[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Thu Apr 30 21:34:36 UTC 2015
The branch master has been updated
via 222561fe8ef510f336417a666f69f81ddc9b8fe4 (commit)
from 2ace745022f5af0709297e96eb0b0829c87c4291 (commit)
- Log -----------------------------------------------------------------
commit 222561fe8ef510f336417a666f69f81ddc9b8fe4
Author: Rich Salz <rsalz at openssl.org>
Date: Thu Apr 30 17:33:59 2015 -0400
free NULL cleanup 5a
Don't check for NULL before calling a free routine. This gets X509_.*free:
x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 3 +--
apps/ca.c | 44 +++++++++++++------------------------
apps/crl2p7.c | 6 ++---
apps/ocsp.c | 3 +--
apps/pkcs12.c | 6 ++---
apps/s_cb.c | 15 +++++--------
apps/s_client.c | 12 ++++------
apps/s_server.c | 22 +++++++------------
apps/smime.c | 3 +--
apps/verify.c | 9 +++-----
crypto/asn1/x_info.c | 9 +++-----
crypto/asn1/x_pkey.c | 3 +--
crypto/asn1/x_pubkey.c | 9 +++-----
crypto/cms/cms_asn1.c | 6 ++---
crypto/cms/cms_pwri.c | 3 +--
crypto/cms/cms_sd.c | 3 +--
crypto/cms/cms_smime.c | 6 ++---
crypto/dh/dh_ameth.c | 12 ++++------
crypto/ec/ec_ameth.c | 12 ++++------
crypto/evp/p_lib.c | 3 +--
crypto/ocsp/ocsp_vfy.c | 3 +--
crypto/pem/pem_info.c | 3 +--
crypto/pkcs12/p12_kiss.c | 14 +++++-------
crypto/pkcs7/pk7_doit.c | 6 ++---
crypto/pkcs7/pk7_smime.c | 3 +--
crypto/rsa/rsa_ameth.c | 12 ++++------
crypto/rsa/rsa_sign.c | 3 +--
crypto/ts/ts_rsp_sign.c | 9 +++-----
crypto/x509/by_file.c | 6 ++---
crypto/x509/x509_att.c | 6 ++---
crypto/x509/x509_lu.c | 7 ++++--
crypto/x509/x509_r2x.c | 9 ++++----
crypto/x509/x509_v3.c | 6 ++---
crypto/x509/x509_vfy.c | 29 ++++++++++--------------
crypto/x509/x509_vpm.c | 6 ++---
crypto/x509/x509name.c | 3 +--
crypto/x509/x_attrib.c | 3 +--
crypto/x509/x_name.c | 15 +++++--------
crypto/x509v3/pcy_cache.c | 3 +--
crypto/x509v3/pcy_tree.c | 10 +++------
crypto/x509v3/v3_crld.c | 6 ++---
demos/cms/cms_ddec.c | 3 +--
demos/cms/cms_dec.c | 3 +--
demos/cms/cms_denc.c | 6 ++---
demos/cms/cms_enc.c | 6 ++---
demos/cms/cms_sign.c | 3 +--
demos/cms/cms_sign2.c | 8 ++-----
demos/cms/cms_ver.c | 3 +--
demos/easy_tls/easy-tls.c | 3 +--
demos/smime/smdec.c | 3 +--
demos/smime/smenc.c | 6 ++---
demos/smime/smsign.c | 3 +--
demos/smime/smsign2.c | 6 ++---
demos/smime/smver.c | 3 +--
demos/spkigen.c | 3 +--
doc/crypto/X509_STORE_CTX_new.pod | 1 +
doc/crypto/X509_new.pod | 1 +
ssl/s3_clnt.c | 18 +++++----------
ssl/s3_lib.c | 12 ++++------
ssl/s3_srvr.c | 12 ++++------
ssl/ssl_cert.c | 46 +++++++++++++--------------------------
ssl/ssl_lib.c | 25 +++++++--------------
ssl/ssl_rsa.c | 9 +++-----
ssl/ssl_sess.c | 3 +--
ssl/t1_lib.c | 7 ++----
65 files changed, 189 insertions(+), 355 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index 5eadc72..9475fe3 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -971,8 +971,7 @@ static int load_certs_crls(const char *file, int format,
end:
- if (xis)
- sk_X509_INFO_pop_free(xis, X509_INFO_free);
+ sk_X509_INFO_pop_free(xis, X509_INFO_free);
if (rv == 0) {
if (pcerts) {
diff --git a/apps/ca.c b/apps/ca.c
index 5535603..a3e0bda 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1349,9 +1349,7 @@ end_of_options:
BIO_free_all(Sout);
BIO_free_all(out);
BIO_free_all(in);
-
- if (cert_sk)
- sk_X509_pop_free(cert_sk, X509_free);
+ sk_X509_pop_free(cert_sk, X509_free);
if (ret)
ERR_print_errors(bio_err);
@@ -1364,8 +1362,7 @@ end_of_options:
if (sigopts)
sk_OPENSSL_STRING_free(sigopts);
EVP_PKEY_free(pkey);
- if (x509)
- X509_free(x509);
+ X509_free(x509);
X509_CRL_free(crl);
NCONF_free(conf);
NCONF_free(extconf);
@@ -1440,8 +1437,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
ext_copy, selfsign);
end:
- if (req != NULL)
- X509_REQ_free(req);
+ X509_REQ_free(req);
BIO_free(in);
return (ok);
}
@@ -1495,10 +1491,8 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
ext_copy, 0);
end:
- if (rreq != NULL)
- X509_REQ_free(rreq);
- if (req != NULL)
- X509_free(req);
+ X509_REQ_free(rreq);
+ X509_free(req);
return (ok);
}
@@ -1700,8 +1694,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (push != NULL) {
if (!X509_NAME_add_entry(subject, push, -1, 0)) {
- if (push != NULL)
- X509_NAME_ENTRY_free(push);
+ X509_NAME_ENTRY_free(push);
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
@@ -1876,8 +1869,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/*
* Free the current entries if any, there should not be any I believe
*/
- if (ci->extensions != NULL)
- sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free);
+ sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free);
ci->extensions = NULL;
@@ -2027,18 +2019,14 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (row[i] != NULL)
OPENSSL_free(row[i]);
- if (CAname != NULL)
- X509_NAME_free(CAname);
- if (subject != NULL)
- X509_NAME_free(subject);
- if ((dn_subject != NULL) && !email_dn)
+ X509_NAME_free(CAname);
+ X509_NAME_free(subject);
+ if (dn_subject != subject)
X509_NAME_free(dn_subject);
ASN1_UTCTIME_free(tmptm);
- if (ok <= 0) {
- if (ret != NULL)
- X509_free(ret);
- ret = NULL;
- } else
+ if (ok <= 0)
+ X509_free(ret);
+ else
*xret = ret;
return (ok);
}
@@ -2186,14 +2174,12 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
ext_copy, 0);
end:
- if (req != NULL)
- X509_REQ_free(req);
+ X509_REQ_free(req);
if (parms != NULL)
CONF_free(parms);
if (spki != NULL)
NETSCAPE_SPKI_free(spki);
- if (ne != NULL)
- X509_NAME_ENTRY_free(ne);
+ X509_NAME_ENTRY_free(ne);
return (ok);
}
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index d75b667..fb2b085 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -215,8 +215,7 @@ int crl2pkcs7_main(int argc, char **argv)
