summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-06-07 14:10:35 +0000
committerjsing <>2014-06-07 14:10:35 +0000
commit95268644eba97927cec83c548e0ec2c504f7df63 (patch)
tree827d5a799fe09599039564d7a3a27bf8ba15a731
parenteb1325b75a91858984607e2d54e61ee64e72958b (diff)
downloadopenbsd-95268644eba97927cec83c548e0ec2c504f7df63.tar.gz
openbsd-95268644eba97927cec83c548e0ec2c504f7df63.tar.bz2
openbsd-95268644eba97927cec83c548e0ec2c504f7df63.zip
The DH_free, EC_KEY_free, EVP_PKEY_free and RSA_free functions all have
implicit NULL checks, so there is no point ensuring that the pointer is non-NULL before calling them.
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/d1_clnt.c10
-rw-r--r--src/lib/libssl/s3_clnt.c21
-rw-r--r--src/lib/libssl/s3_lib.c41
-rw-r--r--src/lib/libssl/s3_srvr.c17
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c10
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c21
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c41
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c17
-rw-r--r--src/lib/libssl/src/ssl/ssl_cert.c34
-rw-r--r--src/lib/libssl/ssl_cert.c34
10 files changed, 88 insertions, 158 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index ef4a74e0af..8ff4d8e369 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1211,8 +1211,7 @@ dtls1_send_client_key_exchange(SSL *s)
1211 /* Free allocated memory */ 1211 /* Free allocated memory */
1212 BN_CTX_free(bn_ctx); 1212 BN_CTX_free(bn_ctx);
1213 free(encodedPoint); 1213 free(encodedPoint);
1214 if (clnt_ecdh != NULL) 1214 EC_KEY_free(clnt_ecdh);
1215 EC_KEY_free(clnt_ecdh);
1216 EVP_PKEY_free(srvr_pub_pkey); 1215 EVP_PKEY_free(srvr_pub_pkey);
1217 } 1216 }
1218 1217
@@ -1321,11 +1320,11 @@ psk_err:
1321 1320
1322 /* SSL3_ST_CW_KEY_EXCH_B */ 1321 /* SSL3_ST_CW_KEY_EXCH_B */
1323 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); 1322 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1323
1324err: 1324err:
1325 BN_CTX_free(bn_ctx); 1325 BN_CTX_free(bn_ctx);
1326 free(encodedPoint); 1326 free(encodedPoint);
1327 if (clnt_ecdh != NULL) 1327 EC_KEY_free(clnt_ecdh);
1328 EC_KEY_free(clnt_ecdh);
1329 EVP_PKEY_free(srvr_pub_pkey); 1328 EVP_PKEY_free(srvr_pub_pkey);
1330 return (-1); 1329 return (-1);
1331} 1330}
@@ -1447,8 +1446,7 @@ dtls1_send_client_certificate(SSL *s)
1447 1446
1448 if (x509 != NULL) 1447 if (x509 != NULL)
1449 X509_free(x509); 1448 X509_free(x509);
1450 if (pkey != NULL) 1449 EVP_PKEY_free(pkey);
1451 EVP_PKEY_free(pkey);
1452 if (i == 0) { 1450 if (i == 0) {
1453 if (s->version == SSL3_VERSION) { 1451 if (s->version == SSL3_VERSION) {
1454 s->s3->tmp.cert_req = 0; 1452 s->s3->tmp.cert_req = 0;
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index d1455cffc1..f2c7dd2442 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1674,14 +1674,11 @@ f_err:
1674 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1674 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1675err: 1675err:
1676 EVP_PKEY_free(pkey); 1676 EVP_PKEY_free(pkey);
1677 if (rsa != NULL) 1677 RSA_free(rsa);
1678 RSA_free(rsa); 1678 DH_free(dh);
1679 if (dh != NULL)
1680 DH_free(dh);
1681 BN_CTX_free(bn_ctx); 1679 BN_CTX_free(bn_ctx);
