apps/ocsp.c: avoid using NULL resp

There are some code paths where resp is used without a previous check
for being non-NULL (specifically, OCSP_response_create() can return
NULL, and do_responder() can return -1, that would also lead to resp
being NULL).  Avoid hitting NULL dereferences by wrapping the code that
uses resp in "if (resp != NULL)".

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665155
References: https://github.com/openssl/project/issues/1362
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28407)

apps/ocsp.c

@@ -666,7 +666,8 @@ redo_accept:
                 resp =
                     OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST,
                                          NULL);
-                send_ocsp_response(cbio, resp);
+                if (resp != NULL)
+                    send_ocsp_response(cbio, resp);
             }
             goto done_resp;
         }
@@ -764,16 +765,18 @@ redo_accept:
         BIO_free(derbio);
     }
 
-    i = OCSP_response_status(resp);
+    if (resp != NULL) {
-    if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+        i = OCSP_response_status(resp);
-        BIO_printf(out, "Responder Error: %s (%d)\n",
+        if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
-                   OCSP_response_status_str(i), i);
+            BIO_printf(out, "Responder Error: %s (%d)\n",
-        if (!ignore_err)
+                       OCSP_response_status_str(i), i);
+            if (!ignore_err)
                 goto end;
-    }
+        }
 
-    if (resp_text)
+        if (resp_text)
-        OCSP_RESPONSE_print(out, resp, 0);
+            OCSP_RESPONSE_print(out, resp, 0);
+    }
 
     /* If running as responder don't verify our own response */
     if (cbio != NULL) {