summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-05-28 13:03:25 +0000
committerjsing <>2014-05-28 13:03:25 +0000
commit1904ce01988b6ea0f5775507b4d812459c5b3f50 (patch)
tree60af46eb8cb0fcb0e51840739e416c98c124d73c
parent60cd1d60f58b32225afb881559d08dbc68a2eb79 (diff)
downloadopenbsd-1904ce01988b6ea0f5775507b4d812459c5b3f50.tar.gz
openbsd-1904ce01988b6ea0f5775507b4d812459c5b3f50.tar.bz2
openbsd-1904ce01988b6ea0f5775507b4d812459c5b3f50.zip
There is no point in checking if a pointer is non-NULL before calling free,
since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
Diffstat
-rw-r--r--src/lib/libssl/bio_ssl.c3
-rw-r--r--src/lib/libssl/d1_both.c9
-rw-r--r--src/lib/libssl/d1_clnt.c15
-rw-r--r--src/lib/libssl/d1_lib.c8
-rw-r--r--src/lib/libssl/d1_pkt.c6
-rw-r--r--src/lib/libssl/s3_both.c12
-rw-r--r--src/lib/libssl/s3_clnt.c27
-rw-r--r--src/lib/libssl/s3_lib.c39
-rw-r--r--src/lib/libssl/s3_srvr.c9
-rw-r--r--src/lib/libssl/src/ssl/bio_ssl.c3
-rw-r--r--src/lib/libssl/src/ssl/d1_both.c9
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c15
-rw-r--r--src/lib/libssl/src/ssl/d1_lib.c8
-rw-r--r--src/lib/libssl/src/ssl/d1_pkt.c6
-rw-r--r--src/lib/libssl/src/ssl/s3_both.c12
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c27
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c39
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c9
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c30
-rw-r--r--src/lib/libssl/src/ssl/ssl_sess.c30
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c6
-rw-r--r--src/lib/libssl/src/ssl/t1_lib.c50
-rw-r--r--src/lib/libssl/ssl_lib.c30
-rw-r--r--src/lib/libssl/ssl_sess.c30
-rw-r--r--src/lib/libssl/t1_enc.c6
-rw-r--r--src/lib/libssl/t1_lib.c50
26 files changed, 168 insertions, 320 deletions
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
index 5b14ea3824..8ffbe0a67a 100644
--- a/src/lib/libssl/bio_ssl.c
+++ b/src/lib/libssl/bio_ssl.c
@@ -132,8 +132,7 @@ ssl_free(BIO *a)
132 a->init = 0; 132 a->init = 0;
133 a->flags = 0; 133 a->flags = 0;
134 } 134 }
135 if (a->ptr != NULL) 135 free(a->ptr);
136 free(a->ptr);
137 return (1); 136 return (1);
138} 137}
139 138
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 0e32825695..59987bc1d8 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -200,8 +200,7 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
200 if (reassembly) { 200 if (reassembly) {
201 bitmask = malloc(RSMBLY_BITMASK_SIZE(frag_len)); 201 bitmask = malloc(RSMBLY_BITMASK_SIZE(frag_len));
202 if (bitmask == NULL) { 202 if (bitmask == NULL) {
203 if (buf != NULL) 203 free(buf);
204 free(buf);
205 free(frag); 204 free(frag);
206 return NULL; 205 return NULL;
207 } 206 }
@@ -223,10 +222,8 @@ dtls1_hm_fragment_free(hm_fragment *frag)
223 EVP_MD_CTX_destroy( 222 EVP_MD_CTX_destroy(
224 frag->msg_header.saved_retransmit_state.write_hash); 223 frag->msg_header.saved_retransmit_state.write_hash);
225 } 224 }
226 if (frag->fragment) 225 free(frag->fragment);
227 free(frag->fragment); 226 free(frag->reassembly);
228 if (frag->reassembly)
229 free(frag->reassembly);
230 free(frag); 227 free(frag);
231} 228}
232 229
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 8f304a75ff..d82b099e08 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1231,8 +1231,7 @@ dtls1_send_client_key_exchange(SSL *s)
1231 1231
1232 /* Free allocated memory */ 1232 /* Free allocated memory */
1233 BN_CTX_free(bn_ctx); 1233 BN_CTX_free(bn_ctx);
1234 if (encodedPoint != NULL) 1234 free(encodedPoint);
1235 free(encodedPoint);
1236 if (clnt_ecdh != NULL) 1235 if (clnt_ecdh != NULL)
1237 EC_KEY_free(clnt_ecdh); 1236 EC_KEY_free(clnt_ecdh);
1238 EVP_PKEY_free(srvr_pub_pkey); 1237 EVP_PKEY_free(srvr_pub_pkey);
@@ -1277,9 +1276,9 @@ dtls1_send_client_key_exchange(SSL *s)
1277 t += psk_len; 1276 t += psk_len;
1278 s2n(psk_len, t); 1277 s2n(psk_len, t);
1279 1278
1280 if (s->session->psk_identity_hint != NULL) 1279 free(s->session->psk_identity_hint);
1281 free(s->session->psk_identity_hint); 1280 s->session->psk_identity_hint =
1282 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 1281 BUF_strdup(s->ctx->psk_identity_hint);
1283 if (s->ctx->psk_identity_hint != NULL && 1282 if (s->ctx->psk_identity_hint != NULL &&
1284 s->session->psk_identity_hint == NULL) { 1283 s->session->psk_identity_hint == NULL) {
1285 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1284 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
@@ -1287,8 +1286,7 @@ dtls1_send_client_key_exchange(SSL *s)
1287 goto psk_err; 1286 goto psk_err;
1288 } 1287 }
1289 1288
1290 if (s->session->psk_identity != NULL) 1289 free(s->session->psk_identity);
1291 free(s->session->psk_identity);
1292 s->session->psk_identity = BUF_strdup(identity); 1290 s->session->psk_identity = BUF_strdup(identity);
1293 if (s->session->psk_identity == NULL) { 1291 if (s->session->psk_identity == NULL) {
1294 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1292 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
@@ -1344,8 +1342,7 @@ psk_err:
1344err: 1342err:
1345#ifndef OPENSSL_NO_ECDH 1343#ifndef OPENSSL_NO_ECDH
1346 BN_CTX_free(bn_ctx); 1344 BN_CTX_free(bn_ctx);
1347 if (encodedPoint != NULL) 1345 free(encodedPoint);
1348 free(encodedPoint);
1349 if (clnt_ecdh != NULL) 1346 if (clnt_ecdh != NULL)
1350 EC_KEY_free(clnt_ecdh); 1347 EC_KEY_free(clnt_ecdh);
1351 EVP_PKEY_free(srvr_pub_pkey); 1348 EVP_PKEY_free(srvr_pub_pkey);
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index f0b9c1920a..87bc9b68c6 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -149,18 +149,14 @@ dtls1_clear_queues(SSL *s)
149 149
150 while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) { 150 while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
151 rdata = (DTLS1_RECORD_DATA *) item->data; 151 rdata = (DTLS1_RECORD_DATA *) item->data;
152 if (rdata->rbuf.buf) { 152 free(rdata->rbuf.buf);
153 free(rdata->rbuf.buf);
154 }
155 free(item->data); 153 free(item->data);
156 pitem_free(item); 154 pitem_free(item);
157 } 155 }
158 156
159 while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) { 157 while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {
160 rdata = (DTLS1_RECORD_DATA *) item->data; 158 rdata = (DTLS1_RECORD_DATA *) item->data;
161 if (rdata->rbuf.buf) { 159 free(rdata->rbuf.buf);
162 free(rdata->rbuf.buf);
163 }
164 free(item->data); 160 free(item->data);
165 pitem_free(item); 161 pitem_free(item);
166 } 162 }
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index c855d0e2a6..db898f507a 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -197,8 +197,7 @@ dtls1_copy_record(SSL *s, pitem *item)
197 197
198 rdata = (DTLS1_RECORD_DATA *)item->data; 198 rdata = (DTLS1_RECORD_DATA *)item->data;
199 199
200 if (s->s3->rbuf.buf != NULL) 200 free(s->s3->rbuf.buf);
201 free(s->s3->rbuf.buf);
202 201
203 s->packet = rdata->packet; 202 s->packet = rdata->packet;
204 s->packet_length = rdata->packet_length; 203 s->packet_length = rdata->packet_length;
@@ -349,8 +348,7 @@ dtls1_get_buffered_record(SSL *s)
349 item = pqueue_pop(s->d1->rcvd_records); 348 item = pqueue_pop(s->d1->rcvd_records);
350 rdata = (DTLS1_RECORD_DATA *)item->data; 349 rdata = (DTLS1_RECORD_DATA *)item->data;
351 350
352 if (s->s3->rbuf.buf != NULL) 351 free(s->s3->rbuf.buf);
353 free(s->s3->rbuf.buf);
354 352
355 s->packet = rdata->packet; 353 s->packet = rdata->packet;
356 s->packet_length = rdata->packet_length; 354 s->packet_length = rdata->packet_length;
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 9dcdd7b998..f1d686b56f 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -719,20 +719,16 @@ ssl3_setup_buffers(SSL *s)
719int 719int
720ssl3_release_write_buffer(SSL *s) 720ssl3_release_write_buffer(SSL *s)
721{ 721{
722 if (s->s3->wbuf.buf != NULL) { 722 free(s->s3->wbuf.buf);
723 free(s->s3->wbuf.buf); 723 s->s3->wbuf.buf = NULL;
724 s->s3->wbuf.buf = NULL;
725 }
726 return 1; 724 return 1;
727} 725}
728 726
729int 727int
730ssl3_release_read_buffer(SSL *s) 728ssl3_release_read_buffer(SSL *s)
731{ 729{
732 if (s->s3->rbuf.buf != NULL) { 730 free(s->s3->rbuf.buf);
733 free(s->s3->rbuf.buf); 731 s->s3->rbuf.buf = NULL;
734 s->s3->rbuf.buf = NULL;
735 }
736 return 1; 732 return 1;
737} 733}
738 734
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 863a05adb3..ffbd83b060 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1292,8 +1292,7 @@ ssl3_get_key_exchange(SSL *s)
1292 */ 1292 */
