Commit 8226861d13 for openssl.org

commit 8226861d13e37bdae8ee51bc05ad651cde159196
Author: Nikola Pajkovsky <nikolap@openssl.org>
Date:   Tue Feb 17 11:03:52 2026 +0100

    srtpkdf: check libctx null before use

    Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Neil Horman <nhorman@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
    MergeDate: Wed Feb 18 16:34:05 2026
    (Merged from https://github.com/openssl/openssl/pull/30040)

diff --git a/providers/implementations/kdfs/srtpkdf.c b/providers/implementations/kdfs/srtpkdf.c
index f8839ff59a..0c8693d5db 100644
--- a/providers/implementations/kdfs/srtpkdf.c
+++ b/providers/implementations/kdfs/srtpkdf.c
@@ -192,11 +192,13 @@ static int kdf_srtpkdf_derive(void *vctx, unsigned char *key, size_t keylen,
 {
     KDF_SRTPKDF *ctx = (KDF_SRTPKDF *)vctx;
     const EVP_CIPHER *cipher;
-    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *libctx;

     if (!ossl_prov_is_running() || !kdf_srtpkdf_set_ctx_params(ctx, params))
         return 0;

+    libctx = PROV_LIBCTX_OF(ctx->provctx);
+
     cipher = ossl_prov_cipher_cipher(&ctx->cipher);
     if (cipher == NULL) {
         ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CIPHER);