diff --git a/dlls/advapi32/registry.c b/dlls/advapi32/registry.c
index 7faee3cce91..b9cb8c53228 100644
--- a/dlls/advapi32/registry.c
+++ b/dlls/advapi32/registry.c
@@ -311,6 +311,7 @@ LSTATUS WINAPI RegOpenKeyExW( HKEY hkey, LPCWSTR name, DWORD options, REGSAM acc
     /* NT+ allows beginning backslash for HKEY_CLASSES_ROOT */
     if (hkey == HKEY_CLASSES_ROOT && name && *name == '\\') name++;
 
+    if (!retkey) return ERROR_INVALID_PARAMETER;
     if (!(hkey = get_special_root_hkey( hkey ))) return ERROR_INVALID_HANDLE;
 
     attr.Length = sizeof(attr);
diff --git a/dlls/ntdll/reg.c b/dlls/ntdll/reg.c
index 9b3aae53ea5..3bee5882857 100644
--- a/dlls/ntdll/reg.c
+++ b/dlls/ntdll/reg.c
@@ -116,13 +116,13 @@ NTSTATUS WINAPI NtOpenKey( PHANDLE retkey, ACCESS_MASK access, const OBJECT_ATTR
     NTSTATUS ret;
     DWORD len;
 
-    if (!attr) return STATUS_ACCESS_VIOLATION;
+    if (!retkey || !attr) return STATUS_ACCESS_VIOLATION;
+    if (attr->Length > sizeof(OBJECT_ATTRIBUTES)) return STATUS_INVALID_PARAMETER;
     len = attr->ObjectName->Length;
     TRACE( "(%p,%s,%x,%p)\n", attr->RootDirectory,
            debugstr_us(attr->ObjectName), access, retkey );
 
     if (len > MAX_NAME_LENGTH) return STATUS_BUFFER_OVERFLOW;
-    if (!retkey) return STATUS_INVALID_PARAMETER;
 
     SERVER_START_REQ( open_key )
     {
diff --git a/dlls/ntdll/tests/reg.c b/dlls/ntdll/tests/reg.c
index 67bd125f6a6..8a86627d9e5 100644
--- a/dlls/ntdll/tests/reg.c
+++ b/dlls/ntdll/tests/reg.c
@@ -351,14 +351,12 @@ static void test_NtOpenKey(void)
 
     /* NULL key */
     status = pNtOpenKey(NULL, am, &attr);
-    todo_wine
-        ok(status == STATUS_ACCESS_VIOLATION, "Expected STATUS_ACCESS_VIOLATION, got: 0x%08x\n", status);
+    ok(status == STATUS_ACCESS_VIOLATION, "Expected STATUS_ACCESS_VIOLATION, got: 0x%08x\n", status);
 
     /* Length > sizeof(OBJECT_ATTRIBUTES) */
     attr.Length *= 2;
     status = pNtOpenKey(&key, am, &attr);
-    todo_wine
-        ok(status == STATUS_INVALID_PARAMETER, "Expected STATUS_INVALID_PARAMETER, got: 0x%08x\n", status);
+    ok(status == STATUS_INVALID_PARAMETER, "Expected STATUS_INVALID_PARAMETER, got: 0x%08x\n", status);
 }
 
 static void test_NtCreateKey(void)