1293 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) { 1293 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) {
1294 s->session->sess_cert = ssl_sess_cert_new(); 1294 s->session->sess_cert = ssl_sess_cert_new();
1295 if (s->ctx->psk_identity_hint) 1295 free(s->ctx->psk_identity_hint);
1296 free(s->ctx->psk_identity_hint);
1297 s->ctx->psk_identity_hint = NULL; 1296 s->ctx->psk_identity_hint = NULL;
1298 } 1297 }
1299#endif 1298#endif
@@ -1360,8 +1359,7 @@ ssl3_get_key_exchange(SSL *s)
1360 */ 1359 */
1361 memcpy(tmp_id_hint, p, i); 1360 memcpy(tmp_id_hint, p, i);
1362 memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); 1361 memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
1363 if (s->ctx->psk_identity_hint != NULL) 1362 free(s->ctx->psk_identity_hint);
1364 free(s->ctx->psk_identity_hint);
1365 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); 1363 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
1366 if (s->ctx->psk_identity_hint == NULL) { 1364 if (s->ctx->psk_identity_hint == NULL) {
1367 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1365 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
@@ -1952,10 +1950,8 @@ ssl3_get_new_session_ticket(SSL *s)
1952 SSL_R_LENGTH_MISMATCH); 1950 SSL_R_LENGTH_MISMATCH);
1953 goto f_err; 1951 goto f_err;
1954 } 1952 }
1955 if (s->session->tlsext_tick) { 1953 free(s->session->tlsext_tick);
1956 free(s->session->tlsext_tick); 1954 s->session->tlsext_ticklen = 0;
1957 s->session->tlsext_ticklen = 0;
1958 }
1959 s->session->tlsext_tick = malloc(ticklen); 1955 s->session->tlsext_tick = malloc(ticklen);
1960 if (!s->session->tlsext_tick) { 1956 if (!s->session->tlsext_tick) {
1961 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, 1957 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
@@ -2024,8 +2020,7 @@ ssl3_get_cert_status(SSL *s)
2024 SSL_R_LENGTH_MISMATCH); 2020 SSL_R_LENGTH_MISMATCH);
2025 goto f_err; 2021 goto f_err;
2026 } 2022 }
2027 if (s->tlsext_ocsp_resp) 2023 free(s->tlsext_ocsp_resp);
2028 free(s->tlsext_ocsp_resp);
2029 s->tlsext_ocsp_resp = BUF_memdup(p, resplen); 2024 s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
2030 if (!s->tlsext_ocsp_resp) { 2025 if (!s->tlsext_ocsp_resp) {
2031 al = SSL_AD_INTERNAL_ERROR; 2026 al = SSL_AD_INTERNAL_ERROR;
@@ -2399,8 +2394,7 @@ ssl3_send_client_key_exchange(SSL *s)
2399 2394
2400 /* Free allocated memory */ 2395 /* Free allocated memory */
2401 BN_CTX_free(bn_ctx); 2396 BN_CTX_free(bn_ctx);
2402 if (encodedPoint != NULL) 2397 free(encodedPoint);
2403 free(encodedPoint);
2404 if (clnt_ecdh != NULL) 2398 if (clnt_ecdh != NULL)
2405 EC_KEY_free(clnt_ecdh); 2399 EC_KEY_free(clnt_ecdh);
2406 EVP_PKEY_free(srvr_pub_pkey); 2400 EVP_PKEY_free(srvr_pub_pkey);
@@ -2551,8 +2545,7 @@ ssl3_send_client_key_exchange(SSL *s)
2551 t += psk_len; 2545 t += psk_len;
2552 s2n(psk_len, t); 2546 s2n(psk_len, t);
2553 2547
2554 if (s->session->psk_identity_hint != NULL) 2548 free(s->session->psk_identity_hint);
2555 free(s->session->psk_identity_hint);
2556 s->session->psk_identity_hint = 2549 s->session->psk_identity_hint =
2557 BUF_strdup(s->ctx->psk_identity_hint); 2550 BUF_strdup(s->ctx->psk_identity_hint);
2558 if (s->ctx->psk_identity_hint != NULL && 2551 if (s->ctx->psk_identity_hint != NULL &&
@@ -2562,8 +2555,7 @@ ssl3_send_client_key_exchange(SSL *s)
2562 goto psk_err; 2555 goto psk_err;
2563 } 2556 }
2564 2557
2565 if (s->session->psk_identity != NULL) 2558 free(s->session->psk_identity);
2566 free(s->session->psk_identity);
2567 s->session->psk_identity = BUF_strdup(identity); 2559 s->session->psk_identity = BUF_strdup(identity);
2568 if (s->session->psk_identity == NULL) { 2560 if (s->session->psk_identity == NULL) {
2569 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2561 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
@@ -2613,8 +2605,7 @@ ssl3_send_client_key_exchange(SSL *s)
2613 err: 2605 err:
2614#ifndef OPENSSL_NO_ECDH 2606#ifndef OPENSSL_NO_ECDH
2615 BN_CTX_free(bn_ctx); 2607 BN_CTX_free(bn_ctx);
2616 if (encodedPoint != NULL) 2608 free(encodedPoint);
2617 free(encodedPoint);
2618 if (clnt_ecdh != NULL) 2609 if (clnt_ecdh != NULL)
2619 EC_KEY_free(clnt_ecdh); 2610 EC_KEY_free(clnt_ecdh);
2620 EVP_PKEY_free(srvr_pub_pkey); 2611 EVP_PKEY_free(srvr_pub_pkey);
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index d8a186040b..2f4ab38863 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -2332,10 +2332,8 @@ ssl3_free(SSL *s)
2332 return; 2332 return;
2333 2333
2334#ifdef TLSEXT_TYPE_opaque_prf_input 2334#ifdef TLSEXT_TYPE_opaque_prf_input
2335 if (s->s3->client_opaque_prf_input != NULL) 2335 free(s->s3->client_opaque_prf_input);
2336 free(s->s3->client_opaque_prf_input); 2336 free(s->s3->server_opaque_prf_input);
2337 if (s->s3->server_opaque_prf_input != NULL)
2338 free(s->s3->server_opaque_prf_input);
2339#endif 2337#endif
2340 2338
2341 ssl3_cleanup_key_block(s); 2339 ssl3_cleanup_key_block(s);
@@ -2343,8 +2341,7 @@ ssl3_free(SSL *s)
2343 ssl3_release_read_buffer(s); 2341 ssl3_release_read_buffer(s);
2344 if (s->s3->wbuf.buf != NULL) 2342 if (s->s3->wbuf.buf != NULL)
2345 ssl3_release_write_buffer(s); 2343 ssl3_release_write_buffer(s);
2346 if (s->s3->rrec.comp != NULL) 2344 free(s->s3->rrec.comp);
2347 free(s->s3->rrec.comp);
2348#ifndef OPENSSL_NO_DH 2345#ifndef OPENSSL_NO_DH
2349 if (s->s3->tmp.dh != NULL) 2346 if (s->s3->tmp.dh != NULL)
2350 DH_free(s->s3->tmp.dh); 2347 DH_free(s->s3->tmp.dh);
@@ -2374,11 +2371,9 @@ ssl3_clear(SSL *s)
2374 int init_extra; 2371 int init_extra;
2375 2372
2376#ifdef TLSEXT_TYPE_opaque_prf_input 2373#ifdef TLSEXT_TYPE_opaque_prf_input
2377 if (s->s3->client_opaque_prf_input != NULL) 2374 free(s->s3->client_opaque_prf_input);
2378 free(s->s3->client_opaque_prf_input);
2379 s->s3->client_opaque_prf_input = NULL; 2375 s->s3->client_opaque_prf_input = NULL;
2380 if (s->s3->server_opaque_prf_input != NULL) 2376 free(s->s3->server_opaque_prf_input);
2381 free(s->s3->server_opaque_prf_input);
2382 s->s3->server_opaque_prf_input = NULL; 2377 s->s3->server_opaque_prf_input = NULL;
2383#endif 2378#endif
2384 2379
@@ -2386,10 +2381,9 @@ ssl3_clear(SSL *s)
2386 if (s->s3->tmp.ca_names != NULL) 2381 if (s->s3->tmp.ca_names != NULL)
2387 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2382 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2388 2383
2389 if (s->s3->rrec.comp != NULL) { 2384 free(s->s3->rrec.comp);
2390 free(s->s3->rrec.comp); 2385 s->s3->rrec.comp = NULL;
2391 s->s3->rrec.comp = NULL; 2386
2392 }
2393#ifndef OPENSSL_NO_DH 2387#ifndef OPENSSL_NO_DH
2394 if (s->s3->tmp.dh != NULL) { 2388 if (s->s3->tmp.dh != NULL) {
2395 DH_free(s->s3->tmp.dh); 2389 DH_free(s->s3->tmp.dh);
@@ -2437,11 +2431,9 @@ ssl3_clear(SSL *s)
2437 s->version = SSL3_VERSION; 2431 s->version = SSL3_VERSION;
2438 2432
2439#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 2433#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2440 if (s->next_proto_negotiated) { 2434 free(s->next_proto_negotiated);
2441 free(s->next_proto_negotiated); 2435 s->next_proto_negotiated = NULL;
2442 s->next_proto_negotiated = NULL; 2436 s->next_proto_negotiated_len = 0;
2443 s->next_proto_negotiated_len = 0;
2444 }
2445#endif 2437#endif
2446} 2438}
2447 2439
@@ -2589,8 +2581,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2589#ifndef OPENSSL_NO_TLSEXT 2581#ifndef OPENSSL_NO_TLSEXT
2590 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 2582 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2591 if (larg == TLSEXT_NAMETYPE_host_name) { 2583 if (larg == TLSEXT_NAMETYPE_host_name) {
2592 if (s->tlsext_hostname != NULL) 2584 free(s->tlsext_hostname);
2593 free(s->tlsext_hostname);
2594 s->tlsext_hostname = NULL; 2585 s->tlsext_hostname = NULL;
2595 2586
2596 ret = 1; 2587 ret = 1;
@@ -2630,8 +2621,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2630 SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); 2621 SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2631 break; 2622 break;
2632 } 2623 }
2633 if (s->tlsext_opaque_prf_input != NULL) 2624 free(s->tlsext_opaque_prf_input);
2634 free(s->tlsext_opaque_prf_input);
2635 if ((size_t)larg == 0) { 2625 if ((size_t)larg == 0) {
2636 s->tlsext_opaque_prf_input = NULL; 2626 s->tlsext_opaque_prf_input = NULL;
2637 s->tlsext_opaque_prf_input_len = 0; 2627 s->tlsext_opaque_prf_input_len = 0;
@@ -2678,8 +2668,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2678 return s->tlsext_ocsp_resplen; 2668 return s->tlsext_ocsp_resplen;
