srtpkdf.c: avoid ctx NULL dereference kdf_srtpkdf_set_ctx_params()

ctx is dereferenced before NULL check to obtain libctx.  Fix it
by moving the dereference after the NULL check.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1680648
Fixes: fe67753da4096 "Add SRTPKDF implementation"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Wed Jan 28 12:57:00 2026
(Merged from https://github.com/openssl/openssl/pull/29757)

diff --git a/providers/implementations/kdfs/srtpkdf.c b/providers/implementations/kdfs/srtpkdf.c
index 46e5411bf2b85b168cce5be905e4365dc945208d..5fe65831a944ca7a2ed7edaa18e78e544cf8c53c 100644 (file)
--- a/providers/implementations/kdfs/srtpkdf.c
+++ b/providers/implementations/kdfs/srtpkdf.c
@@ -206,7 +206,7 @@ static int kdf_srtpkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     struct srtp_set_ctx_params_st p;
     KDF_SRTPKDF *ctx = vctx;
-    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *libctx;
     const EVP_CIPHER *cipher;
 
     if (params == NULL)
@@ -215,6 +215,8 @@ static int kdf_srtpkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     if (ctx == NULL || !srtp_set_ctx_params_decoder(params, &p))
         return 0;
 
+    libctx = PROV_LIBCTX_OF(ctx->provctx);
+
     if ((p.cipher != NULL)
         && !ossl_prov_cipher_load(&ctx->cipher, p.cipher, p.propq, libctx))
         return 0;