BoringSSL: Keep static analyzers happier with X509_get0_pubkey_bitstr()

While this function could return NULL if the parameter issued to it were NULL, that does not really happen here. Anyway, since this can result in a warning from a static analyzer that does can see the return NULL without fully understanding what it means here, check the return value explicitly against NULL to avoid false warnings. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago · 8b827c342f
parent 42a95533a8
commit 8b827c342f
1 changed files with 2 additions and 1 deletions
--- a/src/crypto/tls_openssl_ocsp.c
+++ b/src/crypto/tls_openssl_ocsp.c
@ -433,7 +433,8 @@ static int issuer_match(X509 *cert, X509 *issuer, CertID *certid)
 	}

 	ikey = X509_get0_pubkey_bitstr(issuer);
-	if (!EVP_Digest(ikey->data, ikey->length, md, &len, dgst, NULL) ||
+	if (!ikey ||
+	    !EVP_Digest(ikey->data, ikey->length, md, &len, dgst, NULL) ||
 	    !ASN1_OCTET_STRING_set(hash, md, len)) {
 		ASN1_OCTET_STRING_free(hash);
 		return -1;