From: Drokovar Dmitriy <drokov@rutoken.ru>
Date: Tue, 10 Mar 2026 05:38:57 +0000 (-0400)
Subject: EVP_MD_CTX_gettable_params(): Add NULL check before dereference
X-Git-Tag: openssl-4.0.0~65
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a953d025d42135852ac65a53f02fb96cd91f581e;p=thirdparty%2Fopenssl.git

EVP_MD_CTX_gettable_params(): Add NULL check before dereference

Found by Linux Verification Center (linuxtesting.org) with SVACE.

CLA:trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Fri Apr  3 15:24:39 2026
(Merged from https://github.com/openssl/openssl/pull/30589)

(cherry picked from commit 9ac50d2d7bdf207c2e408bed79641169f5c69894)
---

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 1e73bd3d1ba..43fa6b1256b 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -693,8 +693,9 @@ const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
     if (ossl_unlikely(pctx != NULL)
         && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
             || pctx->operation == EVP_PKEY_OP_SIGNCTX)
-        && pctx->op.sig.algctx != NULL
-        && pctx->op.sig.signature->gettable_ctx_md_params != NULL)
+        && pctx->op.sig.signature != NULL
+        && pctx->op.sig.signature->gettable_ctx_md_params != NULL
+        && pctx->op.sig.algctx != NULL)
         return pctx->op.sig.signature->gettable_ctx_md_params(
             pctx->op.sig.algctx);