1682 EC_POINT_free(srvr_ecpoint); 1680 EC_POINT_free(srvr_ecpoint);
1683 if (ecdh != NULL) 1681 EC_KEY_free(ecdh);
1684 EC_KEY_free(ecdh);
1685 EVP_MD_CTX_cleanup(&md_ctx); 1682 EVP_MD_CTX_cleanup(&md_ctx);
1686 return (-1); 1683 return (-1);
1687} 1684}
@@ -2333,8 +2330,7 @@ ssl3_send_client_key_exchange(SSL *s)
2333 /* Free allocated memory */ 2330 /* Free allocated memory */
2334 BN_CTX_free(bn_ctx); 2331 BN_CTX_free(bn_ctx);
2335 free(encodedPoint); 2332 free(encodedPoint);
2336 if (clnt_ecdh != NULL) 2333 EC_KEY_free(clnt_ecdh);
2337 EC_KEY_free(clnt_ecdh);
2338 EVP_PKEY_free(srvr_pub_pkey); 2334 EVP_PKEY_free(srvr_pub_pkey);
2339 } else if (alg_k & SSL_kGOST) { 2335 } else if (alg_k & SSL_kGOST) {
2340 /* GOST key exchange message creation */ 2336 /* GOST key exchange message creation */
@@ -2444,7 +2440,7 @@ ssl3_send_client_key_exchange(SSL *s)
2444 s->session->master_key_length = 2440 s->session->master_key_length =
2445 s->method->ssl3_enc->generate_master_secret(s, 2441 s->method->ssl3_enc->generate_master_secret(s,
2446 s->session->master_key, premaster_secret, 32); 2442 s->session->master_key, premaster_secret, 32);
2447 EVP_PKEY_free(pub_key); 2443 EVP_PKEY_free(pub_key);
2448 2444
2449 } 2445 }
2450#ifndef OPENSSL_NO_PSK 2446#ifndef OPENSSL_NO_PSK
@@ -2543,11 +2539,11 @@ psk_err:
2543 2539
2544 /* SSL3_ST_CW_KEY_EXCH_B */ 2540 /* SSL3_ST_CW_KEY_EXCH_B */
2545 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 2541 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2542
2546err: 2543err:
2547 BN_CTX_free(bn_ctx); 2544 BN_CTX_free(bn_ctx);
2548 free(encodedPoint); 2545 free(encodedPoint);
2549 if (clnt_ecdh != NULL) 2546 EC_KEY_free(clnt_ecdh);
2550 EC_KEY_free(clnt_ecdh);
2551 EVP_PKEY_free(srvr_pub_pkey); 2547 EVP_PKEY_free(srvr_pub_pkey);
2552 return (-1); 2548 return (-1);
2553} 2549}
@@ -2726,8 +2722,7 @@ ssl3_send_client_certificate(SSL *s)
2726 2722
2727 if (x509 != NULL) 2723 if (x509 != NULL)
2728 X509_free(x509); 2724 X509_free(x509);
2729 if (pkey != NULL) 2725 EVP_PKEY_free(pkey);
2730 EVP_PKEY_free(pkey);
2731 if (i == 0) { 2726 if (i == 0) {
2732 if (s->version == SSL3_VERSION) { 2727 if (s->version == SSL3_VERSION) {
2733 s->s3->tmp.cert_req = 0; 2728 s->s3->tmp.cert_req = 0;
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 3b6eefd99b..d8066720f9 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -2333,16 +2333,13 @@ ssl3_free(SSL *s)
2333 if (s->s3->wbuf.buf != NULL) 2333 if (s->s3->wbuf.buf != NULL)
2334 ssl3_release_write_buffer(s); 2334 ssl3_release_write_buffer(s);
2335 free(s->s3->rrec.comp); 2335 free(s->s3->rrec.comp);
2336 if (s->s3->tmp.dh != NULL) 2336 DH_free(s->s3->tmp.dh);
2337 DH_free(s->s3->tmp.dh); 2337 EC_KEY_free(s->s3->tmp.ecdh);
2338 if (s->s3->tmp.ecdh != NULL)
2339 EC_KEY_free(s->s3->tmp.ecdh);
2340 2338
2341 if (s->s3->tmp.ca_names != NULL) 2339 if (s->s3->tmp.ca_names != NULL)
2342 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2340 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2343 if (s->s3->handshake_buffer) { 2341 if (s->s3->handshake_buffer)
2344 BIO_free(s->s3->handshake_buffer); 2342 BIO_free(s->s3->handshake_buffer);
2345 }
2346 if (s->s3->handshake_dgst) 2343 if (s->s3->handshake_dgst)
