diff options
Diffstat (limited to 'lib/libssl')
| -rw-r--r-- | lib/libssl/bio_ssl.c | 3 | ||||
| -rw-r--r-- | lib/libssl/d1_both.c | 9 | ||||
| -rw-r--r-- | lib/libssl/d1_clnt.c | 15 | ||||
| -rw-r--r-- | lib/libssl/d1_lib.c | 8 | ||||
| -rw-r--r-- | lib/libssl/d1_pkt.c | 6 | ||||
| -rw-r--r-- | lib/libssl/s3_both.c | 12 | ||||
| -rw-r--r-- | lib/libssl/s3_clnt.c | 27 | ||||
| -rw-r--r-- | lib/libssl/s3_lib.c | 39 | ||||
| -rw-r--r-- | lib/libssl/s3_srvr.c | 9 | ||||
| -rw-r--r-- | lib/libssl/ssl_lib.c | 30 | ||||
| -rw-r--r-- | lib/libssl/ssl_sess.c | 30 | ||||
| -rw-r--r-- | lib/libssl/t1_enc.c | 6 | ||||
| -rw-r--r-- | lib/libssl/t1_lib.c | 50 |
13 files changed, 84 insertions, 160 deletions
diff --git a/lib/libssl/bio_ssl.c b/lib/libssl/bio_ssl.c index 5b14ea3824f..8ffbe0a67aa 100644 --- a/lib/libssl/bio_ssl.c +++ b/lib/libssl/bio_ssl.c @@ -132,8 +132,7 @@ ssl_free(BIO *a) a->init = 0; a->flags = 0; } - if (a->ptr != NULL) - free(a->ptr); + free(a->ptr); return (1); } diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c index 0e328256959..59987bc1d8a 100644 --- a/lib/libssl/d1_both.c +++ b/lib/libssl/d1_both.c @@ -200,8 +200,7 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) if (reassembly) { bitmask = malloc(RSMBLY_BITMASK_SIZE(frag_len)); if (bitmask == NULL) { - if (buf != NULL) - free(buf); + free(buf); free(frag); return NULL; } @@ -223,10 +222,8 @@ dtls1_hm_fragment_free(hm_fragment *frag) EVP_MD_CTX_destroy( frag->msg_header.saved_retransmit_state.write_hash); } - if (frag->fragment) - free(frag->fragment); - if (frag->reassembly) - free(frag->reassembly); + free(frag->fragment); + free(frag->reassembly); free(frag); } diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c index 8f304a75ff8..d82b099e083 100644 --- a/lib/libssl/d1_clnt.c +++ b/lib/libssl/d1_clnt.c @@ -1231,8 +1231,7 @@ dtls1_send_client_key_exchange(SSL *s) /* Free allocated memory */ BN_CTX_free(bn_ctx); - if (encodedPoint != NULL) - free(encodedPoint); + free(encodedPoint); if (clnt_ecdh != NULL) EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); @@ -1277,9 +1276,9 @@ dtls1_send_client_key_exchange(SSL *s) t += psk_len; s2n(psk_len, t); - if (s->session->psk_identity_hint != NULL) - free(s->session->psk_identity_hint); - s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); + free(s->session->psk_identity_hint); + s->session->psk_identity_hint = + BUF_strdup(s->ctx->psk_identity_hint); if (s->ctx->psk_identity_hint != NULL && s->session->psk_identity_hint == NULL) { SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, @@ -1287,8 +1286,7 @@ dtls1_send_client_key_exchange(SSL *s) goto psk_err; } - if (s->session->psk_identity != NULL) - free(s->session->psk_identity); + free(s->session->psk_identity); s->session->psk_identity = BUF_strdup(identity); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, @@ -1344,8 +1342,7 @@ psk_err: err: #ifndef OPENSSL_NO_ECDH BN_CTX_free(bn_ctx); - if (encodedPoint != NULL) - free(encodedPoint); + free(encodedPoint); if (clnt_ecdh != NULL) EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c index f0b9c1920aa..87bc9b68c6b 100644 --- a/lib/libssl/d1_lib.c +++ b/lib/libssl/d1_lib.c @@ -149,18 +149,14 @@ dtls1_clear_queues(SSL *s) while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *) item->data; - if (rdata->rbuf.buf) { - free(rdata->rbuf.buf); - } + free(rdata->rbuf.buf); free(item->data); pitem_free(item); } while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *) item->data; - if (rdata->rbuf.buf) { - free(rdata->rbuf.buf); - } + free(rdata->rbuf.buf); free(item->data); pitem_free(item); } diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index c855d0e2a61..db898f507a4 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -197,8 +197,7 @@ dtls1_copy_record(SSL *s, pitem *item) rdata = (DTLS1_RECORD_DATA *)item->data; - if (s->s3->rbuf.buf != NULL) - free(s->s3->rbuf.buf); + free(s->s3->rbuf.buf); s->packet = rdata->packet; s->packet_length = rdata->packet_length; @@ -349,8 +348,7 @@ dtls1_get_buffered_record(SSL *s) item = pqueue_pop(s->d1->rcvd_records); rdata = (DTLS1_RECORD_DATA *)item->data; - if (s->s3->rbuf.buf != NULL) - free(s->s3->rbuf.buf); + free(s->s3->rbuf.buf); s->packet = rdata->packet; s->packet_length = rdata->packet_length; diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c index 9dcdd7b998f..f1d686b56f6 100644 --- a/lib/libssl/s3_both.c +++ b/lib/libssl/s3_both.c @@ -719,20 +719,16 @@ ssl3_setup_buffers(SSL *s) int ssl3_release_write_buffer(SSL *s) { - if (s->s3->wbuf.buf != NULL) { - free(s->s3->wbuf.buf); - s->s3->wbuf.buf = NULL; - } + free(s->s3->wbuf.buf); + s->s3->wbuf.buf = NULL; return 1; } int ssl3_release_read_buffer(SSL *s) { - if (s->s3->rbuf.buf != NULL) { - free(s->s3->rbuf.buf); - s->s3->rbuf.buf = NULL; - } + free(s->s3->rbuf.buf); + s->s3->rbuf.buf = NULL; return 1; } diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 863a05adb32..ffbd83b060b 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1292,8 +1292,7 @@ ssl3_get_key_exchange(SSL *s) */ if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) { s->session->sess_cert = ssl_sess_cert_new(); - if (s->ctx->psk_identity_hint) - free(s->ctx->psk_identity_hint); + free(s->ctx->psk_identity_hint); s->ctx->psk_identity_hint = NULL; } #endif @@ -1360,8 +1359,7 @@ ssl3_get_key_exchange(SSL *s) */ memcpy(tmp_id_hint, p, i); memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); - if (s->ctx->psk_identity_hint != NULL) - free(s->ctx->psk_identity_hint); + free(s->ctx->psk_identity_hint); s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); if (s->ctx->psk_identity_hint == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, @@ -1952,10 +1950,8 @@ ssl3_get_new_session_ticket(SSL *s) SSL_R_LENGTH_MISMATCH); goto f_err; } - if (s->session->tlsext_tick) { - free(s->session->tlsext_tick); - s->session->tlsext_ticklen = 0; - } + free(s->session->tlsext_tick); + s->session->tlsext_ticklen = 0; s->session->tlsext_tick = malloc(ticklen); if (!s->session->tlsext_tick) { SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, @@ -2024,8 +2020,7 @@ ssl3_get_cert_status(SSL *s) SSL_R_LENGTH_MISMATCH); goto f_err; } - if (s->tlsext_ocsp_resp) - free(s->tlsext_ocsp_resp); + free(s->tlsext_ocsp_resp); s->tlsext_ocsp_resp = BUF_memdup(p, resplen); if (!s->tlsext_ocsp_resp) { al = SSL_AD_INTERNAL_ERROR; @@ -2399,8 +2394,7 @@ ssl3_send_client_key_exchange(SSL *s) /* Free allocated memory */ BN_CTX_free(bn_ctx); - if (encodedPoint != NULL) - free(encodedPoint); + free(encodedPoint); if (clnt_ecdh != NULL) EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); @@ -2551,8 +2545,7 @@ ssl3_send_client_key_exchange(SSL *s) t += psk_len; s2n(psk_len, t); - if (s->session->psk_identity_hint != NULL) - free(s->session->psk_identity_hint); + free(s->session->psk_identity_hint); s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); if (s->ctx->psk_identity_hint != NULL && @@ -2562,8 +2555,7 @@ ssl3_send_client_key_exchange(SSL *s) goto psk_err; } - if (s->session->psk_identity != NULL) - free(s->session->psk_identity); + free(s->session->psk_identity); s->session->psk_identity = BUF_strdup(identity); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, @@ -2613,8 +2605,7 @@ ssl3_send_client_key_exchange(SSL *s) err: #ifndef OPENSSL_NO_ECDH BN_CTX_free(bn_ctx); - if (encodedPoint != NULL) - free(encodedPoint); + free(encodedPoint); if (clnt_ecdh != NULL) EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index d8a186040b8..2f4ab388631 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -2332,10 +2332,8 @@ ssl3_free(SSL *s) return; #ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL) - free(s->s3->client_opaque_prf_input); - if (s->s3->server_opaque_prf_input != NULL) - free(s->s3->server_opaque_prf_input); + free(s->s3->client_opaque_prf_input); + free(s->s3->server_opaque_prf_input); #endif ssl3_cleanup_key_block(s); @@ -2343,8 +2341,7 @@ ssl3_free(SSL *s) ssl3_release_read_buffer(s); if (s->s3->wbuf.buf != NULL) ssl3_release_write_buffer(s); - if (s->s3->rrec.comp != NULL) - free(s->s3->rrec.comp); + free(s->s3->rrec.comp); #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) DH_free(s->s3->tmp.dh); @@ -2374,11 +2371,9 @@ ssl3_clear(SSL *s) int init_extra; #ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL) - free(s->s3->client_opaque_prf_input); + free(s->s3->client_opaque_prf_input); s->s3->client_opaque_prf_input = NULL; - if (s->s3->server_opaque_prf_input != NULL) - free(s->s3->server_opaque_prf_input); + free(s->s3->server_opaque_prf_input); s->s3->server_opaque_prf_input = NULL; #endif @@ -2386,10 +2381,9 @@ ssl3_clear(SSL *s) if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); - if (s->s3->rrec.comp != NULL) { - free(s->s3->rrec.comp); - s->s3->rrec.comp = NULL; - } + free(s->s3->rrec.comp); + s->s3->rrec.comp = NULL; + #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) { DH_free(s->s3->tmp.dh); @@ -2437,11 +2431,9 @@ ssl3_clear(SSL *s) s->version = SSL3_VERSION; #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) - if (s->next_proto_negotiated) { - free(s->next_proto_negotiated); - s->next_proto_negotiated = NULL; - s->next_proto_negotiated_len = 0; - } + free(s->next_proto_negotiated); + s->next_proto_negotiated = NULL; + s->next_proto_negotiated_len = 0; #endif } @@ -2589,8 +2581,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_HOSTNAME: if (larg == TLSEXT_NAMETYPE_host_name) { - if (s->tlsext_hostname != NULL) - free(s->tlsext_hostname); + free(s->tlsext_hostname); s->tlsext_hostname = NULL; ret = 1; @@ -2630,8 +2621,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); break; } - if (s->tlsext_opaque_prf_input != NULL) - free(s->tlsext_opaque_prf_input); + free(s->tlsext_opaque_prf_input); if ((size_t)larg == 0) { s->tlsext_opaque_prf_input = NULL; s->tlsext_opaque_prf_input_len = 0; @@ -2678,8 +2668,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return s->tlsext_ocsp_resplen; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: - if (s->tlsext_ocsp_resp) - free(s->tlsext_ocsp_resp); + free(s->tlsext_ocsp_resp); s->tlsext_ocsp_resp = parg; s->tlsext_ocsp_resplen = larg; ret = 1; diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 521f6a21e81..c16f7bb2ef7 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1927,8 +1927,7 @@ f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: #ifndef OPENSSL_NO_ECDH - if (encodedPoint != NULL) - free(encodedPoint); + free(encodedPoint); BN_CTX_free(bn_ctx); #endif EVP_MD_CTX_cleanup(&md_ctx); @@ -2435,8 +2434,7 @@ ssl3_get_client_key_exchange(SSL *s) t += psk_len; s2n(psk_len, t); - if (s->session->psk_identity != NULL) - free(s->session->psk_identity); + free(s->session->psk_identity); s->session->psk_identity = BUF_strdup((char *)p); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, @@ -2444,8 +2442,7 @@ ssl3_get_client_key_exchange(SSL *s) goto psk_err; } - if (s->session->psk_identity_hint != NULL) - free(s->session->psk_identity_hint); + free(s->session->psk_identity_hint); s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); if (s->ctx->psk_identity_hint != NULL && s->session->psk_identity_hint == NULL) { diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index e607060d427..bf983542941 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -549,25 +549,20 @@ SSL_free(SSL *s) /* Free up if allocated */ #ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_hostname) - free(s->tlsext_hostname); + free(s->tlsext_hostname); if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); #ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist) - free(s->tlsext_ecpointformatlist); - if (s->tlsext_ellipticcurvelist) - free(s->tlsext_ellipticcurvelist); + free(s->tlsext_ecpointformatlist); + free(s->tlsext_ellipticcurvelist); #endif /* OPENSSL_NO_EC */ - if (s->tlsext_opaque_prf_input) - free(s->tlsext_opaque_prf_input); + free(s->tlsext_opaque_prf_input); if (s->tlsext_ocsp_exts) sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); if (s->tlsext_ocsp_ids) sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); - if (s->tlsext_ocsp_resp) - free(s->tlsext_ocsp_resp); + free(s->tlsext_ocsp_resp); #endif