2679 2669
2680 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 2670 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2681 if (s->tlsext_ocsp_resp) 2671 free(s->tlsext_ocsp_resp);
2682 free(s->tlsext_ocsp_resp);
2683 s->tlsext_ocsp_resp = parg; 2672 s->tlsext_ocsp_resp = parg;
2684 s->tlsext_ocsp_resplen = larg; 2673 s->tlsext_ocsp_resplen = larg;
2685 ret = 1; 2674 ret = 1;
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 521f6a21e8..c16f7bb2ef 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1927,8 +1927,7 @@ f_err:
1927 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1927 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1928err: 1928err:
1929#ifndef OPENSSL_NO_ECDH 1929#ifndef OPENSSL_NO_ECDH
1930 if (encodedPoint != NULL) 1930 free(encodedPoint);
1931 free(encodedPoint);
1932 BN_CTX_free(bn_ctx); 1931 BN_CTX_free(bn_ctx);
1933#endif 1932#endif
1934 EVP_MD_CTX_cleanup(&md_ctx); 1933 EVP_MD_CTX_cleanup(&md_ctx);
@@ -2435,8 +2434,7 @@ ssl3_get_client_key_exchange(SSL *s)
2435 t += psk_len; 2434 t += psk_len;
2436 s2n(psk_len, t); 2435 s2n(psk_len, t);
2437 2436
2438 if (s->session->psk_identity != NULL) 2437 free(s->session->psk_identity);
2439 free(s->session->psk_identity);
2440 s->session->psk_identity = BUF_strdup((char *)p); 2438 s->session->psk_identity = BUF_strdup((char *)p);
2441 if (s->session->psk_identity == NULL) { 2439 if (s->session->psk_identity == NULL) {
2442 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2440 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
@@ -2444,8 +2442,7 @@ ssl3_get_client_key_exchange(SSL *s)
2444 goto psk_err; 2442 goto psk_err;
2445 } 2443 }
2446 2444
2447 if (s->session->psk_identity_hint != NULL) 2445 free(s->session->psk_identity_hint);
2448 free(s->session->psk_identity_hint);
2449 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 2446 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2450 if (s->ctx->psk_identity_hint != NULL && 2447 if (s->ctx->psk_identity_hint != NULL &&
2451 s->session->psk_identity_hint == NULL) { 2448 s->session->psk_identity_hint == NULL) {
diff --git a/src/lib/libssl/src/ssl/bio_ssl.c b/src/lib/libssl/src/ssl/bio_ssl.c
index 5b14ea3824..8ffbe0a67a 100644
--- a/src/lib/libssl/src/ssl/bio_ssl.c
+++ b/src/lib/libssl/src/ssl/bio_ssl.c
@@ -132,8 +132,7 @@ ssl_free(BIO *a)
132 a->init = 0; 132 a->init = 0;
133 a->flags = 0; 133 a->flags = 0;
134 } 134 }
135 if (a->ptr != NULL) 135 free(a->ptr);
136 free(a->ptr);
137 return (1); 136 return (1);
138} 137}
139 138
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index 0e32825695..59987bc1d8 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -200,8 +200,7 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
200 if (reassembly) { 200 if (reassembly) {
201 bitmask = malloc(RSMBLY_BITMASK_SIZE(frag_len)); 201 bitmask = malloc(RSMBLY_BITMASK_SIZE(frag_len));
202 if (bitmask == NULL) { 202 if (bitmask == NULL) {
203 if (buf != NULL) 203 free(buf);
204 free(buf);
205 free(frag); 204 free(frag);
206 return NULL; 205 return NULL;
207 } 206 }
@@ -223,10 +222,8 @@ dtls1_hm_fragment_free(hm_fragment *frag)
223 EVP_MD_CTX_destroy( 222 EVP_MD_CTX_destroy(
224 frag->msg_header.saved_retransmit_state.write_hash); 223 frag->msg_header.saved_retransmit_state.write_hash);
225 } 224 }
226 if (frag->fragment) 225 free(frag->fragment);
227 free(frag->fragment); 226 free(frag->reassembly);
228 if (frag->reassembly)
229 free(frag->reassembly);
230 free(frag); 227 free(frag);
231} 228}
232 229
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 8f304a75ff..d82b099e08 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1231,8 +1231,7 @@ dtls1_send_client_key_exchange(SSL *s)
1231 1231
1232 /* Free allocated memory */ 1232 /* Free allocated memory */
1233 BN_CTX_free(bn_ctx); 1233 BN_CTX_free(bn_ctx);
1234 if (encodedPoint != NULL) 1234 free(encodedPoint);
1235 free(encodedPoint);
1236 if (clnt_ecdh != NULL) 1235 if (clnt_ecdh != NULL)
1237 EC_KEY_free(clnt_ecdh); 1236 EC_KEY_free(clnt_ecdh);
1238 EVP_PKEY_free(srvr_pub_pkey); 1237 EVP_PKEY_free(srvr_pub_pkey);
@@ -1277,9 +1276,9 @@ dtls1_send_client_key_exchange(SSL *s)
1277 t += psk_len; 1276 t += psk_len;
1278 s2n(psk_len, t); 1277 s2n(psk_len, t);
1279 1278
1280 if (s->session->psk_identity_hint != NULL) 1279 free(s->session->psk_identity_hint);
1281 free(s->session->psk_identity_hint); 1280 s->session->psk_identity_hint =
1282 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 1281 BUF_strdup(s->ctx->psk_identity_hint);
1283 if (s->ctx->psk_identity_hint != NULL && 1282 if (s->ctx->psk_identity_hint != NULL &&
1284 s->session->psk_identity_hint == NULL) { 1283 s->session->psk_identity_hint == NULL) {
1285 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1284 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
@@ -1287,8 +1286,7 @@ dtls1_send_client_key_exchange(SSL *s)
1287 goto psk_err; 1286 goto psk_err;
1288 } 1287 }
1289 1288
1290 if (s->session->psk_identity != NULL) 1289 free(s->session->psk_identity);
1291 free(s->session->psk_identity);
1292 s->session->psk_identity = BUF_strdup(identity); 1290 s->session->psk_identity = BUF_strdup(identity);
1293 if (s->session->psk_identity == NULL) { 1291 if (s->session->psk_identity == NULL) {
1294 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1292 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
@@ -1344,8 +1342,7 @@ psk_err:
1344err: 1342err:
1345#ifndef OPENSSL_NO_ECDH 1343#ifndef OPENSSL_NO_ECDH
1346 BN_CTX_free(bn_ctx); 1344 BN_CTX_free(bn_ctx);
1347 if (encodedPoint != NULL) 1345 free(encodedPoint);
1348 free(encodedPoint);
1349 if (clnt_ecdh != NULL) 1346 if (clnt_ecdh != NULL)
1350 EC_KEY_free(clnt_ecdh); 1347 EC_KEY_free(clnt_ecdh);
1351 EVP_PKEY_free(srvr_pub_pkey); 1348 EVP_PKEY_free(srvr_pub_pkey);
diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c
index f0b9c1920a..87bc9b68c6 100644
--- a/src/lib/libssl/src/ssl/d1_lib.c
+++ b/src/lib/libssl/src/ssl/d1_lib.c
@@ -149,18 +149,14 @@ dtls1_clear_queues(SSL *s)
149 149
150 while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) { 150 while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
151 rdata = (DTLS1_RECORD_DATA *) item->data; 151 rdata = (DTLS1_RECORD_DATA *) item->data;
152 if (rdata->rbuf.buf) { 152 free(rdata->rbuf.buf);
153 free(rdata->rbuf.buf);
154 }
155 free(item->data); 153 free(item->data);
156 pitem_free(item); 154 pitem_free(item);
157 } 155 }
158 156
159 while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) { 157 while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {
160 rdata = (DTLS1_RECORD_DATA *) item->data; 158 rdata = (DTLS1_RECORD_DATA *) item->data;
161 if (rdata->rbuf.buf) { 159 free(rdata->rbuf.buf);
162 free(rdata->rbuf.buf);
163 }
164 free(item->data); 160 free(item->data);
165 pitem_free(item); 161 pitem_free(item);
166 } 162 }
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index c855d0e2a6..db898f507a 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -197,8 +197,7 @@ dtls1_copy_record(SSL *s, pitem *item)
197 197
198 rdata = (DTLS1_RECORD_DATA *)item->data; 198 rdata = (DTLS1_RECORD_DATA *)item->data;
199 199
200 if (s->s3->rbuf.buf != NULL) 200 free(s->s3->rbuf.buf);
201 free(s->s3->rbuf.buf);
202 201
203 s->packet = rdata->packet; 202 s->packet = rdata->packet;
204 s->packet_length = rdata->packet_length; 203 s->packet_length = rdata->packet_length;
@@ -349,8 +348,7 @@ dtls1_get_buffered_record(SSL *s)
349 item = pqueue_pop(s->d1->rcvd_records); 348 item = pqueue_pop(s->d1->rcvd_records);
350 rdata = (DTLS1_RECORD_DATA *)item->data; 349 rdata = (DTLS1_RECORD_DATA *)item->data;
351 350
352 if (s->s3->rbuf.buf != NULL) 351 free(s->s3->rbuf.buf);
353 free(s->s3->rbuf.buf);
354 352
355 s->packet = rdata->packet; 353 s->packet = rdata->packet;
356 s->packet_length = rdata->packet_length; 354 s->packet_length = rdata->packet_length;
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index 9dcdd7b998..f1d686b56f 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -719,20 +719,16 @@ ssl3_setup_buffers(SSL *s)
719int 719int
720ssl3_release_write_buffer(SSL *s) 720ssl3_release_write_buffer(SSL *s)
721{ 721{
722 if (s->s3->wbuf.buf != NULL) { 722 free(s->s3->wbuf.buf);
723 free(s->s3->wbuf.buf); 723 s->s3->wbuf.buf = NULL;
724 s->s3->wbuf.buf = NULL;
725 }
726 return 1; 724 return 1;
727} 725}
728 726
729int 727int
730ssl3_release_read_buffer(SSL *s) 728ssl3_release_read_buffer(SSL *s)
