diff -up openssl-fips-0.9.8e/fips/dh/fips_dh_key.c.dh-check openssl-fips-0.9.8e/fips/dh/fips_dh_key.c

--- openssl-fips-0.9.8e/fips/dh/fips_dh_key.c.dh-check	2007-08-21 16:44:13.000000000 +0200

+++ openssl-fips-0.9.8e/fips/dh/fips_dh_key.c	2011-05-04 12:30:34.000000000 +0200

@@ -189,6 +189,7 @@ static int compute_key(unsigned char *ke

 	BN_MONT_CTX *mont=NULL;

 	BIGNUM *tmp;

 	int ret= -1;

+        int check_result;

 	ctx = BN_CTX_new();

 	if (ctx == NULL) goto err;

@@ -227,6 +228,12 @@ static int compute_key(unsigned char *ke

 			goto err;

 		}

+        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)

+		{

+		DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);

+		goto err;

+		}

+

 	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))

 		{

 		DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);

@@ -235,8 +242,11 @@ static int compute_key(unsigned char *ke

 	ret=BN_bn2bin(tmp,key);

 err:

-	BN_CTX_end(ctx);

-	BN_CTX_free(ctx);

+	if (ctx != NULL)

+		{

+		BN_CTX_end(ctx);

+		BN_CTX_free(ctx);

+		}

 	return(ret);

 	}