BIO_free(in);
BIO_free_all(out);
PKCS7_free(p7);
- if (crl != NULL)
- X509_CRL_free(crl);
+ X509_CRL_free(crl);
return (ret);
}
@@ -267,7 +266,6 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
end:
/* never need to OPENSSL_free x */
BIO_free(in);
- if (sk != NULL)
- sk_X509_INFO_free(sk);
+ sk_X509_INFO_free(sk);
return (ret);
}
diff --git a/apps/ocsp.c b/apps/ocsp.c
index fb60e3b..680cc0a 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -735,8 +735,7 @@ int ocsp_main(int argc, char **argv)
ERR_print_errors(bio_err);
X509_free(signer);
X509_STORE_free(store);
- if (vpm)
- X509_VERIFY_PARAM_free(vpm);
+ X509_VERIFY_PARAM_free(vpm);
EVP_PKEY_free(key);
EVP_PKEY_free(rkey);
X509_free(cert);
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index ec7a1d9..b4b3730 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -504,10 +504,8 @@ int pkcs12_main(int argc, char **argv)
export_end:
EVP_PKEY_free(key);
- if (certs)
- sk_X509_pop_free(certs, X509_free);
- if (ucert)
- X509_free(ucert);
+ sk_X509_pop_free(certs, X509_free);
+ X509_free(ucert);
goto end;
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 76aeadb..1d026b6 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1219,11 +1219,9 @@ void ssl_excert_free(SSL_EXCERT *exc)
{
SSL_EXCERT *curr;
while (exc) {
- if (exc->cert)
- X509_free(exc->cert);
+ X509_free(exc->cert);
EVP_PKEY_free(exc->key);
- if (exc->chain)
- sk_X509_pop_free(exc->chain, X509_free);
+ sk_X509_pop_free(exc->chain, X509_free);
curr = exc;
exc = exc->next;
OPENSSL_free(curr);
@@ -1385,8 +1383,7 @@ void print_ssl_summary(SSL *s)
BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
} else
BIO_puts(bio_err, "No peer certificate\n");
- if (peer)
- X509_free(peer);
+ X509_free(peer);
#ifndef OPENSSL_NO_EC
ssl_print_point_formats(bio_err, s);
if (SSL_is_server(s))
@@ -1501,10 +1498,8 @@ int ssl_load_stores(SSL_CTX *ctx,
}
rv = 1;
err:
- if (vfy)
- X509_STORE_free(vfy);
- if (ch)
- X509_STORE_free(ch);
+ X509_STORE_free(vfy);
+ X509_STORE_free(ch);
return rv;
}
diff --git a/apps/s_client.c b/apps/s_client.c
index 9d0d6f0..fdd1f5c 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1998,17 +1998,14 @@ int s_client_main(int argc, char **argv)
OPENSSL_free(next_proto.data);
#endif
SSL_CTX_free(ctx);
- if (cert)
- X509_free(cert);
+ X509_free(cert);
if (crls)
sk_X509_CRL_pop_free(crls, X509_CRL_free);
EVP_PKEY_free(key);
- if (chain)
- sk_X509_pop_free(chain, X509_free);
+ sk_X509_pop_free(chain, X509_free);
if (pass)
OPENSSL_free(pass);
- if (vpm)
- X509_VERIFY_PARAM_free(vpm);
+ X509_VERIFY_PARAM_free(vpm);
ssl_excert_free(exc);
sk_OPENSSL_STRING_free(ssl_args);
SSL_CONF_CTX_free(cctx);
@@ -2197,8 +2194,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
}
}
BIO_printf(bio, "---\n");
- if (peer != NULL)
- X509_free(peer);
+ X509_free(peer);
/* flush, or debugging output gets mixed with http response */
(void)BIO_flush(bio);
}
diff --git a/apps/s_server.c b/apps/s_server.c
index 701f52d..f8bec24 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1925,24 +1925,18 @@ int s_server_main(int argc, char *argv[])
ret = 0;
end:
SSL_CTX_free(ctx);
- if (s_cert)
- X509_free(s_cert);
- if (crls)
- sk_X509_CRL_pop_free(crls, X509_CRL_free);
- if (s_dcert)
- X509_free(s_dcert);
+ X509_free(s_cert);
+ sk_X509_CRL_pop_free(crls, X509_CRL_free);
+ X509_free(s_dcert);
EVP_PKEY_free(s_key);
EVP_PKEY_free(s_dkey);
- if (s_chain)
- sk_X509_pop_free(s_chain, X509_free);
- if (s_dchain)
- sk_X509_pop_free(s_dchain, X509_free);
+ sk_X509_pop_free(s_chain, X509_free);
+ sk_X509_pop_free(s_dchain, X509_free);
if (pass)
OPENSSL_free(pass);
if (dpass)
OPENSSL_free(dpass);
- if (vpm)
- X509_VERIFY_PARAM_free(vpm);
+ X509_VERIFY_PARAM_free(vpm);
free_sessions();
#ifndef OPENSSL_NO_TLSEXT
if (tlscstatp.host)
@@ -1951,9 +1945,9 @@ int s_server_main(int argc, char *argv[])
OPENSSL_free(tlscstatp.port);
if (tlscstatp.path)
OPENSSL_free(tlscstatp.path);
+ if (ctx2 != NULL)
SSL_CTX_free(ctx2);
- if (s_cert2)
- X509_free(s_cert2);
+ X509_free(s_cert2);
EVP_PKEY_free(s_key2);
BIO_free(serverinfo_in);
# ifndef OPENSSL_NO_NEXTPROTONEG
diff --git a/apps/smime.c b/apps/smime.c
index 21e9daa..0fda865 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -650,8 +650,7 @@ int smime_main(int argc, char **argv)
ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free);
- if (vpm)
- X509_VERIFY_PARAM_free(vpm);
+ X509_VERIFY_PARAM_free(vpm);
if (sksigners)
sk_OPENSSL_STRING_free(sksigners);
if (skkeys)
diff --git a/apps/verify.c b/apps/verify.c
index 1faca96..f4e18f0 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -221,10 +221,8 @@ int verify_main(int argc, char **argv)
}
end:
- if (vpm)
- X509_VERIFY_PARAM_free(vpm);
- if (store != NULL)
- X509_STORE_free(store);
+ X509_VERIFY_PARAM_free(vpm);
+ X509_STORE_free(store);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
@@ -283,8 +281,7 @@ static int check(X509_STORE *ctx, char *file,
}
sk_X509_pop_free(chain, X509_free);
}
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
return (ret);
}
diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c
index fff54c8..4783fc4 100644
--- a/crypto/asn1/x_info.c
+++ b/crypto/asn1/x_info.c
@@ -103,12 +103,9 @@ void X509_INFO_free(X509_INFO *x)
}
#endif
- if (x->x509 != NULL)
- X509_free(x->x509);
- if (x->crl != NULL)
- X509_CRL_free(x->crl);
- if (x->x_pkey != NULL)
- X509_PKEY_free(x->x_pkey);
+ X509_free(x->x509);
+ X509_CRL_free(x->crl);
+ X509_PKEY_free(x->x_pkey);
if (x->enc_data != NULL)
OPENSSL_free(x->enc_data);
OPENSSL_free(x);
diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c
