[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Sat Mar 28 14:54:41 UTC 2015


The branch master has been updated
       via  c5ba2d990420e1778ca4a90bf882e0f806404af0 (commit)
      from  33b188a8e82df57208ec8263c263f8b6f47e8255 (commit)


- Log -----------------------------------------------------------------
commit c5ba2d990420e1778ca4a90bf882e0f806404af0
Author: Rich Salz <rsalz at openssl.org>
Date:   Sat Mar 28 10:54:15 2015 -0400

    free NULL cleanup
    
    EVP_.*free; this gets:
            EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free
            EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it
            EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup
    
    Reviewed-by: Kurt Roeckx <kurt at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 apps/dgst.c                     |  3 +--
 apps/genpkey.c                  | 15 +++++----------
 apps/pkcs12.c                   |  3 +--
 apps/pkeyutl.c                  |  3 +--
 apps/req.c                      |  5 ++---
 apps/s_cb.c                     |  3 +--
 apps/s_client.c                 |  3 +--
 apps/s_server.c                 |  9 +++------
 crypto/asn1/d2i_pr.c            |  2 +-
 crypto/asn1/d2i_pu.c            |  2 +-
 crypto/asn1/x_pkey.c            |  3 +--
 crypto/asn1/x_pubkey.c          |  3 +--
 crypto/cms/cms_asn1.c           | 15 +++++----------
 crypto/cms/cms_env.c            |  9 +++------
 crypto/cms/cms_kari.c           |  8 +++-----
 crypto/cms/cms_sd.c             |  9 +++------
 crypto/dh/dh_ameth.c            |  6 ++----
 crypto/ec/ec_ameth.c            |  3 +--
 crypto/evp/digest.c             |  3 +--
 crypto/evp/evp_enc.c            |  7 ++++---
 crypto/evp/evp_extra_test.c     | 20 +++++---------------
 crypto/evp/evp_test.c           |  9 +++------
 crypto/evp/p_lib.c              |  1 +
 crypto/evp/pmeth_fn.c           |  3 +--
 crypto/evp/pmeth_gn.c           |  3 +--
 crypto/evp/pmeth_lib.c          |  6 ++----
 crypto/pem/pem_pk8.c            |  3 +--
 crypto/pem/pem_pkey.c           |  9 +++------
 crypto/pem/pvkfmt.c             |  6 ++----
 crypto/pkcs12/p12_kiss.c        |  2 +-
 crypto/pkcs7/pk7_doit.c         | 13 +++++--------
 crypto/pkcs7/pk7_lib.c          |  3 +--
 crypto/ts/ts_rsp_sign.c         |  3 +--
 crypto/x509/x509_cmp.c          |  6 ++----
 crypto/x509/x509_vfy.c          |  6 ++----
 demos/cms/cms_ddec.c            |  3 +--
 demos/cms/cms_dec.c             |  3 +--
 demos/cms/cms_sign.c            |  3 +--
 demos/cms/cms_sign2.c           |  6 ++----
 demos/smime/smdec.c             |  3 +--
 demos/smime/smsign.c            |  3 +--
 demos/smime/smsign2.c           |  6 ++----
 doc/crypto/EVP_PKEY_CTX_new.pod |  1 +
 doc/crypto/EVP_PKEY_new.pod     |  1 +
 engines/ccgost/gost2001_keyx.c  |  7 +++----
 engines/e_chil.c                |  3 +--
 ssl/s3_srvr.c                   |  3 +--
 ssl/ssl_cert.c                  |  6 ++----
 48 files changed, 90 insertions(+), 165 deletions(-)

diff --git a/apps/dgst.c b/apps/dgst.c
index ac3b583..7006000 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -384,8 +384,7 @@ int MAIN(int argc, char **argv)
         }
         r = 1;
  mac_end:
-        if (mac_ctx)
-            EVP_PKEY_CTX_free(mac_ctx);
+        EVP_PKEY_CTX_free(mac_ctx);
         if (r == 0)
             goto end;
     }
diff --git a/apps/genpkey.c b/apps/genpkey.c
index 5b7f433..bd81d51 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -268,10 +268,8 @@ int MAIN(int argc, char **argv)
     ret = 0;
 
