Fix 69939 EVP_PKEY_is_a() crashes with NULL key on OpenSSL 3.0.x

markt-asf · markt-asf · commit bba9e9464a1a · 2026-02-04T15:19:44.000Z
https://bz.apache.org/bugzilla/show_bug.cgi?id=69939
diff --git a/native/src/sslutils.c b/native/src/sslutils.c
@@ -190,7 +190,7 @@ EVP_PKEY *SSL_dh_GetParamFromFile(const char *file)
         return NULL;
     evp = PEM_read_bio_Parameters_ex(bio, NULL, NULL, NULL);
     BIO_free(bio);
-    if (!EVP_PKEY_is_a(evp, "DH")) {
+    if (evp && !EVP_PKEY_is_a(evp, "DH")) {
         EVP_PKEY_free(evp);
         return NULL;
     }
diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml
@@ -62,6 +62,10 @@
       Improve performance for the rare case of handling large OCSP responses.
       (markt)
     </scode>
+    <fix>
+      <bug>69939</bug>: Fix the cause of a crash with OpenSSL 3.0.x when a
+      certificate PEM file does not contain explicit DH parameters. (markt)
+    </fix>
   </changelog>
 </section>
 <section name="2.0.12" rtext="2026-01-12">

Original file line number	Diff line number	Diff line change
`@@ -190,7 +190,7 @@ EVP_PKEY SSL_dh_GetParamFromFile(const char file)`
`190`	`190`	`return NULL;`
`191`	`191`	`evp = PEM_read_bio_Parameters_ex(bio, NULL, NULL, NULL);`
`192`	`192`	`BIO_free(bio);`
`193`		`- if (!EVP_PKEY_is_a(evp, "DH")) {`
	`193`	`+ if (evp && !EVP_PKEY_is_a(evp, "DH")) {`
`194`	`194`	`EVP_PKEY_free(evp);`
`195`	`195`	`return NULL;`
`196`	`196`	`}`