coverity: fix 1478169: dereference after NULL check

The code path shouldn't occur in our code but could in an application. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15128)
author: Pauli <pauli@openssl.org> 2021-05-04 08:23:10 +1000
committer: Pauli <pauli@openssl.org> 2021-05-06 11:01:30 +1000
commit: a35536b52d91d02cbfeef22d1373a92252d19d62 (patch)
tree: a25bffa4d62e942b8c25f5fe3de74971f9bc1b68 /crypto/pkcs12
parent: 08a337fac6d56a3b9419f4fbf9a19af958c9c2a1 (diff)
1 files changed, 11 insertions, 3 deletions
diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c
index ac2c7ef537..5351e11d34 100644
--- a/crypto/pkcs12/p12_p8e.c
+++ b/crypto/pkcs12/p12_p8e.c
@@ -22,13 +22,21 @@ X509_SIG *PKCS8_encrypt_ex(int pbe_nid, const EVP_CIPHER *cipher,
     X509_SIG *p8 = NULL;
     X509_ALGOR *pbe;
 
-    if (pbe_nid == -1)
+    if (pbe_nid == -1) {
+        if (cipher == NULL) {
+            ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
+            return NULL;
+        }
         pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, -1,
                                    libctx);
-    else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
+    } else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
+        if (cipher == NULL) {
+            ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
+            return NULL;
+        }
         pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, pbe_nid,
                                    libctx);
-    else {
+    } else {
         ERR_clear_error();
         pbe = PKCS5_pbe_set_ex(pbe_nid, iter, salt, saltlen, libctx);
     }
author	Pauli <pauli@openssl.org>	2021-05-04 08:23:10 +1000
committer	Pauli <pauli@openssl.org>	2021-05-06 11:01:30 +1000
commit	a35536b52d91d02cbfeef22d1373a92252d19d62 (patch)
tree	a25bffa4d62e942b8c25f5fe3de74971f9bc1b68 /crypto/pkcs12
parent	08a337fac6d56a3b9419f4fbf9a19af958c9c2a1 (diff)