Commit a28accadf7 for openssl.org

commit a28accadf709afbc3b29343fccde0304ab541884
Author: Neil Horman <nhorman@openssl.org>
Date:   Mon Dec 15 09:04:54 2025 -0500

    Fix Coverity issue in kdf_snmpkdf_set_ctx_params

    Coverity flagged a use before NULL check error in
    kdf_snmpkdf_set_ctx_params.

    In this function the ctx pointer was dereferenced to obtain a
    OSSL_LIB_CTX pointer, and only after that dereference was ctx checked
    for being NULL.

    fix is pretty clear, just move the OSSL_LIB_CTX computation down to a
    point after ctx is checked for NULL.

    fixes openssl/project#1765

    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Norbert Pocs <norbertp@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/29400)

diff --git a/providers/implementations/kdfs/snmpkdf.c b/providers/implementations/kdfs/snmpkdf.c
index d94fdc385b..f81738fee0 100644
--- a/providers/implementations/kdfs/snmpkdf.c
+++ b/providers/implementations/kdfs/snmpkdf.c
@@ -150,7 +150,7 @@ static int kdf_snmpkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     struct snmp_set_ctx_params_st p;
     KDF_SNMPKDF *ctx = vctx;
-    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *libctx;
 #ifdef FIPS_MODULE
     const EVP_MD *md = NULL;
 #endif
@@ -161,6 +161,7 @@ static int kdf_snmpkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     if (ctx == NULL || !snmp_set_ctx_params_decoder(params, &p))
         return 0;

+    libctx = PROV_LIBCTX_OF(ctx->provctx);
     if (p.digest != NULL) {
         if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, libctx))
             return 0;