Commit 9ac50d2d7b for openssl.org

commit 9ac50d2d7bdf207c2e408bed79641169f5c69894
Author: Drokovar Dmitriy <drokov@rutoken.ru>
Date:   Tue Mar 10 01:38:57 2026 -0400

    EVP_MD_CTX_gettable_params(): Add NULL check before dereference

    Found by Linux Verification Center (linuxtesting.org) with SVACE.

    CLA:trivial

    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    MergeDate: Fri Apr  3 15:24:39 2026
    (Merged from https://github.com/openssl/openssl/pull/30589)

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 1e73bd3d1b..43fa6b1256 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -693,8 +693,9 @@ const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
     if (ossl_unlikely(pctx != NULL)
         && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
             || pctx->operation == EVP_PKEY_OP_SIGNCTX)
-        && pctx->op.sig.algctx != NULL
-        && pctx->op.sig.signature->gettable_ctx_md_params != NULL)
+        && pctx->op.sig.signature != NULL
+        && pctx->op.sig.signature->gettable_ctx_md_params != NULL
+        && pctx->op.sig.algctx != NULL)
         return pctx->op.sig.signature->gettable_ctx_md_params(
             pctx->op.sig.algctx);