2347 ssl3_free_digest_list(s); 2344 ssl3_free_digest_list(s);
2348 OPENSSL_cleanse(s->s3, sizeof *s->s3); 2345 OPENSSL_cleanse(s->s3, sizeof *s->s3);
@@ -2371,14 +2368,11 @@ ssl3_clear(SSL *s)
2371 free(s->s3->rrec.comp); 2368 free(s->s3->rrec.comp);
2372 s->s3->rrec.comp = NULL; 2369 s->s3->rrec.comp = NULL;
2373 2370
2374 if (s->s3->tmp.dh != NULL) { 2371 DH_free(s->s3->tmp.dh);
2375 DH_free(s->s3->tmp.dh); 2372 s->s3->tmp.dh = NULL;
2376 s->s3->tmp.dh = NULL; 2373 EC_KEY_free(s->s3->tmp.ecdh);
2377 } 2374 s->s3->tmp.ecdh = NULL;
2378 if (s->s3->tmp.ecdh != NULL) { 2375
2379 EC_KEY_free(s->s3->tmp.ecdh);
2380 s->s3->tmp.ecdh = NULL;
2381 }
2382 s->s3->is_probably_safari = 0; 2376 s->s3->is_probably_safari = 0;
2383 2377
2384 rp = s->s3->rbuf.buf; 2378 rp = s->s3->rbuf.buf;
@@ -2470,8 +2464,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2470 ERR_R_RSA_LIB); 2464 ERR_R_RSA_LIB);
2471 return (ret); 2465 return (ret);
2472 } 2466 }
2473 if (s->cert->rsa_tmp != NULL) 2467 RSA_free(s->cert->rsa_tmp);
2474 RSA_free(s->cert->rsa_tmp);
2475 s->cert->rsa_tmp = rsa; 2468 s->cert->rsa_tmp = rsa;
2476 ret = 1; 2469 ret = 1;
2477 } 2470 }
@@ -2504,8 +2497,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2504 return (ret); 2497 return (ret);
2505 } 2498 }
2506 } 2499 }
2507 if (s->cert->dh_tmp != NULL) 2500 DH_free(s->cert->dh_tmp);
2508 DH_free(s->cert->dh_tmp);
2509 s->cert->dh_tmp = dh; 2501 s->cert->dh_tmp = dh;
2510 ret = 1; 2502 ret = 1;
2511 } 2503 }
@@ -2540,8 +2532,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2540 return (ret); 2532 return (ret);
2541 } 2533 }
2542 } 2534 }
2543 if (s->cert->ecdh_tmp != NULL) 2535 EC_KEY_free(s->cert->ecdh_tmp);
2544 EC_KEY_free(s->cert->ecdh_tmp);
2545 s->cert->ecdh_tmp = ecdh; 2536 s->cert->ecdh_tmp = ecdh;
2546 ret = 1; 2537 ret = 1;
2547 } 2538 }
@@ -2729,8 +2720,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2729 ERR_R_RSA_LIB); 2720 ERR_R_RSA_LIB);
2730 return (0); 2721 return (0);
2731 } else { 2722 } else {
2732 if (cert->rsa_tmp != NULL) 2723 RSA_free(cert->rsa_tmp);
2733 RSA_free(cert->rsa_tmp);
2734 cert->rsa_tmp = rsa; 2724 cert->rsa_tmp = rsa;
2735 return (1); 2725 return (1);
2736 } 2726 }
@@ -2761,8 +2751,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2761 return 0; 2751 return 0;
2762 } 2752 }
2763 } 2753 }
2764 if (cert->dh_tmp != NULL) 2754 DH_free(cert->dh_tmp);
2765 DH_free(cert->dh_tmp);
2766 cert->dh_tmp = new; 2755 cert->dh_tmp = new;
2767 return 1; 2756 return 1;
2768 } 2757 }
@@ -2798,9 +2787,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2798 } 2787 }
2799 } 2788 }
2800 2789
2801 if (cert->ecdh_tmp != NULL) { 2790 EC_KEY_free(cert->ecdh_tmp);
2802 EC_KEY_free(cert->ecdh_tmp);
2803 }
2804 cert->ecdh_tmp = ecdh; 2791 cert->ecdh_tmp = ecdh;
2805 return 1; 2792 return 1;
2806 } 2793 }
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 552f8290b5..bd22569ef0 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -866,14 +866,10 @@ ssl3_check_client_hello(SSL *s)
866 * which will now be aborted. (A full SSL_clear would be too 866 * which will now be aborted. (A full SSL_clear would be too
867 * much.) 867 * much.)
