tests: Add NULL checks in pki tests

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

tests/unittests/torture_pki_dsa.c

@@ -183,6 +183,7 @@ static void torture_pki_dsa_write_privkey(void **state)
                                      NULL,
                                      &origkey);
     assert_true(rc == 0);
+    assert_non_null(origkey);
 
     unlink(LIBSSH_DSA_TESTKEY);
 
@@ -231,6 +232,7 @@ static void torture_pki_dsa_write_privkey(void **state)
                                      NULL,
                                      &privkey);
     assert_true(rc == SSH_ERROR);
+    assert_null(privkey);
 
     rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY_PASSPHRASE,
                                      torture_get_testkey_passphrase(),
@@ -238,6 +240,7 @@ static void torture_pki_dsa_write_privkey(void **state)
                                      NULL,
                                      &privkey);
     assert_true(rc == 0);
+    assert_non_null(privkey);
 
     rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
     assert_true(rc == 0);
@@ -261,6 +264,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
                                        NULL,
                                        &key);
     assert_return_code(rc, errno);
+    assert_non_null(key);
 
     rc = ssh_key_is_private(key);
     assert_true(rc == 1);
@@ -274,6 +278,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
                                        NULL,
                                        &key);
     assert_true(rc == -1);
+    assert_null(key);
 
     /* test if it returns -1 if passphrase is NULL */
     /* libcrypto asks for a passphrase, so skip this test */
@@ -284,6 +289,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
                                        NULL,
                                        &key);
     assert_true(rc == -1);
+    assert_null(key);
 #endif
 
     rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1),
@@ -292,6 +298,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
                                        NULL,
                                        &key);
     assert_return_code(rc, errno);
+    assert_non_null(key);
 
     rc = ssh_key_is_private(key);
     assert_true(rc == 1);
@@ -305,6 +312,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
                                        NULL,
                                        &key);
     assert_true(rc == -1);
+    assert_null(key);
 
     /* This free in unnecessary, but the static analyser does not know */
     SSH_KEY_FREE(key);
@@ -318,6 +326,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
                                        NULL,
                                        &key);
     assert_true(rc == -1);
+    assert_null(key);
 
     /* This free in unnecessary, but the static analyser does not know */
     SSH_KEY_FREE(key);
@@ -343,6 +352,7 @@ torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state)
                                        NULL,
                                        &key);
     assert_return_code(rc, errno);
+    assert_non_null(key);
 
     rc = ssh_key_is_private(key);
     assert_true(rc == 1);
@@ -356,6 +366,7 @@ torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state)
                                        NULL,
                                        &key);
     assert_true(rc == -1);
+    assert_null(key);
 
     /* test if it returns -1 if passphrase is NULL */
     rc = ssh_pki_import_privkey_base64(keystring,
@@ -371,6 +382,7 @@ torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state)
                                        NULL,
                                        &key);
     assert_return_code(rc, errno);
+    assert_non_null(key);
 
     rc = ssh_key_is_private(key);
     assert_true(rc == 1);
@@ -384,6 +396,7 @@ torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state)
                                        NULL,
                                        &key);
     assert_true(rc == -1);
+    assert_null(key);
 
     /* This free is unnecessary, but the static analyser does not know */
     SSH_KEY_FREE(key);
@@ -395,6 +408,7 @@ torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state)
                                        NULL,
                                        &key);
     assert_true(rc == -1);
+    assert_null(key);
 
     /* This free is unnecessary, but the static analyser does not know */
     SSH_KEY_FREE(key);
@@ -416,12 +430,14 @@ static void torture_pki_dsa_publickey_from_privatekey(void **state)
                                        NULL,
                                        &key);
     assert_true(rc == 0);
+    assert_non_null(key);
 
     rc = ssh_key_is_private(key);
     assert_true(rc == 1);
 
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(pubkey);
 
     SSH_KEY_FREE(key);
     SSH_KEY_FREE(pubkey);
@@ -437,6 +453,7 @@ static void torture_pki_dsa_import_cert_file(void **state)
 
     rc = ssh_pki_import_cert_file(LIBSSH_DSA_TESTKEY "-cert.pub", &cert);
     assert_true(rc == 0);
+    assert_non_null(cert);
 
     type = ssh_key_type(cert);
     assert_true(type == SSH_KEYTYPE_DSS_CERT01);
@@ -487,9 +504,11 @@ static void torture_pki_dsa_publickey_base64(void **state)
 
     rc = ssh_pki_import_pubkey_base64(str, type, &key);
     assert_true(rc == 0);
+    assert_non_null(key);
 
     rc = ssh_pki_export_pubkey_base64(key, &b64_key);
     assert_true(rc == 0);
+    assert_non_null(b64_key);
 
     assert_string_equal(str, b64_key);
 
