diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index b78e8696bb..df43593934 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -7429,7 +7429,7 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
                                             output_length);
 
 exit:
-    if (status != PSA_SUCCESS) {
+    if (status != PSA_SUCCESS && output != NULL) {
         /* If an error happens and is not handled properly, the output
          * may be used as a key to protect sensitive data. Arrange for such
          * a key to be random, which is likely to result in decryption or