From ed9d84f4e71659515b878aab030bac1e575e71ab Mon Sep 17 00:00:00 2001
From: dkostic <dkostic@amazon.com>
Date: Mon, 8 Apr 2024 14:59:47 -0700
Subject: [PATCH] Add NULL checks to EVP_MD_CTX_cleanse/cleanup

---
 crypto/fipsmodule/digest/digest.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/crypto/fipsmodule/digest/digest.c b/crypto/fipsmodule/digest/digest.c
index 0ba7427e11..8e279ca58f 100644
--- a/crypto/fipsmodule/digest/digest.c
+++ b/crypto/fipsmodule/digest/digest.c
@@ -98,12 +98,15 @@ EVP_MD_CTX *EVP_MD_CTX_new(void) {
 EVP_MD_CTX *EVP_MD_CTX_create(void) { return EVP_MD_CTX_new(); }
 
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) {
+  if (ctx == NULL) {
+    return 1;
+  }
+
   OPENSSL_free(ctx->md_data);
 
   assert(ctx->pctx == NULL || ctx->pctx_ops != NULL);
   // |pctx| should be freed by the user of |EVP_MD_CTX| if
-  // |EVP_MD_CTX_FLAG_KEEP_PKEY_CTX| is set. Everything other than the external
-  // |pctx| that |ctx->pctx| was pointing to is cleaned up when the flag is set.
+  // |EVP_MD_CTX_FLAG_KEEP_PKEY_CTX| is set. Everything other than the external |pctx| that |ctx->pctx| was pointing to is cleaned up when the flag is set.
   if (ctx->pctx_ops && !(ctx->flags & EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) {
     ctx->pctx_ops->free(ctx->pctx);
   }
@@ -114,6 +117,9 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) {
 }
 
 void EVP_MD_CTX_cleanse(EVP_MD_CTX *ctx) {
+  if (ctx == NULL || ctx->md_data == NULL || ctx->digest == NULL) {
+    return;
+  }
   OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
   EVP_MD_CTX_cleanup(ctx);
 }