index 98e4a3d..fc5de8a 100644
--- a/crypto/asn1/x_pkey.c
+++ b/crypto/asn1/x_pkey.c
@@ -110,8 +110,7 @@ void X509_PKEY_free(X509_PKEY *x)
}
#endif
- if (x->enc_algor != NULL)
- X509_ALGOR_free(x->enc_algor);
+ X509_ALGOR_free(x->enc_algor);
ASN1_OCTET_STRING_free(x->enc_pkey);
EVP_PKEY_free(x->dec_pkey);
if ((x->key_data != NULL) && (x->key_free))
diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index 3c72997..158c240 100644
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -112,15 +112,12 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
goto error;
}
- if (*x != NULL)
- X509_PUBKEY_free(*x);
-
+ X509_PUBKEY_free(*x);
*x = pk;
-
return 1;
+
error:
- if (pk != NULL)
- X509_PUBKEY_free(pk);
+ X509_PUBKEY_free(pk);
return 0;
}
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
index 03de7af..2b61768 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -94,8 +94,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
if (operation == ASN1_OP_FREE_POST) {
CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
EVP_PKEY_free(si->pkey);
- if (si->signer)
- X509_free(si->signer);
+ X509_free(si->signer);
if (si->pctx)
EVP_MD_CTX_cleanup(&si->mctx);
}
@@ -248,8 +247,7 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
if (ri->type == CMS_RECIPINFO_TRANS) {
CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
EVP_PKEY_free(ktri->pkey);
- if (ktri->recip)
- X509_free(ktri->recip);
+ X509_free(ktri->recip);
EVP_PKEY_CTX_free(ktri->pctx);
} else if (ri->type == CMS_RECIPINFO_KEK) {
CMS_KEKRecipientInfo *kekri = ri->d.kekri;
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index e11b1fa..ece5ce3 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -204,8 +204,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
EVP_CIPHER_CTX_cleanup(&ctx);
if (ri)
M_ASN1_free_of(ri, CMS_RecipientInfo);
- if (encalg)
- X509_ALGOR_free(encalg);
+ X509_ALGOR_free(encalg);
return NULL;
}
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index c0a9780..31398ac 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -489,8 +489,7 @@ void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
EVP_PKEY_free(si->pkey);
si->pkey = X509_get_pubkey(signer);
}
- if (si->signer)
- X509_free(si->signer);
+ X509_free(si->signer);
si->signer = signer;
}
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index f491ec9..8066602 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -455,10 +455,8 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
if (out != tmpout)
BIO_free_all(tmpout);
- if (cms_certs)
- sk_X509_pop_free(cms_certs, X509_free);
- if (crls)
- sk_X509_CRL_pop_free(crls, X509_CRL_free);
+ sk_X509_pop_free(cms_certs, X509_free);
+ sk_X509_CRL_pop_free(crls, X509_CRL_free);
return ret;
}
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 8cd90b6..f3abe07 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -782,10 +782,8 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
rv = 1;
err:
- if (kekalg)
- X509_ALGOR_free(kekalg);
- if (dukm)
- OPENSSL_free(dukm);
+ X509_ALGOR_free(kekalg);
+ OPENSSL_free(dukm);
return rv;
}
@@ -945,10 +943,8 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
rv = 1;
err:
- if (penc)
- OPENSSL_free(penc);
- if (wrap_alg)
- X509_ALGOR_free(wrap_alg);
+ OPENSSL_free(penc);
+ X509_ALGOR_free(wrap_alg);
return rv;
}
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 5a7b0b7..6b34be3 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -796,10 +796,8 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
rv = 1;
err:
- if (kekalg)
- X509_ALGOR_free(kekalg);
- if (der)
- OPENSSL_free(der);
+ X509_ALGOR_free(kekalg);
+ OPENSSL_free(der);
return rv;
}
@@ -967,10 +965,8 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
rv = 1;
err:
- if (penc)
- OPENSSL_free(penc);
- if (wrap_alg)
- X509_ALGOR_free(wrap_alg);
+ OPENSSL_free(penc);
+ X509_ALGOR_free(wrap_alg);
return rv;
}
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index c9e971e..c163e47 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -401,8 +401,7 @@ void EVP_PKEY_free(EVP_PKEY *x)
}
#endif
EVP_PKEY_free_it(x);
- if (x->attributes)
- sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
+ sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
OPENSSL_free(x);
}
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 40a3b01..9bf1ff5 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -171,8 +171,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
}
end:
- if (chain)
- sk_X509_pop_free(chain, X509_free);
+ sk_X509_pop_free(chain, X509_free);
if (bs->certs && certs)
sk_X509_free(untrusted);
return ret;
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index b814741..0e7338b 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -276,8 +276,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
}
ok = 1;
err:
- if (xi != NULL)
- X509_INFO_free(xi);
+ X509_INFO_free(xi);
if (!ok) {
for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
xi = sk_X509_INFO_value(ret, i);
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index fcfa986..cd18427 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -150,12 +150,10 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
goto err;
x = NULL;
}
- if (x)
- X509_free(x);
+ X509_free(x);
}
- if (ocerts)
- sk_X509_pop_free(ocerts, X509_free);
+ sk_X509_pop_free(ocerts, X509_free);
return 1;
@@ -163,12 +161,10 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
if (pkey)
EVP_PKEY_free(*pkey);
- if (cert && *cert)
+ if (cert)
X509_free(*cert);
- if (x)
- X509_free(x);
- if (ocerts)
- sk_X509_pop_free(ocerts, X509_free);
+ X509_free(x);
+ sk_X509_pop_free(ocerts, X509_free);
