diff -up openssl-fips-0.9.8e/fips/dh/fips_dh_key.c.dh-check openssl-fips-0.9.8e/fips/dh/fips_dh_key.c
--- openssl-fips-0.9.8e/fips/dh/fips_dh_key.c.dh-check	2007-08-21 16:44:13.000000000 +0200
+++ openssl-fips-0.9.8e/fips/dh/fips_dh_key.c	2011-05-04 12:30:34.000000000 +0200
@@ -189,6 +189,7 @@ static int compute_key(unsigned char *ke
 	BN_MONT_CTX *mont=NULL;
 	BIGNUM *tmp;
 	int ret= -1;
+        int check_result;
 
 	ctx = BN_CTX_new();
 	if (ctx == NULL) goto err;
@@ -227,6 +228,12 @@ static int compute_key(unsigned char *ke
 			goto err;
 		}
 
+        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
+		{
+		DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
+		goto err;
+		}
+
 	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
 		{
 		DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
@@ -235,8 +242,11 @@ static int compute_key(unsigned char *ke
 
 	ret=BN_bn2bin(tmp,key);
 err:
-	BN_CTX_end(ctx);
-	BN_CTX_free(ctx);
+	if (ctx != NULL)
+		{
+		BN_CTX_end(ctx);
+		BN_CTX_free(ctx);
+		}
 	return(ret);
 	}