From 222561fe8ef510f336417a666f69f81ddc9b8fe4 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Thu, 30 Apr 2015 17:33:59 -0400 Subject: [PATCH] free NULL cleanup 5a Don't check for NULL before calling a free routine. This gets X509_.*free: x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free X509_STORE_free X509_STORE_CTX_free X509_PKEY_free X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free Reviewed-by: Richard Levitte --- apps/apps.c | 3 +- apps/ca.c | 44 ++++++++++------------------- apps/crl2p7.c | 6 ++-- apps/ocsp.c | 3 +- apps/pkcs12.c | 6 ++-- apps/s_cb.c | 15 ++++------ apps/s_client.c | 12 +++----- apps/s_server.c | 22 ++++++--------- apps/smime.c | 3 +- apps/verify.c | 9 ++---- crypto/asn1/x_info.c | 9 ++---- crypto/asn1/x_pkey.c | 3 +- crypto/asn1/x_pubkey.c | 9 ++---- crypto/cms/cms_asn1.c | 6 ++-- crypto/cms/cms_pwri.c | 3 +- crypto/cms/cms_sd.c | 3 +- crypto/cms/cms_smime.c | 6 ++-- crypto/dh/dh_ameth.c | 12 +++----- crypto/ec/ec_ameth.c | 12 +++----- crypto/evp/p_lib.c | 3 +- crypto/ocsp/ocsp_vfy.c | 3 +- crypto/pem/pem_info.c | 3 +- crypto/pkcs12/p12_kiss.c | 14 ++++------ crypto/pkcs7/pk7_doit.c | 6 ++-- crypto/pkcs7/pk7_smime.c | 3 +- crypto/rsa/rsa_ameth.c | 12 +++----- crypto/rsa/rsa_sign.c | 3 +- crypto/ts/ts_rsp_sign.c | 9 ++---- crypto/x509/by_file.c | 6 ++-- crypto/x509/x509_att.c | 6 ++-- crypto/x509/x509_lu.c | 7 +++-- crypto/x509/x509_r2x.c | 9 +++--- crypto/x509/x509_v3.c | 6 ++-- crypto/x509/x509_vfy.c | 29 ++++++++----------- crypto/x509/x509_vpm.c | 6 ++-- crypto/x509/x509name.c | 3 +- crypto/x509/x_attrib.c | 3 +- crypto/x509/x_name.c | 15 ++++------ crypto/x509v3/pcy_cache.c | 3 +- crypto/x509v3/pcy_tree.c | 10 ++----- crypto/x509v3/v3_crld.c | 6 ++-- demos/cms/cms_ddec.c | 3 +- demos/cms/cms_dec.c | 3 +- demos/cms/cms_denc.c | 6 ++-- demos/cms/cms_enc.c | 6 ++-- demos/cms/cms_sign.c | 3 +- demos/cms/cms_sign2.c | 8 ++---- demos/cms/cms_ver.c | 3 +- demos/easy_tls/easy-tls.c | 3 +- demos/smime/smdec.c | 3 +- demos/smime/smenc.c | 6 ++-- demos/smime/smsign.c | 3 +- demos/smime/smsign2.c | 6 ++-- demos/smime/smver.c | 3 +- demos/spkigen.c | 3 +- doc/crypto/X509_STORE_CTX_new.pod | 1 + doc/crypto/X509_new.pod | 1 + ssl/s3_clnt.c | 18 ++++-------- ssl/s3_lib.c | 12 +++----- ssl/s3_srvr.c | 12 +++----- ssl/ssl_cert.c | 46 ++++++++++--------------------- ssl/ssl_lib.c | 25 ++++++----------- ssl/ssl_rsa.c | 9 ++---- ssl/ssl_sess.c | 3 +- ssl/t1_lib.c | 7 ++--- 65 files changed, 189 insertions(+), 355 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 5eadc72cfd..9475fe3ccd 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -971,8 +971,7 @@ static int load_certs_crls(const char *file, int format, end: - if (xis) - sk_X509_INFO_pop_free(xis, X509_INFO_free); + sk_X509_INFO_pop_free(xis, X509_INFO_free); if (rv == 0) { if (pcerts) { diff --git a/apps/ca.c b/apps/ca.c index 553560304a..a3e0bdac9e 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1349,9 +1349,7 @@ end_of_options: BIO_free_all(Sout); BIO_free_all(out); BIO_free_all(in); - - if (cert_sk) - sk_X509_pop_free(cert_sk, X509_free); + sk_X509_pop_free(cert_sk, X509_free); if (ret) ERR_print_errors(bio_err); @@ -1364,8 +1362,7 @@ end_of_options: if (sigopts) sk_OPENSSL_STRING_free(sigopts); EVP_PKEY_free(pkey); - if (x509) - X509_free(x509); + X509_free(x509); X509_CRL_free(crl); NCONF_free(conf); NCONF_free(extconf); @@ -1440,8 +1437,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, ext_copy, selfsign); end: - if (req != NULL) - X509_REQ_free(req); + X509_REQ_free(req); BIO_free(in); return (ok); } @@ -1495,10 +1491,8 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, ext_copy, 0); end: - if (rreq != NULL) - X509_REQ_free(rreq); - if (req != NULL) - X509_free(req); + X509_REQ_free(rreq); + X509_free(req); return (ok); } @@ -1700,8 +1694,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (push != NULL) { if (!X509_NAME_add_entry(subject, push, -1, 0)) { - if (push != NULL) - X509_NAME_ENTRY_free(push); + X509_NAME_ENTRY_free(push); BIO_printf(bio_err, "Memory allocation failure\n"); goto end; } @@ -1876,8 +1869,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, /* * Free the current entries if any, there should not be any I believe */ - if (ci->extensions != NULL) - sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free); + sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free); ci->extensions = NULL; @@ -2027,18 +2019,14 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (row[i] != NULL) OPENSSL_free(row[i]); - if (CAname != NULL) - X509_NAME_free(CAname); - if (subject != NULL) - X509_NAME_free(subject); - if ((dn_subject != NULL) && !email_dn) + X509_NAME_free(CAname); + X509_NAME_free(subject); + if (dn_subject != subject) X509_NAME_free(dn_subject); ASN1_UTCTIME_free(tmptm); - if (ok <= 0) { - if (ret != NULL) - X509_free(ret); - ret = NULL; - } else + if (ok <= 0) + X509_free(ret); + else *xret = ret; return (ok); } @@ -2186,14 +2174,12 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, verbose, req, ext_sect, lconf, certopt, nameopt, default_op, ext_copy, 0); end: - if (req != NULL) - X509_REQ_free(req); + X509_REQ_free(req); if (parms != NULL) CONF_free(parms); if (spki != NULL) NETSCAPE_SPKI_free(spki); - if (ne != NULL) - X509_NAME_ENTRY_free(ne); + X509_NAME_ENTRY_free(ne); return (ok); } diff --git a/apps/crl2p7.c b/apps/crl2p7.c index d75b6674a5..fb2b085ead 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -215,8 +215,7 @@ int crl2pkcs7_main(int argc, char **argv) BIO_free(in); BIO_free_all(out); PKCS7_free(p7); - if (crl != NULL) - X509_CRL_free(crl); + X509_CRL_free(crl); return (ret); } @@ -267,7 +266,6 