return 0;
}
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 639e217..51e9c6e 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -1134,8 +1134,7 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
{
int i;
- if (p7si->auth_attr != NULL)
- sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
+ sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
if (p7si->auth_attr == NULL)
return 0;
@@ -1154,8 +1153,7 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
{
int i;
- if (p7si->unauth_attr != NULL)
- sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
+ sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
if (p7si->unauth_attr == NULL)
return 0;
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index e659af8..33bdda2 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -208,8 +208,7 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
}
return si;
err:
- if (smcap)
- sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+ sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
return NULL;
}
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 4e02531..38b850a 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -381,8 +381,7 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
rv = rsa_pss_param_print(bp, pss, maskHash, indent);
if (pss)
RSA_PSS_PARAMS_free(pss);
- if (maskHash)
- X509_ALGOR_free(maskHash);
+ X509_ALGOR_free(maskHash);
if (!rv)
return 0;
} else if (!sig && BIO_puts(bp, "\n") <= 0)
@@ -474,8 +473,7 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
stmp = NULL;
err:
ASN1_STRING_free(stmp);
- if (algtmp)
- X509_ALGOR_free(algtmp);
+ X509_ALGOR_free(algtmp);
if (*palg)
return 1;
return 0;
@@ -652,8 +650,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
err:
RSA_PSS_PARAMS_free(pss);
- if (maskHash)
- X509_ALGOR_free(maskHash);
+ X509_ALGOR_free(maskHash);
return rv;
}
@@ -840,8 +837,7 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
err:
RSA_OAEP_PARAMS_free(oaep);
- if (maskHash)
- X509_ALGOR_free(maskHash);
+ X509_ALGOR_free(maskHash);
return rv;
}
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index ec1575a..3b2ba56 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -266,8 +266,7 @@ int int_rsa_verify(int dtype, const unsigned char *m,
ret = 1;
}
err:
- if (sig != NULL)
- X509_SIG_free(sig);
+ X509_SIG_free(sig);
if (s != NULL) {
OPENSSL_cleanse(s, (unsigned int)siglen);
OPENSSL_free(s);
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index 0cdeb06..58068cf 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -207,8 +207,7 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
return 0;
}
- if (ctx->signer_cert)
- X509_free(ctx->signer_cert);
+ X509_free(ctx->signer_cert);
ctx->signer_cert = signer;
CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509);
return 1;
@@ -237,10 +236,8 @@ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy)
int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
{
- if (ctx->certs) {
- sk_X509_pop_free(ctx->certs, X509_free);
- ctx->certs = NULL;
- }
+ sk_X509_pop_free(ctx->certs, X509_free);
+ ctx->certs = NULL;
if (!certs)
return 1;
if (!(ctx->certs = X509_chain_up_ref(certs))) {
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index bc1c90c..d82a0db 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -174,8 +174,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
goto err;
}
err:
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
BIO_free(in);
return (ret);
}
@@ -232,8 +231,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
goto err;
}
err:
- if (x != NULL)
- X509_CRL_free(x);
+ X509_CRL_free(x);
BIO_free(in);
return (ret);
}
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index 292546b..df49b0b 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -147,10 +147,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
err:
X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
err2:
- if (new_attr != NULL)
- X509_ATTRIBUTE_free(new_attr);
- if (sk != NULL)
- sk_X509_ATTRIBUTE_free(sk);
+ X509_ATTRIBUTE_free(new_attr);
+ sk_X509_ATTRIBUTE_free(sk);
return (NULL);
}
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 08bbc39..7fbc8e3 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -217,6 +217,8 @@ X509_STORE *X509_STORE_new(void)
static void cleanup(X509_OBJECT *a)
{
+ if (!a)
+ return;
if (a->type == X509_LU_X509) {
X509_free(a->data.x509);
} else if (a->type == X509_LU_CRL) {
@@ -260,8 +262,7 @@ void X509_STORE_free(X509_STORE *vfy)
sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
- if (vfy->param)
- X509_VERIFY_PARAM_free(vfy->param);
+ X509_VERIFY_PARAM_free(vfy->param);
OPENSSL_free(vfy);
}
@@ -413,6 +414,8 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a)
void X509_OBJECT_free_contents(X509_OBJECT *a)
{
+ if (!a)
+ return;
switch (a->type) {
case X509_LU_X509:
X509_free(a->data.x509);
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
index 3cd7280..e715904 100644
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -104,10 +104,9 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
if (!X509_sign(ret, pkey, EVP_md5()))
goto err;
- if (0) {
+ return ret;
+
err:
- X509_free(ret);
- ret = NULL;
- }
- return (ret);
+ X509_free(ret);
+ return NULL;
}
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index d70bfae..ad33be6 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -176,10 +176,8 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
err:
X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
err2:
- if (new_ex != NULL)
- X509_EXTENSION_free(new_ex);
- if (sk != NULL)
- sk_X509_EXTENSION_free(sk);
+ X509_EXTENSION_free(new_ex);
