From e438131a3bd779c0a55f56b93f21589a6064ed93 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 19 Jan 2024 12:32:17 +0100
Subject: [PATCH] EVP_Cipher: correct parameter checking

EVP_Cipher(ctx, NULL, NULL, 0) is a valid call for all algorithms. For none-AEAD it results in a no-op.
---
 wolfcrypt/src/evp.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index b36df7828..9972077c6 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -8118,8 +8118,12 @@ void wolfSSL_EVP_init(void)
 
         WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
 
-        if (ctx == NULL || ((src == NULL || dst == NULL) &&
-            (TRUE
+        if (ctx == NULL) {
+            WOLFSSL_MSG("Bad argument.");
+            return WOLFSSL_FATAL_ERROR;
+        }
+
+        if (TRUE
         #ifdef HAVE_AESGCM
             && ctx->cipherType != AES_128_GCM_TYPE &&
              ctx->cipherType != AES_192_GCM_TYPE &&
@@ -8141,9 +8145,15 @@ void wolfSSL_EVP_init(void)
         #ifdef WOLFSSL_SM4_CCM
             && ctx->cipherType != SM4_CCM_TYPE
         #endif
-            ))) {
-            WOLFSSL_MSG("Bad argument.");
-            return WOLFSSL_FATAL_ERROR;
+            ) {
+            /* Not an AEAD cipher */
+            /* No-op for none AEAD ciphers */
+            if (src == NULL && dst == NULL && len == 0)
+                return 0;
+            if (src == NULL || dst == NULL) {
+                WOLFSSL_MSG("Bad argument.");
+                return WOLFSSL_FATAL_ERROR;
+            }
         }
 
         if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) {