mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 12:04:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

free NULL cleanup 5a

Browse Source 
Don't check for NULL before calling a free routine.  This gets X509_.*free:
    x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
    X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
    X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Rich Salz 2015-04-30 17:33:59 -04:00
parent 2ace745022
commit 222561fe8e
65 changed files with 189 additions and 355 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/apps.c
View File

@ -971,8 +971,7 @@ static int load_certs_crls(const char *file, int format,
end:
if (xis)
sk_X509_INFO_pop_free(xis, X509_INFO_free);
sk_X509_INFO_pop_free(xis, X509_INFO_free);
if (rv == 0) {
if (pcerts) {

44
apps/ca.c
View File

@ -1349,9 +1349,7 @@ end_of_options:
BIO_free_all(Sout);
BIO_free_all(out);
BIO_free_all(in);
if (cert_sk)
sk_X509_pop_free(cert_sk, X509_free);
sk_X509_pop_free(cert_sk, X509_free);
if (ret)
ERR_print_errors(bio_err);
@ -1364,8 +1362,7 @@ end_of_options:
if (sigopts)
sk_OPENSSL_STRING_free(sigopts);
EVP_PKEY_free(pkey);
if (x509)
X509_free(x509);
X509_free(x509);
X509_CRL_free(crl);
NCONF_free(conf);
NCONF_free(extconf);
@ -1440,8 +1437,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
ext_copy, selfsign);
end:
if (req != NULL)
X509_REQ_free(req);
X509_REQ_free(req);
BIO_free(in);
return (ok);
}
@ -1495,10 +1491,8 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
ext_copy, 0);
end:
if (rreq != NULL)
X509_REQ_free(rreq);
if (req != NULL)
X509_free(req);
X509_REQ_free(rreq);
X509_free(req);
return (ok);
}
@ -1700,8 +1694,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (push != NULL) {
if (!X509_NAME_add_entry(subject, push, -1, 0)) {
if (push != NULL)
X509_NAME_ENTRY_free(push);
X509_NAME_ENTRY_free(push);
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
@ -1876,8 +1869,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/*
* Free the current entries if any, there should not be any I believe
*/
if (ci->extensions != NULL)
sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free);
sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free);
ci->extensions = NULL;
@ -2027,18 +2019,14 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (row[i] != NULL)
OPENSSL_free(row[i]);
if (CAname != NULL)
X509_NAME_free(CAname);
if (subject != NULL)
X509_NAME_free(subject);
if ((dn_subject != NULL) && !email_dn)
X509_NAME_free(CAname);
X509_NAME_free(subject);
if (dn_subject != subject)
X509_NAME_free(dn_subject);
ASN1_UTCTIME_free(tmptm);
if (ok <= 0) {
if (ret != NULL)
X509_free(ret);
ret = NULL;
} else
if (ok <= 0)
X509_free(ret);
else
*xret = ret;
return (ok);
}
@ -2186,14 +2174,12 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
ext_copy, 0);
end:
if (req != NULL)
X509_REQ_free(req);
X509_REQ_free(req);
if (parms != NULL)
CONF_free(parms);
if (spki != NULL)
NETSCAPE_SPKI_free(spki);
if (ne != NULL)
X509_NAME_ENTRY_free(ne);
X509_NAME_ENTRY_free(ne);
return (ok);
}

6
apps/crl2p7.c
View File

@ -215,8 +215,7 @@ int crl2pkcs7_main(int argc, char **argv)
BIO_free(in);
BIO_free_all(out);
PKCS7_free(p7);
if (crl != NULL)
X509_CRL_free(crl);
X509_CRL_free(crl);
return (ret);
}
@ -267,7 +266,6 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
end:
/* never need to OPENSSL_free x */
BIO_free(in);
if (sk != NULL)
sk_X509_INFO_free(sk);
sk_X509_INFO_free(sk);
return (ret);
}

3
apps/ocsp.c
View File

@ -735,8 +735,7 @@ int ocsp_main(int argc, char **argv)
ERR_print_errors(bio_err);
X509_free(signer);
X509_STORE_free(store);
if (vpm)
X509_VERIFY_PARAM_free(vpm);
X509_VERIFY_PARAM_free(vpm);
EVP_PKEY_free(key);
EVP_PKEY_free(rkey);
X509_free(cert);

6
apps/pkcs12.c
View File

@ -504,10 +504,8 @@ int pkcs12_main(int argc, char **argv)
export_end:
EVP_PKEY_free(key);
if (certs)
sk_X509_pop_free(certs, X509_free);
if (ucert)
X509_free(ucert);
sk_X509_pop_free(certs, X509_free);
X509_free(ucert);
goto end;