  end:
-    if (pkey)
-        EVP_PKEY_free(pkey);
-    if (ctx)
-        EVP_PKEY_CTX_free(ctx);
+    EVP_PKEY_free(pkey);
+    EVP_PKEY_CTX_free(ctx);
     BIO_free_all(out);
     BIO_free(in);
     if (pass)
@@ -317,10 +315,8 @@ static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
  err:
     BIO_puts(err, "Error initializing context\n");
     ERR_print_errors(err);
-    if (ctx)
-        EVP_PKEY_CTX_free(ctx);
-    if (pkey)
-        EVP_PKEY_free(pkey);
+    EVP_PKEY_CTX_free(ctx);
+    EVP_PKEY_free(pkey);
     return 0;
 
 }
@@ -375,8 +371,7 @@ int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
  err:
     BIO_printf(err, "Error initializing %s context\n", algname);
     ERR_print_errors(err);
-    if (ctx)
-        EVP_PKEY_CTX_free(ctx);
+    EVP_PKEY_CTX_free(ctx);
     return 0;
 
 }
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index e33fe24..a60a055 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -672,8 +672,7 @@ int MAIN(int argc, char **argv)
         CRYPTO_push_info("process -export_cert: freeing");
 # endif
 
-        if (key)
-            EVP_PKEY_free(key);
+        EVP_PKEY_free(key);
         if (certs)
             sk_X509_pop_free(certs, X509_free);
         if (ucert)
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index aaa9074..1028686 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -332,8 +332,7 @@ int MAIN(int argc, char **argv)
         BIO_write(out, buf_out, buf_outlen);
 
  end:
-    if (ctx)
-        EVP_PKEY_CTX_free(ctx);
+    EVP_PKEY_CTX_free(ctx);
     BIO_free(in);
     BIO_free_all(out);
     if (buf_in)
diff --git a/apps/req.c b/apps/req.c
index 231535b..3cedf2c 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -874,9 +874,9 @@ int MAIN(int argc, char **argv)
 
         if (pkey == NULL) {
             pkey = X509_REQ_get_pubkey(req);
-            tmp = 1;
             if (pkey == NULL)
                 goto end;
+            tmp = 1;
         }
 
         i = X509_REQ_verify(req, pkey);
@@ -1013,8 +1013,7 @@ int MAIN(int argc, char **argv)
     BIO_free(in);
     BIO_free_all(out);
     EVP_PKEY_free(pkey);
-    if (genctx)
-        EVP_PKEY_CTX_free(genctx);
+    EVP_PKEY_CTX_free(genctx);
     if (pkeyopts)
         sk_OPENSSL_STRING_free(pkeyopts);
     if (sigopts)
diff --git a/apps/s_cb.c b/apps/s_cb.c
index ea7d35c..7e69fc8 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1242,8 +1242,7 @@ void ssl_excert_free(SSL_EXCERT *exc)
     while (exc) {
         if (exc->cert)
             X509_free(exc->cert);
-        if (exc->key)
-            EVP_PKEY_free(exc->key);
+        EVP_PKEY_free(exc->key);
         if (exc->chain)
             sk_X509_pop_free(exc->chain, X509_free);
         curr = exc;
diff --git a/apps/s_client.c b/apps/s_client.c
index 0874983..ec11617 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2030,8 +2030,7 @@ int MAIN(int argc, char **argv)
         X509_free(cert);
     if (crls)
         sk_X509_CRL_pop_free(crls, X509_CRL_free);
-    if (key)
-        EVP_PKEY_free(key);
+    EVP_PKEY_free(key);
     if (chain)
         sk_X509_pop_free(chain, X509_free);
     if (pass)
diff --git a/apps/s_server.c b/apps/s_server.c
index 37c40cb..f97a97d 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2011,10 +2011,8 @@ int MAIN(int argc, char *argv[])
         sk_X509_CRL_pop_free(crls, X509_CRL_free);
     if (s_dcert)
         X509_free(s_dcert);
-    if (s_key)
-        EVP_PKEY_free(s_key);
-    if (s_dkey)
-        EVP_PKEY_free(s_dkey);
+    EVP_PKEY_free(s_key);
+    EVP_PKEY_free(s_dkey);
     if (s_chain)
         sk_X509_pop_free(s_chain, X509_free);
     if (s_dchain)
@@ -2037,8 +2035,7 @@ int MAIN(int argc, char *argv[])
         SSL_CTX_free(ctx2);
     if (s_cert2)
         X509_free(s_cert2);
-    if (s_key2)
-        EVP_PKEY_free(s_key2);
+    EVP_PKEY_free(s_key2);
     BIO_free(serverinfo_in);
 # ifndef OPENSSL_NO_NEXTPROTONEG
     if (next_proto.data)
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index 5f1a96d..793532f 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -113,7 +113,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
         (*a) = ret;
     return (ret);
  err:
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+    if (a == NULL || *a != ret)
         EVP_PKEY_free(ret);
     return (NULL);
 }
diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
index 33542dd..189cfdd 100644
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -130,7 +130,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
         (*a) = ret;
     return (ret);
  err:
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+    if (a == NULL || *a != ret)
         EVP_PKEY_free(ret);
     return (NULL);
 }
diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c
index f4396e7..f24c0ce 100644
--- a/crypto/asn1/x_pkey.c
+++ b/crypto/asn1/x_pkey.c
@@ -144,8 +144,7 @@ void X509_PKEY_free(X509_PKEY *x)
     if (x->enc_algor != NULL)
         X509_ALGOR_free(x->enc_algor);
     ASN1_OCTET_STRING_free(x->enc_pkey);
-    if (x->dec_pkey != NULL)
-        EVP_PKEY_free(x->dec_pkey);
+    EVP_PKEY_free(x->dec_pkey);
     if ((x->key_data != NULL) && (x->key_free))
         OPENSSL_free(x->key_data);
     OPENSSL_free(x);
diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index cefaf3a..3c72997 100644
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -174,8 +174,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
     return ret;
 
