Add NULL checks to EVP_MD_CTX_cleanse/cleanup

dkostic · dkostic · commit ed9d84f4e716 · 2024-04-08T14:59:47.000-07:00
diff --git a/crypto/fipsmodule/digest/digest.c b/crypto/fipsmodule/digest/digest.c
@@ -98,12 +98,15 @@ EVP_MD_CTX *EVP_MD_CTX_new(void) {
 EVP_MD_CTX *EVP_MD_CTX_create(void) { return EVP_MD_CTX_new(); }
 
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) {
+  if (ctx == NULL) {
+    return 1;
+  }
+
   OPENSSL_free(ctx->md_data);
 
   assert(ctx->pctx == NULL || ctx->pctx_ops != NULL);
   // |pctx| should be freed by the user of |EVP_MD_CTX| if
-  // |EVP_MD_CTX_FLAG_KEEP_PKEY_CTX| is set. Everything other than the external
-  // |pctx| that |ctx->pctx| was pointing to is cleaned up when the flag is set.
+  // |EVP_MD_CTX_FLAG_KEEP_PKEY_CTX| is set. Everything other than the external |pctx| that |ctx->pctx| was pointing to is cleaned up when the flag is set.
   if (ctx->pctx_ops && !(ctx->flags & EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) {
     ctx->pctx_ops->free(ctx->pctx);
   }
@@ -114,6 +117,9 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) {
 }
 
 void EVP_MD_CTX_cleanse(EVP_MD_CTX *ctx) {
+  if (ctx == NULL || ctx->md_data == NULL || ctx->digest == NULL) {
+    return;
+  }
   OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
   EVP_MD_CTX_cleanup(ctx);
 }