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile) end: /* never need to OPENSSL_free x */ BIO_free(in); - if (sk != NULL) - sk_X509_INFO_free(sk); + sk_X509_INFO_free(sk); return (ret); } diff --git a/apps/ocsp.c b/apps/ocsp.c index fb60e3b669..680cc0a79e 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -735,8 +735,7 @@ int ocsp_main(int argc, char **argv) ERR_print_errors(bio_err); X509_free(signer); X509_STORE_free(store); - if (vpm) - X509_VERIFY_PARAM_free(vpm); + X509_VERIFY_PARAM_free(vpm); EVP_PKEY_free(key); EVP_PKEY_free(rkey); X509_free(cert); diff --git a/apps/pkcs12.c b/apps/pkcs12.c index ec7a1d94e1..b4b37305bb 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -504,10 +504,8 @@ int pkcs12_main(int argc, char **argv) export_end: EVP_PKEY_free(key); - if (certs) - sk_X509_pop_free(certs, X509_free); - if (ucert) - X509_free(ucert); + sk_X509_pop_free(certs, X509_free); + X509_free(ucert); goto end; diff --git a/apps/s_cb.c b/apps/s_cb.c index 76aeadbda3..1d026b6514 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1219,11 +1219,9 @@ void ssl_excert_free(SSL_EXCERT *exc) { SSL_EXCERT *curr; while (exc) { - if (exc->cert) - X509_free(exc->cert); + X509_free(exc->cert); EVP_PKEY_free(exc->key); - if (exc->chain) - sk_X509_pop_free(exc->chain, X509_free); + sk_X509_pop_free(exc->chain, X509_free); curr = exc; exc = exc->next; OPENSSL_free(curr); @@ -1385,8 +1383,7 @@ void print_ssl_summary(SSL *s) BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid)); } else BIO_puts(bio_err, "No peer certificate\n"); - if (peer) - X509_free(peer); + X509_free(peer); #ifndef OPENSSL_NO_EC ssl_print_point_formats(bio_err, s); if (SSL_is_server(s)) @@ -1501,10 +1498,8 @@ int ssl_load_stores(SSL_CTX *ctx, } rv = 1; err: - if (vfy) - X509_STORE_free(vfy); - if (ch) - X509_STORE_free(ch); + X509_STORE_free(vfy); + X509_STORE_free(ch); return rv; } diff --git a/apps/s_client.c b/apps/s_client.c index 9d0d6f0cb4..fdd1f5c5ab 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1998,17 +1998,14 @@ int s_client_main(int argc, char **argv) OPENSSL_free(next_proto.data); #endif SSL_CTX_free(ctx); - if (cert) - X509_free(cert); + X509_free(cert); if (crls) sk_X509_CRL_pop_free(crls, X509_CRL_free); EVP_PKEY_free(key); - if (chain) - sk_X509_pop_free(chain, X509_free); + sk_X509_pop_free(chain, X509_free); if (pass) OPENSSL_free(pass); - if (vpm) - X509_VERIFY_PARAM_free(vpm); + X509_VERIFY_PARAM_free(vpm); ssl_excert_free(exc); sk_OPENSSL_STRING_free(ssl_args); SSL_CONF_CTX_free(cctx); @@ -2197,8 +2194,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } } BIO_printf(bio, "---\n"); - if (peer != NULL) - X509_free(peer); + X509_free(peer); /* flush, or debugging output gets mixed with http response */ (void)BIO_flush(bio); } diff --git a/apps/s_server.c b/apps/s_server.c index 701f52da63..f8bec24f3e 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1925,24 +1925,18 @@ int s_server_main(int argc, char *argv[]) ret = 0; end: SSL_CTX_free(ctx); - if (s_cert) - X509_free(s_cert); - if (crls) - sk_X509_CRL_pop_free(crls, X509_CRL_free); - if (s_dcert) - X509_free(s_dcert); + X509_free(s_cert); + sk_X509_CRL_pop_free(crls, X509_CRL_free); + X509_free(s_dcert); EVP_PKEY_free(s_key); EVP_PKEY_free(s_dkey); - if (s_chain) - sk_X509_pop_free(s_chain, X509_free); - if (s_dchain) - sk_X509_pop_free(s_dchain, X509_free); + sk_X509_pop_free(s_chain, X509_free); + sk_X509_pop_free(s_dchain, X509_free); if (pass) OPENSSL_free(pass); if (dpass) OPENSSL_free(dpass); - if (vpm) - X509_VERIFY_PARAM_free(vpm); + X509_VERIFY_PARAM_free(vpm); free_sessions(); #ifndef OPENSSL_NO_TLSEXT if (tlscstatp.host) @@ -1951,9 +1945,9 @@ int s_server_main(int argc, char *argv[]) OPENSSL_free(tlscstatp.port); if (tlscstatp.path) OPENSSL_free(tlscstatp.path); + if (ctx2 != NULL) SSL_CTX_free(ctx2); - if (s_cert2) - X509_free(s_cert2); + X509_free(s_cert2); EVP_PKEY_free(s_key2); BIO_free(serverinfo_in); # ifndef OPENSSL_NO_NEXTPROTONEG diff --git a/apps/smime.c b/apps/smime.c index 21e9daa694..0fda865565 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -650,8 +650,7 @@ int smime_main(int argc, char **argv) ERR_print_errors(bio_err); sk_X509_pop_free(encerts, X509_free); sk_X509_pop_free(other, X509_free); - if (vpm) - X509_VERIFY_PARAM_free(vpm); + X509_VERIFY_PARAM_free(vpm); if (sksigners) sk_OPENSSL_STRING_free(sksigners); if (skkeys) diff --git a/apps/verify.c b/apps/verify.c index 1faca9675e..f4e18f0535 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -221,10 +221,8 @@ int verify_main(int argc, char **argv) } end: - if (vpm) - X509_VERIFY_PARAM_free(vpm); - if (store != NULL) - X509_STORE_free(store); + X509_VERIFY_PARAM_free(vpm); + X509_STORE_free(store); sk_X509_pop_free(untrusted, X509_free); sk_X509_pop_free(trusted, X509_free); sk_X509_CRL_pop_free(crls, X509_CRL_free); @@ -283,8 +281,7 @@ static int check(X509_STORE *ctx, char *file, } sk_X509_pop_free(chain, X509_free); } - if (x != NULL) - X509_free(x); + X509_free(x); return (ret); } diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c index fff54c808e..4783fc48a9 100644 --- a/crypto/asn1/x_info.c +++ b/crypto/asn1/x_info.c @@ -103,12 +103,9 @@ void X509_INFO_free(X509_INFO *x) } #endif - if (x->x509 != NULL) - X509_free(x->x509); - if (x->crl != NULL) - X509_CRL_free(x->crl); - if (x->x_pkey != NULL) - X509_PKEY_free(x->x_pkey); + X509_free(x->x509); + X509_CRL_free(x->crl); + X509_PKEY_free(x->x_pkey); if (x->enc_data != NULL) OPENSSL_free(x->enc_data); OPENSSL_free(x); diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c index 98e4a3d491..fc5de8a96f 100644 --- a/crypto/asn1/x_pkey.c +++ b/crypto/asn1/x_pkey.c @@ -110,8 +110,7 @@ void X509_PKEY_free(X509_PKEY *x) } #endif - if (x->enc_algor != NULL) - X509_ALGOR_free(x->enc_algor); + X509_ALGOR_free(x->enc_algor); ASN1_OCTET_STRING_free(x->enc_pkey); EVP_PKEY_free(x->dec_pkey); if ((x->key_data != NULL) && (x->key_free)) diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index 3c72997f03..158c24062e 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -112,15 +112,12 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) goto error; } - if (*x != NULL) - X509_PUBKEY_free(*x); - + X509_PUBKEY_free(*x); *x = pk; - return 1; + error: - if (pk != NULL) - X509_PUBKEY_free(pk); + X509_PUBKEY_free(pk); return 0; } diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index 03de7af204..2b61768847 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -94,8 +94,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, if (operation == ASN1_OP_FREE_POST) { CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; EVP_PKEY_free(si->pkey); - if (si->signer) - X509_free(si->signer); + X509_free(si->signer); if (si->pctx) EVP_MD_CTX_cleanup(&si->mctx); } @@ -248,8 +247,7 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, if (ri->type == CMS_RECIPINFO_TRANS) { CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; EVP_PKEY_free(ktri->pkey); - if (ktri->recip) - X509_free(ktri->recip); + X509_free(ktri->recip); EVP_PKEY_CTX_free(ktri->pctx); } else if (ri->type == CMS_RECIPINFO_KEK) { CMS_KEKRecipientInfo *kekri = ri->d.kekri; diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index e11b1fa4ac..ece5ce3640 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -204,8 +204,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, EVP_CIPHER_CTX_cleanup(&ctx); if (ri) M_ASN1_free_of(ri, CMS_RecipientInfo); - if (encalg) - X509_ALGOR_free(encalg); + X509_ALGOR_free(encalg); return NULL; } diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index c0a9780acf..31398acfe3 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -489,8 +489,7 @@ void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) EVP_PKEY_free(si->pkey); si->pkey = X509_get_pubkey(signer); } - if (si->signer) - X509_free(si->signer); + X509_free(si->signer); si->signer = signer; } diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index f491ec9e77..8066602c9f 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -455,10 +455,8 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, if (out != tmpout) BIO_free_all(tmpout); - if (cms_certs) - sk_X509_pop_free(cms_certs, X509_free); - if (crls) - sk_X509_CRL_pop_free(crls, X509_CRL_free); + sk_X509_pop_free(cms_certs, X509_free); + sk_X509_CRL_pop_free(crls, X509_CRL_free); return ret; } diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 8cd90b6b78..f3abe0774f 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -782,10 +782,8 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) rv = 1; err: - if (kekalg) - X509_ALGOR_free(kekalg); - if (dukm) - OPENSSL_free(dukm); + X509_ALGOR_free(kekalg); + OPENSSL_free(dukm); return rv; } @@ -945,10 +943,8 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) rv = 1; err: - if (penc) - OPENSSL_free(penc); - if (wrap_alg) - X509_ALGOR_free(wrap_alg); + OPENSSL_free(penc); + X509_ALGOR_free(wrap_alg); return rv; } diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 5a7b0b744f..6b34be38d7 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -796,10 +796,8 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) rv = 1; err: - if (kekalg) - X509_ALGOR_free(kekalg); - if (der) - OPENSSL_free(der); + X509_ALGOR_free(kekalg); + OPENSSL_free(der); return rv; } @@ -967,10 +965,8 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) rv = 1; err: - if (penc) - OPENSSL_free(penc); - if (wrap_alg) - X509_ALGOR_free(wrap_alg); + OPENSSL_free(penc); + X509_ALGOR_free(wrap_alg); return rv; } diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index c9e971ed85..c163e47829 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -401,8 +401,7 @@ void EVP_PKEY_free(EVP_PKEY *x) } #endif EVP_PKEY_free_it(x); - if (x->attributes) - sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); + sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); OPENSSL_free(x); } diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 40a3b017b8..9bf1ff502a 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -171,8 +171,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, } end: - if (chain) - sk_X509_pop_free(chain, X509_free); + sk_X509_pop_free(chain, X509_free); if (bs->certs && certs) sk_X509_free(untrusted); return ret; diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index b8147415f5..0e7338bd1d 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -276,8 +276,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, } ok = 1; err: - if (xi != NULL) - X509_INFO_free(xi); + X509_INFO_free(xi); if (!ok) { for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) { xi = sk_X509_INFO_value(ret, i); diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index fcfa986824..cd1842789f 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -150,12 +150,10 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, goto err; x = NULL; } - if (x) - X509_free(x); + X509_free(x); } - if (ocerts) - sk_X509_pop_free(ocerts, X509_free); + sk_X509_pop_free(ocerts, X509_free); return 1; @@ -163,12 +161,10 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, if (pkey) EVP_PKEY_free(*pkey); - if (cert && *cert) + if (cert) X509_free(*cert); - if (x) - X509_free(x); - if (ocerts) - sk_X509_pop_free(ocerts, X509_free); + X509_free(x); + sk_X509_pop_free(ocerts, X509_free); return 0; } diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 639e217425..51e9c6e80a 