From c5ba2d990420e1778ca4a90bf882e0f806404af0 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Sat, 28 Mar 2015 10:54:15 -0400 Subject: [PATCH] free NULL cleanup EVP_.*free; this gets: EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup Reviewed-by: Kurt Roeckx --- apps/dgst.c | 3 +-- apps/genpkey.c | 15 +++++---------- apps/pkcs12.c | 3 +-- apps/pkeyutl.c | 3 +-- apps/req.c | 5 ++--- apps/s_cb.c | 3 +-- apps/s_client.c | 3 +-- apps/s_server.c | 9 +++------ crypto/asn1/d2i_pr.c | 2 +- crypto/asn1/d2i_pu.c | 2 +- crypto/asn1/x_pkey.c | 3 +-- crypto/asn1/x_pubkey.c | 3 +-- crypto/cms/cms_asn1.c | 15 +++++---------- crypto/cms/cms_env.c | 9 +++------ crypto/cms/cms_kari.c | 8 +++----- crypto/cms/cms_sd.c | 9 +++------ crypto/dh/dh_ameth.c | 6 ++---- crypto/ec/ec_ameth.c | 3 +-- crypto/evp/digest.c | 3 +-- crypto/evp/evp_enc.c | 7 ++++--- crypto/evp/evp_extra_test.c | 20 +++++--------------- crypto/evp/evp_test.c | 9 +++------ crypto/evp/p_lib.c | 1 + crypto/evp/pmeth_fn.c | 3 +-- crypto/evp/pmeth_gn.c | 3 +-- crypto/evp/pmeth_lib.c | 6 ++---- crypto/pem/pem_pk8.c | 3 +-- crypto/pem/pem_pkey.c | 9 +++------ crypto/pem/pvkfmt.c | 6 ++---- crypto/pkcs12/p12_kiss.c | 2 +- crypto/pkcs7/pk7_doit.c | 13 +++++-------- crypto/pkcs7/pk7_lib.c | 3 +-- crypto/ts/ts_rsp_sign.c | 3 +-- crypto/x509/x509_cmp.c | 6 ++---- crypto/x509/x509_vfy.c | 6 ++---- demos/cms/cms_ddec.c | 3 +-- demos/cms/cms_dec.c | 3 +-- demos/cms/cms_sign.c | 3 +-- demos/cms/cms_sign2.c | 6 ++---- demos/smime/smdec.c | 3 +-- demos/smime/smsign.c | 3 +-- demos/smime/smsign2.c | 6 ++---- doc/crypto/EVP_PKEY_CTX_new.pod | 1 + doc/crypto/EVP_PKEY_new.pod | 1 + engines/ccgost/gost2001_keyx.c | 7 +++---- engines/e_chil.c | 3 +-- ssl/s3_srvr.c | 3 +-- ssl/ssl_cert.c | 6 ++---- 48 files changed, 90 insertions(+), 165 deletions(-) diff --git a/apps/dgst.c b/apps/dgst.c index ac3b583793..700600011c 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -384,8 +384,7 @@ int MAIN(int argc, char **argv) } r = 1; mac_end: - if (mac_ctx) - EVP_PKEY_CTX_free(mac_ctx); + EVP_PKEY_CTX_free(mac_ctx); if (r == 0) goto end; } diff --git a/apps/genpkey.c b/apps/genpkey.c index 5b7f4335b1..bd81d51a22 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -268,10 +268,8 @@ int MAIN(int argc, char **argv) ret = 0; end: - if (pkey) - EVP_PKEY_free(pkey); - if (ctx) - EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(ctx); BIO_free_all(out); BIO_free(in); if (pass) @@ -317,10 +315,8 @@ static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx, err: BIO_puts(err, "Error initializing context\n"); ERR_print_errors(err); - if (ctx) - EVP_PKEY_CTX_free(ctx); - if (pkey) - EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); return 0; } @@ -375,8 +371,7 @@ int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, err: BIO_printf(err, "Error initializing %s context\n", algname); ERR_print_errors(err); - if (ctx) - EVP_PKEY_CTX_free(ctx); + EVP_PKEY_CTX_free(ctx); return 0; } diff --git a/apps/pkcs12.c b/apps/pkcs12.c index e33fe243ee..a60a055040 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -672,8 +672,7 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("process -export_cert: freeing"); # endif - if (key) - EVP_PKEY_free(key); + EVP_PKEY_free(key); if (certs) sk_X509_pop_free(certs, X509_free); if (ucert) diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index aaa90740ad..1028686738 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -332,8 +332,7 @@ int MAIN(int argc, char **argv) BIO_write(out, buf_out, buf_outlen); end: - if (ctx) - EVP_PKEY_CTX_free(ctx); + EVP_PKEY_CTX_free(ctx); BIO_free(in); BIO_free_all(out); if (buf_in) diff --git a/apps/req.c