15
apps/s_cb.c
View File

@ -1219,11 +1219,9 @@ void ssl_excert_free(SSL_EXCERT *exc)
{
SSL_EXCERT *curr;
while (exc) {
if (exc->cert)
X509_free(exc->cert);
X509_free(exc->cert);
EVP_PKEY_free(exc->key);
if (exc->chain)
sk_X509_pop_free(exc->chain, X509_free);
sk_X509_pop_free(exc->chain, X509_free);
curr = exc;
exc = exc->next;
OPENSSL_free(curr);
@ -1385,8 +1383,7 @@ void print_ssl_summary(SSL *s)
BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
} else
BIO_puts(bio_err, "No peer certificate\n");
if (peer)
X509_free(peer);
X509_free(peer);
#ifndef OPENSSL_NO_EC
ssl_print_point_formats(bio_err, s);
if (SSL_is_server(s))
@ -1501,10 +1498,8 @@ int ssl_load_stores(SSL_CTX *ctx,
}
rv = 1;
err:
if (vfy)
X509_STORE_free(vfy);
if (ch)
X509_STORE_free(ch);
X509_STORE_free(vfy);
X509_STORE_free(ch);
return rv;
}

12
apps/s_client.c
View File

@ -1998,17 +1998,14 @@ int s_client_main(int argc, char **argv)
OPENSSL_free(next_proto.data);
#endif
SSL_CTX_free(ctx);
if (cert)
X509_free(cert);
X509_free(cert);
if (crls)
sk_X509_CRL_pop_free(crls, X509_CRL_free);
EVP_PKEY_free(key);
if (chain)
sk_X509_pop_free(chain, X509_free);
sk_X509_pop_free(chain, X509_free);
if (pass)
OPENSSL_free(pass);
if (vpm)
X509_VERIFY_PARAM_free(vpm);
X509_VERIFY_PARAM_free(vpm);
ssl_excert_free(exc);
sk_OPENSSL_STRING_free(ssl_args);
SSL_CONF_CTX_free(cctx);
@ -2197,8 +2194,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
}
}
BIO_printf(bio, "---\n");
if (peer != NULL)
X509_free(peer);
X509_free(peer);
/* flush, or debugging output gets mixed with http response */
(void)BIO_flush(bio);
}

22
apps/s_server.c
View File

@ -1925,24 +1925,18 @@ int s_server_main(int argc, char *argv[])
ret = 0;
end:
SSL_CTX_free(ctx);
if (s_cert)
X509_free(s_cert);
if (crls)
sk_X509_CRL_pop_free(crls, X509_CRL_free);
if (s_dcert)
X509_free(s_dcert);
X509_free(s_cert);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
X509_free(s_dcert);
EVP_PKEY_free(s_key);
EVP_PKEY_free(s_dkey);
if (s_chain)
sk_X509_pop_free(s_chain, X509_free);
if (s_dchain)
sk_X509_pop_free(s_dchain, X509_free);
sk_X509_pop_free(s_chain, X509_free);
sk_X509_pop_free(s_dchain, X509_free);
if (pass)
OPENSSL_free(pass);
if (dpass)
OPENSSL_free(dpass);
if (vpm)
X509_VERIFY_PARAM_free(vpm);
X509_VERIFY_PARAM_free(vpm);
free_sessions();
#ifndef OPENSSL_NO_TLSEXT
if (tlscstatp.host)
@ -1951,9 +1945,9 @@ int s_server_main(int argc, char *argv[])
OPENSSL_free(tlscstatp.port);
if (tlscstatp.path)
OPENSSL_free(tlscstatp.path);
if (ctx2 != NULL)
SSL_CTX_free(ctx2);
if (s_cert2)
X509_free(s_cert2);
X509_free(s_cert2);
EVP_PKEY_free(s_key2);
BIO_free(serverinfo_in);
# ifndef OPENSSL_NO_NEXTPROTONEG

3
apps/smime.c
View File

@ -650,8 +650,7 @@ int smime_main(int argc, char **argv)
ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free);
if (vpm)
X509_VERIFY_PARAM_free(vpm);
X509_VERIFY_PARAM_free(vpm);
if (sksigners)
sk_OPENSSL_STRING_free(sksigners);
if (skkeys)

9
apps/verify.c
View File

@ -221,10 +221,8 @@ int verify_main(int argc, char **argv)
}
end:
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (store != NULL)
X509_STORE_free(store);
X509_VERIFY_PARAM_free(vpm);
X509_STORE_free(store);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
@ -283,8 +281,7 @@ static int check(X509_STORE *ctx, char *file,
}
sk_X509_pop_free(chain, X509_free);
}
if (x != NULL)
X509_free(x);
X509_free(x);
return (ret);
}

9
crypto/asn1/x_info.c
View File

@ -103,12 +103,9 @@ void X509_INFO_free(X509_INFO *x)
}
#endif
if (x->x509 != NULL)
X509_free(x->x509);
if (x->crl != NULL)
X509_CRL_free(x->crl);
if (x->x_pkey != NULL)
X509_PKEY_free(x->x_pkey);
X509_free(x->x509);
X509_CRL_free(x->crl);
X509_PKEY_free(x->x_pkey);
if (x->enc_data != NULL)
OPENSSL_free(x->enc_data);
OPENSSL_free(x);