868 */ 868 */
869 if (s->s3->tmp.dh != NULL) { 869 DH_free(s->s3->tmp.dh);
870 DH_free(s->s3->tmp.dh); 870 s->s3->tmp.dh = NULL;
871 s->s3->tmp.dh = NULL; 871 EC_KEY_free(s->s3->tmp.ecdh);
872 } 872 s->s3->tmp.ecdh = NULL;
873 if (s->s3->tmp.ecdh != NULL) {
874 EC_KEY_free(s->s3->tmp.ecdh);
875 s->s3->tmp.ecdh = NULL;
876 }
877 s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; 873 s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
878 return (2); 874 return (2);
879 } 875 }
@@ -2465,7 +2461,7 @@ ssl3_get_client_key_exchange(SSL *s)
2465 ret = 2; 2461 ret = 2;
2466 else 2462 else
2467 ret = 1; 2463 ret = 1;
2468 gerr: 2464gerr:
2469 EVP_PKEY_free(client_pub_pkey); 2465 EVP_PKEY_free(client_pub_pkey);
2470 EVP_PKEY_CTX_free(pkey_ctx); 2466 EVP_PKEY_CTX_free(pkey_ctx);
2471 if (ret) 2467 if (ret)
@@ -2485,8 +2481,7 @@ f_err:
2485err: 2481err:
2486 EVP_PKEY_free(clnt_pub_pkey); 2482 EVP_PKEY_free(clnt_pub_pkey);
2487 EC_POINT_free(clnt_ecpoint); 2483 EC_POINT_free(clnt_ecpoint);
2488 if (srvr_ecdh != NULL) 2484 EC_KEY_free(srvr_ecdh);
2489 EC_KEY_free(srvr_ecdh);
2490 BN_CTX_free(bn_ctx); 2485 BN_CTX_free(bn_ctx);
2491 return (-1); 2486 return (-1);
2492} 2487}
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index ef4a74e0af..8ff4d8e369 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1211,8 +1211,7 @@ dtls1_send_client_key_exchange(SSL *s)
1211 /* Free allocated memory */ 1211 /* Free allocated memory */
1212 BN_CTX_free(bn_ctx); 1212 BN_CTX_free(bn_ctx);
1213 free(encodedPoint); 1213 free(encodedPoint);
1214 if (clnt_ecdh != NULL) 1214 EC_KEY_free(clnt_ecdh);
1215 EC_KEY_free(clnt_ecdh);
1216 EVP_PKEY_free(srvr_pub_pkey); 1215 EVP_PKEY_free(srvr_pub_pkey);
1217 } 1216 }
1218 1217
@@ -1321,11 +1320,11 @@ psk_err:
1321 1320
1322 /* SSL3_ST_CW_KEY_EXCH_B */ 1321 /* SSL3_ST_CW_KEY_EXCH_B */
1323 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); 1322 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1323
1324err: 1324err:
1325 BN_CTX_free(bn_ctx); 1325 BN_CTX_free(bn_ctx);
1326 free(encodedPoint); 1326 free(encodedPoint);
1327 if (clnt_ecdh != NULL) 1327 EC_KEY_free(clnt_ecdh);
1328 EC_KEY_free(clnt_ecdh);
1329 EVP_PKEY_free(srvr_pub_pkey); 1328 EVP_PKEY_free(srvr_pub_pkey);
1330 return (-1); 1329 return (-1);
1331} 1330}
@@ -1447,8 +1446,7 @@ dtls1_send_client_certificate(SSL *s)
1447 1446
1448 if (x509 != NULL) 1447 if (x509 != NULL)
1449 X509_free(x509); 1448 X509_free(x509);
1450 if (pkey != NULL) 1449 EVP_PKEY_free(pkey);
1451 EVP_PKEY_free(pkey);
1452 if (i == 0) { 1450 if (i == 0) {
1453 if (s->version == SSL3_VERSION) { 1451 if (s->version == SSL3_VERSION) {
1454 s->s3->tmp.cert_req = 0; 1452 s->s3->tmp.cert_req = 0;
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index d1455cffc1..f2c7dd2442 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1674,14 +1674,11 @@ f_err:
1674 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1674 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1675err: 1675err:
1676 EVP_PKEY_free(pkey); 1676 EVP_PKEY_free(pkey);
1677 if (rsa != NULL) 1677 RSA_free(rsa);
1678 RSA_free(rsa); 1678 DH_free(dh);
1679 if (dh != NULL)
1680 DH_free(dh);
1681 BN_CTX_free(bn_ctx); 1679 BN_CTX_free(bn_ctx);