  error:
-    if (ret != NULL)
-        EVP_PKEY_free(ret);
+    EVP_PKEY_free(ret);
     return (NULL);
 }
 
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
index 9a71919..03de7af 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -93,8 +93,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 {
     if (operation == ASN1_OP_FREE_POST) {
         CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
-        if (si->pkey)
-            EVP_PKEY_free(si->pkey);
+        EVP_PKEY_free(si->pkey);
         if (si->signer)
             X509_free(si->signer);
         if (si->pctx)
@@ -171,8 +170,7 @@ static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 {
     CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
     if (operation == ASN1_OP_FREE_POST) {
-        if (rek->pkey)
-            EVP_PKEY_free(rek->pkey);
+        EVP_PKEY_free(rek->pkey);
     }
     return 1;
 }
@@ -202,8 +200,7 @@ static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         EVP_CIPHER_CTX_set_flags(&kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
         kari->pctx = NULL;
     } else if (operation == ASN1_OP_FREE_POST) {
-        if (kari->pctx)
-            EVP_PKEY_CTX_free(kari->pctx);
+        EVP_PKEY_CTX_free(kari->pctx);
         EVP_CIPHER_CTX_cleanup(&kari->ctx);
     }
     return 1;
@@ -250,12 +247,10 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
         if (ri->type == CMS_RECIPINFO_TRANS) {
             CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
-            if (ktri->pkey)
-                EVP_PKEY_free(ktri->pkey);
+            EVP_PKEY_free(ktri->pkey);
             if (ktri->recip)
                 X509_free(ktri->recip);
-            if (ktri->pctx)
-                EVP_PKEY_CTX_free(ktri->pctx);
+            EVP_PKEY_CTX_free(ktri->pctx);
         } else if (ri->type == CMS_RECIPINFO_KEK) {
             CMS_KEKRecipientInfo *kekri = ri->d.kekri;
             if (kekri->key) {
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index d1252f8..3b4b930 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -279,8 +279,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
  err:
     if (ri)
         M_ASN1_free_of(ri, CMS_RecipientInfo);
-    if (pk)
-        EVP_PKEY_free(pk);
+    EVP_PKEY_free(pk);
     return NULL;
 