3
crypto/asn1/x_pkey.c
View File

@ -110,8 +110,7 @@ void X509_PKEY_free(X509_PKEY *x)
}
#endif
if (x->enc_algor != NULL)
X509_ALGOR_free(x->enc_algor);
X509_ALGOR_free(x->enc_algor);
ASN1_OCTET_STRING_free(x->enc_pkey);
EVP_PKEY_free(x->dec_pkey);
if ((x->key_data != NULL) && (x->key_free))

9
crypto/asn1/x_pubkey.c
View File

@ -112,15 +112,12 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
goto error;
}
if (*x != NULL)
X509_PUBKEY_free(*x);
X509_PUBKEY_free(*x);
*x = pk;
return 1;
error:
if (pk != NULL)
X509_PUBKEY_free(pk);
X509_PUBKEY_free(pk);
return 0;
}

6
crypto/cms/cms_asn1.c
View File

@ -94,8 +94,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
if (operation == ASN1_OP_FREE_POST) {
CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
EVP_PKEY_free(si->pkey);
if (si->signer)
X509_free(si->signer);
X509_free(si->signer);
if (si->pctx)
EVP_MD_CTX_cleanup(&si->mctx);
}
@ -248,8 +247,7 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
if (ri->type == CMS_RECIPINFO_TRANS) {
CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
EVP_PKEY_free(ktri->pkey);
if (ktri->recip)
X509_free(ktri->recip);
X509_free(ktri->recip);
EVP_PKEY_CTX_free(ktri->pctx);
} else if (ri->type == CMS_RECIPINFO_KEK) {
CMS_KEKRecipientInfo *kekri = ri->d.kekri;

3
crypto/cms/cms_pwri.c
View File

@ -204,8 +204,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
EVP_CIPHER_CTX_cleanup(&ctx);
if (ri)
M_ASN1_free_of(ri, CMS_RecipientInfo);
if (encalg)
X509_ALGOR_free(encalg);
X509_ALGOR_free(encalg);
return NULL;
}

3
crypto/cms/cms_sd.c
View File

@ -489,8 +489,7 @@ void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
EVP_PKEY_free(si->pkey);
si->pkey = X509_get_pubkey(signer);
}
if (si->signer)
X509_free(si->signer);
X509_free(si->signer);
si->signer = signer;
}

6
crypto/cms/cms_smime.c
View File

@ -455,10 +455,8 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
if (out != tmpout)
BIO_free_all(tmpout);
if (cms_certs)
sk_X509_pop_free(cms_certs, X509_free);
if (crls)
sk_X509_CRL_pop_free(crls, X509_CRL_free);
sk_X509_pop_free(cms_certs, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
return ret;
}

12
crypto/dh/dh_ameth.c
View File

@ -782,10 +782,8 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
rv = 1;
err:
if (kekalg)
X509_ALGOR_free(kekalg);
if (dukm)
OPENSSL_free(dukm);
X509_ALGOR_free(kekalg);
OPENSSL_free(dukm);
return rv;
}
@ -945,10 +943,8 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
rv = 1;
err:
if (penc)
OPENSSL_free(penc);
if (wrap_alg)
X509_ALGOR_free(wrap_alg);
OPENSSL_free(penc);
X509_ALGOR_free(wrap_alg);
return rv;
}

12
crypto/ec/ec_ameth.c
View File

@ -796,10 +796,8 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
rv = 1;
err:
if (kekalg)
X509_ALGOR_free(kekalg);
if (der)
OPENSSL_free(der);
X509_ALGOR_free(kekalg);
OPENSSL_free(der);
return rv;
}
@ -967,10 +965,8 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
rv = 1;
err:
if (penc)
OPENSSL_free(penc);
if (wrap_alg)
X509_ALGOR_free(wrap_alg);
OPENSSL_free(penc);
X509_ALGOR_free(wrap_alg);
return rv;
}

3
crypto/evp/p_lib.c
View File

@ -401,8 +401,7 @@ void EVP_PKEY_free(EVP_PKEY *x)
}
#endif
EVP_PKEY_free_it(x);
if (x->attributes)
sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
OPENSSL_free(x);
}

3
crypto/ocsp/ocsp_vfy.c
View File

@ -171,8 +171,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
}
end:
if (chain)
sk_X509_pop_free(chain, X509_free);
sk_X509_pop_free(chain, X509_free);
if (bs->certs && certs)
sk_X509_free(untrusted);
return ret;

3
crypto/pem/pem_info.c
View File

@ -276,8 +276,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
}
ok = 1;
err:
if (xi != NULL)
X509_INFO_free(xi);
X509_INFO_free(xi);
if (!ok) {
for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
xi = sk_X509_INFO_value(ret, i);

14
crypto/pkcs12/p12_kiss.c
View File

@ -150,12 +150,10 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
goto err;
x = NULL;
}
if (x)
X509_free(x);
X509_free(x);
}
if (ocerts)
sk_X509_pop_free(ocerts, X509_free);
sk_X509_pop_free(ocerts, X509_free);
return 1;
@ -163,12 +161,10 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
if (pkey)
EVP_PKEY_free(*pkey);
if (cert && *cert)
if (cert)
X509_free(*cert);
if (x)
X509_free(x);
if (ocerts)
sk_X509_pop_free(ocerts, X509_free);
X509_free(x);
sk_X509_pop_free(ocerts, X509_free);
return 0;
}

