diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2014-06-07 14:10:36 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-06-07 14:10:36 +0000 |
commit | 2a4c7be9e03b4902fd9aa64d0cb8817e519b2bd3 (patch) | |
tree | 0df64ad16139e60a57eac59781f50a3ec08a3462 /lib | |
parent | 56d5e81b5bc6cfaeab3002af4692f2cc26869fc6 (diff) |
The DH_free, EC_KEY_free, EVP_PKEY_free and RSA_free functions all have
implicit NULL checks, so there is no point ensuring that the pointer is
non-NULL before calling them.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libssl/d1_clnt.c | 10 | ||||
-rw-r--r-- | lib/libssl/s3_clnt.c | 21 | ||||
-rw-r--r-- | lib/libssl/s3_lib.c | 41 | ||||
-rw-r--r-- | lib/libssl/s3_srvr.c | 17 | ||||
-rw-r--r-- | lib/libssl/ssl_cert.c | 34 |
5 files changed, 44 insertions, 79 deletions
diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c index ef4a74e0af3..8ff4d8e3694 100644 --- a/lib/libssl/d1_clnt.c +++ b/lib/libssl/d1_clnt.c @@ -1211,8 +1211,7 @@ dtls1_send_client_key_exchange(SSL *s) /* Free allocated memory */ BN_CTX_free(bn_ctx); free(encodedPoint); - if (clnt_ecdh != NULL) - EC_KEY_free(clnt_ecdh); + EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); } @@ -1321,11 +1320,11 @@ psk_err: /* SSL3_ST_CW_KEY_EXCH_B */ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); + err: BN_CTX_free(bn_ctx); free(encodedPoint); - if (clnt_ecdh != NULL) - EC_KEY_free(clnt_ecdh); + EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); return (-1); } @@ -1447,8 +1446,7 @@ dtls1_send_client_certificate(SSL *s) if (x509 != NULL) X509_free(x509); - if (pkey != NULL) - EVP_PKEY_free(pkey); + EVP_PKEY_free(pkey); if (i == 0) { if (s->version == SSL3_VERSION) { s->s3->tmp.cert_req = 0; diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index d1455cffc11..f2c7dd24421 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1674,14 +1674,11 @@ f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: EVP_PKEY_free(pkey); - if (rsa != NULL) - RSA_free(rsa); - if (dh != NULL) - DH_free(dh); + RSA_free(rsa); + DH_free(dh); BN_CTX_free(bn_ctx); EC_POINT_free(srvr_ecpoint); - if (ecdh != NULL) - EC_KEY_free(ecdh); + EC_KEY_free(ecdh); EVP_MD_CTX_cleanup(&md_ctx); return (-1); } @@ -2333,8 +2330,7 @@ ssl3_send_client_key_exchange(SSL *s) /* Free allocated memory */ BN_CTX_free(bn_ctx); free(encodedPoint); - if (clnt_ecdh != NULL) - EC_KEY_free(clnt_ecdh); + EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); } else if (alg_k & SSL_kGOST) { /* GOST key exchange message creation */ @@ -2444,7 +2440,7 @@ ssl3_send_client_key_exchange(SSL *s) s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, premaster_secret, 32); - EVP_PKEY_free(pub_key); + EVP_PKEY_free(pub_key); } #ifndef OPENSSL_NO_PSK @@ -2543,11 +2539,11 @@ psk_err: /* SSL3_ST_CW_KEY_EXCH_B */ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); + err: BN_CTX_free(bn_ctx); free(encodedPoint); - if (clnt_ecdh != NULL) - EC_KEY_free(clnt_ecdh); + EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); return (-1); } @@ -2726,8 +2722,7 @@ ssl3_send_client_certificate(SSL *s) if (x509 != NULL) X509_free(x509); - if (pkey != NULL) - EVP_PKEY_free(pkey); + EVP_PKEY_free(pkey); if (i == 0) { if (s->version == SSL3_VERSION) { s->s3->tmp.cert_req = 0; diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 3b6eefd99b8..d8066720f9e 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -2333,16 +2333,13 @@ ssl3_free(SSL *s) if (s->s3->wbuf.buf != NULL) ssl3_release_write_buffer(s); free(s->s3->rrec.comp); - if (s->s3->tmp.dh != NULL) - DH_free(s->s3->tmp.dh); - if (s->s3->tmp.ecdh != NULL) - EC_KEY_free(s->s3->tmp.ecdh); + DH_free(s->s3->tmp.dh); + EC_KEY_free(s->s3->tmp.ecdh); if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); - if (s->s3->handshake_buffer) { + if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer); - } if (s->s3->handshake_dgst) ssl3_free_digest_list(s); OPENSSL_cleanse(s->s3, sizeof *s->s3); @@ -2371,14 +2368,11 @@ ssl3_clear(SSL *s) free(s->s3->rrec.comp); s->s3->rrec.comp = NULL; - if (s->s3->tmp.dh != NULL) { - DH_free(s->s3->tmp.dh); - s->s3->tmp.dh = NULL; - } - if (s->s3->tmp.ecdh != NULL) { - EC_KEY_free(s->s3->tmp.ecdh); - s->s3->tmp.ecdh = NULL; - } + DH_free(s->s3->tmp.dh); + s->s3->tmp.dh = NULL; + EC_KEY_free(s->s3->tmp.ecdh); + s->s3->tmp.ecdh = NULL; + s->s3->is_probably_safari = 0; rp = s->s3->rbuf.buf; @@ -2470,8 +2464,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ERR_R_RSA_LIB); return (ret); } - if (s->cert->rsa_tmp != NULL) - RSA_free(s->cert->rsa_tmp); + RSA_free(s->cert->rsa_tmp); s->cert->rsa_tmp = rsa; ret = 1; } @@ -2504,8 +2497,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (ret); } } - if (s->cert->dh_tmp != NULL) - DH_free(s->cert->dh_tmp); + DH_free(s->cert->dh_tmp); s->cert->dh_tmp = dh; ret = 1; } @@ -2540,8 +2532,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (ret); } } - if (s->cert->ecdh_tmp != NULL) - EC_KEY_free(s->cert->ecdh_tmp); + EC_KEY_free(s->cert->ecdh_tmp); s->cert->ecdh_tmp = ecdh; ret = 1; } @@ -2729,8 +2720,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ERR_R_RSA_LIB); return (0); } else { - if (cert->rsa_tmp != NULL) - RSA_free(cert->rsa_tmp); + RSA_free(cert->rsa_tmp); cert->rsa_tmp = rsa; return (1); } @@ -2761,8 +2751,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return 0; } } - if (cert->dh_tmp != NULL) - DH_free(cert->dh_tmp); + DH_free(cert->dh_tmp); cert->dh_tmp = new; return 1; } @@ -2798,9 +2787,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) } } - if (cert->ecdh_tmp != NULL) { - EC_KEY_free(cert->ecdh_tmp); - } + EC_KEY_free(cert->ecdh_tmp); cert->ecdh_tmp = ecdh; return 1; } diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 552f8290b5f..bd22569ef0a 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -866,14 +866,10 @@ ssl3_check_client_hello(SSL *s) * which will now be aborted. (A full SSL_clear would be too * much.) */ - if (s->s3->tmp.dh != NULL) { - DH_free(s->s3->tmp.dh); - s->s3->tmp.dh = NULL; - } - if (s->s3->tmp.ecdh != NULL) { - EC_KEY_free(s->s3->tmp.ecdh); - s->s3->tmp.ecdh = NULL; - } + DH_free(s->s3->tmp.dh); + s->s3->tmp.dh = NULL; + EC_KEY_free(s->s3->tmp.ecdh); + s->s3->tmp.ecdh = NULL; s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; return (2); } @@ -2465,7 +2461,7 @@ ssl3_get_client_key_exchange(SSL *s) ret = 2; else ret = 1; - gerr: +gerr: EVP_PKEY_free(client_pub_pkey); EVP_PKEY_CTX_free(pkey_ctx); if (ret) @@ -2485,8 +2481,7 @@ f_err: err: EVP_PKEY_free(clnt_pub_pkey); EC_POINT_free(clnt_ecpoint); - if (srvr_ecdh != NULL) - EC_KEY_free(srvr_ecdh); + EC_KEY_free(srvr_ecdh); BN_CTX_free(bn_ctx); return (-1); } diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index 4c3af758694..44efb64deac 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -299,18 +299,14 @@ ssl_cert_dup(CERT *cert) return (ret); err: - if (ret->rsa_tmp != NULL) - RSA_free(ret->rsa_tmp); - if (ret->dh_tmp != NULL) - DH_free(ret->dh_tmp); - if (ret->ecdh_tmp != NULL) - EC_KEY_free(ret->ecdh_tmp); + RSA_free(ret->rsa_tmp); + DH_free(ret->dh_tmp); + EC_KEY_free(ret->ecdh_tmp); for (i = 0; i < SSL_PKEY_NUM; i++) { if (ret->pkeys[i].x509 != NULL) X509_free(ret->pkeys[i].x509); - if (ret->pkeys[i].privatekey != NULL) - EVP_PKEY_free(ret->pkeys[i].privatekey); + EVP_PKEY_free(ret->pkeys[i].privatekey); } return NULL; @@ -329,19 +325,16 @@ ssl_cert_free(CERT *c) if (i > 0) return; - if (c->rsa_tmp) - RSA_free(c->rsa_tmp); - if (c->dh_tmp) - DH_free(c->dh_tmp); - if (c->ecdh_tmp) - EC_KEY_free(c->ecdh_tmp); + RSA_free(c->rsa_tmp); + DH_free(c->dh_tmp); + EC_KEY_free(c->ecdh_tmp); for (i = 0; i < SSL_PKEY_NUM; i++) { if (c->pkeys[i].x509 != NULL) X509_free(c->pkeys[i].x509); - if (c->pkeys[i].privatekey != NULL) - EVP_PKEY_free(c->pkeys[i].privatekey); + EVP_PKEY_free(c->pkeys[i].privatekey); } + free(c); } @@ -408,12 +401,9 @@ ssl_sess_cert_free(SESS_CERT *sc) X509_free(sc->peer_pkeys[i].x509); } - if (sc->peer_rsa_tmp != NULL) - RSA_free(sc->peer_rsa_tmp); - if (sc->peer_dh_tmp != NULL) - DH_free(sc->peer_dh_tmp); - if (sc->peer_ecdh_tmp != NULL) - EC_KEY_free(sc->peer_ecdh_tmp); + RSA_free(sc->peer_rsa_tmp); + DH_free(sc->peer_dh_tmp); + EC_KEY_free(sc->peer_ecdh_tmp); free(sc); } |