1682 EC_POINT_free(srvr_ecpoint); 1680 EC_POINT_free(srvr_ecpoint);
1683 if (ecdh != NULL) 1681 EC_KEY_free(ecdh);
1684 EC_KEY_free(ecdh);
1685 EVP_MD_CTX_cleanup(&md_ctx); 1682 EVP_MD_CTX_cleanup(&md_ctx);
1686 return (-1); 1683 return (-1);
1687} 1684}
@@ -2333,8 +2330,7 @@ ssl3_send_client_key_exchange(SSL *s)
2333 /* Free allocated memory */ 2330 /* Free allocated memory */
2334 BN_CTX_free(bn_ctx); 2331 BN_CTX_free(bn_ctx);
2335 free(encodedPoint); 2332 free(encodedPoint);
2336 if (clnt_ecdh != NULL) 2333 EC_KEY_free(clnt_ecdh);
2337 EC_KEY_free(clnt_ecdh);
2338 EVP_PKEY_free(srvr_pub_pkey); 2334 EVP_PKEY_free(srvr_pub_pkey);
2339 } else if (alg_k & SSL_kGOST) { 2335 } else if (alg_k & SSL_kGOST) {
2340 /* GOST key exchange message creation */ 2336 /* GOST key exchange message creation */
@@ -2444,7 +2440,7 @@ ssl3_send_client_key_exchange(SSL *s)
2444 s->session->master_key_length = 2440 s->session->master_key_length =
2445 s->method->ssl3_enc->generate_master_secret(s, 2441 s->method->ssl3_enc->generate_master_secret(s,
2446 s->session->master_key, premaster_secret, 32); 2442 s->session->master_key, premaster_secret, 32);
2447 EVP_PKEY_free(pub_key); 2443 EVP_PKEY_free(pub_key);
2448 2444
2449 } 2445 }
2450#ifndef OPENSSL_NO_PSK 2446#ifndef OPENSSL_NO_PSK
@@ -2543,11 +2539,11 @@ psk_err:
2543 2539
2544 /* SSL3_ST_CW_KEY_EXCH_B */ 2540 /* SSL3_ST_CW_KEY_EXCH_B */
2545 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 2541 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2542
2546err: 2543err:
2547 BN_CTX_free(bn_ctx); 2544 BN_CTX_free(bn_ctx);
2548 free(encodedPoint); 2545 free(encodedPoint);
2549 if (clnt_ecdh != NULL) 2546 EC_KEY_free(clnt_ecdh);
2550 EC_KEY_free(clnt_ecdh);
2551 EVP_PKEY_free(srvr_pub_pkey); 2547 EVP_PKEY_free(srvr_pub_pkey);
2552 return (-1); 2548 return (-1);
2553} 2549}
@@ -2726,8 +2722,7 @@ ssl3_send_client_certificate(SSL *s)
2726 2722
2727 if (x509 != NULL) 2723 if (x509 != NULL)
2728 X509_free(x509); 2724 X509_free(x509);
2729 if (pkey != NULL) 2725 EVP_PKEY_free(pkey);
2730 EVP_PKEY_free(pkey);
2731 if (i == 0) { 2726 if (i == 0) {
2732 if (s->version == SSL3_VERSION) { 2727 if (s->version == SSL3_VERSION) {
2733 s->s3->tmp.cert_req = 0; 2728 s->s3->tmp.cert_req = 0;
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 3b6eefd99b..d8066720f9 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -2333,16 +2333,13 @@ ssl3_free(SSL *s)
2333 if (s->s3->wbuf.buf != NULL) 2333 if (s->s3->wbuf.buf != NULL)
2334 ssl3_release_write_buffer(s); 2334 ssl3_release_write_buffer(s);
2335 free(s->s3->rrec.comp); 2335 free(s->s3->rrec.comp);
2336 if (s->s3->tmp.dh != NULL) 2336 DH_free(s->s3->tmp.dh);
2337 DH_free(s->s3->tmp.dh); 2337 EC_KEY_free(s->s3->tmp.ecdh);
2338 if (s->s3->tmp.ecdh != NULL)
2339 EC_KEY_free(s->s3->tmp.ecdh);
2340 2338
2341 if (s->s3->tmp.ca_names != NULL) 2339 if (s->s3->tmp.ca_names != NULL)
2342 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2340 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2343 if (s->s3->handshake_buffer) { 2341 if (s->s3->handshake_buffer)
2344 BIO_free(s->s3->handshake_buffer); 2342 BIO_free(s->s3->handshake_buffer);
2345 }
