apps/ocsp.c: avoid using NULL resp

There are some code paths where resp is used without a previous check
for being non-NULL (specifically, OCSP_response_create() can return
NULL, and do_responder() can return -1, that would also lead to resp
being NULL).  Avoid hitting NULL dereferences by wrapping the code that
uses resp in "if (resp != NULL)".

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665155
References: https://github.com/openssl/project/issues/1362
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28407)

apps/ocsp.c

@@ -666,6 +666,7 @@ redo_accept:
                 resp =
                     OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST,
                                          NULL);
+                if (resp != NULL)
                     send_ocsp_response(cbio, resp);
             }
             goto done_resp;
@@ -764,6 +765,7 @@ redo_accept:
         BIO_free(derbio);
     }
 
+    if (resp != NULL) {
         i = OCSP_response_status(resp);
         if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
             BIO_printf(out, "Responder Error: %s (%d)\n",
@@ -774,6 +776,7 @@ redo_accept:
 
         if (resp_text)
             OCSP_RESPONSE_print(out, resp, 0);
+    }
 
     /* If running as responder don't verify our own response */
     if (cbio != NULL) {