@@ -517,9 +536,11 @@ static void torture_pki_dsa_generate_pubkey_from_privkey(void **state)
                                      NULL,
                                      &privkey);
     assert_true(rc == 0);
+    assert_non_null(privkey);
 
     rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(pubkey);
 
     rc = ssh_pki_export_pubkey_file(pubkey, LIBSSH_DSA_TESTKEY ".pub");
     assert_true(rc == 0);
@@ -555,6 +576,7 @@ static void torture_pki_dsa_duplicate_key(void **state)
 
     rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key);
     assert_true(rc == 0);
+    assert_non_null(b64_key);
     SSH_KEY_FREE(pubkey);
 
     rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY,

tests/unittests/torture_pki_ecdsa.c

@@ -207,6 +207,7 @@ static void torture_pki_ecdsa_import_privkey_base64(void **state)
 
     rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
     assert_true(rc == 0);
+    assert_non_null(key);
 
     rc = ssh_key_is_private(key);
     assert_true(rc == 1);
@@ -230,9 +231,11 @@ static void torture_pki_ecdsa_publickey_from_privatekey(void **state)
 
     rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
     assert_true(rc == 0);
+    assert_non_null(key);
 
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(pubkey);
 
     free(key_str);
     SSH_KEY_FREE(key);
@@ -269,9 +272,11 @@ static void torture_pki_ecdsa_publickey_base64(void **state)
 
     rc = ssh_pki_import_pubkey_base64(q, type, &key);
     assert_true(rc == 0);
+    assert_non_null(key);
 
     rc = ssh_pki_export_pubkey_base64(key, &b64_key);
     assert_true(rc == 0);
+    assert_non_null(b64_key);
 
     assert_string_equal(q, b64_key);
 
@@ -305,9 +310,11 @@ static void torture_pki_ecdsa_generate_pubkey_from_privkey(void **state)
                                      NULL,
                                      &privkey);
     assert_true(rc == 0);
+    assert_non_null(privkey);
 
     rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(pubkey);
 
     rc = ssh_pki_export_pubkey_file(pubkey, LIBSSH_ECDSA_TESTKEY ".pub");
     assert_true(rc == 0);
@@ -336,10 +343,12 @@ static void torture_pki_ecdsa_duplicate_key(void **state)
 
     rc = ssh_pki_import_pubkey_file(LIBSSH_ECDSA_TESTKEY ".pub", &pubkey);
     assert_true(rc == 0);
+    assert_non_null(pubkey);
 
     rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key);
     assert_true(rc == 0);
     SSH_KEY_FREE(pubkey);
+    assert_non_null(b64_key);
 
     rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY,
                                      NULL,
@@ -391,6 +400,7 @@ static void torture_pki_ecdsa_duplicate_then_demote(void **state)
                                      NULL,
                                      &privkey);
     assert_int_equal(rc, 0);
+    assert_non_null(privkey);
 
     privkey_dup = ssh_key_dup(privkey);
     assert_non_null(privkey_dup);
@@ -486,6 +496,7 @@ static void torture_pki_ecdsa_write_privkey(void **state)
                                      NULL,
                                      &origkey);
     assert_true(rc == 0);
+    assert_non_null(origkey);
 
     unlink(LIBSSH_ECDSA_TESTKEY);
 
@@ -534,6 +545,7 @@ static void torture_pki_ecdsa_write_privkey(void **state)
                                      NULL,
                                      &privkey);
     assert_true(rc == SSH_ERROR);
+    assert_null(privkey);
 
     rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE,
                                      torture_get_testkey_passphrase(),
@@ -541,6 +553,7 @@ static void torture_pki_ecdsa_write_privkey(void **state)
                                      NULL,
                                      &privkey);
     assert_true(rc == 0);
+    assert_non_null(privkey);
 
     rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
     assert_true(rc == 0);
@@ -560,6 +573,7 @@ static void torture_pki_ecdsa_name(void **state, const char *expected_name)
 
     rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY, NULL, NULL, NULL, &key);
     assert_true(rc == 0);
+    assert_non_null(key);
 
     etype_char =ssh_pki_key_ecdsa_name(key);
     assert_true(strcmp(etype_char, expected_name) == 0);

