From: ritoban23 <ankudutt101@gmail.com>
Date: Wed, 13 Aug 2025 20:19:17 +0000 (+0530)
Subject: Fix null pointer check in pkey_dh_derive to ensure both keys are set
X-Git-Tag: openssl-3.6.0-alpha1~61
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc84d46d7227886152be00618889a521e9132ef3;p=thirdparty%2Fopenssl.git

Fix null pointer check in pkey_dh_derive to ensure both keys are set

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/28259)
---

diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 0d9bb0dcb9a..937a6bd0459 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -408,7 +408,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
     }
     dh = (DH *)EVP_PKEY_get0_DH(ctx->pkey);
     dhpub = EVP_PKEY_get0_DH(ctx->peerkey);
-    if (dhpub == NULL) {
+    if (dhpub == NULL || dh == NULL) {
         ERR_raise(ERR_LIB_DH, DH_R_KEYS_NOT_SET);
         return 0;
     }