]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 24f0715)
Fix fips cleanup of master key
authorNeil Horman <nhorman@openssl.org>
Tue, 17 Jun 2025 17:32:44 +0000 (13:32 -0400)
committerNeil Horman <nhorman@openssl.org>
Fri, 20 Jun 2025 17:01:39 +0000 (13:01 -0400)
With the conversion to a fixed array, we can no longer just clean the
top level sparse array, as we don't enjoy the NULL check within the
sa_doall loop.

Add a NULL check in the fips cleanup routine to make up for this

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)

crypto/threads_common.c patch | blob | blame | history

diff --git a/crypto/threads_common.c b/crypto/threads_common.c
index fdd19418a8207c7510cf65661e68cd70ee67cc82..c255c87df91424e561184f950e5d1ff96dd2cfa7 100644 (file)
--- a/crypto/threads_common.c
+++ b/crypto/threads_common.c
@@ -403,7 +403,8 @@ void CRYPTO_THREAD_clean_local_for_fips(void)
         return;
 
     mkey = CRYPTO_THREAD_get_local(&master_key);
-    clean_master_key(mkey);
+    if (mkey != NULL)
+        clean_master_key(mkey);
     CRYPTO_THREAD_cleanup_local(&master_key);
 }
 #endif
Mirror of https://github.com/openssl/openssl.git