731{ 729{
732 if (s->s3->rbuf.buf != NULL) { 730 free(s->s3->rbuf.buf);
733 free(s->s3->rbuf.buf); 731 s->s3->rbuf.buf = NULL;
734 s->s3->rbuf.buf = NULL;
735 }
736 return 1; 732 return 1;
737} 733}
738 734
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 863a05adb3..ffbd83b060 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1292,8 +1292,7 @@ ssl3_get_key_exchange(SSL *s)
1292 */ 1292 */
1293 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) { 1293 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) {
1294 s->session->sess_cert = ssl_sess_cert_new(); 1294 s->session->sess_cert = ssl_sess_cert_new();
1295 if (s->ctx->psk_identity_hint) 1295 free(s->ctx->psk_identity_hint);
1296 free(s->ctx->psk_identity_hint);
1297 s->ctx->psk_identity_hint = NULL; 1296 s->ctx->psk_identity_hint = NULL;
1298 } 1297 }
1299#endif 1298#endif
@@ -1360,8 +1359,7 @@ ssl3_get_key_exchange(SSL *s)
1360 */ 1359 */
1361 memcpy(tmp_id_hint, p, i); 1360 memcpy(tmp_id_hint, p, i);
1362 memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); 1361 memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
1363 if (s->ctx->psk_identity_hint != NULL) 1362 free(s->ctx->psk_identity_hint);
1364 free(s->ctx->psk_identity_hint);
1365 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); 1363 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
1366 if (s->ctx->psk_identity_hint == NULL) { 1364 if (s->ctx->psk_identity_hint == NULL) {
1367 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1365 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
@@ -1952,10 +1950,8 @@ ssl3_get_new_session_ticket(SSL *s)
1952 SSL_R_LENGTH_MISMATCH); 1950 SSL_R_LENGTH_MISMATCH);
1953 goto f_err; 1951 goto f_err;
1954 } 1952 }
1955 if (s->session->tlsext_tick) { 1953 free(s->session->tlsext_tick);
1956 free(s->session->tlsext_tick); 1954 s->session->tlsext_ticklen = 0;
1957 s->session->tlsext_ticklen = 0;
1958 }
1959 s->session->tlsext_tick = malloc(ticklen); 1955 s->session->tlsext_tick = malloc(ticklen);
1960 if (!s->session->tlsext_tick) { 1956 if (!s->session->tlsext_tick) {
1961 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, 1957 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
@@ -2024,8 +2020,7 @@ ssl3_get_cert_status(SSL *s)
2024 SSL_R_LENGTH_MISMATCH); 2020 SSL_R_LENGTH_MISMATCH);
2025 goto f_err; 2021 goto f_err;
2026 } 2022 }
2027 if (s->tlsext_ocsp_resp) 2023 free(s->tlsext_ocsp_resp);
2028 free(s->tlsext_ocsp_resp);
2029 s->tlsext_ocsp_resp = BUF_memdup(p, resplen); 2024 s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
2030 if (!s->tlsext_ocsp_resp) { 2025 if (!s->tlsext_ocsp_resp) {
2031 al = SSL_AD_INTERNAL_ERROR; 2026 al = SSL_AD_INTERNAL_ERROR;
@@ -2399,8 +2394,7 @@ ssl3_send_client_key_exchange(SSL *s)
2399 2394
2400 /* Free allocated memory */ 2395 /* Free allocated memory */
2401 BN_CTX_free(bn_ctx); 2396 BN_CTX_free(bn_ctx);
2402 if (encodedPoint != NULL) 2397 free(encodedPoint);
2403 free(encodedPoint);
2404 if (clnt_ecdh != NULL) 2398 if (clnt_ecdh != NULL)
2405 EC_KEY_free(clnt_ecdh); 2399 EC_KEY_free(clnt_ecdh);
2406 EVP_PKEY_free(srvr_pub_pkey); 2400 EVP_PKEY_free(srvr_pub_pkey);
@@ -2551,8 +2545,7 @@ ssl3_send_client_key_exchange(SSL *s)
2551 t += psk_len; 2545 t += psk_len;
2552 s2n(psk_len, t); 2546 s2n(psk_len, t);
2553 2547
2554 if (s->session->psk_identity_hint != NULL) 2548 free(s->session->psk_identity_hint);
2555 free(s->session->psk_identity_hint);
2556 s->session->psk_identity_hint = 2549 s->session->psk_identity_hint =
2557 BUF_strdup(s->ctx->psk_identity_hint); 2550 BUF_strdup(s->ctx->psk_identity_hint);
2558 if (s->ctx->psk_identity_hint != NULL && 2551 if (s->ctx->psk_identity_hint != NULL &&
@@ -2562,8 +2555,7 @@ ssl3_send_client_key_exchange(SSL *s)
2562 goto psk_err; 2555 goto psk_err;
2563 } 2556 }
2564 2557
2565 if (s->session->psk_identity != NULL) 2558 free(s->session->psk_identity);
2566 free(s->session->psk_identity);
2567 s->session->psk_identity = BUF_strdup(identity); 2559 s->session->psk_identity = BUF_strdup(identity);
2568 if (s->session->psk_identity == NULL) { 2560 if (s->session->psk_identity == NULL) {
2569 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2561 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
@@ -2613,8 +2605,7 @@ ssl3_send_client_key_exchange(SSL *s)
2613 err: 2605 err:
2614#ifndef OPENSSL_NO_ECDH 2606#ifndef OPENSSL_NO_ECDH
2615 BN_CTX_free(bn_ctx); 2607 BN_CTX_free(bn_ctx);
2616 if (encodedPoint != NULL) 2608 free(encodedPoint);
2617 free(encodedPoint);
2618 if (clnt_ecdh != NULL) 2609 if (clnt_ecdh != NULL)
2619 EC_KEY_free(clnt_ecdh); 2610 EC_KEY_free(clnt_ecdh);
2620 EVP_PKEY_free(srvr_pub_pkey); 2611 EVP_PKEY_free(srvr_pub_pkey);
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index d8a186040b..2f4ab38863 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -2332,10 +2332,8 @@ ssl3_free(SSL *s)
2332 return; 2332 return;
2333 2333
2334#ifdef TLSEXT_TYPE_opaque_prf_input 2334#ifdef TLSEXT_TYPE_opaque_prf_input
2335 if (s->s3->client_opaque_prf_input != NULL) 2335 free(s->s3->client_opaque_prf_input);
2336 free(s->s3->client_opaque_prf_input); 2336 free(s->s3->server_opaque_prf_input);
2337 if (s->s3->server_opaque_prf_input != NULL)
2338 free(s->s3->server_opaque_prf_input);
2339#endif 2337#endif
2340 2338
2341 ssl3_cleanup_key_block(s); 2339 ssl3_cleanup_key_block(s);
@@ -2343,8 +2341,7 @@ ssl3_free(SSL *s)
2343 ssl3_release_read_buffer(s); 2341 ssl3_release_read_buffer(s);
2344 if (s->s3->wbuf.buf != NULL) 2342 if (s->s3->wbuf.buf != NULL)
2345 ssl3_release_write_buffer(s); 2343 ssl3_release_write_buffer(s);
2346 if (s->s3->rrec.comp != NULL) 2344 free(s->s3->rrec.comp);
2347 free(s->s3->rrec.comp);
2348#ifndef OPENSSL_NO_DH 2345#ifndef OPENSSL_NO_DH
2349 if (s->s3->tmp.dh != NULL) 2346 if (s->s3->tmp.dh != NULL)
2350 DH_free(s->s3->tmp.dh); 2347 DH_free(s->s3->tmp.dh);
@@ -2374,11 +2371,9 @@ ssl3_clear(SSL *s)
2374 int init_extra; 2371 int init_extra;
2375 2372
2376#ifdef TLSEXT_TYPE_opaque_prf_input 2373#ifdef TLSEXT_TYPE_opaque_prf_input
2377 if (s->s3->client_opaque_prf_input != NULL) 2374 free(s->s3->client_opaque_prf_input);
2378 free(s->s3->client_opaque_prf_input);
2379 s->s3->client_opaque_prf_input = NULL; 2375 s->s3->client_opaque_prf_input = NULL;
2380 if (s->s3->server_opaque_prf_input != NULL) 2376 free(s->s3->server_opaque_prf_input);
2381 free(s->s3->server_opaque_prf_input);
2382 s->s3->server_opaque_prf_input = NULL; 2377 s->s3->server_opaque_prf_input = NULL;
2383#endif 2378#endif
2384 2379
@@ -2386,10 +2381,9 @@ ssl3_clear(SSL *s)
2386 if (s->s3->tmp.ca_names != NULL) 2381 if (s->s3->tmp.ca_names != NULL)
2387 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2382 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2388 2383
2389 if (s->s3->rrec.comp != NULL) { 2384 free(s->s3->rrec.comp);
2390 free(s->s3->rrec.comp); 2385 s->s3->rrec.comp = NULL;
2391 s->s3->rrec.comp = NULL; 2386
2392 }
2393#ifndef OPENSSL_NO_DH 2387#ifndef OPENSSL_NO_DH
2394 if (s->s3->tmp.dh != NULL) { 2388 if (s->s3->tmp.dh != NULL) {
2395 DH_free(s->s3->tmp.dh); 2389 DH_free(s->s3->tmp.dh);
@@ -2437,11 +2431,9 @@ ssl3_clear(SSL *s)
2437 s->version = SSL3_VERSION; 2431 s->version = SSL3_VERSION;
2438 2432
2439#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 2433#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2440 if (s->next_proto_negotiated) { 2434 free(s->next_proto_negotiated);
2441 free(s->next_proto_negotiated); 2435 s->next_proto_negotiated = NULL;
2442 s->next_proto_negotiated = NULL; 2436 s->next_proto_negotiated_len = 0;
2443 s->next_proto_negotiated_len = 0;
2444 }
2445#endif 2437#endif
2446} 2438}
2447 2439
@@ -2589,8 +2581,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2589#ifndef OPENSSL_NO_TLSEXT 2581#ifndef OPENSSL_NO_TLSEXT
2590 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 2582 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2591 if (larg == TLSEXT_NAMETYPE_host_name) { 2583 if (larg == TLSEXT_NAMETYPE_host_name) {
2592 if (s->tlsext_hostname != NULL) 2584 free(s->tlsext_hostname);
2593 free(s->tlsext_hostname);
2594 s->tlsext_hostname = NULL; 2585 s->tlsext_hostname = NULL;
2595 2586
2596 ret = 1; 2587 ret = 1;
@@ -2630,8 +2621,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2630 SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); 2621 SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2631 break; 2622 break;
2632 } 2623 }
