commit e406df64aea245a4caacf25793df9efa08ea5d8f
Author: Neil Horman <nhorman@openssl.org>
Date:   Mon Mar 16 13:49:07 2026 -0400

    Fix inadvertent NULL deref in [ec]dh_cms_set_shared_info
    
    Two independent reports indicated a SIGSEGV was possible in CMS
    processing when a crafted CMS EnvelopedData message using A Key
    Agreement Recipient Info field.  If they
    KeyEncryptionAlgorithmIdentifier omits the optional parameter field, The
    referenced funcitons above will attempt to dereference the
    alg->parameter data prior to checking if the paramter field is NULL.
    
    Easy fix, just make sure to check if the field is NULL before accessing
    
    Confirmed to resolve the issues using the reproducers provided in the
    security reports.
    
    Fixes CVE-2026-28389

Index: openssl-1.1.1d/crypto/dh/dh_ameth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/dh/dh_ameth.c
+++ openssl-1.1.1d/crypto/dh/dh_ameth.c
@@ -682,6 +682,9 @@ static int dh_cms_set_shared_info(EVP_PK
     if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
         goto err;
 
+    if (alg == NULL || alg->parameter == NULL)
+        goto err;
+
     /*
      * For DH we only have one OID permissible. If ever any more get defined
      * we will need something cleverer.
Index: openssl-1.1.1d/crypto/ec/ec_ameth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ec_ameth.c
+++ openssl-1.1.1d/crypto/ec/ec_ameth.c
@@ -730,6 +730,8 @@ static int ecdh_cms_set_shared_info(EVP_
 
     if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
         return 0;
+    if (alg == NULL || alg->parameter == NULL)
+        return 0;
 
     if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {
         ECerr(EC_F_ECDH_CMS_SET_SHARED_INFO, EC_R_KDF_PARAMETER_ERROR);