b/apps/req.c index 231535bfaf..3cedf2c8a6 100644 --- a/apps/req.c +++ b/apps/req.c @@ -874,9 +874,9 @@ int MAIN(int argc, char **argv) if (pkey == NULL) { pkey = X509_REQ_get_pubkey(req); - tmp = 1; if (pkey == NULL) goto end; + tmp = 1; } i = X509_REQ_verify(req, pkey); @@ -1013,8 +1013,7 @@ int MAIN(int argc, char **argv) BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); - if (genctx) - EVP_PKEY_CTX_free(genctx); + EVP_PKEY_CTX_free(genctx); if (pkeyopts) sk_OPENSSL_STRING_free(pkeyopts); if (sigopts) diff --git a/apps/s_cb.c b/apps/s_cb.c index ea7d35c700..7e69fc8f51 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1242,8 +1242,7 @@ void ssl_excert_free(SSL_EXCERT *exc) while (exc) { if (exc->cert) X509_free(exc->cert); - if (exc->key) - EVP_PKEY_free(exc->key); + EVP_PKEY_free(exc->key); if (exc->chain) sk_X509_pop_free(exc->chain, X509_free); curr = exc; diff --git a/apps/s_client.c b/apps/s_client.c index 08749830ba..ec116171c3 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2030,8 +2030,7 @@ int MAIN(int argc, char **argv) X509_free(cert); if (crls) sk_X509_CRL_pop_free(crls, X509_CRL_free); - if (key) - EVP_PKEY_free(key); + EVP_PKEY_free(key); if (chain) sk_X509_pop_free(chain, X509_free); if (pass) diff --git a/apps/s_server.c b/apps/s_server.c index 37c40cb2fb..f97a97d8f0 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2011,10 +2011,8 @@ int MAIN(int argc, char *argv[]) sk_X509_CRL_pop_free(crls, X509_CRL_free); if (s_dcert) X509_free(s_dcert); - if (s_key) - EVP_PKEY_free(s_key); - if (s_dkey) - EVP_PKEY_free(s_dkey); + EVP_PKEY_free(s_key); + EVP_PKEY_free(s_dkey); if (s_chain) sk_X509_pop_free(s_chain, X509_free); if (s_dchain) @@ -2037,8 +2035,7 @@ int MAIN(int argc, char *argv[]) SSL_CTX_free(ctx2); if (s_cert2) X509_free(s_cert2); - if (s_key2) - EVP_PKEY_free(s_key2); + EVP_PKEY_free(s_key2); BIO_free(serverinfo_in); # ifndef OPENSSL_NO_NEXTPROTONEG if (next_proto.data) diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index 5f1a96d808..793532f493 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -113,7 +113,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, (*a) = ret; return (ret); err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) + if (a == NULL || *a != ret) EVP_PKEY_free(ret); return (NULL); } diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c index 33542dd122..189cfddf1e 100644 --- a/crypto/asn1/d2i_pu.c +++ b/crypto/asn1/d2i_pu.c @@ -130,7 +130,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, (*a) = ret; return (ret); err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) + if (a == NULL || *a != ret) EVP_PKEY_free(ret); return (NULL); } diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c index f4396e7d17..f24c0ce914 100644 --- a/crypto/asn1/x_pkey.c +++ b/crypto/asn1/x_pkey.c @@ -144,8 +144,7 @@ void X509_PKEY_free(X509_PKEY *x) if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor); ASN1_OCTET_STRING_free(x->enc_pkey); - if (x->dec_pkey != NULL) - EVP_PKEY_free(x->dec_pkey); + EVP_PKEY_free(x->dec_pkey); if ((x->key_data != NULL) && (x->key_free)) OPENSSL_free(x->key_data); OPENSSL_free(x); diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index cefaf3ac40..3c72997f03 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -174,8 +174,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) return ret; error: - if (ret != NULL) - EVP_PKEY_free(ret); + EVP_PKEY_free(ret); return (NULL); } diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index 9a71919c8f..03de7af204 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -93,8 +93,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, { if (operation == ASN1_OP_FREE_POST) { CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; - if (si->pkey) - EVP_PKEY_free(si->pkey); + EVP_PKEY_free(si->pkey); if (si->signer) X509_free(si->signer); if (si->pctx) @@ -171,8 +170,7 @@ static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, { CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval; if (operation == ASN1_OP_FREE_POST) { - if (rek->pkey) - EVP_PKEY_free(rek->pkey); + EVP_PKEY_free(rek->pkey); } return 1; } @@ -202,8 +200,7 @@ static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, EVP_CIPHER_CTX_set_flags(&kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); kari->pctx = NULL; } else if (operation == ASN1_OP_FREE_POST) { - if (kari->pctx) - EVP_PKEY_CTX_free(kari->pctx); + EVP_PKEY_CTX_free(kari->pctx); EVP_CIPHER_CTX_cleanup(&kari->ctx); } return 1; @@ -250,12 +247,10 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval; if (ri->type == CMS_RECIPINFO_TRANS) { CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; - if (ktri->pkey) - EVP_PKEY_free(ktri->pkey); + EVP_PKEY_free(ktri->pkey); if (ktri->recip) X509_free(ktri->recip); - if (ktri->pctx) - EVP_PKEY_CTX_free(ktri->pctx); + EVP_PKEY_CTX_free(ktri->pctx); } else if (ri->type == CMS_RECIPINFO_KEK) { CMS_KEKRecipientInfo *kekri = ri->d.kekri; if (kekri->key) { diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index d1252f8d87..3b4b930136 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -279,8 +279,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, err: if (ri) M_ASN1_free_of(ri, CMS_RecipientInfo); - if (pk) - EVP_PKEY_free(pk); + EVP_PKEY_free(pk); return NULL; } @@ -476,10 +475,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, ec->keylen = eklen; err: - if (ktri->pctx) { - EVP_PKEY_CTX_free(ktri->pctx); - ktri->pctx = NULL; - } + EVP_PKEY_CTX_free(ktri->pctx); + ktri->pctx = NULL; if (!ret && ek) OPENSSL_free(ek); diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index 196b5c60f1..5aaba59c11 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -218,8 +218,7 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk) kari->pctx = pctx; return 1; err: - if (pctx) - EVP_PKEY_CTX_free(pctx); + EVP_PKEY_CTX_free(pctx); return 0; } @@ -331,10 +330,9 @@ static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari, kari->pctx = pctx; rv = 1; err: - if (!rv && pctx) + if (!rv) EVP_PKEY_CTX_free(pctx); - if (ekey) - EVP_PKEY_free(ekey); + EVP_PKEY_free(ekey); return rv; } diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index c45d30eac1..71c234cb39 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -487,8 +487,7 @@ void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) { if (signer) { CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); - if (si->pkey) - EVP_PKEY_free(si->pkey); + EVP_PKEY_free(si->pkey); si->pkey = X509_get_pubkey(signer); } if (si->signer) @@ -651,8 +650,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, err: EVP_MD_CTX_cleanup(&mctx); - if (pctx) - EVP_PKEY_CTX_free(pctx); + EVP_PKEY_CTX_free(pctx); return r; } @@ -875,8 +873,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } err: - if (pkctx) - EVP_PKEY_CTX_free(pkctx); + EVP_PKEY_CTX_free(pkctx); EVP_MD_CTX_cleanup(&mctx); return r; diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index c71538fa15..cfa2e2dbec 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -708,8 +708,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, err: if (public_key) ASN1_INTEGER_free(public_key); - if (pkpeer) - EVP_PKEY_free(pkpeer); + EVP_PKEY_free(pkpeer); DH_free(dhpeer); return rv; } @@ -849,8 +848,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) X509_ALGOR_get0(&aoid, NULL, NULL, talg); /* Is