From f5100f82da9eaa787e497dce6292232b04f8a6f9 Mon Sep 17 00:00:00 2001
From: ndossche <7771979+ndossche@users.noreply.github.com>
Date: Wed, 20 May 2026 16:31:18 +0200
Subject: [PATCH] crypto: add null checks for OPENSSL_INIT_new()

Other calls in initialization code often already check for null pointers
via CHECK_NOT_NULL(). Do the same here.

Signed-off-by: ndossche <7771979+ndossche@users.noreply.github.com>
---
 src/crypto/crypto_util.cc | 1 +
 src/node.cc               | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
index b9d037fb72352b..577520e1d21be8 100644
--- a/src/crypto/crypto_util.cc
+++ b/src/crypto/crypto_util.cc
@@ -118,6 +118,7 @@ void InitCryptoOnce() {
   Mutex::ScopedLock fips_lock(fips_mutex);
 #ifndef OPENSSL_IS_BORINGSSL
   OPENSSL_INIT_SETTINGS* settings = OPENSSL_INIT_new();
+  CHECK_NOT_NULL(settings);
 
 #if OPENSSL_VERSION_MAJOR < 3
   // --openssl-config=...
diff --git a/src/node.cc b/src/node.cc
index 4ba019ddca05f4..176fcd30f8c8d6 100644
--- a/src/node.cc
+++ b/src/node.cc
@@ -1216,6 +1216,7 @@ InitializeOncePerProcessInternal(const std::vector<std::string>& args,
     }
 
     OPENSSL_INIT_SETTINGS* settings = OPENSSL_INIT_new();
+    CHECK_NOT_NULL(settings);
     OPENSSL_INIT_set_config_filename(settings, conf_file);
     OPENSSL_INIT_set_config_appname(settings, conf_section_name);
     OPENSSL_INIT_set_config_file_flags(settings,