2633 if (s->tlsext_opaque_prf_input != NULL) 2624 free(s->tlsext_opaque_prf_input);
2634 free(s->tlsext_opaque_prf_input);
2635 if ((size_t)larg == 0) { 2625 if ((size_t)larg == 0) {
2636 s->tlsext_opaque_prf_input = NULL; 2626 s->tlsext_opaque_prf_input = NULL;
2637 s->tlsext_opaque_prf_input_len = 0; 2627 s->tlsext_opaque_prf_input_len = 0;
@@ -2678,8 +2668,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2678 return s->tlsext_ocsp_resplen; 2668 return s->tlsext_ocsp_resplen;
2679 2669
2680 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 2670 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2681 if (s->tlsext_ocsp_resp) 2671 free(s->tlsext_ocsp_resp);
2682 free(s->tlsext_ocsp_resp);
2683 s->tlsext_ocsp_resp = parg; 2672 s->tlsext_ocsp_resp = parg;
2684 s->tlsext_ocsp_resplen = larg; 2673 s->tlsext_ocsp_resplen = larg;
2685 ret = 1; 2674 ret = 1;
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 521f6a21e8..c16f7bb2ef 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1927,8 +1927,7 @@ f_err:
1927 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1927 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1928err: 1928err:
1929#ifndef OPENSSL_NO_ECDH 1929#ifndef OPENSSL_NO_ECDH
1930 if (encodedPoint != NULL) 1930 free(encodedPoint);
1931 free(encodedPoint);
1932 BN_CTX_free(bn_ctx); 1931 BN_CTX_free(bn_ctx);
1933#endif 1932#endif
1934 EVP_MD_CTX_cleanup(&md_ctx); 1933 EVP_MD_CTX_cleanup(&md_ctx);
@@ -2435,8 +2434,7 @@ ssl3_get_client_key_exchange(SSL *s)
2435 t += psk_len; 2434 t += psk_len;
2436 s2n(psk_len, t); 2435 s2n(psk_len, t);
2437 2436
2438 if (s->session->psk_identity != NULL) 2437 free(s->session->psk_identity);
2439 free(s->session->psk_identity);
2440 s->session->psk_identity = BUF_strdup((char *)p); 2438 s->session->psk_identity = BUF_strdup((char *)p);
2441 if (s->session->psk_identity == NULL) { 2439 if (s->session->psk_identity == NULL) {
2442 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2440 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
@@ -2444,8 +2442,7 @@ ssl3_get_client_key_exchange(SSL *s)
2444 goto psk_err; 2442 goto psk_err;
2445 } 2443 }
2446 2444
2447 if (s->session->psk_identity_hint != NULL) 2445 free(s->session->psk_identity_hint);
2448 free(s->session->psk_identity_hint);
2449 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 2446 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2450 if (s->ctx->psk_identity_hint != NULL && 2447 if (s->ctx->psk_identity_hint != NULL &&
2451 s->session->psk_identity_hint == NULL) { 2448 s->session->psk_identity_hint == NULL) {
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index e607060d42..bf98354294 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -549,25 +549,20 @@ SSL_free(SSL *s)
549 /* Free up if allocated */ 549 /* Free up if allocated */
550 550
551#ifndef OPENSSL_NO_TLSEXT 551#ifndef OPENSSL_NO_TLSEXT
552 if (s->tlsext_hostname) 552 free(s->tlsext_hostname);
553 free(s->tlsext_hostname);
554 if (s->initial_ctx) 553 if (s->initial_ctx)
555 SSL_CTX_free(s->initial_ctx); 554 SSL_CTX_free(s->initial_ctx);
556#ifndef OPENSSL_NO_EC 555#ifndef OPENSSL_NO_EC
557 if (s->tlsext_ecpointformatlist) 556 free(s->tlsext_ecpointformatlist);
558 free(s->tlsext_ecpointformatlist); 557 free(s->tlsext_ellipticcurvelist);
559 if (s->tlsext_ellipticcurvelist)
560 free(s->tlsext_ellipticcurvelist);
561#endif /* OPENSSL_NO_EC */ 558#endif /* OPENSSL_NO_EC */
562 if (s->tlsext_opaque_prf_input) 559 free(s->tlsext_opaque_prf_input);
563 free(s->tlsext_opaque_prf_input);
564 if (s->tlsext_ocsp_exts) 560 if (s->tlsext_ocsp_exts)
565 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, 561 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
566 X509_EXTENSION_free); 562 X509_EXTENSION_free);
567 if (s->tlsext_ocsp_ids) 563 if (s->tlsext_ocsp_ids)
568 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); 564 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
569 if (s->tlsext_ocsp_resp) 565 free(s->tlsext_ocsp_resp);
570 free(s->tlsext_ocsp_resp);
571#endif 566#endif
572 567
573 if (s->client_CA != NULL) 568 if (s->client_CA != NULL)
@@ -581,8 +576,7 @@ SSL_free(SSL *s)
581 576
582 577
583#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 578#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
584 if (s->next_proto_negotiated) 579 free(s->next_proto_negotiated);
585 free(s->next_proto_negotiated);
586#endif 580#endif
587 581
588#ifndef OPENSSL_NO_SRTP 582#ifndef OPENSSL_NO_SRTP
@@ -1893,7 +1887,8 @@ SSL_CTX_new(const SSL_METHOD *meth)
1893#if 0 1887#if 0
1894static void 1888static void
1895SSL_COMP_free(SSL_COMP *comp) 1889SSL_COMP_free(SSL_COMP *comp)
1896 { free(comp); 1890{
1891 free(comp);
1897} 1892}
1898#endif 1893#endif
1899 1894
@@ -1954,8 +1949,7 @@ SSL_CTX_free(SSL_CTX *a)
1954#endif 1949#endif
1955 1950
1956#ifndef OPENSSL_NO_PSK 1951#ifndef OPENSSL_NO_PSK
1957 if (a->psk_identity_hint) 1952 free(a->psk_identity_hint);
1958 free(a->psk_identity_hint);
1959#endif 1953#endif
1960#ifndef OPENSSL_NO_ENGINE 1954#ifndef OPENSSL_NO_ENGINE
1961 if (a->client_cert_engine) 1955 if (a->client_cert_engine)
@@ -3129,8 +3123,7 @@ SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
3129 SSL_R_DATA_LENGTH_TOO_LONG); 3123 SSL_R_DATA_LENGTH_TOO_LONG);
3130 return (0); 3124 return (0);
3131 } 3125 }
3132 if (ctx->psk_identity_hint != NULL) 3126 free(ctx->psk_identity_hint);
3133 free(ctx->psk_identity_hint);
3134 if (identity_hint != NULL) { 3127 if (identity_hint != NULL) {
3135 ctx->psk_identity_hint = BUF_strdup(identity_hint); 3128 ctx->psk_identity_hint = BUF_strdup(identity_hint);
3136 if (ctx->psk_identity_hint == NULL) 3129 if (ctx->psk_identity_hint == NULL)
@@ -3155,8 +3148,7 @@ SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
3155 SSL_R_DATA_LENGTH_TOO_LONG); 3148 SSL_R_DATA_LENGTH_TOO_LONG);
3156 return (0); 3149 return (0);
3157 } 3150 }
3158 if (s->session->psk_identity_hint != NULL) 3151 free(s->session->psk_identity_hint);
3159 free(s->session->psk_identity_hint);
3160 if (identity_hint != NULL) { 3152 if (identity_hint != NULL) {
3161 s->session->psk_identity_hint = BUF_strdup(identity_hint); 3153 s->session->psk_identity_hint = BUF_strdup(identity_hint);
3162 if (s->session->psk_identity_hint == NULL) 3154 if (s->session->psk_identity_hint == NULL)
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 05c6948efc..632d6a6860 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -366,8 +366,7 @@ ssl_get_new_session(SSL *s, int session)
366 } 366 }
367#ifndef OPENSSL_NO_EC 367#ifndef OPENSSL_NO_EC
368 if (s->tlsext_ecpointformatlist) { 368 if (s->tlsext_ecpointformatlist) {
369 if (ss->tlsext_ecpointformatlist != NULL) 369 free(ss->tlsext_ecpointformatlist);
370 free(ss->tlsext_ecpointformatlist);
371 if ((ss->tlsext_ecpointformatlist = malloc(s->tlsext_ecpointformatlist_length)) == NULL) { 370 if ((ss->tlsext_ecpointformatlist = malloc(s->tlsext_ecpointformatlist_length)) == NULL) {
372 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); 371 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
373 SSL_SESSION_free(ss); 372 SSL_SESSION_free(ss);
@@ -377,8 +376,7 @@ ssl_get_new_session(SSL *s, int session)
377 memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); 376 memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
378 } 377 }
379 if (s->tlsext_ellipticcurvelist) { 378 if (s->tlsext_ellipticcurvelist) {
380 if (ss->tlsext_ellipticcurvelist != NULL) 379 free(ss->tlsext_ellipticcurvelist);
381 free(ss->tlsext_ellipticcurvelist);
382 if ((ss->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { 380 if ((ss->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
383 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); 381 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
384 SSL_SESSION_free(ss); 382 SSL_SESSION_free(ss);
@@ -704,24 +702,18 @@ SSL_SESSION_free(SSL_SESSION *ss)
704 if (ss->ciphers != NULL) 702 if (ss->ciphers != NULL)
705 sk_SSL_CIPHER_free(ss->ciphers); 703 sk_SSL_CIPHER_free(ss->ciphers);
706#ifndef OPENSSL_NO_TLSEXT 704#ifndef OPENSSL_NO_TLSEXT
707 if (ss->tlsext_hostname != NULL) 705 free(ss->tlsext_hostname);
708 free(ss->tlsext_hostname); 706 free(ss->tlsext_tick);
709 if (ss->tlsext_tick != NULL)
710 free(ss->tlsext_tick);
711#ifndef OPENSSL_NO_EC 707#ifndef OPENSSL_NO_EC
712 ss->tlsext_ecpointformatlist_length = 0; 708 ss->tlsext_ecpointformatlist_length = 0;
713 if (ss->tlsext_ecpointformatlist != NULL) 709 free(ss->tlsext_ecpointformatlist);
