diff --git a/ChangeLog b/ChangeLog
index 1dba929dd..ea55df8e1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,8 @@ Bugfix
    * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the 
      buffer after DER certificates to be included in the raw representation.
    * Fix issue that caused a hang when generating RSA keys of odd bitlength
+   * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer
+     dereference possible.
 
 Changes
    * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,
diff --git a/library/rsa.c b/library/rsa.c
index 9fc80cdc6..18fc70212 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -596,7 +596,8 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
     if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
-    if( f_rng == NULL )
+    // We don't check p_rng because it won't be dereferenced here
+    if( f_rng == NULL || input == NULL || output == NULL )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
     olen = ctx->len;