+ sk_X509_EXTENSION_free(sk);
return (NULL);
}
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 85dc714..3cdf453 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -495,10 +495,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
end:
X509_get_pubkey_parameters(NULL, ctx->chain);
}
- if (sktmp != NULL)
- sk_X509_free(sktmp);
- if (chain_ss != NULL)
- X509_free(chain_ss);
+ sk_X509_free(sktmp);
+ X509_free(chain_ss);
return ok;
}
@@ -1016,8 +1014,7 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
}
if (best_crl) {
- if (*pcrl)
- X509_CRL_free(*pcrl);
+ X509_CRL_free(*pcrl);
*pcrl = best_crl;
*pissuer = best_crl_issuer;
*pscore = best_score;
@@ -2058,8 +2055,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
memerr:
X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE);
- if (crl)
- X509_CRL_free(crl);
+ X509_CRL_free(crl);
return NULL;
}
@@ -2230,6 +2226,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void)
void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
{
+ if (!ctx)
+ return;
X509_STORE_CTX_cleanup(ctx);
OPENSSL_free(ctx);
}
@@ -2376,14 +2374,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
X509_VERIFY_PARAM_free(ctx->param);
ctx->param = NULL;
}
- if (ctx->tree != NULL) {
- X509_policy_tree_free(ctx->tree);
- ctx->tree = NULL;
- }
- if (ctx->chain != NULL) {
- sk_X509_pop_free(ctx->chain, X509_free);
- ctx->chain = NULL;
- }
+ X509_policy_tree_free(ctx->tree);
+ ctx->tree = NULL;
+ sk_X509_pop_free(ctx->chain, X509_free);
+ ctx->chain = NULL;
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
}
@@ -2436,7 +2430,6 @@ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
{
- if (ctx->param)
- X509_VERIFY_PARAM_free(ctx->param);
+ X509_VERIFY_PARAM_free(ctx->param);
ctx->param = param;
}
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 009255e..57c2606 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -168,6 +168,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
{
X509_VERIFY_PARAM *param;
X509_VERIFY_PARAM_ID *paramid;
+
param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
if (!param)
return NULL;
@@ -185,7 +186,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
{
- if (param == NULL)
+ if (!param)
return;
x509_verify_param_zero(param);
OPENSSL_free(param->id);
@@ -644,7 +645,6 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
void X509_VERIFY_PARAM_table_cleanup(void)
{
- if (param_table)
- sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
+ sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
param_table = NULL;
}
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
index 6bb1e5d..5a70845 100644
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@@ -277,8 +277,7 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
}
return (1);
err:
- if (new_name != NULL)
- X509_NAME_ENTRY_free(new_name);
+ X509_NAME_ENTRY_free(new_name);
return (0);
}
diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c
index 9ff6dcc..9782fda 100644
--- a/crypto/x509/x_attrib.c
+++ b/crypto/x509/x_attrib.c
@@ -98,8 +98,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
ASN1_TYPE_set(val, atrtype, value);
return (ret);
err:
- if (ret != NULL)
- X509_ATTRIBUTE_free(ret);
+ X509_ATTRIBUTE_free(ret);
ASN1_TYPE_free(val);
return (NULL);
}
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index e6a862e..cdc4c97 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -150,8 +150,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
memerr:
ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
if (ret) {
- if (ret->entries)
- sk_X509_NAME_ENTRY_free(ret->entries);
+ sk_X509_NAME_ENTRY_free(ret->entries);
OPENSSL_free(ret);
}
return 0;
@@ -160,6 +159,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
X509_NAME *a;
+
if (!pval || !*pval)
return;
a = (X509_NAME *)*pval;
@@ -232,8 +232,7 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
*in = p;
return ret;
err:
- if (nm.x != NULL)
- X509_NAME_free(nm.x);
+ X509_NAME_free(nm.x);
ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0;
}
@@ -394,11 +393,9 @@ static int x509_name_canon(X509_NAME *a)
err:
- if (tmpentry)
- X509_NAME_ENTRY_free(tmpentry);
- if (intname)
- sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
- local_sk_X509_NAME_ENTRY_pop_free);
+ X509_NAME_ENTRY_free(tmpentry);
+ sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
+ local_sk_X509_NAME_ENTRY_pop_free);
return ret;
}
diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c
index eff4291..125b311 100644
--- a/crypto/x509v3/pcy_cache.c
+++ b/crypto/x509v3/pcy_cache.c
@@ -221,8 +221,7 @@ void policy_cache_free(X509_POLICY_CACHE *cache)
return;
if (cache->anyPolicy)
policy_data_free(cache->anyPolicy);
- if (cache->data)
- sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+ sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
OPENSSL_free(cache);
}
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index cc52fa2..1f85c37 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -655,17 +655,13 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree)
sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) {
- if (curr->cert)
- X509_free(curr->cert);
- if (curr->nodes)
- sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
+ X509_free(curr->cert);
+ sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
if (curr->anyPolicy)
policy_node_free(curr->anyPolicy);
}
- if (tree->extra_data)
- sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
-
+ sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
OPENSSL_free(tree->levels);
OPENSSL_free(tree);
diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c
index e38632f..48a6a9d 100644