tests/unittests/torture_pki_ed25519.c

@@ -131,6 +131,7 @@ static void torture_pki_ed25519_import_privkey_base64(void **state)
 
     rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
     assert_true(rc == 0);
+    assert_non_null(key);
 
     type = ssh_key_type(key);
     assert_true(type == SSH_KEYTYPE_ED25519);
@@ -164,6 +165,7 @@ static void torture_pki_ed25519_import_export_privkey_base64(void **state)
                                        NULL,
                                        &key);
     assert_return_code(rc, errno);
+    assert_non_null(key);
 
     type = ssh_key_type(key);
     assert_true(type == SSH_KEYTYPE_ED25519);
@@ -177,6 +179,7 @@ static void torture_pki_ed25519_import_export_privkey_base64(void **state)
                                        NULL,
                                        &b64_key);
     assert_return_code(rc, errno);
+    assert_non_null(b64_key);
     SSH_KEY_FREE(key);
 
     rc = ssh_pki_import_privkey_base64(b64_key,
@@ -185,6 +188,7 @@ static void torture_pki_ed25519_import_export_privkey_base64(void **state)
                                        NULL,
                                        &key);
     assert_return_code(rc, errno);
+    assert_non_null(key);
 
     type = ssh_key_type(key);
     assert_true(type == SSH_KEYTYPE_ED25519);
@@ -213,12 +217,14 @@ static void torture_pki_ed25519_publickey_from_privatekey(void **state)
                                        NULL,
                                        &key);
     assert_true(rc == 0);
+    assert_non_null(key);
 
     rc = ssh_key_is_private(key);
     assert_true(rc == 1);
 
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(pubkey);
 
     SSH_KEY_FREE(key);
     SSH_KEY_FREE(pubkey);
@@ -254,9 +260,11 @@ static void torture_pki_ed25519_publickey_base64(void **state)
 
     rc = ssh_pki_import_pubkey_base64(q, type, &key);
     assert_true(rc == 0);
+    assert_non_null(key);
 
     rc = ssh_pki_export_pubkey_base64(key, &b64_key);
     assert_true(rc == 0);
+    assert_non_null(b64_key);
 
     assert_string_equal(q, b64_key);
 
@@ -287,6 +295,7 @@ static void torture_pki_ed25519_generate_pubkey_from_privkey(void **state)
 
     rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(pubkey);
 
     rc = ssh_pki_export_pubkey_file(pubkey, LIBSSH_ED25519_TESTKEY ".pub");
     assert_true(rc == 0);
@@ -501,6 +510,7 @@ static void torture_pki_ed25519_verify(void **state){
     }
     rc = ssh_pki_import_pubkey_base64(pkey_ptr, SSH_KEYTYPE_ED25519, &pubkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(pubkey);
 
     ssh_string_fill(blob, ref_signature, ED25519_SIG_LEN);
     sig = pki_signature_from_blob(pubkey, blob, SSH_KEYTYPE_ED25519, SSH_DIGEST_AUTO);
@@ -534,6 +544,7 @@ static void torture_pki_ed25519_verify_bad(void **state){
     }
     rc = ssh_pki_import_pubkey_base64(pkey_ptr, SSH_KEYTYPE_ED25519, &pubkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(pubkey);
 
     /* alter signature and expect false result */
 
@@ -570,6 +581,7 @@ static void torture_pki_ed25519_import_privkey_base64_passphrase(void **state)
                                        NULL,
                                        &key);
     assert_true(rc == 0);
+    assert_non_null(key);
 
     rc = ssh_key_is_private(key);
     assert_true(rc == 1);
@@ -603,6 +615,7 @@ static void torture_pki_ed25519_privkey_dup(void **state)
                                        NULL,
                                        &key);
     assert_true(rc == 0);
+    assert_non_null(key);
 
     rc = ssh_key_is_private(key);
     assert_true(rc == 1);
@@ -636,6 +649,7 @@ static void torture_pki_ed25519_pubkey_dup(void **state)
                                       SSH_KEYTYPE_ED25519,
                                       &pubkey);
     assert_true(rc == 0);
+    assert_non_null(pubkey);
 
     rc = ssh_key_is_public(pubkey);
     assert_true(rc == 1);

tests/unittests/torture_pki_rsa.c

@@ -200,6 +200,7 @@ static void torture_pki_rsa_import_privkey_base64(void **state)
 
     rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
     assert_true(rc == 0);
+    assert_non_null(key);
 
     type = ssh_key_type(key);
     assert_true(type == SSH_KEYTYPE_RSA);
@@ -229,12 +230,14 @@ static void torture_pki_rsa_publickey_from_privatekey(void **state)
                                        NULL,
                                        &key);
     assert_true(rc == 0);
+    assert_non_null(key);
 
     rc = ssh_key_is_private(key);
     assert_true(rc == 1);
 
