Skip to content

Commit

Permalink
Crypto/evp: Fix null pointer dereference
Browse files Browse the repository at this point in the history 
Check the return value of EVP_KDF_fetch to avoid a potential
null pointer dereference.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from openssl#18062)
  • Loading branch information
@bonniegong @paulidale
bonniegong authored and paulidale committed Apr 11, 2022
1 parent 148176c commit 5f1424c
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions crypto/evp/p5_crpt2.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen,
salt = (unsigned char *)empty;

kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, propq);
if (kdf == NULL)
return 0;
kctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_free(kdf);
if (kctx == NULL)
Expand Down

0 comments on commit 5f1424c

Please sign in to comment.