--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@@ -175,8 +175,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
err:
if (fnm)
sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
- if (rnm)
- sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
+ sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
return -1;
}
@@ -354,8 +353,7 @@ static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
break;
case ASN1_OP_FREE_POST:
- if (dpn->dpname)
- X509_NAME_free(dpn->dpname);
+ X509_NAME_free(dpn->dpname);
break;
}
return 1;
diff --git a/demos/cms/cms_ddec.c b/demos/cms/cms_ddec.c
index 1e06cea..36bb4ee 100644
--- a/demos/cms/cms_ddec.c
+++ b/demos/cms/cms_ddec.c
@@ -70,8 +70,7 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
- if (rcert)
- X509_free(rcert);
+ X509_free(rcert);
EVP_PKEY_free(rkey);
BIO_free(in);
diff --git a/demos/cms/cms_dec.c b/demos/cms/cms_dec.c
index 71a0e4f..832b54d 100644
--- a/demos/cms/cms_dec.c
+++ b/demos/cms/cms_dec.c
@@ -61,8 +61,7 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
- if (rcert)
- X509_free(rcert);
+ X509_free(rcert);
EVP_PKEY_free(rkey);
BIO_free(in);
diff --git a/demos/cms/cms_denc.c b/demos/cms/cms_denc.c
index 8526717..f91fec1 100644
--- a/demos/cms/cms_denc.c
+++ b/demos/cms/cms_denc.c
@@ -79,10 +79,8 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
- if (rcert)
- X509_free(rcert);
- if (recips)
- sk_X509_pop_free(recips, X509_free);
+ X509_free(rcert);
+ sk_X509_pop_free(recips, X509_free);
BIO_free(in);
BIO_free(out);
diff --git a/demos/cms/cms_enc.c b/demos/cms/cms_enc.c
index 4395e6b..ba62f79 100644
--- a/demos/cms/cms_enc.c
+++ b/demos/cms/cms_enc.c
@@ -75,10 +75,8 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
- if (rcert)
- X509_free(rcert);
- if (recips)
- sk_X509_pop_free(recips, X509_free);
+ X509_free(rcert);
+ sk_X509_pop_free(recips, X509_free);
BIO_free(in);
BIO_free(out);
diff --git a/demos/cms/cms_sign.c b/demos/cms/cms_sign.c
index 3ad5ce8..e9871df 100644
--- a/demos/cms/cms_sign.c
+++ b/demos/cms/cms_sign.c
@@ -71,8 +71,7 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
- if (scert)
- X509_free(scert);
+ X509_free(scert);
EVP_PKEY_free(skey);
BIO_free(in);
diff --git a/demos/cms/cms_sign2.c b/demos/cms/cms_sign2.c
index 3276de1..127f586 100644
--- a/demos/cms/cms_sign2.c
+++ b/demos/cms/cms_sign2.c
@@ -80,14 +80,10 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
- if (scert)
- X509_free(scert);
+ X509_free(scert);
EVP_PKEY_free(skey);
-
- if (scert2)
- X509_free(scert2);
+ X509_free(scert2);
EVP_PKEY_free(skey2);
-
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
diff --git a/demos/cms/cms_ver.c b/demos/cms/cms_ver.c
index 4227531..0f34bbf 100644
--- a/demos/cms/cms_ver.c
+++ b/demos/cms/cms_ver.c
@@ -70,8 +70,7 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
- if (cacert)
- X509_free(cacert);
+ X509_free(cacert);
BIO_free(in);
BIO_free(out);
diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c
index 1a0a03a..9346720 100644
--- a/demos/easy_tls/easy-tls.c
+++ b/demos/easy_tls/easy-tls.c
@@ -943,8 +943,7 @@ static void write_info(SSL *ssl, int *info_fd)
peercert = SSL_get_peer_certificate(ssl);
tls_get_x509_subject_name_oneline(peercert, &peer);
- if (peercert != NULL)
- X509_free(peercert);
+ X509_free(peercert);
}
if (peer.str[0] == '\0')
v_ok = '0'; /* no cert at all */
diff --git a/demos/smime/smdec.c b/demos/smime/smdec.c
index 9752dea..f1a987a 100644
--- a/demos/smime/smdec.c
+++ b/demos/smime/smdec.c
@@ -58,8 +58,7 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
- if (rcert)
- X509_free(rcert);
+ X509_free(rcert);
EVP_PKEY_free(rkey);
BIO_free(in);
BIO_free(out);
diff --git a/demos/smime/smenc.c b/demos/smime/smenc.c
index 2e594ee..79fe2d0 100644
--- a/demos/smime/smenc.c
+++ b/demos/smime/smenc.c
@@ -72,10 +72,8 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
- if (rcert)
- X509_free(rcert);
- if (recips)
- sk_X509_pop_free(recips, X509_free);
+ X509_free(rcert);
+ sk_X509_pop_free(recips, X509_free);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
diff --git a/demos/smime/smsign.c b/demos/smime/smsign.c
index 91ab8e4..8505e71 100644
--- a/demos/smime/smsign.c
+++ b/demos/smime/smsign.c
@@ -68,8 +68,7 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
- if (scert)
- X509_free(scert);
+ X509_free(scert);
EVP_PKEY_free(skey);
BIO_free(in);
BIO_free(out);
diff --git a/demos/smime/smsign2.c b/demos/smime/smsign2.c
index 0ad709d..415ecf3 100644
--- a/demos/smime/smsign2.c
+++ b/demos/smime/smsign2.c
@@ -76,11 +76,9 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
- if (scert)
- X509_free(scert);
+ X509_free(scert);
EVP_PKEY_free(skey);
- if (scert2)
- X509_free(scert2);
+ X509_free(scert2);
EVP_PKEY_free(skey2);
BIO_free(in);
BIO_free(out);
diff --git a/demos/smime/smver.c b/demos/smime/smver.c
index c4b6e75..13ba18b 100644
--- a/demos/smime/smver.c
+++ b/demos/smime/smver.c
@@ -66,8 +66,7 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
- if (cacert)
- X509_free(cacert);
+ X509_free(cacert);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
diff --git a/demos/spkigen.c b/demos/spkigen.c
index c272a8c..7df8f34 100644
--- a/demos/spkigen.c
+++ b/demos/spkigen.c
@@ -166,7 +166,6 @@ EVP_PKEY *pkey;
pk = NULL;
ok = 1;
err:
- if (pk != NULL)
- X509_PUBKEY_free(pk);
+ X509_PUBKEY_free(pk);
return (ok);
}
diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod
index b17888f..bad12e4 100644
--- a/doc/crypto/X509_STORE_CTX_new.pod
+++ b/doc/crypto/X509_STORE_CTX_new.pod
@@ -37,6 +37,7 @@ The context can then be reused with an new call to X509_STORE_CTX_init().