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(pubkey);
 
     SSH_KEY_FREE(key);
     SSH_KEY_FREE(pubkey);
@@ -257,9 +260,11 @@ static void torture_pki_rsa_copy_cert_to_privkey(void **state)
 
     rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
     assert_true(rc == SSH_OK);
+    assert_non_null(cert);
 
     rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(pubkey);
 
     rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
                                        passphrase,
@@ -267,6 +272,7 @@ static void torture_pki_rsa_copy_cert_to_privkey(void **state)
                                        NULL,
                                        &privkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(privkey);
 
     /* Basic sanity. */
     rc = ssh_pki_copy_cert_to_privkey(NULL, privkey);
@@ -283,8 +289,10 @@ static void torture_pki_rsa_copy_cert_to_privkey(void **state)
     /* Copying the cert to non-cert keys should work fine. */
     rc = ssh_pki_copy_cert_to_privkey(cert, pubkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(pubkey->cert);
     rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(privkey->cert);
 
     /* The private key's cert is already set, another copy should fail. */
     rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
@@ -304,6 +312,7 @@ static void torture_pki_rsa_import_cert_file(void **state) {
 
     rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
     assert_true(rc == 0);
+    assert_non_null(cert);
 
     type = ssh_key_type(cert);
     assert_true(type == SSH_KEYTYPE_RSA_CERT01);
@@ -344,9 +353,11 @@ static void torture_pki_rsa_publickey_base64(void **state)
 
     rc = ssh_pki_import_pubkey_base64(q, type, &key);
     assert_true(rc == 0);
+    assert_non_null(key);
 
     rc = ssh_pki_export_pubkey_base64(key, &b64_key);
     assert_true(rc == 0);
+    assert_non_null(b64_key);
 
     assert_string_equal(q, b64_key);
 
@@ -373,9 +384,11 @@ static void torture_pki_rsa_generate_pubkey_from_privkey(void **state) {
                                      NULL,
                                      &privkey);
     assert_true(rc == 0);
+    assert_non_null(privkey);
 
     rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(pubkey);
 
     rc = ssh_pki_export_pubkey_file(pubkey, LIBSSH_RSA_TESTKEY ".pub");
     assert_true(rc == 0);
@@ -412,6 +425,7 @@ static void torture_pki_rsa_duplicate_key(void **state)
     rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key);
     assert_true(rc == 0);
     SSH_KEY_FREE(pubkey);
+    assert_non_null(b64_key);
 
     rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
                                      NULL,
@@ -600,6 +614,7 @@ static void torture_pki_rsa_write_privkey(void **state)
                                      NULL,
                                      &privkey);
     assert_true(rc == SSH_ERROR);
+    assert_null(privkey);
 
     rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY_PASSPHRASE,
                                      torture_get_testkey_passphrase(),
@@ -632,6 +647,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state)
                                        NULL,
                                        &key);
     assert_return_code(rc, errno);
+    assert_non_null(key);
 
     rc = ssh_key_is_private(key);
     assert_true(rc == 1);
@@ -679,6 +695,7 @@ torture_pki_rsa_import_openssh_privkey_base64_passphrase(void **state)
                                        NULL,
                                        &key);
     assert_return_code(rc, errno);
+    assert_non_null(key);
 
     rc = ssh_key_is_private(key);
     assert_true(rc == 1);

tests/unittests/torture_threads_pki_rsa.c

@@ -197,11 +197,15 @@ static void *thread_pki_rsa_import_privkey_base64_NULL_key(void *threadid)
 {
     int rc;
     const char *passphrase = torture_get_testkey_passphrase();
+    const char *testkey;
 
     (void) threadid; /* unused */
 
+    testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0);
+    assert_non_null(testkey);
+
     /* test if it returns -1 if key is NULL */
-    rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
+    rc = ssh_pki_import_privkey_base64(testkey,
                                        passphrase,
                                        NULL,
                                        NULL,
@@ -294,6 +298,7 @@ static void torture_pki_rsa_import_privkey_base64(void **state)
 static void *thread_pki_rsa_publickey_from_privatekey(void *threadid)
 {
     const char *passphrase = NULL;
+    const char *testkey;
     ssh_key pubkey = NULL;
     ssh_key key = NULL;
     int rc;
@@ -301,7 +306,8 @@ static void *thread_pki_rsa_publickey_from_privatekey(void *threadid)
 
