Make EVP_{CIPHER,MD}_CTX_{cleanup,reset}() NULL-safe

We have a bunch of code that relies on this. Surely there is code out
there in the wider ecosystem that relies on these being NULL-safe by
now since upstream sprinkles NULL checks wherever they can.

ok beck joshua

diff --git a/lib/libcrypto/evp/evp_cipher.c b/lib/libcrypto/evp/evp_cipher.c
index 51bbf70..abdc33e 100644 (file)
--- a/lib/libcrypto/evp/evp_cipher.c
+++ b/lib/libcrypto/evp/evp_cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_cipher.c,v 1.16 2024/01/07 15:21:04 tb Exp $ */
+/* $OpenBSD: evp_cipher.c,v 1.17 2024/01/30 17:41:01 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -627,6 +627,9 @@ EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
 int
 EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx)
 {
+       if (ctx == NULL)
+               return 1;
+
        if (ctx->cipher != NULL) {
                /* XXX - Avoid leaks, so ignore return value of cleanup()... */
                if (ctx->cipher->cleanup != NULL)

diff --git a/lib/libcrypto/evp/evp_digest.c b/lib/libcrypto/evp/evp_digest.c
index 166b045..9d8d94a 100644 (file)
--- a/lib/libcrypto/evp/evp_digest.c
+++ b/lib/libcrypto/evp/evp_digest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_digest.c,v 1.7 2023/12/29 07:22:47 tb Exp $ */
+/* $OpenBSD: evp_digest.c,v 1.8 2024/01/30 17:41:01 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -258,10 +258,12 @@ EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
        return EVP_MD_CTX_cleanup(ctx);
 }
 
-/* This call frees resources associated with the context */
 int
 EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 {
+       if (ctx == NULL)
+               return 1;
+
        /*
         * Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
         * because sometimes only copies of the context are ever finalised.