 }
@@ -476,10 +475,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
     ec->keylen = eklen;
 
  err:
-    if (ktri->pctx) {
-        EVP_PKEY_CTX_free(ktri->pctx);
-        ktri->pctx = NULL;
-    }
+    EVP_PKEY_CTX_free(ktri->pctx);
+    ktri->pctx = NULL;
     if (!ret && ek)
         OPENSSL_free(ek);
 
diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
index 196b5c6..5aaba59 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -218,8 +218,7 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
     kari->pctx = pctx;
     return 1;
  err:
-    if (pctx)
-        EVP_PKEY_CTX_free(pctx);
+    EVP_PKEY_CTX_free(pctx);
     return 0;
 }
 
@@ -331,10 +330,9 @@ static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
     kari->pctx = pctx;
     rv = 1;
  err:
-    if (!rv && pctx)
+    if (!rv)
         EVP_PKEY_CTX_free(pctx);
-    if (ekey)
-        EVP_PKEY_free(ekey);
+    EVP_PKEY_free(ekey);
     return rv;
 }
 
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index c45d30e..71c234c 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -487,8 +487,7 @@ void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
 {
     if (signer) {
         CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
-        if (si->pkey)
-            EVP_PKEY_free(si->pkey);
+        EVP_PKEY_free(si->pkey);
         si->pkey = X509_get_pubkey(signer);
     }
     if (si->signer)
@@ -651,8 +650,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
 
  err:
     EVP_MD_CTX_cleanup(&mctx);
-    if (pctx)
-        EVP_PKEY_CTX_free(pctx);
+    EVP_PKEY_CTX_free(pctx);
     return r;
 
 }
@@ -875,8 +873,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
     }
 
  err:
-    if (pkctx)
-        EVP_PKEY_CTX_free(pkctx);
+    EVP_PKEY_CTX_free(pkctx);
     EVP_MD_CTX_cleanup(&mctx);
     return r;
 
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index c71538f..cfa2e2d 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -708,8 +708,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
  err:
     if (public_key)
         ASN1_INTEGER_free(public_key);
-    if (pkpeer)
-        EVP_PKEY_free(pkpeer);
+    EVP_PKEY_free(pkpeer);
     DH_free(dhpeer);
     return rv;
 }
@@ -849,8 +848,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
     X509_ALGOR_get0(&aoid, NULL, NULL, talg);
     /* Is everything uninitialised? */
     if (aoid == OBJ_nid2obj(NID_undef)) {
-        ASN1_INTEGER *pubk;
-        pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
+        ASN1_INTEGER *pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
         if (!pubk)
             goto err;
         /* Set the key */
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 4be85a9..65c3d56 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -704,8 +704,7 @@ static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
         rv = 1;
  err:
     EC_KEY_free(ecpeer);
-    if (pkpeer)
-        EVP_PKEY_free(pkpeer);
+    EVP_PKEY_free(pkpeer);
     return rv;
 }
 
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 48c7b00..ce95350 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -352,8 +352,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
         OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
         OPENSSL_free(ctx->md_data);
     }
-    if (ctx->pctx)
-        EVP_PKEY_CTX_free(ctx->pctx);
+    EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
     if (ctx->engine)
         /*
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 3d40b04..3468b6b 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -522,14 +522,15 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 
 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
 {
-    if (ctx) {
-        EVP_CIPHER_CTX_cleanup(ctx);
+    EVP_CIPHER_CTX_cleanup(ctx);
+    if (ctx)
         OPENSSL_free(ctx);
-    }
 }
 
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
 {
+    if (!c)
+        return 0;
     if (c->cipher != NULL) {
         if (c->cipher->cleanup && !c->cipher->cleanup(c))
             return 0;
diff --git a/crypto/evp/evp_extra_test.c b/crypto/evp/evp_extra_test.c
index c474134..567ed0f 100644
--- a/crypto/evp/evp_extra_test.c
+++ b/crypto/evp/evp_extra_test.c
@@ -265,9 +265,7 @@ static EVP_PKEY *load_example_rsa_key(void)
     pkey = NULL;
 
  out:
-    if (pkey) {
-        EVP_PKEY_free(pkey);
-    }
+    EVP_PKEY_free(pkey);
     RSA_free(rsa);
 
     return ret;
@@ -321,9 +319,7 @@ static int test_EVP_DigestSignInit(void)
 