2346 if (s->s3->handshake_dgst) 2343 if (s->s3->handshake_dgst)
2347 ssl3_free_digest_list(s); 2344 ssl3_free_digest_list(s);
2348 OPENSSL_cleanse(s->s3, sizeof *s->s3); 2345 OPENSSL_cleanse(s->s3, sizeof *s->s3);
@@ -2371,14 +2368,11 @@ ssl3_clear(SSL *s)
2371 free(s->s3->rrec.comp); 2368 free(s->s3->rrec.comp);
2372 s->s3->rrec.comp = NULL; 2369 s->s3->rrec.comp = NULL;
2373 2370
2374 if (s->s3->tmp.dh != NULL) { 2371 DH_free(s->s3->tmp.dh);
2375 DH_free(s->s3->tmp.dh); 2372 s->s3->tmp.dh = NULL;
2376 s->s3->tmp.dh = NULL; 2373 EC_KEY_free(s->s3->tmp.ecdh);
2377 } 2374 s->s3->tmp.ecdh = NULL;
2378 if (s->s3->tmp.ecdh != NULL) { 2375
2379 EC_KEY_free(s->s3->tmp.ecdh);
2380 s->s3->tmp.ecdh = NULL;
2381 }
2382 s->s3->is_probably_safari = 0; 2376 s->s3->is_probably_safari = 0;
2383 2377
2384 rp = s->s3->rbuf.buf; 2378 rp = s->s3->rbuf.buf;
@@ -2470,8 +2464,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2470 ERR_R_RSA_LIB); 2464 ERR_R_RSA_LIB);
2471 return (ret); 2465 return (ret);
2472 } 2466 }
2473 if (s->cert->rsa_tmp != NULL) 2467 RSA_free(s->cert->rsa_tmp);
2474 RSA_free(s->cert->rsa_tmp);
2475 s->cert->rsa_tmp = rsa; 2468 s->cert->rsa_tmp = rsa;
2476 ret = 1; 2469 ret = 1;
2477 } 2470 }
@@ -2504,8 +2497,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2504 return (ret); 2497 return (ret);
2505 } 2498 }
2506 } 2499 }
2507 if (s->cert->dh_tmp != NULL) 2500 DH_free(s->cert->dh_tmp);
2508 DH_free(s->cert->dh_tmp);
2509 s->cert->dh_tmp = dh; 2501 s->cert->dh_tmp = dh;
2510 ret = 1; 2502 ret = 1;
2511 } 2503 }
@@ -2540,8 +2532,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2540 return (ret); 2532 return (ret);
2541 } 2533 }
2542 } 2534 }
2543 if (s->cert->ecdh_tmp != NULL) 2535 EC_KEY_free(s->cert->ecdh_tmp);
2544 EC_KEY_free(s->cert->ecdh_tmp);
2545 s->cert->ecdh_tmp = ecdh; 2536 s->cert->ecdh_tmp = ecdh;
2546 ret = 1; 2537 ret = 1;
2547 } 2538 }
@@ -2729,8 +2720,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2729 ERR_R_RSA_LIB); 2720 ERR_R_RSA_LIB);
2730 return (0); 2721 return (0);
2731 } else { 2722 } else {
2732 if (cert->rsa_tmp != NULL) 2723 RSA_free(cert->rsa_tmp);
2733 RSA_free(cert->rsa_tmp);
2734 cert->rsa_tmp = rsa; 2724 cert->rsa_tmp = rsa;
2735 return (1); 2725 return (1);
2736 } 2726 }
@@ -2761,8 +2751,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2761 return 0; 2751 return 0;
2762 } 2752 }
2763 } 2753 }
2764 if (cert->dh_tmp != NULL) 2754 DH_free(cert->dh_tmp);
2765 DH_free(cert->dh_tmp);
2766 cert->dh_tmp = new; 2755 cert->dh_tmp = new;
2767 return 1; 2756 return 1;
2768 } 2757 }
@@ -2798,9 +2787,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2798 } 2787 }
2799 } 2788 }
2800 2789
2801 if (cert->ecdh_tmp != NULL) { 2790 EC_KEY_free(cert->ecdh_tmp);
2802 EC_KEY_free(cert->ecdh_tmp);
2803 }
2804 cert->ecdh_tmp = ecdh; 2791 cert->ecdh_tmp = ecdh;
2805 return 1; 2792 return 1;
2806 } 2793 }
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 552f8290b5..bd22569ef0 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -866,14 +866,10 @@ ssl3_check_client_hello(SSL *s)
866 * which will now be aborted. (A full SSL_clear would be too 866 * which will now be aborted. (A full SSL_clear would be too
867 * much.) 867 * much.)
