diff options
author | mmcc <mmcc@cvs.openbsd.org> | 2016-03-11 07:08:46 +0000 |
---|---|---|
committer | mmcc <mmcc@cvs.openbsd.org> | 2016-03-11 07:08:46 +0000 |
commit | 11106eb0345608ddf85b05e5e5943c7e75926762 (patch) | |
tree | 98dfcaa3c4ea69ed41755590f1121c67048e2176 | |
parent | c3f771177d7507e129c3dd223bf90519c5715de9 (diff) |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
-rw-r--r-- | lib/libssl/src/crypto/asn1/x_info.c | 5 | ||||
-rw-r--r-- | lib/libssl/src/crypto/cms/cms_asn1.c | 8 | ||||
-rw-r--r-- | lib/libssl/src/crypto/cms/cms_sd.c | 5 | ||||
-rw-r--r-- | lib/libssl/src/crypto/pkcs12/p12_kiss.c | 10 | ||||
-rw-r--r-- | lib/libssl/src/crypto/ts/ts_rsp_sign.c | 5 | ||||
-rw-r--r-- | lib/libssl/src/crypto/x509/by_file.c | 5 | ||||
-rw-r--r-- | lib/libssl/src/crypto/x509/x509_vfy.c | 5 | ||||
-rw-r--r-- | lib/libssl/src/crypto/x509v3/pcy_tree.c | 5 | ||||
-rw-r--r-- | lib/libssl/src/ssl/d1_clnt.c | 5 | ||||
-rw-r--r-- | lib/libssl/src/ssl/s3_clnt.c | 11 | ||||
-rw-r--r-- | lib/libssl/src/ssl/s3_srvr.c | 8 | ||||
-rw-r--r-- | lib/libssl/src/ssl/ssl_asn1.c | 9 | ||||
-rw-r--r-- | lib/libssl/src/ssl/ssl_cert.c | 20 | ||||
-rw-r--r-- | lib/libssl/src/ssl/ssl_rsa.c | 14 | ||||
-rw-r--r-- | lib/libssl/src/ssl/ssl_sess.c | 5 |
15 files changed, 46 insertions, 74 deletions
diff --git a/lib/libssl/src/crypto/asn1/x_info.c b/lib/libssl/src/crypto/asn1/x_info.c index 466deaf6ce6..05ac364fa73 100644 --- a/lib/libssl/src/crypto/asn1/x_info.c +++ b/lib/libssl/src/crypto/asn1/x_info.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_info.c,v 1.15 2015/02/10 11:22:21 jsing Exp $ */ +/* $OpenBSD: x_info.c,v 1.16 2016/03/11 07:08:44 mmcc Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -97,8 +97,7 @@ X509_INFO_free(X509_INFO *x) if (i > 0) return; - if (x->x509 != NULL) - X509_free(x->x509); + X509_free(x->x509); if (x->crl != NULL) X509_CRL_free(x->crl); if (x->x_pkey != NULL) diff --git a/lib/libssl/src/crypto/cms/cms_asn1.c b/lib/libssl/src/crypto/cms/cms_asn1.c index e4502598329..42e33d5b461 100644 --- a/lib/libssl/src/crypto/cms/cms_asn1.c +++ b/lib/libssl/src/crypto/cms/cms_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_asn1.c,v 1.7 2015/09/10 15:56:25 jsing Exp $ */ +/* $OpenBSD: cms_asn1.c,v 1.8 2016/03/11 07:08:44 mmcc Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -220,8 +220,7 @@ cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) if (operation == ASN1_OP_FREE_POST) { CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; EVP_PKEY_free(si->pkey); - if (si->signer) - X509_free(si->signer); + X509_free(si->signer); } return 1; } @@ -883,8 +882,7 @@ cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) if (ri->type == CMS_RECIPINFO_TRANS) { CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; EVP_PKEY_free(ktri->pkey); - if (ktri->recip) - X509_free(ktri->recip); + X509_free(ktri->recip); } else if (ri->type == CMS_RECIPINFO_KEK) { CMS_KEKRecipientInfo *kekri = ri->d.kekri; if (kekri->key) { diff --git a/lib/libssl/src/crypto/cms/cms_sd.c b/lib/libssl/src/crypto/cms/cms_sd.c index f4119f7a1c0..1623126e774 100644 --- a/lib/libssl/src/crypto/cms/cms_sd.c +++ b/lib/libssl/src/crypto/cms/cms_sd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_sd.c,v 1.9 2014/11/09 19:17:13 miod Exp $ */ +/* $OpenBSD: cms_sd.c,v 1.10 2016/03/11 07:08:44 mmcc Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -498,8 +498,7 @@ CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) EVP_PKEY_free(si->pkey); si->pkey = X509_get_pubkey(signer); } - if (si->signer) - X509_free(si->signer); + X509_free(si->signer); si->signer = signer; } diff --git a/lib/libssl/src/crypto/pkcs12/p12_kiss.c b/lib/libssl/src/crypto/pkcs12/p12_kiss.c index eaaa2bc9113..df992a68fc6 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_kiss.c +++ b/lib/libssl/src/crypto/pkcs12/p12_kiss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_kiss.c,v 1.16 2014/07/11 08:44:49 jsing Exp $ */ +/* $OpenBSD: p12_kiss.c,v 1.17 2016/03/11 07:08:44 mmcc Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -149,8 +149,7 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, goto err; x = NULL; } - if (x) - X509_free(x); + X509_free(x); } if (ocerts) @@ -161,10 +160,9 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, err: if (pkey && *pkey) EVP_PKEY_free(*pkey); - if (cert && *cert) + if (cert) X509_free(*cert); - if (x) - X509_free(x); + X509_free(x); if (ocerts) sk_X509_pop_free(ocerts, X509_free); return 0; diff --git a/lib/libssl/src/crypto/ts/ts_rsp_sign.c b/lib/libssl/src/crypto/ts/ts_rsp_sign.c index 758d7473841..f9e8c53cc87 100644 --- a/lib/libssl/src/crypto/ts/ts_rsp_sign.c +++ b/lib/libssl/src/crypto/ts/ts_rsp_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_sign.c,v 1.19 2015/09/30 18:04:02 jsing Exp $ */ +/* $OpenBSD: ts_rsp_sign.c,v 1.20 2016/03/11 07:08:45 mmcc Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -185,8 +185,7 @@ TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer) TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE); return 0; } - if (ctx->signer_cert) - X509_free(ctx->signer_cert); + X509_free(ctx->signer_cert); ctx->signer_cert = signer; CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509); return 1; diff --git a/lib/libssl/src/crypto/x509/by_file.c b/lib/libssl/src/crypto/x509/by_file.c index 68920271fcd..377b3b0a8b8 100644 --- a/lib/libssl/src/crypto/x509/by_file.c +++ b/lib/libssl/src/crypto/x509/by_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_file.c,v 1.19 2015/04/11 16:03:21 deraadt Exp $ */ +/* $OpenBSD: by_file.c,v 1.20 2016/03/11 07:08:45 mmcc Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -172,8 +172,7 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) goto err; } err: - if (x != NULL) - X509_free(x); + X509_free(x); BIO_free(in); return (ret); } diff --git a/lib/libssl/src/crypto/x509/x509_vfy.c b/lib/libssl/src/crypto/x509/x509_vfy.c index c9950adb278..5c043aa7b18 100644 --- a/lib/libssl/src/crypto/x509/x509_vfy.c +++ b/lib/libssl/src/crypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.48 2015/12/14 03:38:13 beck Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.49 2016/03/11 07:08:45 mmcc Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -388,8 +388,7 @@ end: } if (sktmp != NULL) sk_X509_free(sktmp); - if (chain_ss != NULL) - X509_free(chain_ss); + X509_free(chain_ss); return ok; } diff --git a/lib/libssl/src/crypto/x509v3/pcy_tree.c b/lib/libssl/src/crypto/x509v3/pcy_tree.c index af9bf00c668..7b28acbe1f1 100644 --- a/lib/libssl/src/crypto/x509v3/pcy_tree.c +++ b/lib/libssl/src/crypto/x509v3/pcy_tree.