everything uninitialised? */ if (aoid == OBJ_nid2obj(NID_undef)) { - ASN1_INTEGER *pubk; - pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL); + ASN1_INTEGER *pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL); if (!pubk) goto err; /* Set the key */ diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 4be85a9e87..65c3d569ab 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -704,8 +704,7 @@ static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx, rv = 1; err: EC_KEY_free(ecpeer); - if (pkpeer) - EVP_PKEY_free(pkpeer); + EVP_PKEY_free(pkpeer); return rv; } diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 48c7b00b4c..ce95350bfd 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -352,8 +352,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); OPENSSL_free(ctx->md_data); } - if (ctx->pctx) - EVP_PKEY_CTX_free(ctx->pctx); + EVP_PKEY_CTX_free(ctx->pctx); #ifndef OPENSSL_NO_ENGINE if (ctx->engine) /* diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 3d40b0481b..3468b6b3fb 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -522,14 +522,15 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) { - if (ctx) { - EVP_CIPHER_CTX_cleanup(ctx); + EVP_CIPHER_CTX_cleanup(ctx); + if (ctx) OPENSSL_free(ctx); - } } int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { + if (!c) + return 0; if (c->cipher != NULL) { if (c->cipher->cleanup && !c->cipher->cleanup(c)) return 0; diff --git a/crypto/evp/evp_extra_test.c b/crypto/evp/evp_extra_test.c index c474134a2d..567ed0f5f9 100644 --- a/crypto/evp/evp_extra_test.c +++ b/crypto/evp/evp_extra_test.c @@ -265,9 +265,7 @@ static EVP_PKEY *load_example_rsa_key(void) pkey = NULL; out: - if (pkey) { - EVP_PKEY_free(pkey); - } + EVP_PKEY_free(pkey); RSA_free(rsa); return ret; @@ -321,9 +319,7 @@ static int test_EVP_DigestSignInit(void) EVP_MD_CTX_cleanup(&md_ctx); EVP_MD_CTX_cleanup(&md_ctx_verify); - if (pkey) { - EVP_PKEY_free(pkey); - } + EVP_PKEY_free(pkey); if (sig) { OPENSSL_free(sig); } @@ -354,9 +350,7 @@ static int test_EVP_DigestVerifyInit(void) } EVP_MD_CTX_cleanup(&md_ctx); - if (pkey) { - EVP_PKEY_free(pkey); - } + EVP_PKEY_free(pkey); return ret; } @@ -387,9 +381,7 @@ static int test_d2i_AutoPrivateKey(const unsigned char *input, ERR_print_errors_fp(stderr); } - if (pkey != NULL) { - EVP_PKEY_free(pkey); - } + EVP_PKEY_free(pkey); return ret; } @@ -422,9 +414,7 @@ static int test_EVP_PKCS82PKEY(void) PKCS8_PRIV_KEY_INFO_free(p8inf); } - if (pkey != NULL) { - EVP_PKEY_free(pkey); - } + EVP_PKEY_free(pkey); return ret; } diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index 152465878e..68d5bde300 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -1051,10 +1051,8 @@ static int mac_test_run(struct evp_test *t) EVP_MD_CTX_destroy(mctx); if (mac) OPENSSL_free(mac); - if (genctx) - EVP_PKEY_CTX_free(genctx); - if (key) - EVP_PKEY_free(key); + EVP_PKEY_CTX_free(genctx); + EVP_PKEY_free(key); t->err = err; return 1; } @@ -1139,8 +1137,7 @@ static void pkey_test_cleanup(struct evp_test *t) OPENSSL_free(kdata->input); if (kdata->output) OPENSSL_free(kdata->output); - if (kdata->ctx) - EVP_PKEY_CTX_free(kdata->ctx); + EVP_PKEY_CTX_free(kdata->ctx); } static int pkey_test_parse(struct evp_test *t, diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 604faf2c6b..a96fae6125 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -409,6 +409,7 @@ void EVP_PKEY_free(EVP_PKEY *x) static void EVP_PKEY_free_it(EVP_PKEY *x) { + /* internal function; x is never NULL */ if (x->ameth && x->ameth->pkey_free) { x->ameth->pkey_free(x); x->pkey.ptr = NULL; diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c index 829b5f0409..abf216082d 100644 --- a/crypto/evp/pmeth_fn.c +++ b/crypto/evp/pmeth_fn.c @@ -315,8 +315,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) return -1; } - if (ctx->peerkey) - EVP_PKEY_free(ctx->peerkey); + EVP_PKEY_free(ctx->peerkey); ctx->peerkey = peer; ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index a5ae484849..78467c98f7 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -207,7 +207,6 @@ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0) goto merr; merr: - if (mac_ctx) - EVP_PKEY_CTX_free(mac_ctx); + EVP_PKEY_CTX_free(mac_ctx); return mac_key; } diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 9183e405ea..b20a902ef7 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -363,10 +363,8 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) return; if (ctx->pmeth && ctx->pmeth->cleanup) ctx->pmeth->cleanup(ctx); - if (ctx->pkey) - EVP_PKEY_free(ctx->pkey); - if (ctx->peerkey) - EVP_PKEY_free(ctx->peerkey); + EVP_PKEY_free(ctx->pkey); + EVP_PKEY_free(ctx->peerkey); #ifndef OPENSSL_NO_ENGINE if (ctx->engine) /* diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 0d76026155..529d077a9a 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -183,8 +183,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, if (!ret) return NULL; if (x) { - if (*x) - EVP_PKEY_free(*x); + EVP_PKEY_free(*x); *x = ret; } return ret; diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index fd7e8b0376..80c316ed38 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -96,8 +96,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, goto p8err; ret = EVP_PKCS82PKEY(p8inf); if (x) { - if (*x) - EVP_PKEY_free((EVP_PKEY *)*x); + EVP_PKEY_free((EVP_PKEY *)*x); *x = ret; } PKCS8_PRIV_KEY_INFO_free(p8inf); @@ -124,8 +123,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, goto p8err; ret = EVP_PKCS82PKEY(p8inf); if (x) { - if (*x) - EVP_PKEY_free((EVP_PKEY *)*x); + EVP_PKEY_free((EVP_PKEY *)*x); *x = ret; } PKCS8_PRIV_KEY_INFO_free(p8inf); @@ -186,8 +184,7 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) goto err; } if (x) { - if (*x) - EVP_PKEY_free((EVP_PKEY *)*x); + EVP_PKEY_free((EVP_PKEY *)*x); *x = ret; } } diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 0f2390d3b4..14ddb33a26 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -336,8 +336,7 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, memerr: PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE); DSA_free(dsa); - if (ret) - EVP_PKEY_free(ret); + EVP_PKEY_free(ret); if (ctx) BN_CTX_free(ctx); return NULL; @@ -385,8 +384,7 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, memerr: PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE); RSA_free(rsa); - if (ret) - EVP_PKEY_free(ret); + EVP_PKEY_free(ret); return NULL; } diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index 4fd8b8c229..fcfa986824 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -161,7 +161,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, err: - if (pkey && *pkey) + if (pkey) EVP_PKEY_free(*pkey); if (cert && *cert) X509_free(*cert); diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index b7c66a3160..639e217425 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -179,10 +179,8 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, ret = 1; err: - if (pkey) - EVP_PKEY_free(pkey); - if (pctx) - EVP_PKEY_CTX_free(pctx); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pctx); if (ek) OPENSSL_free(ek); return ret; @@ -240,8 +238,7 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, *peklen = eklen; err: - if (pctx) - EVP_PKEY_CTX_free(pctx); + EVP_PKEY_CTX_free(pctx); if (!ret && ek) OPENSSL_free(ek); @@ -1077,8 +1074,8 