714 free(ss->tlsext_ecpointformatlist);
715 ss->tlsext_ellipticcurvelist_length = 0; 710 ss->tlsext_ellipticcurvelist_length = 0;
716 if (ss->tlsext_ellipticcurvelist != NULL) 711 free(ss->tlsext_ellipticcurvelist);
717 free(ss->tlsext_ellipticcurvelist);
718#endif /* OPENSSL_NO_EC */ 712#endif /* OPENSSL_NO_EC */
719#endif 713#endif
720#ifndef OPENSSL_NO_PSK 714#ifndef OPENSSL_NO_PSK
721 if (ss->psk_identity_hint != NULL) 715 free(ss->psk_identity_hint);
722 free(ss->psk_identity_hint); 716 free(ss->psk_identity);
723 if (ss->psk_identity != NULL)
724 free(ss->psk_identity);
725#endif 717#endif
726 OPENSSL_cleanse(ss, sizeof(*ss)); 718 OPENSSL_cleanse(ss, sizeof(*ss));
727 free(ss); 719 free(ss);
@@ -874,11 +866,7 @@ int
874SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) 866SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
875{ 867{
876 if (s->version >= TLS1_VERSION) { 868 if (s->version >= TLS1_VERSION) {
877 if (s->tlsext_session_ticket) { 869 free(s->tlsext_session_ticket);
878 free(s->tlsext_session_ticket);
879 s->tlsext_session_ticket = NULL;
880 }
881
882 s->tlsext_session_ticket = malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); 870 s->tlsext_session_ticket = malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
883 if (!s->tlsext_session_ticket) { 871 if (!s->tlsext_session_ticket) {
884 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); 872 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index a9be8bdb4c..7b4afa4d27 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -1019,10 +1019,8 @@ err2:
1019 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE); 1019 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
1020 rv = 0; 1020 rv = 0;
1021ret: 1021ret:
1022 if (buff != NULL) 1022 free(buff);
1023 free(buff); 1023 free(val);
1024 if (val != NULL)
1025 free(val);
1026 return (rv); 1024 return (rv);
1027} 1025}
1028 1026
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index c45708bf78..205c2558fb 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -163,9 +163,7 @@ void
163tls1_free(SSL *s) 163tls1_free(SSL *s)
164{ 164{
165#ifndef OPENSSL_NO_TLSEXT 165#ifndef OPENSSL_NO_TLSEXT
166 if (s->tlsext_session_ticket) { 166 free(s->tlsext_session_ticket);
167 free(s->tlsext_session_ticket);
168 }
169#endif /* OPENSSL_NO_TLSEXT */ 167#endif /* OPENSSL_NO_TLSEXT */
170 ssl3_free(s); 168 ssl3_free(s);
171} 169}
@@ -1082,10 +1080,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1082 return 0; 1080 return 0;
1083 } 1081 }
1084 if (!s->hit) { 1082 if (!s->hit) {
1085 if (s->session->tlsext_ecpointformatlist) { 1083 free(s->session->tlsext_ecpointformatlist);
1086 free(s->session->tlsext_ecpointformatlist);
1087 s->session->tlsext_ecpointformatlist = NULL;
1088 }
1089 s->session->tlsext_ecpointformatlist_length = 0; 1084 s->session->tlsext_ecpointformatlist_length = 0;
1090 if ((s->session->tlsext_ecpointformatlist = 1085 if ((s->session->tlsext_ecpointformatlist =
1091 malloc(ecpointformatlist_length)) == NULL) { 1086 malloc(ecpointformatlist_length)) == NULL) {
@@ -1151,8 +1146,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1151 return 0; 1146 return 0;
1152 } 1147 }
1153 1148
1154 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ 1149 free(s->s3->client_opaque_prf_input);
1155 free(s->s3->client_opaque_prf_input); 1150
1156 if (s->s3->client_opaque_prf_input_len == 0) 1151 if (s->s3->client_opaque_prf_input_len == 0)
1157 s->s3->client_opaque_prf_input = NULL; 1152 s->s3->client_opaque_prf_input = NULL;
1158 else { 1153 else {
@@ -1413,8 +1408,8 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1413 return 0; 1408 return 0;
1414 } 1409 }
1415 s->session->tlsext_ecpointformatlist_length = 0; 1410 s->session->tlsext_ecpointformatlist_length = 0;
1416 if (s->session->tlsext_ecpointformatlist != NULL) 1411
1417 free(s->session->tlsext_ecpointformatlist); 1412 free(s->session->tlsext_ecpointformatlist);
1418 if ((s->session->tlsext_ecpointformatlist = 1413 if ((s->session->tlsext_ecpointformatlist =
1419 malloc(ecpointformatlist_length)) == NULL) { 1414 malloc(ecpointformatlist_length)) == NULL) {
1420 *al = TLS1_AD_INTERNAL_ERROR; 1415 *al = TLS1_AD_INTERNAL_ERROR;
@@ -1458,14 +1453,13 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1458 return 0; 1453 return 0;
1459 } 1454 }
1460 1455
1461 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ 1456 free(s->s3->server_opaque_prf_input);
1462 free(s->s3->server_opaque_prf_input); 1457 s->s3->server_opaque_prf_input = NULL;
1463 if (s->s3->server_opaque_prf_input_len == 0) 1458
1464 s->s3->server_opaque_prf_input = NULL; 1459 if (s->s3->server_opaque_prf_input_len != 0)
1465 else {
1466 s->s3->server_opaque_prf_input = 1460 s->s3->server_opaque_prf_input =
1467 BUF_memdup(sdata, 1461 BUF_memdup(sdata,
1468 s->s3->server_opaque_prf_input_len); 1462 s->s3->server_opaque_prf_input_len);
1469 if (s->s3->server_opaque_prf_input == NULL) { 1463 if (s->s3->server_opaque_prf_input == NULL) {
1470 *al = TLS1_AD_INTERNAL_ERROR; 1464 *al = TLS1_AD_INTERNAL_ERROR;
1471 return 0; 1465 return 0;
@@ -1600,8 +1594,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1600 } 1594 }
1601 using_ecc = using_ecc && (s->version >= TLS1_VERSION); 1595 using_ecc = using_ecc && (s->version >= TLS1_VERSION);
1602 if (using_ecc) { 1596 if (using_ecc) {
1603 if (s->tlsext_ecpointformatlist != NULL) 1597 free(s->tlsext_ecpointformatlist);
1604 free(s->tlsext_ecpointformatlist);
1605 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { 1598 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
1606 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, 1599 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
1607 ERR_R_MALLOC_FAILURE); 1600 ERR_R_MALLOC_FAILURE);
@@ -1613,8 +1606,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1613 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1606 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1614 1607
1615 /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ 1608 /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
1616 if (s->tlsext_ellipticcurvelist != NULL) 1609 free(s->tlsext_ellipticcurvelist);
1617 free(s->tlsext_ellipticcurvelist);
1618 s->tlsext_ellipticcurvelist_length = sizeof(pref_list) / sizeof(pref_list[0]) * 2; 1610 s->tlsext_ellipticcurvelist_length = sizeof(pref_list) / sizeof(pref_list[0]) * 2;
1619 if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { 1611 if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
1620 s->tlsext_ellipticcurvelist_length = 0; 1612 s->tlsext_ellipticcurvelist_length = 0;
@@ -1640,9 +1632,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1640 } 1632 }
1641 1633
1642 if (s->tlsext_opaque_prf_input != NULL) { 1634 if (s->tlsext_opaque_prf_input != NULL) {
1643 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ 1635 free(s->s3->client_opaque_prf_input);
1644 free(s->s3->client_opaque_prf_input);
1645
1646 if (s->tlsext_opaque_prf_input_len == 0) 1636 if (s->tlsext_opaque_prf_input_len == 0)
1647 s->s3->client_opaque_prf_input = NULL; 1637 s->s3->client_opaque_prf_input = NULL;
1648 else { 1638 else {
@@ -1684,8 +1674,7 @@ ssl_prepare_serverhello_tlsext(SSL *s)
1684 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); 1674 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
1685 1675
1686 if (using_ecc) { 1676 if (using_ecc) {
1687 if (s->tlsext_ecpointformatlist != NULL) 1677 free(s->tlsext_ecpointformatlist);
1688 free(s->tlsext_ecpointformatlist);
1689 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { 1678 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
1690 SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); 1679 SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
1691 return -1; 1680 return -1;
@@ -1738,8 +1727,7 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1738 } 1727 }
1739 } 1728 }
1740 1729
1741 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ 1730 free(s->s3->server_opaque_prf_input);
1742 free(s->s3->server_opaque_prf_input);
1743 s->s3->server_opaque_prf_input = NULL; 1731 s->s3->server_opaque_prf_input = NULL;
1744 1732
1745 if (s->tlsext_opaque_prf_input != NULL) { 1733 if (s->tlsext_opaque_prf_input != NULL) {
@@ -1922,10 +1910,8 @@ ssl_check_serverhello_tlsext(SSL *s)
1922 /* Set resp to NULL, resplen to -1 so callback knows 1910 /* Set resp to NULL, resplen to -1 so callback knows
1923 * there is no response. 1911 * there is no response.