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pcy_tree.c,v 1.15 2015/07/18 00:01:05 beck Exp $ */ +/* $OpenBSD: pcy_tree.c,v 1.16 2016/03/11 07:08:45 mmcc Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -639,8 +639,7 @@ X509_policy_tree_free(X509_POLICY_TREE *tree) sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) { - if (curr->cert) - X509_free(curr->cert); + X509_free(curr->cert); if (curr->nodes) sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c index fd26bb5a1e1..e018874f0da 100644 --- a/lib/libssl/src/ssl/d1_clnt.c +++ b/lib/libssl/src/ssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.55 2015/09/12 16:10:07 doug Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.56 2016/03/11 07:08:45 mmcc Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -697,8 +697,7 @@ dtls1_send_client_certificate(SSL *s) SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); } - if (x509 != NULL) - X509_free(x509); + X509_free(x509); EVP_PKEY_free(pkey); if (i == 0) s->s3->tmp.cert_req = 2; diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index afeb499e718..af3ba500723 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.136 2015/10/02 14:30:10 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.137 2016/03/11 07:08:45 mmcc Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1063,13 +1063,11 @@ ssl3_get_server_certificate(SSL *s) * Why would the following ever happen? * We just created sc a couple of lines ago. */ - if (sc->peer_pkeys[i].x509 != NULL) - X509_free(sc->peer_pkeys[i].x509); + X509_free(sc->peer_pkeys[i].x509); sc->peer_pkeys[i].x509 = x; sc->peer_key = &(sc->peer_pkeys[i]); - if (s->session->peer != NULL) - X509_free(s->session->peer); + X509_free(s->session->peer); CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); s->session->peer = x; s->session->verify_result = s->verify_result; @@ -2465,8 +2463,7 @@ ssl3_send_client_certificate(SSL *s) SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); } - if (x509 != NULL) - X509_free(x509); + X509_free(x509); EVP_PKEY_free(pkey); if (i == 0) s->s3->tmp.cert_req = 2; diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index c992406ca8f..10b6312834f 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.124 2016/01/27 02:06:16 beck Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.125 2016/03/11 07:08:45 mmcc Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2376,8 +2376,7 @@ ssl3_get_client_certificate(SSL *s) } } - if (s->session->peer != NULL) /* This should not be needed */ - X509_free(s->session->peer); + X509_free(s->session->peer); s->session->peer = sk_X509_shift(sk); s->session->verify_result = s->verify_result; @@ -2414,8 +2413,7 @@ f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); } err: - if (x != NULL) - X509_free(x); + X509_free(x); if (sk != NULL) sk_X509_pop_free(sk, X509_free); return (ret); diff --git a/lib/libssl/src/ssl/ssl_asn1.c b/lib/libssl/src/ssl/ssl_asn1.c index b60b3ea3f81..ee00cb286d2 100644 --- a/lib/libssl/src/ssl/ssl_asn1.c +++ b/lib/libssl/src/ssl/ssl_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_asn1.c,v 1.40 2014/12/14 15:30:50 jsing Exp $ */ +/* $OpenBSD: ssl_asn1.c,v 1.41 2016/03/11 07:08:45 mmcc Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -449,10 +449,9 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) ret->timeout = 3; /* 3 - Peer (X509). */ - if (ret->peer != NULL) { - X509_free(ret->peer); - ret->peer = NULL; - } + X509_free(ret->peer); + ret->peer = NULL; + if (c.slen != 0L && *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 3)) { c.q = c.p; diff --git a/lib/libssl/src/ssl/ssl_cert.c b/lib/libssl/src/ssl/ssl_cert.c