Fix Coverity issue in kdf_snmpkdf_set_ctx_params

Coverity flagged a use before NULL check error in
kdf_snmpkdf_set_ctx_params.

In this function the ctx pointer was dereferenced to obtain a
OSSL_LIB_CTX pointer, and only after that dereference was ctx checked
for being NULL.

fix is pretty clear, just move the OSSL_LIB_CTX computation down to a
point after ctx is checked for NULL.

fixes openssl/project#1765

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29400)

diff --git a/providers/implementations/kdfs/snmpkdf.c b/providers/implementations/kdfs/snmpkdf.c
index d94fdc385b3bf7ceffa2e07365922ad1def8f50a..f81738fee03c772d2743dc850d324e29e295eb1b 100644 (file)
--- a/providers/implementations/kdfs/snmpkdf.c
+++ b/providers/implementations/kdfs/snmpkdf.c
@@ -150,7 +150,7 @@ static int kdf_snmpkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     struct snmp_set_ctx_params_st p;
     KDF_SNMPKDF *ctx = vctx;
-    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *libctx;
 #ifdef FIPS_MODULE
     const EVP_MD *md = NULL;
 #endif
@@ -161,6 +161,7 @@ static int kdf_snmpkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     if (ctx == NULL || !snmp_set_ctx_params_decoder(params, &p))
         return 0;
 
+    libctx = PROV_LIBCTX_OF(ctx->provctx);
     if (p.digest != NULL) {
         if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, libctx))
             return 0;