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -1134,8 +1134,7 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, { int i; - if (p7si->auth_attr != NULL) - sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free); + sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free); p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk); if (p7si->auth_attr == NULL) return 0; @@ -1154,8 +1153,7 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, { int i; - if (p7si->unauth_attr != NULL) - sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free); + sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free); p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk); if (p7si->unauth_attr == NULL) return 0; diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index e659af824b..33bdda2be6 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -208,8 +208,7 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, } return si; err: - if (smcap) - sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); + sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); return NULL; } diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 4e02531ec5..38b850ae7a 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -381,8 +381,7 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, rv = rsa_pss_param_print(bp, pss, maskHash, indent); if (pss) RSA_PSS_PARAMS_free(pss); - if (maskHash) - X509_ALGOR_free(maskHash); + X509_ALGOR_free(maskHash); if (!rv) return 0; } else if (!sig && BIO_puts(bp, "\n") <= 0) @@ -474,8 +473,7 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) stmp = NULL; err: ASN1_STRING_free(stmp); - if (algtmp) - X509_ALGOR_free(algtmp); + X509_ALGOR_free(algtmp); if (*palg) return 1; return 0; @@ -652,8 +650,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, err: RSA_PSS_PARAMS_free(pss); - if (maskHash) - X509_ALGOR_free(maskHash); + X509_ALGOR_free(maskHash); return rv; } @@ -840,8 +837,7 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) err: RSA_OAEP_PARAMS_free(oaep); - if (maskHash) - X509_ALGOR_free(maskHash); + X509_ALGOR_free(maskHash); return rv; } diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index ec1575ac30..3b2ba569a6 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -266,8 +266,7 @@ int int_rsa_verify(int dtype, const unsigned char *m, ret = 1; } err: - if (sig != NULL) - X509_SIG_free(sig); + X509_SIG_free(sig); if (s != NULL) { OPENSSL_cleanse(s, (unsigned int)siglen); OPENSSL_free(s); diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 0cdeb068c6..58068cf37e 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -207,8 +207,7 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer) TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE); return 0; } - if (ctx->signer_cert) - X509_free(ctx->signer_cert); + X509_free(ctx->signer_cert); ctx->signer_cert = signer; CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509); return 1; @@ -237,10 +236,8 @@ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy) int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) { - if (ctx->certs) { - sk_X509_pop_free(ctx->certs, X509_free); - ctx->certs = NULL; - } + sk_X509_pop_free(ctx->certs, X509_free); + ctx->certs = NULL; if (!certs) return 1; if (!(ctx->certs = X509_chain_up_ref(certs))) { diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index bc1c90cc64..d82a0dbd0f 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -174,8 +174,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) goto err; } err: - if (x != NULL) - X509_free(x); + X509_free(x); BIO_free(in); return (ret); } @@ -232,8 +231,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) goto err; } err: - if (x != NULL) - X509_CRL_free(x); + X509_CRL_free(x); BIO_free(in); return (ret); } diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index 292546b46f..df49b0b17f 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -147,10 +147,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, err: X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE); err2: - if (new_attr != NULL) - X509_ATTRIBUTE_free(new_attr); - if (sk != NULL) - sk_X509_ATTRIBUTE_free(sk); + X509_ATTRIBUTE_free(new_attr); + sk_X509_ATTRIBUTE_free(sk); return (NULL); } diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 08bbc3988b..7fbc8e364f 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -217,6 +217,8 @@ X509_STORE *X509_STORE_new(void) static void cleanup(X509_OBJECT *a) { + if (!a) + return; if (a->type == X509_LU_X509) { X509_free(a->data.x509); } else if (a->type == X509_LU_CRL) { @@ -260,8 +262,7 @@ void X509_STORE_free(X509_STORE *vfy) sk_X509_OBJECT_pop_free(vfy->objs, cleanup); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); - if (vfy->param) - X509_VERIFY_PARAM_free(vfy->param); + X509_VERIFY_PARAM_free(vfy->param); OPENSSL_free(vfy); } @@ -413,6 +414,8 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a) void X509_OBJECT_free_contents(X509_OBJECT *a) { + if (!a) + return; switch (a->type) { case X509_LU_X509: X509_free(a->data.x509); diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c index 3cd72806ba..e715904810 100644 --- a/crypto/x509/x509_r2x.c +++ b/crypto/x509/x509_r2x.c @@ -104,10 +104,9 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) if (!X509_sign(ret, pkey, EVP_md5())) goto err; - if (0) { + return ret; + err: - X509_free(ret); - ret = NULL; - } - return (ret); + X509_free(ret); + return NULL; } diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index d70bfaeaeb..ad33be6c2d 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -176,10 +176,8 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, err: X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE); err2: - if (new_ex != NULL) - X509_EXTENSION_free(new_ex); - if (sk != NULL) - sk_X509_EXTENSION_free(sk); + X509_EXTENSION_free(new_ex); + sk_X509_EXTENSION_free(sk); return (NULL); } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 85dc714f4e..3cdf453c21 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -495,10 +495,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) end: X509_get_pubkey_parameters(NULL, ctx->chain); } - if (sktmp != NULL) - sk_X509_free(sktmp); - if (chain_ss != NULL) - X509_free(chain_ss); + sk_X509_free(sktmp); + X509_free(chain_ss); return ok; } @@ -1016,8 +1014,7 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, } if (best_crl) { - if (*pcrl) - X509_CRL_free(*pcrl); + X509_CRL_free(*pcrl); *pcrl = best_crl; *pissuer = best_crl_issuer; *pscore = best_score; @@ -2058,8 +2055,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, memerr: X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE); - if (crl) - X509_CRL_free(crl); + X509_CRL_free(crl); return NULL; } @@ -2230,6 +2226,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) void X509_STORE_CTX_free(X509_STORE_CTX *ctx) { + if (!ctx) + return; X509_STORE_CTX_cleanup(ctx); OPENSSL_free(ctx); } @@ -2376,14 +2374,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) X509_VERIFY_PARAM_free(ctx->param); ctx->param = NULL; } - if (ctx->tree != NULL) { - X509_policy_tree_free(ctx->tree); - ctx->tree = NULL; - } - if (ctx->chain != NULL) { - sk_X509_pop_free(ctx->chain, X509_free); - ctx->chain = NULL; - } + X509_policy_tree_free(ctx->tree); + ctx->tree = NULL; + sk_X509_pop_free(ctx->chain, X509_free); + ctx->chain = NULL; CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); } @@ -2436,7 +2430,6 @@ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) { - if (ctx->param) - X509_VERIFY_PARAM_free(ctx->param); + X509_VERIFY_PARAM_free(ctx->param); ctx->param = param; } diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 009255e365..57c2606bbb 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -168,6 +168,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) { X509_VERIFY_PARAM *param; X509_VERIFY_PARAM_ID *paramid; + param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); if (!param) return NULL; @@ -185,7 +186,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) { - if (param == NULL) + if (!param) return; x509_verify_param_zero(param); OPENSSL_free(param->id); @@ -644,7 +645,6 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) void X509_VERIFY_PARAM_table_cleanup(void) { - if (param_table) - sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free); + sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free); param_table = NULL; } diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index 6bb1e5d3aa..5a7084532a 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -277,8 +277,7 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, } return (1); err: - if (new_name != NULL) - X509_NAME_ENTRY_free(new_name); + X509_NAME_ENTRY_free(new_name); return (0); } diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c index 9ff6dcc687..9782fda474 100644 --- a/crypto/x509/x_attrib.c +++ b/crypto/x509/x_attrib.c @@ -98,8 +98,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) ASN1_TYPE_set(val, atrtype, value); return (ret); err: - if (ret != NULL) - X509_ATTRIBUTE_free(ret); + X509_ATTRIBUTE_free(ret); ASN1_TYPE_free(val); return (NULL); } diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index e6a862e90d..cdc4c973b3 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -150,8 +150,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) memerr: ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE); if (ret) { - if (ret->entries) - sk_X509_NAME_ENTRY_free(ret->entries); + sk_X509_NAME_ENTRY_free(ret->entries); OPENSSL_free(ret); } return 0; @@ -160,6 +159,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { X509_NAME *a; + if (!pval || !*pval) return; a = (X509_NAME *)*pval; @@ -232,8 +232,7 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, *in = p; return ret; err: - if (nm.x != NULL) - X509_NAME_free(nm.x); + X509_NAME_free(nm.x); ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; } @@ -394,11 +393,9 @@ static int x509_name_canon(X509_NAME *a) err: - if (tmpentry) - X509_NAME_ENTRY_free(tmpentry); - if (intname) - sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, - local_sk_X509_NAME_ENTRY_pop_free); + X509_NAME_ENTRY_free(tmpentry); + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, + local_sk_X509_NAME_ENTRY_pop_free); return ret; } diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c index eff4291aab..125b311e88 100644 --- a/crypto/x509v3/pcy_cache.c +++ b/crypto/x509v3/pcy_cache.c @@ -221,8 +221,7 @@ void policy_cache_free(X509_POLICY_CACHE *cache) return; if (cache->anyPolicy) policy_data_free(cache->anyPolicy); - if (cache->data) - sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); + sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); OPENSSL_free(cache); } diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index cc52fa2de7..1f85c376f5 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -655,17 +655,13 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree) sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) { - if (curr->cert) - X509_free(curr->cert); - if (curr->nodes) - sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); + X509_free(curr->cert); + sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); if (curr->anyPolicy) policy_node_free(curr->anyPolicy); } - if (tree->extra_data) - sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free); - + sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free); OPENSSL_free(tree->levels); OPENSSL_free(tree); diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index