Add appropriate NULL checks in EVP_CIPHER api

The EVP_CIPHER api currently assumes that calls made into several APIs have already initalized the cipher in a given context via a call to EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error, the result is typically a SIGSEGV. Correct that by adding missing NULL checks in the apropriate apis prior to using ctx->cipher Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22995)
author: Neil Horman <nhorman@openssl.org> 2023-12-09 13:40:01 -0500
committer: Neil Horman <nhorman@openssl.org> 2024-01-25 08:27:53 -0500
commit: 6f22bcd631ab622c2436bc5b299ba2677c388375 (patch)
tree: e62244a2a0e8f491ab3e3b582928dbc6383f7abf /test/evp_test.c
parent: ff78d94b131d7bb3b761509d3ce0dd864b1420e3 (diff)
download: openssl-6f22bcd631ab622c2436bc5b299ba2677c388375.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/test/evp_test.c b/test/evp_test.c
index ecc7f7fe20..aa6f7ee5a1 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1131,7 +1131,7 @@ static int cipher_test_run(EVP_TEST *t)
         t->err = "NO_KEY";
         return 0;
     }
-    if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher)) {
+    if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher) > 0) {
         /* IV is optional and usually omitted in wrap mode */
         if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
             t->err = "NO_IV";
author	Neil Horman <nhorman@openssl.org>	2023-12-09 13:40:01 -0500
committer	Neil Horman <nhorman@openssl.org>	2024-01-25 08:27:53 -0500
commit	6f22bcd631ab622c2436bc5b299ba2677c388375 (patch)
tree	e62244a2a0e8f491ab3e3b582928dbc6383f7abf /test/evp_test.c
parent	ff78d94b131d7bb3b761509d3ce0dd864b1420e3 (diff)
download	openssl-6f22bcd631ab622c2436bc5b299ba2677c388375.tar.gz