6
crypto/pkcs7/pk7_doit.c
View File

@ -1134,8 +1134,7 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
{
int i;
if (p7si->auth_attr != NULL)
sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
if (p7si->auth_attr == NULL)
return 0;
@ -1154,8 +1153,7 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
{
int i;
if (p7si->unauth_attr != NULL)
sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
if (p7si->unauth_attr == NULL)
return 0;

3
crypto/pkcs7/pk7_smime.c
View File

@ -208,8 +208,7 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
}
return si;
err:
if (smcap)
sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
return NULL;
}

12
crypto/rsa/rsa_ameth.c
View File

@ -381,8 +381,7 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
rv = rsa_pss_param_print(bp, pss, maskHash, indent);
if (pss)
RSA_PSS_PARAMS_free(pss);
if (maskHash)
X509_ALGOR_free(maskHash);
X509_ALGOR_free(maskHash);
if (!rv)
return 0;
} else if (!sig && BIO_puts(bp, "\n") <= 0)
@ -474,8 +473,7 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
stmp = NULL;
err:
ASN1_STRING_free(stmp);
if (algtmp)
X509_ALGOR_free(algtmp);
X509_ALGOR_free(algtmp);
if (*palg)
return 1;
return 0;
@ -652,8 +650,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
err:
RSA_PSS_PARAMS_free(pss);
if (maskHash)
X509_ALGOR_free(maskHash);
X509_ALGOR_free(maskHash);
return rv;
}
@ -840,8 +837,7 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
err:
RSA_OAEP_PARAMS_free(oaep);
if (maskHash)
X509_ALGOR_free(maskHash);
X509_ALGOR_free(maskHash);
return rv;
}

3
crypto/rsa/rsa_sign.c
View File

@ -266,8 +266,7 @@ int int_rsa_verify(int dtype, const unsigned char *m,
ret = 1;
}
err:
if (sig != NULL)
X509_SIG_free(sig);
X509_SIG_free(sig);
if (s != NULL) {
OPENSSL_cleanse(s, (unsigned int)siglen);
OPENSSL_free(s);

9
crypto/ts/ts_rsp_sign.c
View File

@ -207,8 +207,7 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
return 0;
}
if (ctx->signer_cert)
X509_free(ctx->signer_cert);
X509_free(ctx->signer_cert);
ctx->signer_cert = signer;
CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509);
return 1;
@ -237,10 +236,8 @@ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy)
int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
{
if (ctx->certs) {
sk_X509_pop_free(ctx->certs, X509_free);
ctx->certs = NULL;
}
sk_X509_pop_free(ctx->certs, X509_free);
ctx->certs = NULL;
if (!certs)
return 1;
if (!(ctx->certs = X509_chain_up_ref(certs))) {

6
crypto/x509/by_file.c
View File

@ -174,8 +174,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
goto err;
}
err:
if (x != NULL)
X509_free(x);
X509_free(x);
BIO_free(in);
return (ret);
}
@ -232,8 +231,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
goto err;
}
err:
if (x != NULL)
X509_CRL_free(x);
X509_CRL_free(x);
BIO_free(in);
return (ret);
}

6
crypto/x509/x509_att.c
View File

@ -147,10 +147,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
err:
X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
err2:
if (new_attr != NULL)
X509_ATTRIBUTE_free(new_attr);
if (sk != NULL)
sk_X509_ATTRIBUTE_free(sk);
X509_ATTRIBUTE_free(new_attr);
sk_X509_ATTRIBUTE_free(sk);
return (NULL);
}

7
crypto/x509/x509_lu.c
View File

@ -217,6 +217,8 @@ X509_STORE *X509_STORE_new(void)
static void cleanup(X509_OBJECT *a)
{
if (!a)
return;
if (a->type == X509_LU_X509) {
X509_free(a->data.x509);
} else if (a->type == X509_LU_CRL) {
@ -260,8 +262,7 @@ void X509_STORE_free(X509_STORE *vfy)
sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
if (vfy->param)
X509_VERIFY_PARAM_free(vfy->param);
X509_VERIFY_PARAM_free(vfy->param);
OPENSSL_free(vfy);
}
@ -413,6 +414,8 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a)
void X509_OBJECT_free_contents(X509_OBJECT *a)
{
if (!a)
return;
switch (a->type) {
case X509_LU_X509:
X509_free(a->data.x509);

9
crypto/x509/x509_r2x.c
View File

@ -104,10 +104,9 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
if (!X509_sign(ret, pkey, EVP_md5()))
goto err;
if (0) {
return ret;
err:
X509_free(ret);
ret = NULL;
}
return (ret);
X509_free(ret);
return NULL;
}

