Commit 74245170b5 for openssl.org

commit 74245170b5a64b234ac4af27c86a25ec251c8b2a
Author: Igor Ustinov <igus@openssl.foundation>
Date:   Thu May 21 08:36:54 2026 +0200

    Fix potential NULL dereference processing CMS PasswordRecipientInfo

    Avoid NULL dereferencing when keyDerivationAlgorithm is absent
    in CMS PasswordRecipientInfo.

    Fixes CVE-2026-42766

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    MergeDate: Mon Jun  8 18:57:52 2026

diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index 2a5625c9c8..2cdac56fcf 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -368,6 +368,11 @@ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms,

     /* Finish password based key derivation to setup key in "ctx" */

+    if (algtmp == NULL) {
+        ERR_raise_data(ERR_LIB_CMS, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER,
+            "Missing KeyDerivationAlgorithm");
+        goto err;
+    }
     if (!EVP_PBE_CipherInit_ex(algtmp->algorithm,
             (char *)pwri->pass, (int)pwri->passlen,
             algtmp->parameter, kekctx, en_de,