Commit 72029afd91 for openssl.org

commit 72029afd912e05b74d337bb9749a41795b23baa0
Author: Zijie Zhao <zijie4@illinois.edu>
Date:   Thu Jan 15 11:55:53 2026 -0600

    Fix double-free in TLS1-PRF KDF when digest change fails

    When changing the digest from MD5-SHA1 to a non-MD5-SHA1 digest,
    `ctx->P_sha1` is freed but not set to NULL. If `ossl_prov_macctx_load()`
    subsequently fails, `ctx->P_sha1` remains as a dangling pointer.
    When the context is later freed via `kdf_tls1_prf_reset()`, this
    causes a double-free.

    Fix by setting `ctx->P_sha1` to NULL immediately after freeing it.

    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    MergeDate: Tue Jan 20 18:21:38 2026
    (Merged from https://github.com/openssl/openssl/pull/29649)

diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c
index 13bc4d890a..77911c9591 100644
--- a/providers/implementations/kdfs/tls1_prf.c
+++ b/providers/implementations/kdfs/tls1_prf.c
@@ -325,6 +325,7 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
                 return 0;
         } else {
             EVP_MAC_CTX_free(ctx->P_sha1);
+            ctx->P_sha1 = NULL;
             if (!ossl_prov_macctx_load(&ctx->P_hash, NULL, NULL, p.digest,
                     p.propq,
                     OSSL_MAC_NAME_HMAC, NULL, NULL, libctx))