From: Matt Caswell <matt@openssl.org>
Date: Fri, 27 Mar 2020 16:05:36 +0000 (+0000)
Subject: Don't attempt to up-ref an EVP_CIPHER if it is NULL
X-Git-Tag: openssl-3.0.0-alpha1~188
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c2146b57d296aa5b06e27cd8d76bbd040a3444b9;p=oweals%2Fopenssl.git

Don't attempt to up-ref an EVP_CIPHER if it is NULL

EVP_CIPHERs in the ssl_cipher_methods table can be NULL if
they are not available. We shouldn't attempt to up-ref a
cipher if it is NULL.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11426)
---

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 23d156a702..745afae630 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -457,7 +457,10 @@ int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc,
             if (*enc == NULL)
                 return 0;
         } else {
-            if (!ssl_evp_cipher_up_ref(ctx->ssl_cipher_methods[i]))
+            const EVP_CIPHER *cipher = ctx->ssl_cipher_methods[i];
+
+            if (cipher == NULL
+                    || !ssl_evp_cipher_up_ref(cipher))
                 return 0;
             *enc = ctx->ssl_cipher_methods[i];
         }