X509_STORE_CTX_free() completely frees up B<ctx>. After this call B<ctx>
is no longer valid.
+If B<ctx> is NULL nothing is done.
X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
The trusted certificate store is set to B<store>, the end entity certificate
diff --git a/doc/crypto/X509_new.pod b/doc/crypto/X509_new.pod
index d388723..d6f3d30 100644
--- a/doc/crypto/X509_new.pod
+++ b/doc/crypto/X509_new.pod
@@ -19,6 +19,7 @@ X509 structure, which represents an X509 certificate.
X509_new() allocates and initializes a X509 structure.
X509_free() frees up the B<X509> structure B<a>.
+If B<a> is NULL nothing is done.
=head1 RETURN VALUES
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 3eb67ef..bbff778 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1314,21 +1314,18 @@ int ssl3_get_server_certificate(SSL *s)
* Why would the following ever happen? We just created sc a couple
* of lines ago.
*/
- if (sc->peer_pkeys[i].x509 != NULL)
- X509_free(sc->peer_pkeys[i].x509);
+ X509_free(sc->peer_pkeys[i].x509);
sc->peer_pkeys[i].x509 = x;
sc->peer_key = &(sc->peer_pkeys[i]);
- if (s->session->peer != NULL)
- X509_free(s->session->peer);
+ X509_free(s->session->peer);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
s->session->peer = x;
} else {
sc->peer_cert_type = i;
sc->peer_key = NULL;
- if (s->session->peer != NULL)
- X509_free(s->session->peer);
+ X509_free(s->session->peer);
s->session->peer = NULL;
}
s->session->verify_result = s->verify_result;
@@ -2149,15 +2146,13 @@ int ssl3_get_certificate_request(SSL *s)
/* we should setup a certificate to return.... */
s->s3->tmp.cert_req = 1;
s->s3->tmp.ctype_num = ctype_num;
- if (s->s3->tmp.ca_names != NULL)
- sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
s->s3->tmp.ca_names = ca_sk;
ca_sk = NULL;
ret = 1;
err:
- if (ca_sk != NULL)
- sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
+ sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
return (ret);
}
@@ -3339,8 +3334,7 @@ int ssl3_send_client_certificate(SSL *s)
SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
}
- if (x509 != NULL)
- X509_free(x509);
+ X509_free(x509);
if (pkey != NULL)
EVP_PKEY_free(pkey);
if (i && !ssl3_check_client_certificate(s))
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 7bb3a92..ef2ddb4 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3126,8 +3126,7 @@ void ssl3_free(SSL *s)
EC_KEY_free(s->s3->tmp.ecdh);
#endif
- if (s->s3->tmp.ca_names != NULL)
- sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
BIO_free(s->s3->handshake_buffer);
if (s->s3->handshake_dgst)
ssl3_free_digest_list(s);
@@ -3149,8 +3148,7 @@ void ssl3_clear(SSL *s)
int init_extra;
ssl3_cleanup_key_block(s);
- if (s->s3->tmp.ca_names != NULL)
- sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
#ifndef OPENSSL_NO_DH
DH_free(s->s3->tmp.dh);
@@ -3925,10 +3923,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
break;
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
- if (ctx->extra_certs) {
- sk_X509_pop_free(ctx->extra_certs, X509_free);
- ctx->extra_certs = NULL;
- }
+ sk_X509_pop_free(ctx->extra_certs, X509_free);
+ ctx->extra_certs = NULL;
break;
case SSL_CTRL_CHAIN:
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 6c1ba3a..77420a1 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3271,8 +3271,7 @@ int ssl3_get_client_certificate(SSL *s)
EVP_PKEY_free(pkey);
}
- if (s->session->peer != NULL) /* This should not be needed */
- X509_free(s->session->peer);
+ X509_free(s->session->peer);
s->session->peer = sk_X509_shift(sk);
s->session->verify_result = s->verify_result;
@@ -3287,8 +3286,7 @@ int ssl3_get_client_certificate(SSL *s)
goto err;
}
}
- if (s->session->sess_cert->cert_chain != NULL)
- sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
+ sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
s->session->sess_cert->cert_chain = sk;
/*
* Inconsistency alert: cert_chain does *not* include the peer's own
@@ -3303,10 +3301,8 @@ int ssl3_get_client_certificate(SSL *s)
ssl3_send_alert(s, SSL3_AL_FATAL, al);
}
err:
- if (x != NULL)
- X509_free(x);
- if (sk != NULL)
- sk_X509_pop_free(sk, X509_free);
+ X509_free(x);
+ sk_X509_pop_free(sk, X509_free);
return (ret);
}
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 4daa296..0ae9646 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -398,16 +398,12 @@ void ssl_cert_clear_certs(CERT *c)
return;
for (i = 0; i < SSL_PKEY_NUM; i++) {
CERT_PKEY *cpk = c->pkeys + i;
- if (cpk->x509) {
- X509_free(cpk->x509);
- cpk->x509 = NULL;
- }
+ X509_free(cpk->x509);
+ cpk->x509 = NULL;
EVP_PKEY_free(cpk->privatekey);
cpk->privatekey = NULL;
- if (cpk->chain) {
- sk_X509_pop_free(cpk->chain, X509_free);
- cpk->chain = NULL;
- }
+ sk_X509_pop_free(cpk->chain, X509_free);
+ cpk->chain = NULL;
#ifndef OPENSSL_NO_TLSEXT
if (cpk->serverinfo) {
OPENSSL_free(cpk->serverinfo);
@@ -461,10 +457,8 @@ void ssl_cert_free(CERT *c)
OPENSSL_free(c->shared_sigalgs);
if (c->ctypes)
OPENSSL_free(c->ctypes);
- if (c->verify_store)
- X509_STORE_free(c->verify_store);
- if (c->chain_store)
- X509_STORE_free(c->chain_store);
+ X509_STORE_free(c->verify_store);
+ X509_STORE_free(c->chain_store);
if (c->ciphers_raw)
OPENSSL_free(c->ciphers_raw);
#ifndef OPENSSL_NO_TLSEXT
@@ -485,8 +479,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
if (!cpk)
return 0;
- if (cpk->chain)
- sk_X509_pop_free(cpk->chain, X509_free);
+ sk_X509_pop_free(cpk->chain, X509_free);
for (i = 0; i < sk_X509_num(chain); i++) {
