From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Mon, 26 Jan 2026 08:51:33 +0000 (+0100)
Subject: srtpkdf.c: avoid ctx NULL dereference kdf_srtpkdf_set_ctx_params()
X-Git-Tag: openssl-4.0.0-alpha1~443
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=63f62bf4e55111d87898f534ad0a2164e13ba289;p=thirdparty%2Fopenssl.git

srtpkdf.c: avoid ctx NULL dereference kdf_srtpkdf_set_ctx_params()

ctx is dereferenced before NULL check to obtain libctx.  Fix it
by moving the dereference after the NULL check.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1680648
Fixes: fe67753da4096 "Add SRTPKDF implementation"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Wed Jan 28 12:57:00 2026
(Merged from https://github.com/openssl/openssl/pull/29757)
---

diff --git a/providers/implementations/kdfs/srtpkdf.c b/providers/implementations/kdfs/srtpkdf.c
index 46e5411bf2b..5fe65831a94 100644
--- a/providers/implementations/kdfs/srtpkdf.c
+++ b/providers/implementations/kdfs/srtpkdf.c
@@ -206,7 +206,7 @@ static int kdf_srtpkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     struct srtp_set_ctx_params_st p;
     KDF_SRTPKDF *ctx = vctx;
-    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *libctx;
     const EVP_CIPHER *cipher;
 
     if (params == NULL)
@@ -215,6 +215,8 @@ static int kdf_srtpkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     if (ctx == NULL || !srtp_set_ctx_params_decoder(params, &p))
         return 0;
 
+    libctx = PROV_LIBCTX_OF(ctx->provctx);
+
     if ((p.cipher != NULL)
         && !ossl_prov_cipher_load(&ctx->cipher, p.cipher, p.propq, libctx))
         return 0;