From: Pauli <ppzgs1@gmail.com>
Date: Thu, 5 Jun 2025 03:28:37 +0000 (+1000)
Subject: rand: add argument error checking to EVP_RAND_nonce()
X-Git-Tag: openssl-3.4.2~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6876df78077aeada8362cf5f07dbc00574add2e6;p=thirdparty%2Fopenssl.git

rand: add argument error checking to EVP_RAND_nonce()

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27766)

(cherry picked from commit a2cd7ecd75dcd0de214319ec11bf5b3701bec7a3)
---

diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c
index ac0c01f2ae1..37c519592f0 100644
--- a/crypto/evp/evp_rand.c
+++ b/crypto/evp/evp_rand.c
@@ -655,6 +655,11 @@ int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen)
 {
     int res;
 
+    if (ctx == NULL || out == NULL || outlen == 0) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (!evp_rand_lock(ctx))
         return 0;
     res = evp_rand_nonce_locked(ctx, out, outlen);