6
crypto/x509/x509_v3.c
View File

@ -176,10 +176,8 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
err:
X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
err2:
if (new_ex != NULL)
X509_EXTENSION_free(new_ex);
if (sk != NULL)
sk_X509_EXTENSION_free(sk);
X509_EXTENSION_free(new_ex);
sk_X509_EXTENSION_free(sk);
return (NULL);
}

29
crypto/x509/x509_vfy.c
View File

@ -495,10 +495,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
end:
X509_get_pubkey_parameters(NULL, ctx->chain);
}
if (sktmp != NULL)
sk_X509_free(sktmp);
if (chain_ss != NULL)
X509_free(chain_ss);
sk_X509_free(sktmp);
X509_free(chain_ss);
return ok;
}
@ -1016,8 +1014,7 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
}
if (best_crl) {
if (*pcrl)
X509_CRL_free(*pcrl);
X509_CRL_free(*pcrl);
*pcrl = best_crl;
*pissuer = best_crl_issuer;
*pscore = best_score;
@ -2058,8 +2055,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
memerr:
X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE);
if (crl)
X509_CRL_free(crl);
X509_CRL_free(crl);
return NULL;
}
@ -2230,6 +2226,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void)
void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
{
if (!ctx)
return;
X509_STORE_CTX_cleanup(ctx);
OPENSSL_free(ctx);
}
@ -2376,14 +2374,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
X509_VERIFY_PARAM_free(ctx->param);
ctx->param = NULL;
}
if (ctx->tree != NULL) {
X509_policy_tree_free(ctx->tree);
ctx->tree = NULL;
}
if (ctx->chain != NULL) {
sk_X509_pop_free(ctx->chain, X509_free);
ctx->chain = NULL;
}
X509_policy_tree_free(ctx->tree);
ctx->tree = NULL;
sk_X509_pop_free(ctx->chain, X509_free);
ctx->chain = NULL;
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
}
@ -2436,7 +2430,6 @@ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
{
if (ctx->param)
X509_VERIFY_PARAM_free(ctx->param);
X509_VERIFY_PARAM_free(ctx->param);
ctx->param = param;
}

6
crypto/x509/x509_vpm.c
View File

@ -168,6 +168,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
{
X509_VERIFY_PARAM *param;
X509_VERIFY_PARAM_ID *paramid;
param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
if (!param)
return NULL;
@ -185,7 +186,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
{
if (param == NULL)
if (!param)
return;
x509_verify_param_zero(param);
OPENSSL_free(param->id);
@ -644,7 +645,6 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
void X509_VERIFY_PARAM_table_cleanup(void)
{
if (param_table)
sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
param_table = NULL;
}

3
crypto/x509/x509name.c
View File

@ -277,8 +277,7 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
}
return (1);
err:
if (new_name != NULL)
X509_NAME_ENTRY_free(new_name);
X509_NAME_ENTRY_free(new_name);
return (0);
}

3
crypto/x509/x_attrib.c
View File

@ -98,8 +98,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
ASN1_TYPE_set(val, atrtype, value);
return (ret);
err:
if (ret != NULL)
X509_ATTRIBUTE_free(ret);
X509_ATTRIBUTE_free(ret);
ASN1_TYPE_free(val);
return (NULL);
}

15
crypto/x509/x_name.c
View File

@ -150,8 +150,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
memerr:
ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
if (ret) {
if (ret->entries)
sk_X509_NAME_ENTRY_free(ret->entries);
sk_X509_NAME_ENTRY_free(ret->entries);
OPENSSL_free(ret);
}
return 0;
@ -160,6 +159,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
X509_NAME *a;
if (!pval || !*pval)
return;
a = (X509_NAME *)*pval;
@ -232,8 +232,7 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
*in = p;
return ret;
err:
if (nm.x != NULL)
X509_NAME_free(nm.x);
X509_NAME_free(nm.x);
ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0;
}
@ -394,11 +393,9 @@ static int x509_name_canon(X509_NAME *a)
err:
if (tmpentry)
X509_NAME_ENTRY_free(tmpentry);
if (intname)
sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
local_sk_X509_NAME_ENTRY_pop_free);
X509_NAME_ENTRY_free(tmpentry);
sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
local_sk_X509_NAME_ENTRY_pop_free);
return ret;
}

3
crypto/x509v3/pcy_cache.c
View File

@ -221,8 +221,7 @@ void policy_cache_free(X509_POLICY_CACHE *cache)
return;
if (cache->anyPolicy)
policy_data_free(cache->anyPolicy);
if (cache->data)
sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
OPENSSL_free(cache);
}

10
crypto/x509v3/pcy_tree.c
View File

@ -655,17 +655,13 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree)
sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) {
if (curr->cert)
X509_free(curr->cert);
if (curr->nodes)
sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
X509_free(curr->cert);
sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
if (curr->anyPolicy)
policy_node_free(curr->anyPolicy);
}
if (tree->extra_data)
sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
OPENSSL_free(tree->levels);
OPENSSL_free(tree);

