summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormmcc <mmcc@cvs.openbsd.org>2016-03-11 07:08:46 +0000
committermmcc <mmcc@cvs.openbsd.org>2016-03-11 07:08:46 +0000
commit11106eb0345608ddf85b05e5e5943c7e75926762 (patch)
tree98dfcaa3c4ea69ed41755590f1121c67048e2176
parentc3f771177d7507e129c3dd223bf90519c5715de9 (diff)
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
-rw-r--r--lib/libssl/src/crypto/asn1/x_info.c5
-rw-r--r--lib/libssl/src/crypto/cms/cms_asn1.c8
-rw-r--r--lib/libssl/src/crypto/cms/cms_sd.c5
-rw-r--r--lib/libssl/src/crypto/pkcs12/p12_kiss.c10
-rw-r--r--lib/libssl/src/crypto/ts/ts_rsp_sign.c5
-rw-r--r--lib/libssl/src/crypto/x509/by_file.c5
-rw-r--r--lib/libssl/src/crypto/x509/x509_vfy.c5
-rw-r--r--lib/libssl/src/crypto/x509v3/pcy_tree.c5
-rw-r--r--lib/libssl/src/ssl/d1_clnt.c5
-rw-r--r--lib/libssl/src/ssl/s3_clnt.c11
-rw-r--r--lib/libssl/src/ssl/s3_srvr.c8
-rw-r--r--lib/libssl/src/ssl/ssl_asn1.c9
-rw-r--r--lib/libssl/src/ssl/ssl_cert.c20
-rw-r--r--lib/libssl/src/ssl/ssl_rsa.c14
-rw-r--r--lib/libssl/src/ssl/ssl_sess.c5
15 files changed, 46 insertions, 74 deletions
diff --git a/lib/libssl/src/crypto/asn1/x_info.c b/lib/libssl/src/crypto/asn1/x_info.c
index 466deaf6ce6..05ac364fa73 100644
--- a/lib/libssl/src/crypto/asn1/x_info.c
+++ b/lib/libssl/src/crypto/asn1/x_info.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_info.c,v 1.15 2015/02/10 11:22:21 jsing Exp $ */
+/* $OpenBSD: x_info.c,v 1.16 2016/03/11 07:08:44 mmcc Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -97,8 +97,7 @@ X509_INFO_free(X509_INFO *x)
if (i > 0)
return;
- if (x->x509 != NULL)
- X509_free(x->x509);
+ X509_free(x->x509);
if (x->crl != NULL)
X509_CRL_free(x->crl);
if (x->x_pkey != NULL)
diff --git a/lib/libssl/src/crypto/cms/cms_asn1.c b/lib/libssl/src/crypto/cms/cms_asn1.c
index e4502598329..42e33d5b461 100644
--- a/lib/libssl/src/crypto/cms/cms_asn1.c
+++ b/lib/libssl/src/crypto/cms/cms_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_asn1.c,v 1.7 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: cms_asn1.c,v 1.8 2016/03/11 07:08:44 mmcc Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
@@ -220,8 +220,7 @@ cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
if (operation == ASN1_OP_FREE_POST) {
CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
EVP_PKEY_free(si->pkey);
- if (si->signer)
- X509_free(si->signer);
+ X509_free(si->signer);
}
return 1;
}
@@ -883,8 +882,7 @@ cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
if (ri->type == CMS_RECIPINFO_TRANS) {
CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
EVP_PKEY_free(ktri->pkey);
- if (ktri->recip)
- X509_free(ktri->recip);
+ X509_free(ktri->recip);
} else if (ri->type == CMS_RECIPINFO_KEK) {
CMS_KEKRecipientInfo *kekri = ri->d.kekri;
if (kekri->key) {
diff --git a/lib/libssl/src/crypto/cms/cms_sd.c b/lib/libssl/src/crypto/cms/cms_sd.c
index f4119f7a1c0..1623126e774 100644
--- a/lib/libssl/src/crypto/cms/cms_sd.c
+++ b/lib/libssl/src/crypto/cms/cms_sd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_sd.c,v 1.9 2014/11/09 19:17:13 miod Exp $ */
+/* $OpenBSD: cms_sd.c,v 1.10 2016/03/11 07:08:44 mmcc Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
@@ -498,8 +498,7 @@ CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