     EVP_MD_CTX_cleanup(&md_ctx);
     EVP_MD_CTX_cleanup(&md_ctx_verify);
-    if (pkey) {
-        EVP_PKEY_free(pkey);
-    }
+    EVP_PKEY_free(pkey);
     if (sig) {
         OPENSSL_free(sig);
     }
@@ -354,9 +350,7 @@ static int test_EVP_DigestVerifyInit(void)
     }
 
     EVP_MD_CTX_cleanup(&md_ctx);
-    if (pkey) {
-        EVP_PKEY_free(pkey);
-    }
+    EVP_PKEY_free(pkey);
 
     return ret;
 }
@@ -387,9 +381,7 @@ static int test_d2i_AutoPrivateKey(const unsigned char *input,
         ERR_print_errors_fp(stderr);
     }
 
-    if (pkey != NULL) {
-        EVP_PKEY_free(pkey);
-    }
+    EVP_PKEY_free(pkey);
     return ret;
 }
 
@@ -422,9 +414,7 @@ static int test_EVP_PKCS82PKEY(void)
         PKCS8_PRIV_KEY_INFO_free(p8inf);
     }
 
-    if (pkey != NULL) {
-        EVP_PKEY_free(pkey);
-    }
+    EVP_PKEY_free(pkey);
 
     return ret;
 }
diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c
index 1524658..68d5bde 100644
--- a/crypto/evp/evp_test.c
+++ b/crypto/evp/evp_test.c
@@ -1051,10 +1051,8 @@ static int mac_test_run(struct evp_test *t)
         EVP_MD_CTX_destroy(mctx);
     if (mac)
         OPENSSL_free(mac);
-    if (genctx)
-        EVP_PKEY_CTX_free(genctx);
-    if (key)
-        EVP_PKEY_free(key);
+    EVP_PKEY_CTX_free(genctx);
+    EVP_PKEY_free(key);
     t->err = err;
     return 1;
 }
@@ -1139,8 +1137,7 @@ static void pkey_test_cleanup(struct evp_test *t)
         OPENSSL_free(kdata->input);
     if (kdata->output)
         OPENSSL_free(kdata->output);
-    if (kdata->ctx)
-        EVP_PKEY_CTX_free(kdata->ctx);
+    EVP_PKEY_CTX_free(kdata->ctx);
 }
 
 static int pkey_test_parse(struct evp_test *t,
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 604faf2..a96fae6 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -409,6 +409,7 @@ void EVP_PKEY_free(EVP_PKEY *x)
 
 static void EVP_PKEY_free_it(EVP_PKEY *x)
 {
+    /* internal function; x is never NULL */
     if (x->ameth && x->ameth->pkey_free) {
         x->ameth->pkey_free(x);
         x->pkey.ptr = NULL;
diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
index 829b5f0..abf2160 100644
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -315,8 +315,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
         return -1;
     }
 
-    if (ctx->peerkey)
-        EVP_PKEY_free(ctx->peerkey);
+    EVP_PKEY_free(ctx->peerkey);
     ctx->peerkey = peer;
 
     ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index a5ae484..78467c9 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -207,7 +207,6 @@ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
     if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
         goto merr;
  merr:
-    if (mac_ctx)
-        EVP_PKEY_CTX_free(mac_ctx);
+    EVP_PKEY_CTX_free(mac_ctx);
     return mac_key;
 }
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 9183e40..b20a902 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -363,10 +363,8 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
         return;
     if (ctx->pmeth && ctx->pmeth->cleanup)
         ctx->pmeth->cleanup(ctx);
-    if (ctx->pkey)
-        EVP_PKEY_free(ctx->pkey);
-    if (ctx->peerkey)
-        EVP_PKEY_free(ctx->peerkey);
+    EVP_PKEY_free(ctx->pkey);
+    EVP_PKEY_free(ctx->peerkey);
 #ifndef OPENSSL_NO_ENGINE
     if (ctx->engine)
         /*
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index 0d76026..529d077 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -183,8 +183,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
     if (!ret)
         return NULL;
     if (x) {
-        if (*x)
-            EVP_PKEY_free(*x);
+        EVP_PKEY_free(*x);
         *x = ret;
     }
     return ret;
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index fd7e8b0..80c316e 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -96,8 +96,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
             goto p8err;
         ret = EVP_PKCS82PKEY(p8inf);
         if (x) {
-            if (*x)
-                EVP_PKEY_free((EVP_PKEY *)*x);
+            EVP_PKEY_free((EVP_PKEY *)*x);
             *x = ret;
         }
         PKCS8_PRIV_KEY_INFO_free(p8inf);
@@ -124,8 +123,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
             goto p8err;
         ret = EVP_PKCS82PKEY(p8inf);
         if (x) {
-            if (*x)
-                EVP_PKEY_free((EVP_PKEY *)*x);
+            EVP_PKEY_free((EVP_PKEY *)*x);
             *x = ret;
         }
         PKCS8_PRIV_KEY_INFO_free(p8inf);
@@ -186,8 +184,7 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
             goto err;
         }
         if (x) {
-            if (*x)
-                EVP_PKEY_free((EVP_PKEY *)*x);
+            EVP_PKEY_free((EVP_PKEY *)*x);
             *x = ret;
         }
     }
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 0f2390d..14ddb33 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -336,8 +336,7 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
  memerr:
     PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
     DSA_free(dsa);
-    if (ret)
-        EVP_PKEY_free(ret);
+    EVP_PKEY_free(ret);
     if (ctx)
         BN_CTX_free(ctx);
     return NULL;
@@ -385,8 +384,7 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
  memerr:
     PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
     RSA_free(rsa);
-    if (ret)
-        EVP_PKEY_free(ret);
+    EVP_PKEY_free(ret);
     return NULL;
 }
 
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index 4fd8b8c..fcfa986 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -161,7 +161,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 
  err:
 
-    if (pkey && *pkey)
+    if (pkey)
         EVP_PKEY_free(*pkey);
     if (cert && *cert)
         X509_free(*cert);
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index b7c66a3..639e217 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -179,10 +179,8 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
     ret = 1;
 
  err:
-    if (pkey)
-        EVP_PKEY_free(pkey);
-    if (pctx)
-        EVP_PKEY_CTX_free(pctx);
+    EVP_PKEY_free(pkey);
+    EVP_PKEY_CTX_free(pctx);
     if (ek)
         OPENSSL_free(ek);
     return ret;
@@ -240,8 +238,7 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
     *peklen = eklen;
 
  err:
-    if (pctx)
-        EVP_PKEY_CTX_free(pctx);
+    EVP_PKEY_CTX_free(pctx);
     if (!ret && ek)
         OPENSSL_free(ek);
 
@@ -1077,8 +1074,8 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
         PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
         ret = -1;
         goto err;
-    } else
-        ret = 1;
+    }
+    ret = 1;
  err:
     EVP_MD_CTX_cleanup(&mdc_tmp);
     return (ret);
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index 6409d28..956f3f2 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -556,8 +556,7 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
     return 1;
 
  err:
-    if (pkey)
-        EVP_PKEY_free(pkey);
+    EVP_PKEY_free(pkey);
     return 0;
 }
 
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index b510ceb..037ab64 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -216,8 +216,7 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
 
 int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key)
 {
-    if (ctx->signer_key)
-        EVP_PKEY_free(ctx->signer_key);
+    EVP_PKEY_free(ctx->signer_key);
     ctx->signer_key = key;
     CRYPTO_add(&ctx->signer_key->references, +1, CRYPTO_LOCK_EVP_PKEY);
 
