Commit 2a15001582 for openssl.org

commit 2a150015820866f6a5719c4101a3e8d571e77254
Author: Alexandr Nedvedicky <sashan@openssl.org>
Date:   Sat Feb 28 08:56:52 2026 +0100

    ossl_lms_key_to_text(): Fix NULL pointer dereference of `key` argument

    Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1682024
    Complements: 3d82b990d1f Added LMS support for OpenSSL commandline signature verification using pkeyutl.

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
    Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
    MergeDate: Mon Mar  2 19:33:33 2026
    (Merged from https://github.com/openssl/openssl/pull/30215)

diff --git a/providers/implementations/encode_decode/lms_codecs.c b/providers/implementations/encode_decode/lms_codecs.c
index 1d4a446622..bb75b81b05 100644
--- a/providers/implementations/encode_decode/lms_codecs.c
+++ b/providers/implementations/encode_decode/lms_codecs.c
@@ -152,13 +152,16 @@ static const char *get_digest(const char *name)

 int ossl_lms_key_to_text(BIO *out, const LMS_KEY *key, int selection)
 {
-    const LMS_PARAMS *lms_params = key->lms_params;
-    const LM_OTS_PARAMS *ots_params = key->ots_params;
+    const LMS_PARAMS *lms_params;
+    const LM_OTS_PARAMS *ots_params;

     if (out == NULL || key == NULL) {
         ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
+    lms_params = key->lms_params;
+    ots_params = key->ots_params;
+
     if (key->pub.encoded == NULL || key->pub.encodedlen == 0) {
         /* Regardless of the |selection|, there must be a public key */
         ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY,