From 6876df78077aeada8362cf5f07dbc00574add2e6 Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Thu, 5 Jun 2025 13:28:37 +1000
Subject: [PATCH] rand: add argument error checking to EVP_RAND_nonce()
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: SaÅ¡a NedvÄdickÃ½ <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27766)

(cherry picked from commit a2cd7ecd75dcd0de214319ec11bf5b3701bec7a3)
---
 crypto/evp/evp_rand.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c
index ac0c01f2ae1..37c519592f0 100644
--- a/crypto/evp/evp_rand.c
+++ b/crypto/evp/evp_rand.c
@@ -655,6 +655,11 @@ int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen)
 {
     int res;
 
+    if (ctx == NULL || out == NULL || outlen == 0) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (!evp_rand_lock(ctx))
         return 0;
     res = evp_rand_nonce_locked(ctx, out, outlen);
-- 
2.47.2