e38632fafa..48a6a9d99a 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -175,8 +175,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, err: if (fnm) sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); - if (rnm) - sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); + sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); return -1; } @@ -354,8 +353,7 @@ static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, break; case ASN1_OP_FREE_POST: - if (dpn->dpname) - X509_NAME_free(dpn->dpname); + X509_NAME_free(dpn->dpname); break; } return 1; diff --git a/demos/cms/cms_ddec.c b/demos/cms/cms_ddec.c index 1e06cea5c7..36bb4ee081 100644 --- a/demos/cms/cms_ddec.c +++ b/demos/cms/cms_ddec.c @@ -70,8 +70,7 @@ int main(int argc, char **argv) if (cms) CMS_ContentInfo_free(cms); - if (rcert) - X509_free(rcert); + X509_free(rcert); EVP_PKEY_free(rkey); BIO_free(in); diff --git a/demos/cms/cms_dec.c b/demos/cms/cms_dec.c index 71a0e4ffdd..832b54d43c 100644 --- a/demos/cms/cms_dec.c +++ b/demos/cms/cms_dec.c @@ -61,8 +61,7 @@ int main(int argc, char **argv) if (cms) CMS_ContentInfo_free(cms); - if (rcert) - X509_free(rcert); + X509_free(rcert); EVP_PKEY_free(rkey); BIO_free(in); diff --git a/demos/cms/cms_denc.c b/demos/cms/cms_denc.c index 852671771c..f91fec1df3 100644 --- a/demos/cms/cms_denc.c +++ b/demos/cms/cms_denc.c @@ -79,10 +79,8 @@ int main(int argc, char **argv) if (cms) CMS_ContentInfo_free(cms); - if (rcert) - X509_free(rcert); - if (recips) - sk_X509_pop_free(recips, X509_free); + X509_free(rcert); + sk_X509_pop_free(recips, X509_free); BIO_free(in); BIO_free(out); diff --git a/demos/cms/cms_enc.c b/demos/cms/cms_enc.c index 4395e6b04f..ba62f7920e 100644 --- a/demos/cms/cms_enc.c +++ b/demos/cms/cms_enc.c @@ -75,10 +75,8 @@ int main(int argc, char **argv) if (cms) CMS_ContentInfo_free(cms); - if (rcert) - X509_free(rcert); - if (recips) - sk_X509_pop_free(recips, X509_free); + X509_free(rcert); + sk_X509_pop_free(recips, X509_free); BIO_free(in); BIO_free(out); diff --git a/demos/cms/cms_sign.c b/demos/cms/cms_sign.c index 3ad5ce8c18..e9871dfd36 100644 --- a/demos/cms/cms_sign.c +++ b/demos/cms/cms_sign.c @@ -71,8 +71,7 @@ int main(int argc, char **argv) if (cms) CMS_ContentInfo_free(cms); - if (scert) - X509_free(scert); + X509_free(scert); EVP_PKEY_free(skey); BIO_free(in); diff --git a/demos/cms/cms_sign2.c b/demos/cms/cms_sign2.c index 3276de1b2a..127f5860ee 100644 --- a/demos/cms/cms_sign2.c +++ b/demos/cms/cms_sign2.c @@ -80,14 +80,10 @@ int main(int argc, char **argv) if (cms) CMS_ContentInfo_free(cms); - if (scert) - X509_free(scert); + X509_free(scert); EVP_PKEY_free(skey); - - if (scert2) - X509_free(scert2); + X509_free(scert2); EVP_PKEY_free(skey2); - BIO_free(in); BIO_free(out); BIO_free(tbio); diff --git a/demos/cms/cms_ver.c b/demos/cms/cms_ver.c index 422753163e..0f34bbf335 100644 --- a/demos/cms/cms_ver.c +++ b/demos/cms/cms_ver.c @@ -70,8 +70,7 @@ int main(int argc, char **argv) if (cms) CMS_ContentInfo_free(cms); - if (cacert) - X509_free(cacert); + X509_free(cacert); BIO_free(in); BIO_free(out); diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c index 1a0a03abe6..9346720dae 100644 --- a/demos/easy_tls/easy-tls.c +++ b/demos/easy_tls/easy-tls.c @@ -943,8 +943,7 @@ static void write_info(SSL *ssl, int *info_fd) peercert = SSL_get_peer_certificate(ssl); tls_get_x509_subject_name_oneline(peercert, &peer); - if (peercert != NULL) - X509_free(peercert); + X509_free(peercert); } if (peer.str[0] == '\0') v_ok = '0'; /* no cert at all */ diff --git a/demos/smime/smdec.c b/demos/smime/smdec.c index 9752dea1f9..f1a987a34e 100644 --- a/demos/smime/smdec.c +++ b/demos/smime/smdec.c @@ -58,8 +58,7 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); } PKCS7_free(p7); - if (rcert) - X509_free(rcert); + X509_free(rcert); EVP_PKEY_free(rkey); BIO_free(in); BIO_free(out); diff --git a/demos/smime/smenc.c b/demos/smime/smenc.c index 2e594ee89e..79fe2d0e10 100644 --- a/demos/smime/smenc.c +++ b/demos/smime/smenc.c @@ -72,10 +72,8 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); } PKCS7_free(p7); - if (rcert) - X509_free(rcert); - if (recips) - sk_X509_pop_free(recips, X509_free); + X509_free(rcert); + sk_X509_pop_free(recips, X509_free); BIO_free(in); BIO_free(out); BIO_free(tbio); diff --git a/demos/smime/smsign.c b/demos/smime/smsign.c index 91ab8e475d..8505e7140b 100644 --- a/demos/smime/smsign.c +++ b/demos/smime/smsign.c @@ -68,8 +68,7 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); } PKCS7_free(p7); - if (scert) - X509_free(scert); + X509_free(scert); EVP_PKEY_free(skey); BIO_free(in); BIO_free(out); diff --git a/demos/smime/smsign2.c b/demos/smime/smsign2.c index 0ad709d041..415ecf395f 100644 --- a/demos/smime/smsign2.c +++ b/demos/smime/smsign2.c @@ -76,11 +76,9 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); } PKCS7_free(p7); - if (scert) - X509_free(scert); + X509_free(scert); EVP_PKEY_free(skey); - if (scert2) - X509_free(scert2); + X509_free(scert2); EVP_PKEY_free(skey2); BIO_free(in); BIO_free(out); diff --git a/demos/smime/smver.c b/demos/smime/smver.c index c4b6e751a9..13ba18b9b9 100644 --- a/demos/smime/smver.c +++ b/demos/smime/smver.c @@ -66,8 +66,7 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); } PKCS7_free(p7); - if (cacert) - X509_free(cacert); + X509_free(cacert); BIO_free(in); BIO_free(out); BIO_free(tbio); diff --git a/demos/spkigen.c b/demos/spkigen.c index c272a8c223..7df8f34c0c 100644 --- a/demos/spkigen.c +++ b/demos/spkigen.c @@ -166,7 +166,6 @@ EVP_PKEY *pkey; pk = NULL; ok = 1; err: - if (pk != NULL) - X509_PUBKEY_free(pk); + X509_PUBKEY_free(pk); return (ok); } diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod index b17888f149..bad12e4d09 100644 --- a/doc/crypto/X509_STORE_CTX_new.pod +++ b/doc/crypto/X509_STORE_CTX_new.pod @@ -37,6 +37,7 @@ The context can then be reused with an new call to X509_STORE_CTX_init(). X509_STORE_CTX_free() completely frees up B. After this call B is no longer valid. +If B is NULL nothing is done. X509_STORE_CTX_init() sets up B for a subsequent verification operation. The trusted certificate store is set to B, the end entity certificate diff --git a/doc/crypto/X509_new.pod b/doc/crypto/X509_new.pod index d38872335f..d6f3d3092f 100644 --- a/doc/crypto/X509_new.pod +++ b/doc/crypto/X509_new.pod @@ -19,6 +19,7 @@ X509 structure, which represents an X509 certificate. X509_new() allocates and initializes a X509 structure. X509_free() frees up the B structure B. +If B is NULL nothing is done. =head1 RETURN VALUES diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 3eb67ef17b..bbff778d44 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1314,21 +1314,18 @@ int ssl3_get_server_certificate(SSL *s) * Why would the following ever happen? We just created sc a couple * of lines ago. */ - if (sc->peer_pkeys[i].x509 != NULL) - X509_free(sc->peer_pkeys[i].x509); + X509_free(sc->peer_pkeys[i].x509); sc->peer_pkeys[i].x509 = x; sc->peer_key = &(sc->peer_pkeys[i]); - if (s->session->peer != NULL) - X509_free(s->session->peer); + X509_free(s->session->peer); CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); s->session->peer = x; } else { sc->peer_cert_type = i; sc->peer_key = NULL; - if (s->session->peer != NULL) - X509_free(s->session->peer); + X509_free(s->session->peer); s->session->peer = NULL; } s->session->verify_result = s->verify_result; @@ -2149,15 +2146,13 @@ int ssl3_get_certificate_request(SSL *s) /* we should setup a certificate to return.... */ s->s3->tmp.cert_req = 1; s->s3->tmp.ctype_num = ctype_num; - if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); s->s3->tmp.ca_names = ca_sk; ca_sk = NULL; ret = 1; err: - if (ca_sk != NULL) - sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); + sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); return (ret); } @@ -3339,8 +3334,7 @@ int ssl3_send_client_certificate(SSL *s) SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); } - if (x509 != NULL) - X509_free(x509); + X509_free(x509); if (pkey != NULL) EVP_PKEY_free(pkey); if (i && !ssl3_check_client_certificate(s)) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 7bb3a9257f..ef2ddb4973 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3126,8 +3126,7 @@ void ssl3_free(SSL *s) EC_KEY_free(s->s3->tmp.ecdh); #endif - if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); BIO_free(s->s3->handshake_buffer); if (s->s3->handshake_dgst) ssl3_free_digest_list(s); @@ -3149,8 +3148,7 @@ void ssl3_clear(SSL *s) int init_extra; ssl3_cleanup_key_block(s); - if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); #ifndef OPENSSL_NO_DH DH_free(s->s3->tmp.dh); @@ -3925,10 +3923,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) break; case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: - if (ctx->extra_certs) { - sk_X509_pop_free(ctx->extra_certs, X509_free); - ctx->extra_certs = NULL; - } + sk_X509_pop_free(ctx->extra_certs, X509_free); + ctx->extra_certs = NULL; break; case SSL_CTRL_CHAIN: diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 6c1ba3ae48..77420a1e7a 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -3271,8 +3271,7 @@ int ssl3_get_client_certificate(SSL *s) EVP_PKEY_free(pkey); } - if (s->session->peer != NULL) /* This should not be needed */ - X509_free(s->session->peer); + X509_free(s->session->peer); s->session->peer = sk_X509_shift(sk); s->session->verify_result = s->verify_result; @@ -3287,8 +3286,7 @@ int ssl3_get_client_certificate(SSL *s) goto err; } } - if (s->session->sess_cert->cert_chain != NULL) - sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); + sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); s->session->sess_cert->cert_chain = sk; /* * Inconsistency alert: cert_chain does *not* include the peer's own @@ -3303,10 +3301,8 @@ int ssl3_get_client_certificate(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, al); } err: - if (x != NULL) - X509_free(x); - if (sk != NULL) - sk_X509_pop_free(sk, X509_free); + X509_free(x); + sk_X509_pop_free(sk, X509_free); return (ret); } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 4daa29692b..0ae9646991 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -398,16 +398,12 @@ void ssl_cert_clear_certs(CERT *c) return; for (i = 0; i < SSL_PKEY_NUM; i++) { CERT_PKEY *cpk = c->pkeys + i; - if (cpk->x509) { - X509_free(cpk->x509); - cpk->x509 = NULL; - } + X509_free(cpk->x509); + cpk->x509 = NULL; EVP_PKEY_free(cpk->privatekey); cpk->privatekey = NULL; - if (cpk->chain) { - sk_X509_pop_free(cpk->chain, X509_free); - cpk->chain = NULL; - } + sk_X509_pop_free(cpk->chain, X509_free); + cpk->chain = NULL; #ifndef OPENSSL_NO_TLSEXT if (cpk->serverinfo) { OPENSSL_free(cpk->serverinfo); @@ -461,10 +457,8 @@ void ssl_cert_free(CERT *c) OPENSSL_free(c->shared_sigalgs); if (c->ctypes) OPENSSL_free(c->ctypes); - if (c->verify_store) - X509_STORE_free(c->verify_store); - if (c->chain_store) - X509_STORE_free(c->chain_store); + X509_STORE_free(c->verify_store); + X509_STORE_free(c->chain_store); if (c->ciphers_raw) OPENSSL_free(c->ciphers_raw); #ifndef OPENSSL_NO_TLSEXT @@ -485,8 +479,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key; if (!cpk) return 0; - if (cpk->chain) - sk_X509_pop_free(cpk->chain, X509_free); + sk_X509_pop_free(cpk->chain, X509_free); for (i = 0; i < sk_X509_num(chain); i++) { r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0); if (r != 1) { @@ -629,11 +622,9 @@ void ssl_sess_cert_free(SESS_CERT *sc) #endif /* i == 0 */ - if (sc->cert_chain != NULL) - sk_X509_pop_free(sc->cert_chain, X509_free); + sk_X509_pop_free(sc->cert_chain, X509_free); for (i = 0; i < SSL_PKEY_NUM; i++) { - if (sc->peer_pkeys[i].x509 != NULL) - X509_free(sc->peer_pkeys[i].x509); + X509_free(sc->peer_pkeys[i].x509); #if 0 /* * We don't have the peer's private key. These lines are just @@ -726,9 +717,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list, STACK_OF(X509_NAME) *name_list) { - if (*ca_list != NULL) - sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); - + sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); *ca_list = name_list; } @@ -867,15 +856,12 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) if (0) { err: - if (ret != NULL) - sk_X509_NAME_pop_free(ret, X509_NAME_free); + sk_X509_NAME_pop_free(ret, X509_NAME_free); ret = NULL; } - if (sk != NULL) - sk_X509_NAME_free(sk); + sk_X509_NAME_free(sk); BIO_free(in); - if (x != NULL) - X509_free(x); + X509_free(x); if (ret != NULL) ERR_clear_error(); return (ret); @@ -1205,8 +1191,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) goto err; } } - if (cpk->chain) - sk_X509_pop_free(cpk->chain, X509_free); + sk_X509_pop_free(cpk->chain, X509_free); cpk->chain = chain; if (rv == 0) rv = 1; @@ -1224,8 +1209,7 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref) pstore = &c->chain_store; else pstore = &c->verify_store; - if (*pstore) - X509_STORE_free(*pstore); + X509_STORE_free(*pstore); *pstore = store; if (ref && store) CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 73eafdb542..7319cd85df 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -532,9 +532,7 @@ void SSL_free(SSL *s) } #endif - if (s->param) - X509_VERIFY_PARAM_free(s->param); - + X509_VERIFY_PARAM_free(s->param); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); if (s->bbio != NULL) { @@ -581,8 +579,7 @@ void SSL_free(SSL *s) if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); # endif /* OPENSSL_NO_EC */ - if (s->tlsext_ocsp_exts) - sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); + sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); if (s->tlsext_ocsp_ids) sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); if (s->tlsext_ocsp_resp) @@ -591,8 +588,7 @@ void SSL_free(SSL *s) OPENSSL_free(s->alpn_client_proto_list); #endif - if (s->client_CA != NULL) - sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); + sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); if (s->method != NULL) s->method->ssl_free(s); @@ -2032,8 +2028,7 @@ void SSL_CTX_free(SSL_CTX *a) } #endif - if (a->param) - X509_VERIFY_PARAM_free(a->param); + X509_VERIFY_PARAM_free(a->param); /* * Free internal session cache. However: the remove_cb() may reference @@ -2052,17 +2047,14 @@ void SSL_CTX_free(SSL_CTX *a) if (a->sessions != NULL) lh_SSL_SESSION_free(a->sessions); - if (a->cert_store != NULL) - X509_STORE_free(a->cert_store); + X509_STORE_free(a->cert_store); if (a->cipher_list != NULL) sk_SSL_CIPHER_free(a->cipher_list); if (a->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(a->cipher_list_by_id); ssl_cert_free(a->cert); - if (a->client_CA != NULL) - sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); - if (a->extra_certs != NULL) - sk_X509_pop_free(a->extra_certs, X509_free); + sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); + sk_X509_pop_free(a->extra_certs, X509_free); a->comp_methods = NULL; #ifndef OPENSSL_NO_SRTP @@ -3186,8 +3178,7 @@ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) { - if (ctx->cert_store != NULL) - X509_STORE_free(ctx->cert_store); + X509_STORE_free(ctx->cert_store); ctx->cert_store = store; } diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index b5d457a9eb..e4798e9316 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -119,8 +119,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type) ret = SSL_use_certificate(ssl, x); end: - if (x != NULL) - X509_free(x); + X509_free(x); BIO_free(in); return (ret); } @@ -418,8 +417,7 @@ static int ssl_set_cert(CERT *c, X509 *x) EVP_PKEY_free(pkey); - if (c->pkeys[i].x509 != NULL) - X509_free(c->pkeys[i].x509); + X509_free(c->pkeys[i].x509); CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); c->pkeys[i].x509 = x; c->key = &(c->pkeys[i]); @@ -465,8 +463,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) ret = SSL_CTX_use_certificate(ctx, x); end: - if (x != NULL) - X509_free(x); + X509_free(x); BIO_free(in); return (ret); } diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 51f30fbd3d..eed38ca73c 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -732,8 +732,7 @@ void SSL_SESSION_free(SSL_SESSION *ss) OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); ssl_sess_cert_free(ss->sess_cert); - if (ss->peer != NULL) - X509_free(ss->peer); + X509_free(ss->peer); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); #ifndef OPENSSL_NO_TLSEXT diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 985c357563..b77074a0a5 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2219,11 +2219,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } sdata = data; if (dsize > 0) { - if (s->tlsext_ocsp_exts) { - sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, - X509_EXTENSION_free); - } - + sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, + X509_EXTENSION_free); s->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL, &sdata, dsize); if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) { -- 2.25.1