From 8b827c342f07b01622079734b24f8bf65497a1d6 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Wed, 16 Mar 2016 21:34:01 +0200
Subject: [PATCH] BoringSSL: Keep static analyzers happier with
 X509_get0_pubkey_bitstr()

While this function could return NULL if the parameter issued to it were
NULL, that does not really happen here. Anyway, since this can result in
a warning from a static analyzer that does can see the return NULL
without fully understanding what it means here, check the return value
explicitly against NULL to avoid false warnings.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
 src/crypto/tls_openssl_ocsp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/crypto/tls_openssl_ocsp.c b/src/crypto/tls_openssl_ocsp.c
index 4e1c6b94b..8b37b34e7 100644
--- a/src/crypto/tls_openssl_ocsp.c
+++ b/src/crypto/tls_openssl_ocsp.c
@@ -433,7 +433,8 @@ static int issuer_match(X509 *cert, X509 *issuer, CertID *certid)
 	}
 
 	ikey = X509_get0_pubkey_bitstr(issuer);
-	if (!EVP_Digest(ikey->data, ikey->length, md, &len, dgst, NULL) ||
+	if (!ikey ||
+	    !EVP_Digest(ikey->data, ikey->length, md, &len, dgst, NULL) ||
 	    !ASN1_OCTET_STRING_set(hash, md, len)) {
 		ASN1_OCTET_STRING_free(hash);
 		return -1;