868 */ 868 */
869 if (s->s3->tmp.dh != NULL) { 869 DH_free(s->s3->tmp.dh);
870 DH_free(s->s3->tmp.dh); 870 s->s3->tmp.dh = NULL;
871 s->s3->tmp.dh = NULL; 871 EC_KEY_free(s->s3->tmp.ecdh);
872 } 872 s->s3->tmp.ecdh = NULL;
873 if (s->s3->tmp.ecdh != NULL) {
874 EC_KEY_free(s->s3->tmp.ecdh);
875 s->s3->tmp.ecdh = NULL;
876 }
877 s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; 873 s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
878 return (2); 874 return (2);
879 } 875 }
@@ -2465,7 +2461,7 @@ ssl3_get_client_key_exchange(SSL *s)
2465 ret = 2; 2461 ret = 2;
2466 else 2462 else
2467 ret = 1; 2463 ret = 1;
2468 gerr: 2464gerr:
2469 EVP_PKEY_free(client_pub_pkey); 2465 EVP_PKEY_free(client_pub_pkey);
2470 EVP_PKEY_CTX_free(pkey_ctx); 2466 EVP_PKEY_CTX_free(pkey_ctx);
2471 if (ret) 2467 if (ret)
@@ -2485,8 +2481,7 @@ f_err:
2485err: 2481err:
2486 EVP_PKEY_free(clnt_pub_pkey); 2482 EVP_PKEY_free(clnt_pub_pkey);
2487 EC_POINT_free(clnt_ecpoint); 2483 EC_POINT_free(clnt_ecpoint);
2488 if (srvr_ecdh != NULL) 2484 EC_KEY_free(srvr_ecdh);
2489 EC_KEY_free(srvr_ecdh);
2490 BN_CTX_free(bn_ctx); 2485 BN_CTX_free(bn_ctx);
2491 return (-1); 2486 return (-1);
2492} 2487}
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c
index 4c3af75869..44efb64dea 100644
--- a/src/lib/libssl/src/ssl/ssl_cert.c
+++ b/src/lib/libssl/src/ssl/ssl_cert.c
@@ -299,18 +299,14 @@ ssl_cert_dup(CERT *cert)
299 return (ret); 299 return (ret);
300 300
301err: 301err:
302 if (ret->rsa_tmp != NULL) 302 RSA_free(ret->rsa_tmp);
303 RSA_free(ret->rsa_tmp); 303 DH_free(ret->dh_tmp);
304 if (ret->dh_tmp != NULL) 304 EC_KEY_free(ret->ecdh_tmp);
305 DH_free(ret->dh_tmp);
306 if (ret->ecdh_tmp != NULL)
307 EC_KEY_free(ret->ecdh_tmp);
308 305
309 for (i = 0; i < SSL_PKEY_NUM; i++) { 306 for (i = 0; i < SSL_PKEY_NUM; i++) {
310 if (ret->pkeys[i].x509 != NULL) 307 if (ret->pkeys[i].x509 != NULL)
311 X509_free(ret->pkeys[i].x509); 308 X509_free(ret->pkeys[i].x509);
312 if (ret->pkeys[i].privatekey != NULL) 309 EVP_PKEY_free(ret->pkeys[i].privatekey);
313 EVP_PKEY_free(ret->pkeys[i].privatekey);
314 } 310 }
315 311
316 return NULL; 312 return NULL;
@@ -329,19 +325,16 @@ ssl_cert_free(CERT *c)
329 if (i > 0) 325 if (i > 0)
330 return; 326 return;
331 327
332 if (c->rsa_tmp) 328 RSA_free(c->rsa_tmp);
333 RSA_free(c->rsa_tmp); 329 DH_free(c->dh_tmp);
334 if (c->dh_tmp) 330 EC_KEY_free(c->ecdh_tmp);
335 DH_free(c->dh_tmp);
336 if (c->ecdh_tmp)
337 EC_KEY_free(c->ecdh_tmp);
338 331
339 for (i = 0; i < SSL_PKEY_NUM; i++) { 332 for (i = 0; i < SSL_PKEY_NUM; i++) {
340 if (c->pkeys[i].x509 != NULL) 333 if (c->pkeys[i].x509 != NULL)
341 X509_free(c->pkeys[i].x509); 334 X509_free(c->pkeys[i].x509);
342 if (c->pkeys[i].privatekey != NULL) 335 EVP_PKEY_free(c->pkeys[i].privatekey);
