From 8b827c342f07b01622079734b24f8bf65497a1d6 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 16 Mar 2016 21:34:01 +0200 Subject: [PATCH] BoringSSL: Keep static analyzers happier with X509_get0_pubkey_bitstr() While this function could return NULL if the parameter issued to it were NULL, that does not really happen here. Anyway, since this can result in a warning from a static analyzer that does can see the return NULL without fully understanding what it means here, check the return value explicitly against NULL to avoid false warnings. Signed-off-by: Jouni Malinen --- src/crypto/tls_openssl_ocsp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/crypto/tls_openssl_ocsp.c b/src/crypto/tls_openssl_ocsp.c index 4e1c6b94b..8b37b34e7 100644 --- a/src/crypto/tls_openssl_ocsp.c +++ b/src/crypto/tls_openssl_ocsp.c @@ -433,7 +433,8 @@ static int issuer_match(X509 *cert, X509 *issuer, CertID *certid) } ikey = X509_get0_pubkey_bitstr(issuer); - if (!EVP_Digest(ikey->data, ikey->length, md, &len, dgst, NULL) || + if (!ikey || + !EVP_Digest(ikey->data, ikey->length, md, &len, dgst, NULL) || !ASN1_OCTET_STRING_set(hash, md, len)) { ASN1_OCTET_STRING_free(hash); return -1;