     (void) threadid; /* unused */
 
-    rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
+    testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0);
+    rc = ssh_pki_import_privkey_base64(testkey,
                                        passphrase,
                                        NULL,
                                        NULL,
@@ -340,6 +346,7 @@ static void *thread_pki_rsa_copy_cert_to_privkey(void *threadid)
      * all supported key types.
      */
     const char *passphrase = torture_get_testkey_passphrase();
+    const char *testkey = NULL;
     ssh_key pubkey = NULL;
     ssh_key privkey = NULL;
     ssh_key cert = NULL;
@@ -349,16 +356,22 @@ static void *thread_pki_rsa_copy_cert_to_privkey(void *threadid)
 
     rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
     assert_true(rc == SSH_OK);
+    assert_non_null(cert);
 
     rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(pubkey);
 
-    rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
+    testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0);
+    assert_non_null(testkey);
+
+    rc = ssh_pki_import_privkey_base64(testkey,
                                        passphrase,
                                        NULL,
                                        NULL,
                                        &privkey);
     assert_true(rc == SSH_OK);
+    assert_non_null(privkey);
 
     /* Basic sanity. */
     rc = ssh_pki_copy_cert_to_privkey(NULL, privkey);
@@ -368,7 +381,6 @@ static void *thread_pki_rsa_copy_cert_to_privkey(void *threadid)
     assert_true(rc == SSH_ERROR);
 
     /* A public key doesn't have a cert, copy should fail. */
-    assert_true(pubkey->cert == NULL);
     rc = ssh_pki_copy_cert_to_privkey(pubkey, privkey);
     assert_true(rc == SSH_ERROR);
 
@@ -409,6 +421,7 @@ static void *thread_pki_rsa_import_cert_file(void *threadid)
 
     rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
     assert_true(rc == 0);
+    assert_non_null(cert);
 
     type = ssh_key_type(cert);
     assert_true(type == SSH_KEYTYPE_RSA_CERT01);
@@ -457,9 +470,11 @@ static void *thread_pki_rsa_publickey_base64(void *threadid)
 
     rc = ssh_pki_import_pubkey_base64(q, type, &key);
     assert_true(rc == 0);
+    assert_non_null(key);
 
     rc = ssh_pki_export_pubkey_base64(key, &b64_key);
     assert_true(rc == 0);
+    assert_non_null(b64_key);
 
     assert_string_equal(q, b64_key);
 
@@ -494,10 +509,12 @@ static void *thread_pki_rsa_duplicate_key(void *threadid)
 
     rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey);
     assert_true(rc == 0);
+    assert_non_null(pubkey);
 
     rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key);
     assert_true(rc == 0);
     SSH_KEY_FREE(pubkey);
+    assert_non_null(b64_key);
 
     rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
                                      NULL,
@@ -505,6 +522,7 @@ static void *thread_pki_rsa_duplicate_key(void *threadid)
                                      NULL,
                                      &privkey);
     assert_true(rc == 0);
+    assert_non_null(privkey);
 
     privkey_dup = ssh_key_dup(privkey);
     assert_non_null(privkey_dup);
@@ -614,10 +632,14 @@ static void *thread_pki_rsa_import_privkey_base64_passphrase(void *threadid)
     int rc;
     ssh_key key = NULL;
     const char *passphrase = torture_get_testkey_passphrase();
+    const char *testkey;
 
     (void) threadid; /* unused */
 
-    rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1),
+    testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1);
+    assert_non_null(testkey);
+
+    rc = ssh_pki_import_privkey_base64(testkey,
                                        passphrase,
                                        NULL,
                                        NULL,
@@ -630,7 +652,7 @@ static void *thread_pki_rsa_import_privkey_base64_passphrase(void *threadid)
     SSH_KEY_FREE(key);
 
     /* test if it returns -1 if passphrase is wrong */
-    rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1),
+    rc = ssh_pki_import_privkey_base64(testkey,
                                        "wrong passphrase !!",
                                        NULL,
                                        NULL,
@@ -641,7 +663,7 @@ static void *thread_pki_rsa_import_privkey_base64_passphrase(void *threadid)
 #ifndef HAVE_LIBCRYPTO
     /* test if it returns -1 if passphrase is NULL */
     /* libcrypto asks for a passphrase, so skip this test */
-    rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1),
+    rc = ssh_pki_import_privkey_base64(testkey,
                                        NULL,
                                        NULL,
                                        NULL,