index cdac7bdb363..7e92812e56a 100644 --- a/lib/libssl/src/ssl/ssl_cert.c +++ b/lib/libssl/src/ssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.51 2015/09/11 17:37:47 jsing Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.52 2016/03/11 07:08:45 mmcc Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -308,8 +308,7 @@ err: EC_KEY_free(ret->ecdh_tmp); for (i = 0; i < SSL_PKEY_NUM; i++) { - if (ret->pkeys[i].x509 != NULL) - X509_free(ret->pkeys[i].x509); + X509_free(ret->pkeys[i].x509); EVP_PKEY_free(ret->pkeys[i].privatekey); } free (ret); @@ -333,8 +332,7 @@ ssl_cert_free(CERT *c) EC_KEY_free(c->ecdh_tmp); for (i = 0; i < SSL_PKEY_NUM; i++) { - if (c->pkeys[i].x509 != NULL) - X509_free(c->pkeys[i].x509); + X509_free(c->pkeys[i].x509); EVP_PKEY_free(c->pkeys[i].privatekey); } @@ -400,10 +398,8 @@ ssl_sess_cert_free(SESS_CERT *sc) /* i == 0 */ if (sc->cert_chain != NULL) sk_X509_pop_free(sc->cert_chain, X509_free); - for (i = 0; i < SSL_PKEY_NUM; i++) { - if (sc->peer_pkeys[i].x509 != NULL) - X509_free(sc->peer_pkeys[i].x509); - } + for (i = 0; i < SSL_PKEY_NUM; i++) + X509_free(sc->peer_pkeys[i].x509); DH_free(sc->peer_dh_tmp); EC_KEY_free(sc->peer_ecdh_tmp); @@ -620,8 +616,7 @@ err: if (sk != NULL) sk_X509_NAME_free(sk); BIO_free(in); - if (x != NULL) - X509_free(x); + X509_free(x); if (ret != NULL) ERR_clear_error(); return (ret); @@ -679,8 +674,7 @@ err: ret = 0; } BIO_free(in); - if (x != NULL) - X509_free(x); + X509_free(x); (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); diff --git a/lib/libssl/src/ssl/ssl_rsa.c b/lib/libssl/src/ssl/ssl_rsa.c index 039bee7952b..7481524942a 100644 --- a/lib/libssl/src/ssl/ssl_rsa.c +++ b/lib/libssl/src/ssl/ssl_rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_rsa.c,v 1.20 2015/02/06 01:37:11 reyk Exp $ */ +/* $OpenBSD: ssl_rsa.c,v 1.21 2016/03/11 07:08:45 mmcc Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -122,8 +122,7 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type) ret = SSL_use_certificate(ssl, x); end: - if (x != NULL) - X509_free(x); + X509_free(x); BIO_free(in); return (ret); } @@ -409,8 +408,7 @@ ssl_set_cert(CERT *c, X509 *x) EVP_PKEY_free(pkey); - if (c->pkeys[i].x509 != NULL) - X509_free(c->pkeys[i].x509); + X509_free(c->pkeys[i].x509); CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); c->pkeys[i].x509 = x; c->key = &(c->pkeys[i]); @@ -456,8 +454,7 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) ret = SSL_CTX_use_certificate(ctx, x); end: - if (x != NULL) - X509_free(x); + X509_free(x); BIO_free(in); return (ret); } @@ -706,8 +703,7 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in) } end: - if (x != NULL) - X509_free(x); + X509_free(x); return (ret); } diff --git a/lib/libssl/src/ssl/ssl_sess.c b/lib/libssl/src/ssl/ssl_sess.c index 7052e8aa56e..16dd5c444cb 100644 --- a/lib/libssl/src/ssl/ssl_sess.c +++ b/lib/libssl/src/ssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.48 2015/09/10 17:57:50 jsing Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.49 2016/03/11 07:08:45 mmcc Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -697,8 +697,7 @@ SSL_SESSION_free(SSL_SESSION *ss) explicit_bzero(ss->session_id, sizeof ss->session_id); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); - if (ss->peer != NULL) - X509_free(ss->peer); + X509_free(ss->peer); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); free(ss->tlsext_hostname); |