r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0);
if (r != 1) {
@@ -629,11 +622,9 @@ void ssl_sess_cert_free(SESS_CERT *sc)
#endif
/* i == 0 */
- if (sc->cert_chain != NULL)
- sk_X509_pop_free(sc->cert_chain, X509_free);
+ sk_X509_pop_free(sc->cert_chain, X509_free);
for (i = 0; i < SSL_PKEY_NUM; i++) {
- if (sc->peer_pkeys[i].x509 != NULL)
- X509_free(sc->peer_pkeys[i].x509);
+ X509_free(sc->peer_pkeys[i].x509);
#if 0
/*
* We don't have the peer's private key. These lines are just
@@ -726,9 +717,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
STACK_OF(X509_NAME) *name_list)
{
- if (*ca_list != NULL)
- sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
-
+ sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
*ca_list = name_list;
}
@@ -867,15 +856,12 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
if (0) {
err:
- if (ret != NULL)
- sk_X509_NAME_pop_free(ret, X509_NAME_free);
+ sk_X509_NAME_pop_free(ret, X509_NAME_free);
ret = NULL;
}
- if (sk != NULL)
- sk_X509_NAME_free(sk);
+ sk_X509_NAME_free(sk);
BIO_free(in);
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
if (ret != NULL)
ERR_clear_error();
return (ret);
@@ -1205,8 +1191,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
goto err;
}
}
- if (cpk->chain)
- sk_X509_pop_free(cpk->chain, X509_free);
+ sk_X509_pop_free(cpk->chain, X509_free);
cpk->chain = chain;
if (rv == 0)
rv = 1;
@@ -1224,8 +1209,7 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
pstore = &c->chain_store;
else
pstore = &c->verify_store;
- if (*pstore)
- X509_STORE_free(*pstore);
+ X509_STORE_free(*pstore);
*pstore = store;
if (ref && store)
CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 73eafdb..7319cd8 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -532,9 +532,7 @@ void SSL_free(SSL *s)
}
#endif
- if (s->param)
- X509_VERIFY_PARAM_free(s->param);
-
+ X509_VERIFY_PARAM_free(s->param);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
if (s->bbio != NULL) {
@@ -581,8 +579,7 @@ void SSL_free(SSL *s)
if (s->tlsext_ellipticcurvelist)
OPENSSL_free(s->tlsext_ellipticcurvelist);
# endif /* OPENSSL_NO_EC */
- if (s->tlsext_ocsp_exts)
- sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
+ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
if (s->tlsext_ocsp_ids)
sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
if (s->tlsext_ocsp_resp)
@@ -591,8 +588,7 @@ void SSL_free(SSL *s)
OPENSSL_free(s->alpn_client_proto_list);
#endif
- if (s->client_CA != NULL)
- sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
+ sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
if (s->method != NULL)
s->method->ssl_free(s);
@@ -2032,8 +2028,7 @@ void SSL_CTX_free(SSL_CTX *a)
}
#endif
- if (a->param)
- X509_VERIFY_PARAM_free(a->param);
+ X509_VERIFY_PARAM_free(a->param);
/*
* Free internal session cache. However: the remove_cb() may reference
@@ -2052,17 +2047,14 @@ void SSL_CTX_free(SSL_CTX *a)
if (a->sessions != NULL)
lh_SSL_SESSION_free(a->sessions);
- if (a->cert_store != NULL)
- X509_STORE_free(a->cert_store);
+ X509_STORE_free(a->cert_store);
if (a->cipher_list != NULL)
sk_SSL_CIPHER_free(a->cipher_list);
if (a->cipher_list_by_id != NULL)
sk_SSL_CIPHER_free(a->cipher_list_by_id);
ssl_cert_free(a->cert);
- if (a->client_CA != NULL)
- sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
- if (a->extra_certs != NULL)
- sk_X509_pop_free(a->extra_certs, X509_free);
+ sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
+ sk_X509_pop_free(a->extra_certs, X509_free);
a->comp_methods = NULL;
#ifndef OPENSSL_NO_SRTP
@@ -3186,8 +3178,7 @@ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
{
- if (ctx->cert_store != NULL)
- X509_STORE_free(ctx->cert_store);
+ X509_STORE_free(ctx->cert_store);
ctx->cert_store = store;
}
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index b5d457a..e4798e9 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -119,8 +119,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
ret = SSL_use_certificate(ssl, x);
end:
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
BIO_free(in);
return (ret);
}
@@ -418,8 +417,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
EVP_PKEY_free(pkey);
- if (c->pkeys[i].x509 != NULL)
- X509_free(c->pkeys[i].x509);
+ X509_free(c->pkeys[i].x509);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
c->pkeys[i].x509 = x;
c->key = &(c->pkeys[i]);
@@ -465,8 +463,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
ret = SSL_CTX_use_certificate(ctx, x);
end:
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
BIO_free(in);
return (ret);
}
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 51f30fb..eed38ca 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -732,8 +732,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
ssl_sess_cert_free(ss->sess_cert);
- if (ss->peer != NULL)
- X509_free(ss->peer);
+ X509_free(ss->peer);
if (ss->ciphers != NULL)
sk_SSL_CIPHER_free(ss->ciphers);
#ifndef OPENSSL_NO_TLSEXT
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 985c357..b77074a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2219,11 +2219,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
}
sdata = data;
if (dsize > 0) {
- if (s->tlsext_ocsp_exts) {
- sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
- X509_EXTENSION_free);
- }
-
+ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
+ X509_EXTENSION_free);
s->tlsext_ocsp_exts =
d2i_X509_EXTENSIONS(NULL, &sdata, dsize);
if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) {
More information about the openssl-commits
mailing list