OpenSSL: Fix tls_init(NULL) with FIPS-enabled build

The conf argument to tls_init() may be NULL (as it is when using
hostapd), so we must check that here before dereferencing the
pointer.

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 1c002522714fbc6af4884a315fc98438c317ad35..76b23a6611db9ca8b9e80138183c3a439588344f 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -667,7 +667,7 @@ void * tls_init(const struct tls_config *conf)
        if (tls_openssl_ref_count == 0) {
 #ifdef CONFIG_FIPS
 #ifdef OPENSSL_FIPS
-               if (conf->fips_mode) {
+               if (conf && conf->fips_mode) {
                        if (!FIPS_mode_set(1)) {
                                wpa_printf(MSG_ERROR, "Failed to enable FIPS "
                                           "mode");
@@ -678,7 +678,7 @@ void * tls_init(const struct tls_config *conf)
                                wpa_printf(MSG_INFO, "Running in FIPS mode");
                }
 #else /* OPENSSL_FIPS */
-               if (conf->fips_mode) {
+               if (conf && conf->fips_mode) {
                        wpa_printf(MSG_ERROR, "FIPS mode requested, but not "
                                   "supported");
                        return NULL;