EVP_PKEY_free(si->pkey);
si->pkey = X509_get_pubkey(signer);
}
- if (si->signer)
- X509_free(si->signer);
+ X509_free(si->signer);
si->signer = signer;
}
diff --git a/lib/libssl/src/crypto/pkcs12/p12_kiss.c b/lib/libssl/src/crypto/pkcs12/p12_kiss.c
index eaaa2bc9113..df992a68fc6 100644
--- a/lib/libssl/src/crypto/pkcs12/p12_kiss.c
+++ b/lib/libssl/src/crypto/pkcs12/p12_kiss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_kiss.c,v 1.16 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: p12_kiss.c,v 1.17 2016/03/11 07:08:44 mmcc Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -149,8 +149,7 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
goto err;
x = NULL;
}
- if (x)
- X509_free(x);
+ X509_free(x);
}
if (ocerts)
@@ -161,10 +160,9 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
err:
if (pkey && *pkey)
EVP_PKEY_free(*pkey);
- if (cert && *cert)
+ if (cert)
X509_free(*cert);
- if (x)
- X509_free(x);
+ X509_free(x);
if (ocerts)
sk_X509_pop_free(ocerts, X509_free);
return 0;
diff --git a/lib/libssl/src/crypto/ts/ts_rsp_sign.c b/lib/libssl/src/crypto/ts/ts_rsp_sign.c
index 758d7473841..f9e8c53cc87 100644
--- a/lib/libssl/src/crypto/ts/ts_rsp_sign.c
+++ b/lib/libssl/src/crypto/ts/ts_rsp_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_rsp_sign.c,v 1.19 2015/09/30 18:04:02 jsing Exp $ */
+/* $OpenBSD: ts_rsp_sign.c,v 1.20 2016/03/11 07:08:45 mmcc Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
* project 2002.
*/
@@ -185,8 +185,7 @@ TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
return 0;
}
- if (ctx->signer_cert)
- X509_free(ctx->signer_cert);
+ X509_free(ctx->signer_cert);
ctx->signer_cert = signer;
CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509);
return 1;
diff --git a/lib/libssl/src/crypto/x509/by_file.c b/lib/libssl/src/crypto/x509/by_file.c
index 68920271fcd..377b3b0a8b8 100644
--- a/lib/libssl/src/crypto/x509/by_file.c
+++ b/lib/libssl/src/crypto/x509/by_file.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: by_file.c,v 1.19 2015/04/11 16:03:21 deraadt Exp $ */
+/* $OpenBSD: by_file.c,v 1.20 2016/03/11 07:08:45 mmcc Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -172,8 +172,7 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
goto err;
}
err:
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
BIO_free(in);
return (ret);
}
diff --git a/lib/libssl/src/crypto/x509/x509_vfy.c b/lib/libssl/src/crypto/x509/x509_vfy.c
index c9950adb278..5c043aa7b18 100644
--- a/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.48 2015/12/14 03:38:13 beck Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.49 2016/03/11 07:08:45 mmcc Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -388,8 +388,7 @@ end:
}
if (sktmp != NULL)
sk_X509_free(sktmp);
- if (chain_ss != NULL)
- X509_free(chain_ss);
+ X509_free(chain_ss);
return ok;
}
diff --git a/lib/libssl/src/crypto/x509v3/pcy_tree.c b/lib/libssl/src/crypto/x509v3/pcy_tree.c
index af9bf00c668..7b28acbe1f1 100644
--- a/lib/libssl/src/crypto/x509v3/pcy_tree.c
+++ b/lib/libssl/src/crypto/x509v3/pcy_tree.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pcy_tree.c,v 1.15 2015/07/18 00:01:05 beck Exp $ */
+/* $OpenBSD: pcy_tree.c,v 1.16 2016/03/11 07:08:45 mmcc Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2004.