6
crypto/x509v3/v3_crld.c
View File

@ -175,8 +175,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
err:
if (fnm)
sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
if (rnm)
sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
return -1;
}
@ -354,8 +353,7 @@ static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
break;
case ASN1_OP_FREE_POST:
if (dpn->dpname)
X509_NAME_free(dpn->dpname);
X509_NAME_free(dpn->dpname);
break;
}
return 1;

3
demos/cms/cms_ddec.c
View File

@ -70,8 +70,7 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
X509_free(rcert);
EVP_PKEY_free(rkey);
BIO_free(in);

3
demos/cms/cms_dec.c
View File

@ -61,8 +61,7 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
X509_free(rcert);
EVP_PKEY_free(rkey);
BIO_free(in);

6
demos/cms/cms_denc.c
View File

@ -79,10 +79,8 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
X509_free(rcert);
sk_X509_pop_free(recips, X509_free);
BIO_free(in);
BIO_free(out);

6
demos/cms/cms_enc.c
View File

@ -75,10 +75,8 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
X509_free(rcert);
sk_X509_pop_free(recips, X509_free);
BIO_free(in);
BIO_free(out);

3
demos/cms/cms_sign.c
View File

@ -71,8 +71,7 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
if (scert)
X509_free(scert);
X509_free(scert);
EVP_PKEY_free(skey);
BIO_free(in);

8
demos/cms/cms_sign2.c
View File

@ -80,14 +80,10 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
if (scert)
X509_free(scert);
X509_free(scert);
EVP_PKEY_free(skey);
if (scert2)
X509_free(scert2);
X509_free(scert2);
EVP_PKEY_free(skey2);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);

3
demos/cms/cms_ver.c
View File

@ -70,8 +70,7 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
if (cacert)
X509_free(cacert);
X509_free(cacert);
BIO_free(in);
BIO_free(out);

3
demos/easy_tls/easy-tls.c
View File

@ -943,8 +943,7 @@ static void write_info(SSL *ssl, int *info_fd)
peercert = SSL_get_peer_certificate(ssl);
tls_get_x509_subject_name_oneline(peercert, &peer);
if (peercert != NULL)
X509_free(peercert);
X509_free(peercert);
}
if (peer.str[0] == '\0')
v_ok = '0'; /* no cert at all */

3
demos/smime/smdec.c
View File

@ -58,8 +58,7 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
if (rcert)
X509_free(rcert);
X509_free(rcert);
EVP_PKEY_free(rkey);
BIO_free(in);
BIO_free(out);

6
demos/smime/smenc.c
View File

@ -72,10 +72,8 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
X509_free(rcert);
sk_X509_pop_free(recips, X509_free);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);

3
demos/smime/smsign.c
View File

@ -68,8 +68,7 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
if (scert)
X509_free(scert);
X509_free(scert);
EVP_PKEY_free(skey);
BIO_free(in);
BIO_free(out);

6
demos/smime/smsign2.c
View File

@ -76,11 +76,9 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
if (scert)
X509_free(scert);
X509_free(scert);
EVP_PKEY_free(skey);
if (scert2)
X509_free(scert2);
X509_free(scert2);
EVP_PKEY_free(skey2);
BIO_free(in);
BIO_free(out);

3
demos/smime/smver.c
View File

@ -66,8 +66,7 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
if (cacert)
X509_free(cacert);
X509_free(cacert);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);

3
demos/spkigen.c
View File

@ -166,7 +166,6 @@ EVP_PKEY *pkey;
pk = NULL;
ok = 1;
err:
if (pk != NULL)
X509_PUBKEY_free(pk);
X509_PUBKEY_free(pk);
return (ok);
}

1
doc/crypto/X509_STORE_CTX_new.pod
View File

@ -37,6 +37,7 @@ The context can then be reused with an new call to X509_STORE_CTX_init().
X509_STORE_CTX_free() completely frees up B<ctx>. After this call B<ctx>
is no longer valid.
If B<ctx> is NULL nothing is done.
X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
The trusted certificate store is set to B<store>, the end entity certificate

1
doc/crypto/X509_new.pod
View File

@ -19,6 +19,7 @@ X509 structure, which represents an X509 certificate.
X509_new() allocates and initializes a X509 structure.
X509_free() frees up the B<X509> structure B<a>.
If B<a> is NULL nothing is done.
=head1 RETURN VALUES

18
ssl/s3_clnt.c
View File

@ -1314,21 +1314,18 @@ int ssl3_get_server_certificate(SSL *s)
* Why would the following ever happen? We just created sc a couple
* of lines ago.
*/
if (sc->peer_pkeys[i].x509 != NULL)
X509_free(sc->peer_pkeys[i].x509);
X509_free(sc->peer_pkeys[i].x509);
sc->peer_pkeys[i].x509 = x;
sc->peer_key = &(sc->peer_pkeys[i]);
if (s->session->peer != NULL)
X509_free(s->session->peer);
X509_free(s->session->peer);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
s->session->peer = x;
} else {
sc->peer_cert_type = i;
sc->peer_key = NULL;
if (s->session->peer != NULL)
X509_free(s->session->peer);
X509_free(s->session->peer);
s->session->peer = NULL;
}
s->session->verify_result = s->verify_result;
@ -2149,15 +2146,13 @@ int ssl3_get_certificate_request(SSL *s)
/* we should setup a certificate to return.... */
s->s3->tmp.cert_req = 1;
s->s3->tmp.ctype_num = ctype_num;
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
s->s3->tmp.ca_names = ca_sk;
ca_sk = NULL;
ret = 1;
err:
if (ca_sk != NULL)
sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
return (ret);
}
@ -3339,8 +3334,7 @@ int ssl3_send_client_certificate(SSL *s)
SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
}
if (x509 != NULL)
X509_free(x509);
X509_free(x509);
if (pkey != NULL)
EVP_PKEY_free(pkey);
if (i && !ssl3_check_client_certificate(s))