if (s->client_CA != NULL) @@ -581,8 +576,7 @@ SSL_free(SSL *s) #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) - if (s->next_proto_negotiated) - free(s->next_proto_negotiated); + free(s->next_proto_negotiated); #endif #ifndef OPENSSL_NO_SRTP @@ -1893,7 +1887,8 @@ SSL_CTX_new(const SSL_METHOD *meth) #if 0 static void SSL_COMP_free(SSL_COMP *comp) - { free(comp); +{ + free(comp); } #endif @@ -1954,8 +1949,7 @@ SSL_CTX_free(SSL_CTX *a) #endif #ifndef OPENSSL_NO_PSK - if (a->psk_identity_hint) - free(a->psk_identity_hint); + free(a->psk_identity_hint); #endif #ifndef OPENSSL_NO_ENGINE if (a->client_cert_engine) @@ -3129,8 +3123,7 @@ SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) SSL_R_DATA_LENGTH_TOO_LONG); return (0); } - if (ctx->psk_identity_hint != NULL) - free(ctx->psk_identity_hint); + free(ctx->psk_identity_hint); if (identity_hint != NULL) { ctx->psk_identity_hint = BUF_strdup(identity_hint); if (ctx->psk_identity_hint == NULL) @@ -3155,8 +3148,7 @@ SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) SSL_R_DATA_LENGTH_TOO_LONG); return (0); } - if (s->session->psk_identity_hint != NULL) - free(s->session->psk_identity_hint); + free(s->session->psk_identity_hint); if (identity_hint != NULL) { s->session->psk_identity_hint = BUF_strdup(identity_hint); if (s->session->psk_identity_hint == NULL) diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index 05c6948efcb..632d6a68600 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -366,8 +366,7 @@ ssl_get_new_session(SSL *s, int session) } #ifndef OPENSSL_NO_EC if (s->tlsext_ecpointformatlist) { - if (ss->tlsext_ecpointformatlist != NULL) - free(ss->tlsext_ecpointformatlist); + free(ss->tlsext_ecpointformatlist); if ((ss->tlsext_ecpointformatlist = malloc(s->tlsext_ecpointformatlist_length)) == NULL) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); SSL_SESSION_free(ss); @@ -377,8 +376,7 @@ ssl_get_new_session(SSL *s, int session) memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); } if (s->tlsext_ellipticcurvelist) { - if (ss->tlsext_ellipticcurvelist != NULL) - free(ss->tlsext_ellipticcurvelist); + free(ss->tlsext_ellipticcurvelist); if ((ss->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); SSL_SESSION_free(ss); @@ -704,24 +702,18 @@ SSL_SESSION_free(SSL_SESSION *ss) if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); #ifndef OPENSSL_NO_TLSEXT - if (ss->tlsext_hostname != NULL) - free(ss->tlsext_hostname); - if (ss->tlsext_tick != NULL) - free(ss->tlsext_tick); + free(ss->tlsext_hostname); + free(ss->tlsext_tick); #ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; - if (ss->tlsext_ecpointformatlist != NULL) - free(ss->tlsext_ecpointformatlist); + free(ss->tlsext_ecpointformatlist); ss->tlsext_ellipticcurvelist_length = 0; - if (ss->tlsext_ellipticcurvelist != NULL) - free(ss->tlsext_ellipticcurvelist); + free(ss->tlsext_ellipticcurvelist); #endif /* OPENSSL_NO_EC */ #endif #ifndef OPENSSL_NO_PSK - if (ss->psk_identity_hint != NULL) - free(ss->psk_identity_hint); - if (ss->psk_identity != NULL) - free(ss->psk_identity); + free(ss->psk_identity_hint); + free(ss->psk_identity); #endif OPENSSL_cleanse(ss, sizeof(*ss)); free(ss); @@ -874,11 +866,7 @@ int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) { if (s->version >= TLS1_VERSION) { - if (s->tlsext_session_ticket) { - free(s->tlsext_session_ticket); - s->tlsext_session_ticket = NULL; - } - + free(s->tlsext_session_ticket); s->tlsext_session_ticket = malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); if (!s->tlsext_session_ticket) { SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index a9be8bdb4c4..7b4afa4d279 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1019,10 +1019,8 @@ err2: SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE); rv = 0; ret: - if (buff != NULL) - free(buff); - if (val != NULL) - free(val); + free(buff); + free(val); return (rv); } diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index c45708bf78d..205c2558fb5 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -163,9 +163,7 @@ void tls1_free(SSL *s) { #ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_session_ticket) { - free(s->tlsext_session_ticket); - } + free(s->tlsext_session_ticket); #endif /* OPENSSL_NO_TLSEXT */ ssl3_free(s); } @@ -1082,10 +1080,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, return 0; } if (!s->hit) { - if (s->session->tlsext_ecpointformatlist) { - free(s->session->tlsext_ecpointformatlist); - s->session->tlsext_ecpointformatlist = NULL; - } + free(s->session->tlsext_ecpointformatlist); s->session->tlsext_ecpointformatlist_length = 0; if ((s->session->tlsext_ecpointformatlist = malloc(ecpointformatlist_length)) == NULL) { @@ -1151,8 +1146,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, return 0; } - if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ - free(s->s3->client_opaque_prf_input); + free(s->s3->client_opaque_prf_input); + if (s->s3->client_opaque_prf_input_len == 0) s->s3->client_opaque_prf_input = NULL; else { @@ -1413,8 +1408,8 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, return 0; } s->session->tlsext_ecpointformatlist_length = 0; - if (s->session->tlsext_ecpointformatlist != NULL) - free(s->session->tlsext_ecpointformatlist); + + free(s->session->tlsext_ecpointformatlist); if ((s->session->tlsext_ecpointformatlist = malloc(ecpointformatlist_length)) == NULL) { *al = TLS1_AD_INTERNAL_ERROR; @@ -1458,14 +1453,13 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, return 0; } - if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ - free(s->s3->server_opaque_prf_input); - if (s->s3->server_opaque_prf_input_len == 0) - s->s3->server_opaque_prf_input = NULL; - else { + free(s->s3->server_opaque_prf_input); + s->s3->server_opaque_prf_input = NULL; + + if (s->s3->server_opaque_prf_input_len != 0) s->s3->server_opaque_prf_input = BUF_memdup(sdata, - s->s3->server_opaque_prf_input_len); + s->s3->server_opaque_prf_input_len); if (s->s3->server_opaque_prf_input == NULL) { *al = TLS1_AD_INTERNAL_ERROR; return 0; @@ -1600,8 +1594,7 @@ ssl_prepare_clienthello_tlsext(SSL *s) } using_ecc = using_ecc && (s->version >= TLS1_VERSION); if (using_ecc) { - if (s->tlsext_ecpointformatlist != NULL) - free(s->tlsext_ecpointformatlist); + free(s->tlsext_ecpointformatlist); if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); @@ -1613,8 +1606,7 @@ ssl_prepare_clienthello_tlsext(SSL *s) s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ - if (s->tlsext_ellipticcurvelist != NULL) - free(s->tlsext_ellipticcurvelist); + free(s->tlsext_ellipticcurvelist); s->tlsext_ellipticcurvelist_length = sizeof(pref_list) / sizeof(pref_list[0]) * 2; if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { s->tlsext_ellipticcurvelist_length = 0; @@ -1640,9 +1632,7 @@ ssl_prepare_clienthello_tlsext(SSL *s) } if (s->tlsext_opaque_prf_input != NULL) { - if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ - free(s->s3->client_opaque_prf_input); - + free(s->s3->client_opaque_prf_input); if (s->tlsext_opaque_prf_input_len == 0) s->s3->client_opaque_prf_input = NULL; else { @@ -1684,8 +1674,7 @@ ssl_prepare_serverhello_tlsext(SSL *s) using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); if (using_ecc) { - if (s->tlsext_ecpointformatlist != NULL) - free(s->tlsext_ecpointformatlist); + free(s->tlsext_ecpointformatlist); if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); return -1; @@ -1738,8 +1727,7 @@ ssl_check_clienthello_tlsext_early(SSL *s) } } - if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ - free(s->s3->server_opaque_prf_input); + free(s->s3->server_opaque_prf_input); s->s3->server_opaque_prf_input = NULL; if (s->tlsext_opaque_prf_input != NULL) { @@ -1922,10 +1910,8 @@ ssl_check_serverhello_tlsext(SSL *s) /* Set resp to NULL, resplen to -1 so callback knows * there is no response. */ - if (s->tlsext_ocsp_resp) { - free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = NULL; - } + free(s->tlsext_ocsp_resp); + s->tlsext_ocsp_resp = NULL; s->tlsext_ocsp_resplen = -1; r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); if (r == 0) { |