mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-24 20:51:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Avoid potential double-free with duplicated hybrid ML-KEM keys

Browse Source 
Issue reported by Apple Inc on 2025-03-26.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27173)

(cherry picked from commit 02cada2e45a2867e304542f9c5440bfb29af0283)
This commit is contained in:
Viktor Dukhovni 2025-03-27 12:34:50 +11:00 committed by Tomas Mraz
parent dd21dd3e90
commit 428d2901a2
1 changed files with 15 additions and 0 deletions

15
providers/implementations/keymgmt/mlx_kmgmt.c

@ -737,6 +737,21 @@ static void *mlx_kem_dup(const void *vkey, int selection)
|| (ret = OPENSSL_memdup(key, sizeof(*ret))) == NULL)
return NULL;
if (ret->propq != NULL
&& (ret->propq = OPENSSL_strdup(ret->propq)) == NULL) {
OPENSSL_free(ret);
return NULL;
}
/* Absent key material, nothing left to do */
if (ret->mkey == NULL) {
if (ret->xkey == NULL)
return ret;
/* Fail if the source key is an inconsistent state */
OPENSSL_free(ret);
return NULL;
}
switch (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) {
case 0:
ret->xkey = ret->mkey = NULL;