*/
@@ -639,8 +639,7 @@ X509_policy_tree_free(X509_POLICY_TREE *tree)
sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) {
- if (curr->cert)
- X509_free(curr->cert);
+ X509_free(curr->cert);
if (curr->nodes)
sk_X509_POLICY_NODE_pop_free(curr->nodes,
policy_node_free);
diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c
index fd26bb5a1e1..e018874f0da 100644
--- a/lib/libssl/src/ssl/d1_clnt.c
+++ b/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.55 2015/09/12 16:10:07 doug Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.56 2016/03/11 07:08:45 mmcc Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -697,8 +697,7 @@ dtls1_send_client_certificate(SSL *s)
SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
}
- if (x509 != NULL)
- X509_free(x509);
+ X509_free(x509);
EVP_PKEY_free(pkey);
if (i == 0)
s->s3->tmp.cert_req = 2;
diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c
index afeb499e718..af3ba500723 100644
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.136 2015/10/02 14:30:10 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.137 2016/03/11 07:08:45 mmcc Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1063,13 +1063,11 @@ ssl3_get_server_certificate(SSL *s)
* Why would the following ever happen?
* We just created sc a couple of lines ago.
*/
- if (sc->peer_pkeys[i].x509 != NULL)
- X509_free(sc->peer_pkeys[i].x509);
+ X509_free(sc->peer_pkeys[i].x509);
sc->peer_pkeys[i].x509 = x;
sc->peer_key = &(sc->peer_pkeys[i]);
- if (s->session->peer != NULL)
- X509_free(s->session->peer);
+ X509_free(s->session->peer);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
s->session->peer = x;
s->session->verify_result = s->verify_result;
@@ -2465,8 +2463,7 @@ ssl3_send_client_certificate(SSL *s)
SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
}
- if (x509 != NULL)
- X509_free(x509);
+ X509_free(x509);
EVP_PKEY_free(pkey);
if (i == 0)
s->s3->tmp.cert_req = 2;
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index c992406ca8f..10b6312834f 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.124 2016/01/27 02:06:16 beck Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.125 2016/03/11 07:08:45 mmcc Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -2376,8 +2376,7 @@ ssl3_get_client_certificate(SSL *s)
}
}
- if (s->session->peer != NULL) /* This should not be needed */
- X509_free(s->session->peer);
+ X509_free(s->session->peer);
s->session->peer = sk_X509_shift(sk);
s->session->verify_result = s->verify_result;
@@ -2414,8 +2413,7 @@ f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
}
err:
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
if (sk != NULL)
sk_X509_pop_free(sk, X509_free);
return (ret);
diff --git a/lib/libssl/src/ssl/ssl_asn1.c b/lib/libssl/src/ssl/ssl_asn1.c
index b60b3ea3f81..ee00cb286d2 100644
--- a/lib/libssl/src/ssl/ssl_asn1.c
+++ b/lib/libssl/src/ssl/ssl_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_asn1.c,v 1.40 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: ssl_asn1.c,v 1.41 2016/03/11 07:08:45 mmcc Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -449,10 +449,9 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
ret->timeout = 3;
/* 3 - Peer (X509). */
- if (ret->peer != NULL) {
- X509_free(ret->peer);
- ret->peer = NULL;
- }
+ X509_free(ret->peer);
+ ret->peer = NULL;
+
if (c.slen != 0L &&
*c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 3)) {
c.q = c.p;
diff --git a/lib/libssl/src/ssl/ssl_cert.c b/lib/libssl/src/ssl/ssl_cert.c
