --git a/crypto/evp/kem.c b/crypto/evp/kem.c
index 317db87b52ac2a042c918a4a85971c5d1d998a24..92db9618929dec4743e057668d4eb5990af6d8d6 100644 (file)
--- a/crypto/evp/kem.c
+++ b/crypto/evp/kem.c
@@ -97,7 +97,9 @@ static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation,
          * iteration we're on.
          */
         EVP_KEM_free(kem);
+        kem = NULL;
         EVP_KEYMGMT_free(tmp_keymgmt);
+        tmp_keymgmt = NULL;
 
         switch (iter) {
         case 1:
diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c
index 51a5f0c4df5a29d81a1b403c3e3dedbec1624786..3737bc6ba4ae08045e0f8c91908a4ba4125715f6 100644 (file)
--- a/crypto/evp/signature.c
+++ b/crypto/evp/signature.c
@@ -736,7 +736,9 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
              * iteration we're on.
              */
             EVP_SIGNATURE_free(signature);
+            signature = NULL;
             EVP_KEYMGMT_free(tmp_keymgmt);
+            tmp_keymgmt = NULL;
 
             switch (iter) {
             case 1:
Mirror of https://github.com/openssl/openssl.git