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 51c47cc..c7b0fe1 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -342,8 +342,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
     case -2:
         X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE);
     }
-    if (xk)
-        EVP_PKEY_free(xk);
+    EVP_PKEY_free(xk);
     if (ret > 0)
         return 1;
     return 0;
@@ -436,8 +435,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
     /* Final check: root CA signature */
     rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags);
  end:
-    if (pk)
-        EVP_PKEY_free(pk);
+    EVP_PKEY_free(pk);
     if (rv != X509_V_OK) {
         /* Invalid signature or LOS errors are for previous cert */
         if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 61f02b5..9cf39db 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1933,10 +1933,8 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
         }
         if (!EVP_PKEY_missing_parameters(ktmp))
             break;
-        else {
-            EVP_PKEY_free(ktmp);
-            ktmp = NULL;
-        }
+        EVP_PKEY_free(ktmp);
+        ktmp = NULL;
     }
     if (ktmp == NULL) {
         X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
diff --git a/demos/cms/cms_ddec.c b/demos/cms/cms_ddec.c
index 7247e57..1e06cea 100644
--- a/demos/cms/cms_ddec.c
+++ b/demos/cms/cms_ddec.c
@@ -72,8 +72,7 @@ int main(int argc, char **argv)
         CMS_ContentInfo_free(cms);
     if (rcert)
         X509_free(rcert);
-    if (rkey)
-        EVP_PKEY_free(rkey);
+    EVP_PKEY_free(rkey);
 
     BIO_free(in);
     BIO_free(out);
diff --git a/demos/cms/cms_dec.c b/demos/cms/cms_dec.c
index e9782d7..71a0e4f 100644
--- a/demos/cms/cms_dec.c
+++ b/demos/cms/cms_dec.c
@@ -63,8 +63,7 @@ int main(int argc, char **argv)
         CMS_ContentInfo_free(cms);
     if (rcert)
         X509_free(rcert);
-    if (rkey)
-        EVP_PKEY_free(rkey);
+    EVP_PKEY_free(rkey);
 
     BIO_free(in);
     BIO_free(out);
diff --git a/demos/cms/cms_sign.c b/demos/cms/cms_sign.c
index 9f2cff0..3ad5ce8 100644
--- a/demos/cms/cms_sign.c
+++ b/demos/cms/cms_sign.c
@@ -73,8 +73,7 @@ int main(int argc, char **argv)
         CMS_ContentInfo_free(cms);
     if (scert)
         X509_free(scert);
-    if (skey)
-        EVP_PKEY_free(skey);
+    EVP_PKEY_free(skey);
 
     BIO_free(in);
     BIO_free(out);
diff --git a/demos/cms/cms_sign2.c b/demos/cms/cms_sign2.c
index 23c6eb8..3276de1 100644
--- a/demos/cms/cms_sign2.c
+++ b/demos/cms/cms_sign2.c
@@ -82,13 +82,11 @@ int main(int argc, char **argv)
 
     if (scert)
         X509_free(scert);
-    if (skey)
-        EVP_PKEY_free(skey);
+    EVP_PKEY_free(skey);
 
     if (scert2)
         X509_free(scert2);
-    if (skey)
-        EVP_PKEY_free(skey2);
+    EVP_PKEY_free(skey2);
 
     BIO_free(in);
     BIO_free(out);
diff --git a/demos/smime/smdec.c b/demos/smime/smdec.c
index b50f8df..a418707 100644
--- a/demos/smime/smdec.c
+++ b/demos/smime/smdec.c
@@ -63,8 +63,7 @@ int main(int argc, char **argv)
         PKCS7_free(p7);
     if (rcert)
         X509_free(rcert);
-    if (rkey)
-        EVP_PKEY_free(rkey);
+    EVP_PKEY_free(rkey);
 
     BIO_free(in);
     BIO_free(out);
diff --git a/demos/smime/smsign.c b/demos/smime/smsign.c
index 6b9dfdd..455efcb 100644
--- a/demos/smime/smsign.c
+++ b/demos/smime/smsign.c
@@ -73,8 +73,7 @@ int main(int argc, char **argv)
         PKCS7_free(p7);
     if (scert)
         X509_free(scert);
-    if (skey)
-        EVP_PKEY_free(skey);
+    EVP_PKEY_free(skey);
 
     BIO_free(in);
     BIO_free(out);
diff --git a/demos/smime/smsign2.c b/demos/smime/smsign2.c
index 5d9de35..5f20a40 100644
--- a/demos/smime/smsign2.c
+++ b/demos/smime/smsign2.c
@@ -82,13 +82,11 @@ int main(int argc, char **argv)
 
     if (scert)
         X509_free(scert);
-    if (skey)
-        EVP_PKEY_free(skey);
+    EVP_PKEY_free(skey);
 
     if (scert2)
         X509_free(scert2);
-    if (skey)
-        EVP_PKEY_free(skey2);
+    EVP_PKEY_free(skey2);
 