1924 */ 1912 */
1925 if (s->tlsext_ocsp_resp) { 1913 free(s->tlsext_ocsp_resp);
1926 free(s->tlsext_ocsp_resp); 1914 s->tlsext_ocsp_resp = NULL;
1927 s->tlsext_ocsp_resp = NULL;
1928 }
1929 s->tlsext_ocsp_resplen = -1; 1915 s->tlsext_ocsp_resplen = -1;
1930 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 1916 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1931 if (r == 0) { 1917 if (r == 0) {
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index e607060d42..bf98354294 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -549,25 +549,20 @@ SSL_free(SSL *s)
549 /* Free up if allocated */ 549 /* Free up if allocated */
550 550
551#ifndef OPENSSL_NO_TLSEXT 551#ifndef OPENSSL_NO_TLSEXT
552 if (s->tlsext_hostname) 552 free(s->tlsext_hostname);
553 free(s->tlsext_hostname);
554 if (s->initial_ctx) 553 if (s->initial_ctx)
555 SSL_CTX_free(s->initial_ctx); 554 SSL_CTX_free(s->initial_ctx);
556#ifndef OPENSSL_NO_EC 555#ifndef OPENSSL_NO_EC
557 if (s->tlsext_ecpointformatlist) 556 free(s->tlsext_ecpointformatlist);
558 free(s->tlsext_ecpointformatlist); 557 free(s->tlsext_ellipticcurvelist);
559 if (s->tlsext_ellipticcurvelist)
560 free(s->tlsext_ellipticcurvelist);
561#endif /* OPENSSL_NO_EC */ 558#endif /* OPENSSL_NO_EC */
562 if (s->tlsext_opaque_prf_input) 559 free(s->tlsext_opaque_prf_input);
563 free(s->tlsext_opaque_prf_input);
564 if (s->tlsext_ocsp_exts) 560 if (s->tlsext_ocsp_exts)
565 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, 561 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
566 X509_EXTENSION_free); 562 X509_EXTENSION_free);
567 if (s->tlsext_ocsp_ids) 563 if (s->tlsext_ocsp_ids)
568 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); 564 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
569 if (s->tlsext_ocsp_resp) 565 free(s->tlsext_ocsp_resp);
570 free(s->tlsext_ocsp_resp);
571#endif 566#endif
572 567
573 if (s->client_CA != NULL) 568 if (s->client_CA != NULL)
@@ -581,8 +576,7 @@ SSL_free(SSL *s)
581 576
582 577
583#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 578#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
584 if (s->next_proto_negotiated) 579 free(s->next_proto_negotiated);
585 free(s->next_proto_negotiated);
586#endif 580#endif
587 581
588#ifndef OPENSSL_NO_SRTP 582#ifndef OPENSSL_NO_SRTP
@@ -1893,7 +1887,8 @@ SSL_CTX_new(const SSL_METHOD *meth)
1893#if 0 1887#if 0
1894static void 1888static void
1895SSL_COMP_free(SSL_COMP *comp) 1889SSL_COMP_free(SSL_COMP *comp)
1896 { free(comp); 1890{
1891 free(comp);
1897} 1892}
1898#endif 1893#endif
1899 1894
@@ -1954,8 +1949,7 @@ SSL_CTX_free(SSL_CTX *a)
1954#endif 1949#endif
1955 1950
1956#ifndef OPENSSL_NO_PSK 1951#ifndef OPENSSL_NO_PSK
1957 if (a->psk_identity_hint) 1952 free(a->psk_identity_hint);
1958 free(a->psk_identity_hint);
1959#endif 1953#endif
1960#ifndef OPENSSL_NO_ENGINE 1954#ifndef OPENSSL_NO_ENGINE
1961 if (a->client_cert_engine) 1955 if (a->client_cert_engine)
@@ -3129,8 +3123,7 @@ SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
3129 SSL_R_DATA_LENGTH_TOO_LONG); 3123 SSL_R_DATA_LENGTH_TOO_LONG);
3130 return (0); 3124 return (0);
3131 } 3125 }
3132 if (ctx->psk_identity_hint != NULL) 3126 free(ctx->psk_identity_hint);
3133 free(ctx->psk_identity_hint);
3134 if (identity_hint != NULL) { 3127 if (identity_hint != NULL) {
3135 ctx->psk_identity_hint = BUF_strdup(identity_hint); 3128 ctx->psk_identity_hint = BUF_strdup(identity_hint);
3136 if (ctx->psk_identity_hint == NULL) 3129 if (ctx->psk_identity_hint == NULL)
@@ -3155,8 +3148,7 @@ SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
3155 SSL_R_DATA_LENGTH_TOO_LONG); 3148 SSL_R_DATA_LENGTH_TOO_LONG);
3156 return (0); 3149 return (0);
3157 } 3150 }
3158 if (s->session->psk_identity_hint != NULL) 3151 free(s->session->psk_identity_hint);
3159 free(s->session->psk_identity_hint);
3160 if (identity_hint != NULL) { 3152 if (identity_hint != NULL) {
3161 s->session->psk_identity_hint = BUF_strdup(identity_hint); 3153 s->session->psk_identity_hint = BUF_strdup(identity_hint);
3162 if (s->session->psk_identity_hint == NULL) 3154 if (s->session->psk_identity_hint == NULL)
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 05c6948efc..632d6a6860 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -366,8 +366,7 @@ ssl_get_new_session(SSL *s, int session)
366 } 366 }
367#ifndef OPENSSL_NO_EC 367#ifndef OPENSSL_NO_EC
368 if (s->tlsext_ecpointformatlist) { 368 if (s->tlsext_ecpointformatlist) {
369 if (ss->tlsext_ecpointformatlist != NULL) 369 free(ss->tlsext_ecpointformatlist);
370 free(ss->tlsext_ecpointformatlist);
371 if ((ss->tlsext_ecpointformatlist = malloc(s->tlsext_ecpointformatlist_length)) == NULL) { 370 if ((ss->tlsext_ecpointformatlist = malloc(s->tlsext_ecpointformatlist_length)) == NULL) {
372 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); 371 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
373 SSL_SESSION_free(ss); 372 SSL_SESSION_free(ss);
@@ -377,8 +376,7 @@ ssl_get_new_session(SSL *s, int session)
377 memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); 376 memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
378 } 377 }
379 if (s->tlsext_ellipticcurvelist) { 378 if (s->tlsext_ellipticcurvelist) {
380 if (ss->tlsext_ellipticcurvelist != NULL) 379 free(ss->tlsext_ellipticcurvelist);
381 free(ss->tlsext_ellipticcurvelist);
382 if ((ss->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { 380 if ((ss->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
383 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); 381 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
384 SSL_SESSION_free(ss); 382 SSL_SESSION_free(ss);
@@ -704,24 +702,18 @@ SSL_SESSION_free(SSL_SESSION *ss)
704 if (ss->ciphers != NULL) 702 if (ss->ciphers != NULL)
705 sk_SSL_CIPHER_free(ss->ciphers); 703 sk_SSL_CIPHER_free(ss->ciphers);
706#ifndef OPENSSL_NO_TLSEXT 704#ifndef OPENSSL_NO_TLSEXT
707 if (ss->tlsext_hostname != NULL) 705 free(ss->tlsext_hostname);
708 free(ss->tlsext_hostname); 706 free(ss->tlsext_tick);
709 if (ss->tlsext_tick != NULL)
710 free(ss->tlsext_tick);
711#ifndef OPENSSL_NO_EC 707#ifndef OPENSSL_NO_EC
712 ss->tlsext_ecpointformatlist_length = 0; 708 ss->tlsext_ecpointformatlist_length = 0;
713 if (ss->tlsext_ecpointformatlist != NULL) 709 free(ss->tlsext_ecpointformatlist);
714 free(ss->tlsext_ecpointformatlist);
715 ss->tlsext_ellipticcurvelist_length = 0; 710 ss->tlsext_ellipticcurvelist_length = 0;
716 if (ss->tlsext_ellipticcurvelist != NULL) 711 free(ss->tlsext_ellipticcurvelist);
717 free(ss->tlsext_ellipticcurvelist);
718#endif /* OPENSSL_NO_EC */ 712#endif /* OPENSSL_NO_EC */
719#endif 713#endif
720#ifndef OPENSSL_NO_PSK 714#ifndef OPENSSL_NO_PSK
721 if (ss->psk_identity_hint != NULL) 715 free(ss->psk_identity_hint);
722 free(ss->psk_identity_hint); 716 free(ss->psk_identity);
723 if (ss->psk_identity != NULL)
724 free(ss->psk_identity);
725#endif 717#endif
726 OPENSSL_cleanse(ss, sizeof(*ss)); 718 OPENSSL_cleanse(ss, sizeof(*ss));
727 free(ss); 719 free(ss);
@@ -874,11 +866,7 @@ int
874SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) 866SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
875{ 867{
876 if (s->version >= TLS1_VERSION) { 868 if (s->version >= TLS1_VERSION) {
877 if (s->tlsext_session_ticket) { 869 free(s->tlsext_session_ticket);
878 free(s->tlsext_session_ticket);
879 s->tlsext_session_ticket = NULL;
880 }
881
882 s->tlsext_session_ticket = malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); 870 s->tlsext_session_ticket = malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