index cdac7bdb363..7e92812e56a 100644
--- a/lib/libssl/src/ssl/ssl_cert.c
+++ b/lib/libssl/src/ssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.51 2015/09/11 17:37:47 jsing Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.52 2016/03/11 07:08:45 mmcc Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -308,8 +308,7 @@ err:
EC_KEY_free(ret->ecdh_tmp);
for (i = 0; i < SSL_PKEY_NUM; i++) {
- if (ret->pkeys[i].x509 != NULL)
- X509_free(ret->pkeys[i].x509);
+ X509_free(ret->pkeys[i].x509);
EVP_PKEY_free(ret->pkeys[i].privatekey);
}
free (ret);
@@ -333,8 +332,7 @@ ssl_cert_free(CERT *c)
EC_KEY_free(c->ecdh_tmp);
for (i = 0; i < SSL_PKEY_NUM; i++) {
- if (c->pkeys[i].x509 != NULL)
- X509_free(c->pkeys[i].x509);
+ X509_free(c->pkeys[i].x509);
EVP_PKEY_free(c->pkeys[i].privatekey);
}
@@ -400,10 +398,8 @@ ssl_sess_cert_free(SESS_CERT *sc)
/* i == 0 */
if (sc->cert_chain != NULL)
sk_X509_pop_free(sc->cert_chain, X509_free);
- for (i = 0; i < SSL_PKEY_NUM; i++) {
- if (sc->peer_pkeys[i].x509 != NULL)
- X509_free(sc->peer_pkeys[i].x509);
- }
+ for (i = 0; i < SSL_PKEY_NUM; i++)
+ X509_free(sc->peer_pkeys[i].x509);
DH_free(sc->peer_dh_tmp);
EC_KEY_free(sc->peer_ecdh_tmp);
@@ -620,8 +616,7 @@ err:
if (sk != NULL)
sk_X509_NAME_free(sk);
BIO_free(in);
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
if (ret != NULL)
ERR_clear_error();
return (ret);
@@ -679,8 +674,7 @@ err:
ret = 0;
}
BIO_free(in);
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
(void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
diff --git a/lib/libssl/src/ssl/ssl_rsa.c b/lib/libssl/src/ssl/ssl_rsa.c
index 039bee7952b..7481524942a 100644
--- a/lib/libssl/src/ssl/ssl_rsa.c
+++ b/lib/libssl/src/ssl/ssl_rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_rsa.c,v 1.20 2015/02/06 01:37:11 reyk Exp $ */
+/* $OpenBSD: ssl_rsa.c,v 1.21 2016/03/11 07:08:45 mmcc Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -122,8 +122,7 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type)
ret = SSL_use_certificate(ssl, x);
end:
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
BIO_free(in);
return (ret);
}
@@ -409,8 +408,7 @@ ssl_set_cert(CERT *c, X509 *x)
EVP_PKEY_free(pkey);
- if (c->pkeys[i].x509 != NULL)
- X509_free(c->pkeys[i].x509);
+ X509_free(c->pkeys[i].x509);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
c->pkeys[i].x509 = x;
c->key = &(c->pkeys[i]);
@@ -456,8 +454,7 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
ret = SSL_CTX_use_certificate(ctx, x);
end:
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
BIO_free(in);
return (ret);
}
@@ -706,8 +703,7 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
}
end:
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
return (ret);
}
diff --git a/lib/libssl/src/ssl/ssl_sess.c b/lib/libssl/src/ssl/ssl_sess.c
index 7052e8aa56e..16dd5c444cb 100644
--- a/lib/libssl/src/ssl/ssl_sess.c
+++ b/lib/libssl/src/ssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.48 2015/09/10 17:57:50 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.49 2016/03/11 07:08:45 mmcc Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -697,8 +697,7 @@ SSL_SESSION_free(SSL_SESSION *ss)
explicit_bzero(ss->session_id, sizeof ss->session_id);
if (ss->sess_cert != NULL)
ssl_sess_cert_free(ss->sess_cert);
- if (ss->peer != NULL)
- X509_free(ss->peer);
+ X509_free(ss->peer);
if (ss->ciphers != NULL)
sk_SSL_CIPHER_free(ss->ciphers);
free(ss->tlsext_hostname);