     BIO_free(in);
     BIO_free(out);
diff --git a/doc/crypto/EVP_PKEY_CTX_new.pod b/doc/crypto/EVP_PKEY_CTX_new.pod
index a9af867..17d5e74 100644
--- a/doc/crypto/EVP_PKEY_CTX_new.pod
+++ b/doc/crypto/EVP_PKEY_CTX_new.pod
@@ -26,6 +26,7 @@ during parameter generation of key genration for some algorithms.
 EVP_PKEY_CTX_dup() duplicates the context B<ctx>.
 
 EVP_PKEY_CTX_free() frees up the context B<ctx>.
+If B<ctx> is NULL, nothing is done.
 
 =head1 NOTES
 
diff --git a/doc/crypto/EVP_PKEY_new.pod b/doc/crypto/EVP_PKEY_new.pod
index 10687e4..d26b03f 100644
--- a/doc/crypto/EVP_PKEY_new.pod
+++ b/doc/crypto/EVP_PKEY_new.pod
@@ -18,6 +18,7 @@ The EVP_PKEY_new() function allocates an empty B<EVP_PKEY>
 structure which is used by OpenSSL to store private keys.
 
 EVP_PKEY_free() frees up the private key B<key>.
+If B<key> is NULL, nothing is done.
 
 =head1 NOTES
 
diff --git a/engines/ccgost/gost2001_keyx.c b/engines/ccgost/gost2001_keyx.c
index db1bdc1..864d01b 100644
--- a/engines/ccgost/gost2001_keyx.c
+++ b/engines/ccgost/gost2001_keyx.c
@@ -189,7 +189,7 @@ int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
     }
     ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
     gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
-    if (key_is_ephemeral && sec_key)
+    if (key_is_ephemeral)
         EVP_PKEY_free(sec_key);
     if (!key_is_ephemeral) {
         /* Set control "public key from client certificate used" */
@@ -204,7 +204,7 @@ int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
     GOST_KEY_TRANSPORT_free(gkt);
     return ret;
  err:
-    if (key_is_ephemeral && sec_key)
+    if (key_is_ephemeral)
         EVP_PKEY_free(sec_key);
     GOST_KEY_TRANSPORT_free(gkt);
     return -1;
@@ -284,8 +284,7 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key,
 
     ret = 1;
  err:
-    if (eph_key)
-        EVP_PKEY_free(eph_key);
+    EVP_PKEY_free(eph_key);
     if (gkt)
         GOST_KEY_TRANSPORT_free(gkt);
     return ret;
diff --git a/engines/e_chil.c b/engines/e_chil.c
index c06ab1a..68c9145 100644
--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@@ -887,8 +887,7 @@ static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
 
     return res;
  err:
-    if (res)
-        EVP_PKEY_free(res);
+    EVP_PKEY_free(res);
     return NULL;
 }
 
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 68a8c81..5b17e52 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2869,8 +2869,7 @@ int ssl3_get_client_key_exchange(SSL *s)
         EVP_PKEY_CTX_free(pkey_ctx);
         if (ret)
             return ret;
-        else
-            goto err;
+        goto err;
     } else {
         al = SSL_AD_HANDSHAKE_FAILURE;
         SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_UNKNOWN_CIPHER_TYPE);
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index f05a60a..d6401b4 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -402,10 +402,8 @@ void ssl_cert_clear_certs(CERT *c)
             X509_free(cpk->x509);
             cpk->x509 = NULL;
         }
-        if (cpk->privatekey) {
-            EVP_PKEY_free(cpk->privatekey);
-            cpk->privatekey = NULL;
-        }
+        EVP_PKEY_free(cpk->privatekey);
+        cpk->privatekey = NULL;
         if (cpk->chain) {
             sk_X509_pop_free(cpk->chain, X509_free);
             cpk->chain = NULL;


More information about the openssl-commits mailing list