src - OpenBSD base system

diff options


context:
space:
mode:

author	Michael McConville <mmcc@cvs.openbsd.org>	2016-03-11 07:08:46 +0000
committer	Michael McConville <mmcc@cvs.openbsd.org>	2016-03-11 07:08:46 +0000
commit	5314cf13de90502f145d0d5e6b46fea077878daa (patch)
tree	dcd6e6e59de3993754a35be28e4f982721dfa11a /lib/libssl
parent	d5e0e34531ac0a82cebe041321ea2feba77c572e (diff)

X509_free(3) is NULL-safe, so remove NULL checks before its calls.

ok doug@

Diffstat (limited to 'lib/libssl')

-rw-r--r--

lib/libssl/d1_clnt.c

-rw-r--r--

lib/libssl/s3_clnt.c

-rw-r--r--

lib/libssl/s3_srvr.c

-rw-r--r--

lib/libssl/ssl_asn1.c

-rw-r--r--

lib/libssl/ssl_cert.c

-rw-r--r--

lib/libssl/ssl_rsa.c

-rw-r--r--

lib/libssl/ssl_sess.c

7 files changed, 27 insertions, 45 deletions

diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c
index fd26bb5a1e1..e018874f0da 100644
--- a/lib/libssl/d1_clnt.c
+++ b/lib/libssl/d1_clnt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: d1_clnt.c,v 1.55 2015/09/12 16:10:07 doug Exp $ */

+/* $OpenBSD: d1_clnt.c,v 1.56 2016/03/11 07:08:45 mmcc Exp $ */

* DTLS implementation written by Nagendra Modadugu

* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.

@@ -697,8 +697,7 @@ dtls1_send_client_certificate(SSL *s)

SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);

}

- if (x509 != NULL)

- X509_free(x509);

+ X509_free(x509);

EVP_PKEY_free(pkey);

if (i == 0)

s->s3->tmp.cert_req = 2;

diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index afeb499e718..af3ba500723 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_clnt.c,v 1.136 2015/10/02 14:30:10 jsing Exp $ */

+/* $OpenBSD: s3_clnt.c,v 1.137 2016/03/11 07:08:45 mmcc Exp $ */

@@ -1063,13 +1063,11 @@ ssl3_get_server_certificate(SSL *s)

* Why would the following ever happen?

* We just created sc a couple of lines ago.

- if (sc->peer_pkeys[i].x509 != NULL)

- X509_free(sc->peer_pkeys[i].x509);

+ X509_free(sc->peer_pkeys[i].x509);

sc->peer_pkeys[i].x509 = x;

sc->peer_key = &(sc->peer_pkeys[i]);

- if (s->session->peer != NULL)

- X509_free(s->session->peer);

+ X509_free(s->session->peer);

CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);

s->session->peer = x;

s->session->verify_result = s->verify_result;

@@ -2465,8 +2463,7 @@ ssl3_send_client_certificate(SSL *s)

SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);

}

- if (x509 != NULL)

- X509_free(x509);

+ X509_free(x509);

EVP_PKEY_free(pkey);

if (i == 0)

s->s3->tmp.cert_req = 2;

diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index c992406ca8f..10b6312834f 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_srvr.c,v 1.124 2016/01/27 02:06:16 beck Exp $ */

+/* $OpenBSD: s3_srvr.c,v 1.125 2016/03/11 07:08:45 mmcc Exp $ */

@@ -2376,8 +2376,7 @@ ssl3_get_client_certificate(SSL *s)

}

- if (s->session->peer != NULL) /* This should not be needed */

- X509_free(s->session->peer);

+ X509_free(s->session->peer);

s->session->peer = sk_X509_shift(sk);

s->session->verify_result = s->verify_result;

@@ -2414,8 +2413,7 @@ f_err:

ssl3_send_alert(s, SSL3_AL_FATAL, al);

}

err:

- if (x != NULL)

- X509_free(x);

+ X509_free(x);

if (sk != NULL)

sk_X509_pop_free(sk, X509_free);

return (ret);

diff --git a/lib/libssl/ssl_asn1.c b/lib/libssl/ssl_asn1.c
index b60b3ea3f81..ee00cb286d2 100644
--- a/lib/libssl/ssl_asn1.c
+++ b/lib/libssl/ssl_asn1.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_asn1.c,v 1.40 2014/12/14 15:30:50 jsing Exp $ */

+/* $OpenBSD: ssl_asn1.c,v 1.41 2016/03/11 07:08:45 mmcc Exp $ */

@@ -449,10 +449,9 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)

ret->timeout = 3;

/* 3 - Peer (X509). */

- if (ret->peer != NULL) {

- X509_free(ret->peer);

- ret->peer = NULL;

- }

+ X509_free(ret->peer);

