Tolerate nullptr in i2d_X509_NAME This used to be tolerated by way of the general tasn_enc machinery. We don't support this, but one existing test was relying on this to force i2d_X509_NAME to fail and exercise that error path. I don't think it's actually possible, short of malloc failure, to construct an X509_NAME such that i2d_X509_NAME fails anymore. It's easier to just restore this artificial failure case than to figure out what, if anything, to do with their check. Change-Id: I49bd19e711518756c5ff20230dc4df6c56bf1977 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/82310 Reviewed-by: Lily Chen <chlily@google.com> Auto-Submit: David Benjamin <davidben@google.com> Commit-Queue: Lily Chen <chlily@google.com>

commit: db638238d29708a20b991af3b2488e45a8bbcf71 [log] [tgz]
author: David Benjamin <davidben@google.com> Fri Sep 26 14:29:07 2025 -0400
committer: Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Fri Sep 26 12:13:51 2025 -0700
tree: 567d8ae03a8e2480fd348ff2fe002564a5413759
parent: 2375765eeae11c78eec8c6bf1bdfa53cf86e6ef8 [diff]
diff --git a/crypto/x509/x_name.cc b/crypto/x509/x_name.cc
index 6b10219..ce9b01d 100644
--- a/crypto/x509/x_name.cc
+++ b/crypto/x509/x_name.cc

@@ -304,6 +304,10 @@
 }
 
 int i2d_X509_NAME(const X509_NAME *in, uint8_t **outp) {
+  if (in == nullptr) {
+    OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER);
+    return -1;
+  }
   const X509_NAME_CACHE *cache = x509_name_get_cache(in);
   if (cache == nullptr) {
     return -1;
commit	db638238d29708a20b991af3b2488e45a8bbcf71	[log] [tgz]
author	David Benjamin <davidben@google.com>	Fri Sep 26 14:29:07 2025 -0400
committer	Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>	Fri Sep 26 12:13:51 2025 -0700
tree	567d8ae03a8e2480fd348ff2fe002564a5413759
parent	2375765eeae11c78eec8c6bf1bdfa53cf86e6ef8 [diff]