343 EVP_PKEY_free(c->pkeys[i].privatekey);
344 } 336 }
337
345 free(c); 338 free(c);
346} 339}
347 340
@@ -408,12 +401,9 @@ ssl_sess_cert_free(SESS_CERT *sc)
408 X509_free(sc->peer_pkeys[i].x509); 401 X509_free(sc->peer_pkeys[i].x509);
409 } 402 }
410 403
411 if (sc->peer_rsa_tmp != NULL) 404 RSA_free(sc->peer_rsa_tmp);
412 RSA_free(sc->peer_rsa_tmp); 405 DH_free(sc->peer_dh_tmp);
413 if (sc->peer_dh_tmp != NULL) 406 EC_KEY_free(sc->peer_ecdh_tmp);
414 DH_free(sc->peer_dh_tmp);
415 if (sc->peer_ecdh_tmp != NULL)
416 EC_KEY_free(sc->peer_ecdh_tmp);
417 407
418 free(sc); 408 free(sc);
419} 409}
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 4c3af75869..44efb64dea 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -299,18 +299,14 @@ ssl_cert_dup(CERT *cert)
299 return (ret); 299 return (ret);
300 300
301err: 301err:
302 if (ret->rsa_tmp != NULL) 302 RSA_free(ret->rsa_tmp);
303 RSA_free(ret->rsa_tmp); 303 DH_free(ret->dh_tmp);
304 if (ret->dh_tmp != NULL) 304 EC_KEY_free(ret->ecdh_tmp);
305 DH_free(ret->dh_tmp);
306 if (ret->ecdh_tmp != NULL)
307 EC_KEY_free(ret->ecdh_tmp);
308 305
309 for (i = 0; i < SSL_PKEY_NUM; i++) { 306 for (i = 0; i < SSL_PKEY_NUM; i++) {
310 if (ret->pkeys[i].x509 != NULL) 307 if (ret->pkeys[i].x509 != NULL)
311 X509_free(ret->pkeys[i].x509); 308 X509_free(ret->pkeys[i].x509);
312 if (ret->pkeys[i].privatekey != NULL) 309 EVP_PKEY_free(ret->pkeys[i].privatekey);
313 EVP_PKEY_free(ret->pkeys[i].privatekey);
314 } 310 }
315 311
316 return NULL; 312 return NULL;
@@ -329,19 +325,16 @@ ssl_cert_free(CERT *c)
329 if (i > 0) 325 if (i > 0)
330 return; 326 return;
331 327
332 if (c->rsa_tmp) 328 RSA_free(c->rsa_tmp);
333 RSA_free(c->rsa_tmp); 329 DH_free(c->dh_tmp);
334 if (c->dh_tmp) 330 EC_KEY_free(c->ecdh_tmp);
335 DH_free(c->dh_tmp);
336 if (c->ecdh_tmp)
337 EC_KEY_free(c->ecdh_tmp);
338 331
339 for (i = 0; i < SSL_PKEY_NUM; i++) { 332 for (i = 0; i < SSL_PKEY_NUM; i++) {
340 if (c->pkeys[i].x509 != NULL) 333 if (c->pkeys[i].x509 != NULL)
341 X509_free(c->pkeys[i].x509); 334 X509_free(c->pkeys[i].x509);
342 if (c->pkeys[i].privatekey != NULL) 335 EVP_PKEY_free(c->pkeys[i].privatekey);
343 EVP_PKEY_free(c->pkeys[i].privatekey);
344 } 336 }
337
345 free(c); 338 free(c);
346} 339}
347 340
@@ -408,12 +401,9 @@ ssl_sess_cert_free(SESS_CERT *sc)
408 X509_free(sc->peer_pkeys[i].x509); 401 X509_free(sc->peer_pkeys[i].x509);
409 } 402 }
410 403
411 if (sc->peer_rsa_tmp != NULL) 404 RSA_free(sc->peer_rsa_tmp);
412 RSA_free(sc->peer_rsa_tmp); 405 DH_free(sc->peer_dh_tmp);
413 if (sc->peer_dh_tmp != NULL) 406 EC_KEY_free(sc->peer_ecdh_tmp);
414 DH_free(sc->peer_dh_tmp);
415 if (sc->peer_ecdh_tmp != NULL)
416 EC_KEY_free(sc->peer_ecdh_tmp);
417 407
418 free(sc); 408 free(sc);
419} 409}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-29 02:51:17 +0000