12
ssl/s3_lib.c
View File

@ -3126,8 +3126,7 @@ void ssl3_free(SSL *s)
EC_KEY_free(s->s3->tmp.ecdh);
#endif
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
BIO_free(s->s3->handshake_buffer);
if (s->s3->handshake_dgst)
ssl3_free_digest_list(s);
@ -3149,8 +3148,7 @@ void ssl3_clear(SSL *s)
int init_extra;
ssl3_cleanup_key_block(s);
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
#ifndef OPENSSL_NO_DH
DH_free(s->s3->tmp.dh);
@ -3925,10 +3923,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
break;
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
if (ctx->extra_certs) {
sk_X509_pop_free(ctx->extra_certs, X509_free);
ctx->extra_certs = NULL;
}
sk_X509_pop_free(ctx->extra_certs, X509_free);
ctx->extra_certs = NULL;
break;
case SSL_CTRL_CHAIN:

12
ssl/s3_srvr.c
View File

@ -3271,8 +3271,7 @@ int ssl3_get_client_certificate(SSL *s)
EVP_PKEY_free(pkey);
}
if (s->session->peer != NULL) /* This should not be needed */
X509_free(s->session->peer);
X509_free(s->session->peer);
s->session->peer = sk_X509_shift(sk);
s->session->verify_result = s->verify_result;
@ -3287,8 +3286,7 @@ int ssl3_get_client_certificate(SSL *s)
goto err;
}
}
if (s->session->sess_cert->cert_chain != NULL)
sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
s->session->sess_cert->cert_chain = sk;
/*
* Inconsistency alert: cert_chain does *not* include the peer's own
@ -3303,10 +3301,8 @@ int ssl3_get_client_certificate(SSL *s)
ssl3_send_alert(s, SSL3_AL_FATAL, al);
}
err:
if (x != NULL)
X509_free(x);
if (sk != NULL)
sk_X509_pop_free(sk, X509_free);
X509_free(x);
sk_X509_pop_free(sk, X509_free);
return (ret);
}

46
ssl/ssl_cert.c
View File

@ -398,16 +398,12 @@ void ssl_cert_clear_certs(CERT *c)
return;
for (i = 0; i < SSL_PKEY_NUM; i++) {
CERT_PKEY *cpk = c->pkeys + i;
if (cpk->x509) {
X509_free(cpk->x509);
cpk->x509 = NULL;
}
X509_free(cpk->x509);
cpk->x509 = NULL;
EVP_PKEY_free(cpk->privatekey);
cpk->privatekey = NULL;
if (cpk->chain) {
sk_X509_pop_free(cpk->chain, X509_free);
cpk->chain = NULL;
}
sk_X509_pop_free(cpk->chain, X509_free);
cpk->chain = NULL;
#ifndef OPENSSL_NO_TLSEXT
if (cpk->serverinfo) {
OPENSSL_free(cpk->serverinfo);
@ -461,10 +457,8 @@ void ssl_cert_free(CERT *c)
OPENSSL_free(c->shared_sigalgs);
if (c->ctypes)
OPENSSL_free(c->ctypes);
if (c->verify_store)
X509_STORE_free(c->verify_store);
if (c->chain_store)
X509_STORE_free(c->chain_store);
X509_STORE_free(c->verify_store);
X509_STORE_free(c->chain_store);
if (c->ciphers_raw)
OPENSSL_free(c->ciphers_raw);
#ifndef OPENSSL_NO_TLSEXT
@ -485,8 +479,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
if (!cpk)
return 0;
if (cpk->chain)
sk_X509_pop_free(cpk->chain, X509_free);
sk_X509_pop_free(cpk->chain, X509_free);
for (i = 0; i < sk_X509_num(chain); i++) {
r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0);
if (r != 1) {
@ -629,11 +622,9 @@ void ssl_sess_cert_free(SESS_CERT *sc)
#endif
/* i == 0 */
if (sc->cert_chain != NULL)
sk_X509_pop_free(sc->cert_chain, X509_free);
sk_X509_pop_free(sc->cert_chain, X509_free);
for (i = 0; i < SSL_PKEY_NUM; i++) {
if (sc->peer_pkeys[i].x509 != NULL)
X509_free(sc->peer_pkeys[i].x509);
X509_free(sc->peer_pkeys[i].x509);
#if 0
/*
* We don't have the peer's private key. These lines are just
@ -726,9 +717,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
STACK_OF(X509_NAME) *name_list)
{
if (*ca_list != NULL)
sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
*ca_list = name_list;
}
@ -867,15 +856,12 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
if (0) {
err:
if (ret != NULL)
sk_X509_NAME_pop_free(ret, X509_NAME_free);
sk_X509_NAME_pop_free(ret, X509_NAME_free);
ret = NULL;
}
if (sk != NULL)
sk_X509_NAME_free(sk);
sk_X509_NAME_free(sk);
BIO_free(in);
if (x != NULL)
X509_free(x);
X509_free(x);
if (ret != NULL)
ERR_clear_error();
return (ret);
@ -1205,8 +1191,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
goto err;
}
}
if (cpk->chain)
sk_X509_pop_free(cpk->chain, X509_free);
sk_X509_pop_free(cpk->chain, X509_free);
cpk->chain = chain;
if (rv == 0)
rv = 1;
@ -1224,8 +1209,7 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
pstore = &c->chain_store;
else
pstore = &c->verify_store;
if (*pstore)
X509_STORE_free(*pstore);
X509_STORE_free(*pstore);
*pstore = store;
if (ref && store)
CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);

