From 698e1f5b37e0b589d8e09c69e9e983472df236de Mon Sep 17 00:00:00 2001
From: Samuel Chiang <sachiang@amazon.com>
Date: Thu, 2 Oct 2025 21:49:13 +0000
Subject: [PATCH] Add null check on RSA key checks

---
 crypto/fipsmodule/rsa/rsa.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/fipsmodule/rsa/rsa.c b/crypto/fipsmodule/rsa/rsa.c
index 4f26aa8287..95bfe3fd3c 100644
--- a/crypto/fipsmodule/rsa/rsa.c
+++ b/crypto/fipsmodule/rsa/rsa.c
@@ -1270,6 +1270,8 @@ static enum rsa_key_type_for_checking determine_key_type_for_checking(const RSA
 // the function can work with.
 int RSA_check_key(const RSA *key) {
   SET_DIT_AUTO_RESET;
+  GUARD_PTR(key);
+
   enum rsa_key_type_for_checking key_type = determine_key_type_for_checking(key);
   if (key_type == RSA_KEY_TYPE_FOR_CHECKING_INVALID) {
     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_RSA_PARAMETERS);
@@ -1501,6 +1503,7 @@ DEFINE_LOCAL_DATA(BIGNUM, g_small_factors) {
 // approved FIPS services.
 int RSA_check_fips(RSA *key) {
   SET_DIT_AUTO_RESET;
+  GUARD_PTR(key);
 
   enum rsa_key_type_for_checking key_type = determine_key_type_for_checking(key);
   // In addition to invalid key type, stripped private keys can not be checked