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE); ret = -1; goto err; - } else - ret = 1; + } + ret = 1; err: EVP_MD_CTX_cleanup(&mdc_tmp); return (ret); diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 6409d2867c..956f3f22e7 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -556,8 +556,7 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) return 1; err: - if (pkey) - EVP_PKEY_free(pkey); + EVP_PKEY_free(pkey); return 0; } diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index b510cebde3..037ab645a2 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -216,8 +216,7 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer) int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key) { - if (ctx->signer_key) - EVP_PKEY_free(ctx->signer_key); + EVP_PKEY_free(ctx->signer_key); ctx->signer_key = key; CRYPTO_add(&ctx->signer_key->references, +1, CRYPTO_LOCK_EVP_PKEY); diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 51c47cc781..c7b0fe1e29 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -342,8 +342,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) case -2: X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE); } - if (xk) - EVP_PKEY_free(xk); + EVP_PKEY_free(xk); if (ret > 0) return 1; return 0; @@ -436,8 +435,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, /* Final check: root CA signature */ rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags); end: - if (pk) - EVP_PKEY_free(pk); + EVP_PKEY_free(pk); if (rv != X509_V_OK) { /* Invalid signature or LOS errors are for previous cert */ if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 61f02b58a6..9cf39db269 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1933,10 +1933,8 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) } if (!EVP_PKEY_missing_parameters(ktmp)) break; - else { - EVP_PKEY_free(ktmp); - ktmp = NULL; - } + EVP_PKEY_free(ktmp); + ktmp = NULL; } if (ktmp == NULL) { X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, diff --git a/demos/cms/cms_ddec.c b/demos/cms/cms_ddec.c index 7247e57112..1e06cea5c7 100644 --- a/demos/cms/cms_ddec.c +++ b/demos/cms/cms_ddec.c @@ -72,8 +72,7 @@ int main(int argc, char **argv) CMS_ContentInfo_free(cms); if (rcert) X509_free(rcert); - if (rkey) - EVP_PKEY_free(rkey); + EVP_PKEY_free(rkey); BIO_free(in); BIO_free(out); diff --git a/demos/cms/cms_dec.c b/demos/cms/cms_dec.c index e9782d7c23..71a0e4ffdd 100644 --- a/demos/cms/cms_dec.c +++ b/demos/cms/cms_dec.c @@ -63,8 +63,7 @@ int main(int argc, char **argv) CMS_ContentInfo_free(cms); if (rcert) X509_free(rcert); - if (rkey) - EVP_PKEY_free(rkey); + EVP_PKEY_free(rkey); BIO_free(in); BIO_free(out); diff --git a/demos/cms/cms_sign.c b/demos/cms/cms_sign.c index 9f2cff0dbe..3ad5ce8c18 100644 --- a/demos/cms/cms_sign.c +++ b/demos/cms/cms_sign.c @@ -73,8 +73,7 @@ int main(int argc, char **argv) CMS_ContentInfo_free(cms); if (scert) X509_free(scert); - if (skey) - EVP_PKEY_free(skey); + EVP_PKEY_free(skey); BIO_free(in); BIO_free(out); diff --git a/demos/cms/cms_sign2.c b/demos/cms/cms_sign2.c index 23c6eb8f9f..3276de1b2a 100644 --- a/demos/cms/cms_sign2.c +++ b/demos/cms/cms_sign2.c @@ -82,13 +82,11 @@ int main(int argc, char **argv) if (scert) X509_free(scert); - if (skey) - EVP_PKEY_free(skey); + EVP_PKEY_free(skey); if (scert2) X509_free(scert2); - if (skey) - EVP_PKEY_free(skey2); + EVP_PKEY_free(skey2); BIO_free(in); BIO_free(out); diff --git a/demos/smime/smdec.c b/demos/smime/smdec.c index b50f8dffaf..a418707b6b 100644 --- a/demos/smime/smdec.c +++ b/demos/smime/smdec.c @@ -63,8 +63,7 @@ int main(int argc, char **argv) PKCS7_free(p7); if (rcert) X509_free(rcert); - if (rkey) - EVP_PKEY_free(rkey); + EVP_PKEY_free(rkey); BIO_free(in); BIO_free(out); diff --git a/demos/smime/smsign.c b/demos/smime/smsign.c index 6b9dfdd771..455efcb483 100644 --- a/demos/smime/smsign.c +++ b/demos/smime/smsign.c @@ -73,8 +73,7 @@ int main(int argc, char **argv) PKCS7_free(p7); if (scert) X509_free(scert); - if (skey) - EVP_PKEY_free(skey); + EVP_PKEY_free(skey); BIO_free(in); BIO_free(out); diff --git a/demos/smime/smsign2.c b/demos/smime/smsign2.c index 5d9de35c46..5f20a40349 100644 --- a/demos/smime/smsign2.c +++ b/demos/smime/smsign2.c @@ -82,13 +82,11 @@ int main(int argc, char **argv) if (scert) X509_free(scert); - if (skey) - EVP_PKEY_free(skey); + EVP_PKEY_free(skey); if (scert2) X509_free(scert2); - if (skey) - EVP_PKEY_free(skey2); + EVP_PKEY_free(skey2); BIO_free(in); BIO_free(out); diff --git a/doc/crypto/EVP_PKEY_CTX_new.pod b/doc/crypto/EVP_PKEY_CTX_new.pod index a9af867580..17d5e74b9d 100644 --- a/doc/crypto/EVP_PKEY_CTX_new.pod +++ b/doc/crypto/EVP_PKEY_CTX_new.pod @@ -26,6 +26,7 @@ during parameter generation of key genration for some algorithms. EVP_PKEY_CTX_dup() duplicates the context B. EVP_PKEY_CTX_free() frees up the context B. +If B is NULL, nothing is done. =head1 NOTES diff --git a/doc/crypto/EVP_PKEY_new.pod b/doc/crypto/EVP_PKEY_new.pod index 10687e458d..d26b03f36a 100644 --- a/doc/crypto/EVP_PKEY_new.pod +++ b/doc/crypto/EVP_PKEY_new.pod @@ -18,6 +18,7 @@ The EVP_PKEY_new() function allocates an empty B structure which is used by OpenSSL to store private keys. EVP_PKEY_free() frees up the private key B. +If B is NULL, nothing is done. =head1 NOTES diff --git a/engines/ccgost/gost2001_keyx.c b/engines/ccgost/gost2001_keyx.c index db1bdc18fd..864d01bfa0 100644 --- a/engines/ccgost/gost2001_keyx.c +++ b/engines/ccgost/gost2001_keyx.c @@ -189,7 +189,7 @@ int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, } ASN1_OBJECT_free(gkt->key_agreement_info->cipher); gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid); - if (key_is_ephemeral && sec_key) + if (key_is_ephemeral) EVP_PKEY_free(sec_key); if (!key_is_ephemeral) { /* Set control "public key from client certificate used" */ @@ -204,7 +204,7 @@ int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, GOST_KEY_TRANSPORT_free(gkt); return ret; err: - if (key_is_ephemeral && sec_key) + if (key_is_ephemeral) EVP_PKEY_free(sec_key); GOST_KEY_TRANSPORT_free(gkt); return -1; @@ -284,8 +284,7 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, ret = 1; err: - if (eph_key) - EVP_PKEY_free(eph_key); + EVP_PKEY_free(eph_key); if (gkt) GOST_KEY_TRANSPORT_free(gkt); return ret; diff --git a/engines/e_chil.c b/engines/e_chil.c index c06ab1a1e6..68c9145407 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -887,8 +887,7 @@ static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, return res; err: - if (res) - EVP_PKEY_free(res); + EVP_PKEY_free(res); return NULL; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 68a8c812e0..5b17e52450 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2869,8 +2869,7 @@ int ssl3_get_client_key_exchange(SSL *s) EVP_PKEY_CTX_free(pkey_ctx); if (ret) return ret; - else - goto err; + goto err; } else { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_UNKNOWN_CIPHER_TYPE); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index f05a60a30a..d6401b43d2 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -402,10 +402,8 @@ void ssl_cert_clear_certs(CERT *c) X509_free(cpk->x509); cpk->x509 = NULL; } - if (cpk->privatekey) { - EVP_PKEY_free(cpk->privatekey); - cpk->privatekey = NULL; - } + EVP_PKEY_free(cpk->privatekey); + cpk->privatekey = NULL; if (cpk->chain) { sk_X509_pop_free(cpk->chain, X509_free); cpk->chain = NULL; -- 2.25.1