4482. [bug] Address use before require check and remove extraneous

dns_message_gettsigkey call in dns_tsig_sign.
                        [RT #43374]

CHANGES

@@ -1,3 +1,7 @@
+4482.	[bug]		Address use before require check and remove extraneous
+			dns_message_gettsigkey call in dns_tsig_sign.
+			[RT #43374]
+
 4482.	[cleanup]	Change #4455 was incomplete. [RT #43252]
 
 4481.	[func]		dig: make +class, +crypto, +multiline, +rrcomments,
@@ -24,7 +28,7 @@
 
 4472.	[bug]		Named could fail to find the correct NSEC3 records when
 			a zone was updated between looking for the answer and
-			looking for the NSEC3 records proving non-existance
+			looking for the NSEC3 records proving nonexistence
 			of the answer. [RT #43247]
 
 	--- 9.11.0 released ---

lib/dns/tsig.c

@@ -909,21 +909,22 @@ dns_tsig_sign(dns_message_t *msg) {
 	isc_result_t ret;
 	unsigned char badtimedata[BADTIMELEN];
 	unsigned int sigsize = 0;
-	isc_boolean_t response = is_response(msg);
+	isc_boolean_t response;
 
 	REQUIRE(msg != NULL);
-	REQUIRE(VALID_TSIG_KEY(dns_message_gettsigkey(msg)));
+	key = dns_message_gettsigkey(msg);
+	REQUIRE(VALID_TSIG_KEY(key));
 
 	/*
 	 * If this is a response, there should be a query tsig.
 	 */
+	response = is_response(msg);
 	if (response && msg->querytsig == NULL)
 		return (DNS_R_EXPECTEDTSIG);
 
 	dynbuf = NULL;
 
 	mctx = msg->mctx;
-	key = dns_message_gettsigkey(msg);
 
 	tsig.mctx = mctx;
 	tsig.common.rdclass = dns_rdataclass_any;