883 if (!s->tlsext_session_ticket) { 871 if (!s->tlsext_session_ticket) {
884 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); 872 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index a9be8bdb4c..7b4afa4d27 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1019,10 +1019,8 @@ err2:
1019 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE); 1019 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
1020 rv = 0; 1020 rv = 0;
1021ret: 1021ret:
1022 if (buff != NULL) 1022 free(buff);
1023 free(buff); 1023 free(val);
1024 if (val != NULL)
1025 free(val);
1026 return (rv); 1024 return (rv);
1027} 1025}
1028 1026
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index c45708bf78..205c2558fb 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -163,9 +163,7 @@ void
163tls1_free(SSL *s) 163tls1_free(SSL *s)
164{ 164{
165#ifndef OPENSSL_NO_TLSEXT 165#ifndef OPENSSL_NO_TLSEXT
166 if (s->tlsext_session_ticket) { 166 free(s->tlsext_session_ticket);
167 free(s->tlsext_session_ticket);
168 }
169#endif /* OPENSSL_NO_TLSEXT */ 167#endif /* OPENSSL_NO_TLSEXT */
170 ssl3_free(s); 168 ssl3_free(s);
171} 169}
@@ -1082,10 +1080,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1082 return 0; 1080 return 0;
1083 } 1081 }
1084 if (!s->hit) { 1082 if (!s->hit) {
1085 if (s->session->tlsext_ecpointformatlist) { 1083 free(s->session->tlsext_ecpointformatlist);
1086 free(s->session->tlsext_ecpointformatlist);
1087 s->session->tlsext_ecpointformatlist = NULL;
1088 }
1089 s->session->tlsext_ecpointformatlist_length = 0; 1084 s->session->tlsext_ecpointformatlist_length = 0;
1090 if ((s->session->tlsext_ecpointformatlist = 1085 if ((s->session->tlsext_ecpointformatlist =
1091 malloc(ecpointformatlist_length)) == NULL) { 1086 malloc(ecpointformatlist_length)) == NULL) {
@@ -1151,8 +1146,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1151 return 0; 1146 return 0;
1152 } 1147 }
1153 1148
1154 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ 1149 free(s->s3->client_opaque_prf_input);
1155 free(s->s3->client_opaque_prf_input); 1150
1156 if (s->s3->client_opaque_prf_input_len == 0) 1151 if (s->s3->client_opaque_prf_input_len == 0)
1157 s->s3->client_opaque_prf_input = NULL; 1152 s->s3->client_opaque_prf_input = NULL;
1158 else { 1153 else {
@@ -1413,8 +1408,8 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1413 return 0; 1408 return 0;
1414 } 1409 }
1415 s->session->tlsext_ecpointformatlist_length = 0; 1410 s->session->tlsext_ecpointformatlist_length = 0;
1416 if (s->session->tlsext_ecpointformatlist != NULL) 1411
1417 free(s->session->tlsext_ecpointformatlist); 1412 free(s->session->tlsext_ecpointformatlist);
1418 if ((s->session->tlsext_ecpointformatlist = 1413 if ((s->session->tlsext_ecpointformatlist =
1419 malloc(ecpointformatlist_length)) == NULL) { 1414 malloc(ecpointformatlist_length)) == NULL) {
1420 *al = TLS1_AD_INTERNAL_ERROR; 1415 *al = TLS1_AD_INTERNAL_ERROR;
@@ -1458,14 +1453,13 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1458 return 0; 1453 return 0;
1459 } 1454 }
1460 1455
1461 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ 1456 free(s->s3->server_opaque_prf_input);
1462 free(s->s3->server_opaque_prf_input); 1457 s->s3->server_opaque_prf_input = NULL;
1463 if (s->s3->server_opaque_prf_input_len == 0) 1458
1464 s->s3->server_opaque_prf_input = NULL; 1459 if (s->s3->server_opaque_prf_input_len != 0)
1465 else {
1466 s->s3->server_opaque_prf_input = 1460 s->s3->server_opaque_prf_input =
1467 BUF_memdup(sdata, 1461 BUF_memdup(sdata,
1468 s->s3->server_opaque_prf_input_len); 1462 s->s3->server_opaque_prf_input_len);
1469 if (s->s3->server_opaque_prf_input == NULL) { 1463 if (s->s3->server_opaque_prf_input == NULL) {
1470 *al = TLS1_AD_INTERNAL_ERROR; 1464 *al = TLS1_AD_INTERNAL_ERROR;
1471 return 0; 1465 return 0;
@@ -1600,8 +1594,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1600 } 1594 }
1601 using_ecc = using_ecc && (s->version >= TLS1_VERSION); 1595 using_ecc = using_ecc && (s->version >= TLS1_VERSION);
1602 if (using_ecc) { 1596 if (using_ecc) {
1603 if (s->tlsext_ecpointformatlist != NULL) 1597 free(s->tlsext_ecpointformatlist);
1604 free(s->tlsext_ecpointformatlist);
1605 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { 1598 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
1606 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, 1599 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
1607 ERR_R_MALLOC_FAILURE); 1600 ERR_R_MALLOC_FAILURE);
@@ -1613,8 +1606,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1613 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1606 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1614 1607
1615 /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ 1608 /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
1616 if (s->tlsext_ellipticcurvelist != NULL) 1609 free(s->tlsext_ellipticcurvelist);
1617 free(s->tlsext_ellipticcurvelist);
1618 s->tlsext_ellipticcurvelist_length = sizeof(pref_list) / sizeof(pref_list[0]) * 2; 1610 s->tlsext_ellipticcurvelist_length = sizeof(pref_list) / sizeof(pref_list[0]) * 2;
1619 if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { 1611 if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
1620 s->tlsext_ellipticcurvelist_length = 0; 1612 s->tlsext_ellipticcurvelist_length = 0;
@@ -1640,9 +1632,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1640 } 1632 }
1641 1633
1642 if (s->tlsext_opaque_prf_input != NULL) { 1634 if (s->tlsext_opaque_prf_input != NULL) {
1643 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ 1635 free(s->s3->client_opaque_prf_input);
1644 free(s->s3->client_opaque_prf_input);
1645
1646 if (s->tlsext_opaque_prf_input_len == 0) 1636 if (s->tlsext_opaque_prf_input_len == 0)
1647 s->s3->client_opaque_prf_input = NULL; 1637 s->s3->client_opaque_prf_input = NULL;
1648 else { 1638 else {
@@ -1684,8 +1674,7 @@ ssl_prepare_serverhello_tlsext(SSL *s)
1684 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); 1674 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
1685 1675
1686 if (using_ecc) { 1676 if (using_ecc) {
1687 if (s->tlsext_ecpointformatlist != NULL) 1677 free(s->tlsext_ecpointformatlist);
1688 free(s->tlsext_ecpointformatlist);
1689 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { 1678 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
1690 SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); 1679 SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
1691 return -1; 1680 return -1;
@@ -1738,8 +1727,7 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1738 } 1727 }
1739 } 1728 }
1740 1729
1741 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ 1730 free(s->s3->server_opaque_prf_input);
1742 free(s->s3->server_opaque_prf_input);
1743 s->s3->server_opaque_prf_input = NULL; 1731 s->s3->server_opaque_prf_input = NULL;
1744 1732
1745 if (s->tlsext_opaque_prf_input != NULL) { 1733 if (s->tlsext_opaque_prf_input != NULL) {
@@ -1922,10 +1910,8 @@ ssl_check_serverhello_tlsext(SSL *s)
1922 /* Set resp to NULL, resplen to -1 so callback knows 1910 /* Set resp to NULL, resplen to -1 so callback knows
1923 * there is no response. 1911 * there is no response.
1924 */ 1912 */
1925 if (s->tlsext_ocsp_resp) { 1913 free(s->tlsext_ocsp_resp);
1926 free(s->tlsext_ocsp_resp); 1914 s->tlsext_ocsp_resp = NULL;
1927 s->tlsext_ocsp_resp = NULL;
1928 }
1929 s->tlsext_ocsp_resplen = -1; 1915 s->tlsext_ocsp_resplen = -1;
1930 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 1916 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1931 if (r == 0) { 1917 if (r == 0) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 13:47:59 +0000