BoringSSL: Keep static analyzers happier with X509_get0_pubkey_bitstr()

While this function could return NULL if the parameter issued to it were
NULL, that does not really happen here. Anyway, since this can result in
a warning from a static analyzer that does can see the return NULL
without fully understanding what it means here, check the return value
explicitly against NULL to avoid false warnings.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/crypto/tls_openssl_ocsp.c b/src/crypto/tls_openssl_ocsp.c
index 4e1c6b9..8b37b34 100644 (file)
--- a/src/crypto/tls_openssl_ocsp.c
+++ b/src/crypto/tls_openssl_ocsp.c
@@ -433,7 +433,8 @@ static int issuer_match(X509 *cert, X509 *issuer, CertID *certid)
        }
 
        ikey = X509_get0_pubkey_bitstr(issuer);
-       if (!EVP_Digest(ikey->data, ikey->length, md, &len, dgst, NULL) ||
+       if (!ikey ||
+           !EVP_Digest(ikey->data, ikey->length, md, &len, dgst, NULL) ||
            !ASN1_OCTET_STRING_set(hash, md, len)) {
                ASN1_OCTET_STRING_free(hash);
                return -1;