25
ssl/ssl_lib.c
View File

@ -532,9 +532,7 @@ void SSL_free(SSL *s)
}
#endif
if (s->param)
X509_VERIFY_PARAM_free(s->param);
X509_VERIFY_PARAM_free(s->param);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
if (s->bbio != NULL) {
@ -581,8 +579,7 @@ void SSL_free(SSL *s)
if (s->tlsext_ellipticcurvelist)
OPENSSL_free(s->tlsext_ellipticcurvelist);
# endif /* OPENSSL_NO_EC */
if (s->tlsext_ocsp_exts)
sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
if (s->tlsext_ocsp_ids)
sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
if (s->tlsext_ocsp_resp)
@ -591,8 +588,7 @@ void SSL_free(SSL *s)
OPENSSL_free(s->alpn_client_proto_list);
#endif
if (s->client_CA != NULL)
sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
if (s->method != NULL)
s->method->ssl_free(s);
@ -2032,8 +2028,7 @@ void SSL_CTX_free(SSL_CTX *a)
}
#endif
if (a->param)
X509_VERIFY_PARAM_free(a->param);
X509_VERIFY_PARAM_free(a->param);
/*
* Free internal session cache. However: the remove_cb() may reference
@ -2052,17 +2047,14 @@ void SSL_CTX_free(SSL_CTX *a)
if (a->sessions != NULL)
lh_SSL_SESSION_free(a->sessions);
if (a->cert_store != NULL)
X509_STORE_free(a->cert_store);
X509_STORE_free(a->cert_store);
if (a->cipher_list != NULL)
sk_SSL_CIPHER_free(a->cipher_list);
if (a->cipher_list_by_id != NULL)
sk_SSL_CIPHER_free(a->cipher_list_by_id);
ssl_cert_free(a->cert);
if (a->client_CA != NULL)
sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
if (a->extra_certs != NULL)
sk_X509_pop_free(a->extra_certs, X509_free);
sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
sk_X509_pop_free(a->extra_certs, X509_free);
a->comp_methods = NULL;
#ifndef OPENSSL_NO_SRTP
@ -3186,8 +3178,7 @@ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
{
if (ctx->cert_store != NULL)
X509_STORE_free(ctx->cert_store);
X509_STORE_free(ctx->cert_store);
ctx->cert_store = store;
}

9
ssl/ssl_rsa.c
View File

@ -119,8 +119,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
ret = SSL_use_certificate(ssl, x);
end:
if (x != NULL)
X509_free(x);
X509_free(x);
BIO_free(in);
return (ret);
}
@ -418,8 +417,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
EVP_PKEY_free(pkey);
if (c->pkeys[i].x509 != NULL)
X509_free(c->pkeys[i].x509);
X509_free(c->pkeys[i].x509);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
c->pkeys[i].x509 = x;
c->key = &(c->pkeys[i]);
@ -465,8 +463,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
ret = SSL_CTX_use_certificate(ctx, x);
end:
if (x != NULL)
X509_free(x);
X509_free(x);
BIO_free(in);
return (ret);
}

3
ssl/ssl_sess.c
View File

@ -732,8 +732,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
ssl_sess_cert_free(ss->sess_cert);
if (ss->peer != NULL)
X509_free(ss->peer);
X509_free(ss->peer);
if (ss->ciphers != NULL)
sk_SSL_CIPHER_free(ss->ciphers);
#ifndef OPENSSL_NO_TLSEXT

7
ssl/t1_lib.c
View File

@ -2219,11 +2219,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
}
sdata = data;
if (dsize > 0) {
if (s->tlsext_ocsp_exts) {
sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
X509_EXTENSION_free);
}
sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
X509_EXTENSION_free);
s->tlsext_ocsp_exts =
d2i_X509_EXTENSIONS(NULL, &sdata, dsize);
if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) {