+ ret->peer = NULL;

if (c.slen != 0L &&

*c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 3)) {

c.q = c.p;

diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c
index cdac7bdb363..7e92812e56a 100644
--- a/lib/libssl/ssl_cert.c
+++ b/lib/libssl/ssl_cert.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_cert.c,v 1.51 2015/09/11 17:37:47 jsing Exp $ */

+/* $OpenBSD: ssl_cert.c,v 1.52 2016/03/11 07:08:45 mmcc Exp $ */

@@ -308,8 +308,7 @@ err:

EC_KEY_free(ret->ecdh_tmp);

for (i = 0; i < SSL_PKEY_NUM; i++) {

- if (ret->pkeys[i].x509 != NULL)

- X509_free(ret->pkeys[i].x509);

+ X509_free(ret->pkeys[i].x509);

EVP_PKEY_free(ret->pkeys[i].privatekey);

}

free (ret);

@@ -333,8 +332,7 @@ ssl_cert_free(CERT *c)

EC_KEY_free(c->ecdh_tmp);

for (i = 0; i < SSL_PKEY_NUM; i++) {

- if (c->pkeys[i].x509 != NULL)

- X509_free(c->pkeys[i].x509);

+ X509_free(c->pkeys[i].x509);

EVP_PKEY_free(c->pkeys[i].privatekey);

}

@@ -400,10 +398,8 @@ ssl_sess_cert_free(SESS_CERT *sc)

/* i == 0 */

if (sc->cert_chain != NULL)

sk_X509_pop_free(sc->cert_chain, X509_free);

- for (i = 0; i < SSL_PKEY_NUM; i++) {

- if (sc->peer_pkeys[i].x509 != NULL)

- X509_free(sc->peer_pkeys[i].x509);

- }

+ for (i = 0; i < SSL_PKEY_NUM; i++)

+ X509_free(sc->peer_pkeys[i].x509);

DH_free(sc->peer_dh_tmp);

EC_KEY_free(sc->peer_ecdh_tmp);

@@ -620,8 +616,7 @@ err:

if (sk != NULL)

sk_X509_NAME_free(sk);

BIO_free(in);

- if (x != NULL)

- X509_free(x);

+ X509_free(x);

if (ret != NULL)

ERR_clear_error();

return (ret);

@@ -679,8 +674,7 @@ err:

ret = 0;

}

BIO_free(in);

- if (x != NULL)

- X509_free(x);

+ X509_free(x);

(void)sk_X509_NAME_set_cmp_func(stack, oldcmp);

diff --git a/lib/libssl/ssl_rsa.c b/lib/libssl/ssl_rsa.c
index 039bee7952b..7481524942a 100644
--- a/lib/libssl/ssl_rsa.c
+++ b/lib/libssl/ssl_rsa.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_rsa.c,v 1.20 2015/02/06 01:37:11 reyk Exp $ */

+/* $OpenBSD: ssl_rsa.c,v 1.21 2016/03/11 07:08:45 mmcc Exp $ */

@@ -122,8 +122,7 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type)

ret = SSL_use_certificate(ssl, x);

end:

- if (x != NULL)

- X509_free(x);

+ X509_free(x);

BIO_free(in);

return (ret);

}

@@ -409,8 +408,7 @@ ssl_set_cert(CERT *c, X509 *x)

EVP_PKEY_free(pkey);

- if (c->pkeys[i].x509 != NULL)

- X509_free(c->pkeys[i].x509);

+ X509_free(c->pkeys[i].x509);

CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);

c->pkeys[i].x509 = x;

c->key = &(c->pkeys[i]);

@@ -456,8 +454,7 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)

ret = SSL_CTX_use_certificate(ctx, x);

end:

- if (x != NULL)

- X509_free(x);

+ X509_free(x);

BIO_free(in);

return (ret);

}

@@ -706,8 +703,7 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)

}

end:

- if (x != NULL)

- X509_free(x);

+ X509_free(x);

return (ret);

}

diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index 7052e8aa56e..16dd5c444cb 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_sess.c,v 1.48 2015/09/10 17:57:50 jsing Exp $ */

+/* $OpenBSD: ssl_sess.c,v 1.49 2016/03/11 07:08:45 mmcc Exp $ */

@@ -697,8 +697,7 @@ SSL_SESSION_free(SSL_SESSION *ss)

explicit_bzero(ss->session_id, sizeof ss->session_id);

if (ss->sess_cert != NULL)

ssl_sess_cert_free(ss->sess_cert);

- if (ss->peer != NULL)

- X509_free(ss->peer);

+ X509_free(ss->peer);

if (ss->ciphers != NULL)

sk_SSL_CIPHER_free(ss->ciphers);

free(ss->tlsext_hostname);