From 257c3dd6cdbe9b1bde353fa45445b1319de6ffc3 Mon Sep 17 00:00:00 2001
From: ritoban23 <ankudutt101@gmail.com>
Date: Thu, 14 Aug 2025 01:49:17 +0530
Subject: [PATCH] Fix null pointer check in pkey_dh_derive to ensure both keys
 are set

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/28259)

(cherry picked from commit fc84d46d7227886152be00618889a521e9132ef3)
(cherry picked from commit 0163c6ad1f7cec08f59e9f736d36073d01ae7ae5)
---
 crypto/dh/dh_pmeth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 3b75a537b3e..74bef9370d3 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -408,7 +408,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
     }
     dh = (DH *)EVP_PKEY_get0_DH(ctx->pkey);
     dhpub = EVP_PKEY_get0_DH(ctx->peerkey);
-    if (dhpub == NULL) {
+    if (dhpub == NULL || dh == NULL) {
         ERR_raise(ERR_LIB_DH, DH_R_KEYS_NOT_SET);
         return 0;
     }
-- 
2.47.3