sk_pop_free() checks for NULL so do not bother doing it from the callers.

author: jsing <> 2017-01-24 14:57:31 +0000
committer: jsing <> 2017-01-24 14:57:31 +0000
commit: 66e0d0ee54e4c4af19fda4ee640663c25db4ff98 (patch)
tree: 011d7c934d9ef4ec841c1eca72c4ea94099316ff /src
parent: 1f69a13dbd8fc8afa993eb1a81c801b20e83db93 (diff)
download: openbsd-66e0d0ee54e4c4af19fda4ee640663c25db4ff98.tar.gz
openbsd-66e0d0ee54e4c4af19fda4ee640663c25db4ff98.tar.bz2
openbsd-66e0d0ee54e4c4af19fda4ee640663c25db4ff98.zip
7 files changed, 31 insertions, 50 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index e8cc0e3905..e44a025e57 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.171 2017/01/24 01:39:13 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.172 2017/01/24 14:57:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1723,8 +1723,7 @@ ssl3_get_certificate_request(SSL *s)
        /* we should setup a certificate to return.... */
        S3I(s)->tmp.cert_req = 1;
        S3I(s)->tmp.ctype_num = ctype_num;
-        if (S3I(s)->tmp.ca_names != NULL)
+        sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
-                sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
        S3I(s)->tmp.ca_names = ca_sk;
        ca_sk = NULL;
@@ -1736,8 +1735,7 @@ truncated:
        }
 err:
        X509_NAME_free(xn);
-        if (ca_sk != NULL)
+        sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
-                sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
        return (ret);
 }
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 9d0217e95f..977c170403 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.130 2017/01/24 09:03:21 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.131 2017/01/24 14:57:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1838,8 +1838,7 @@ ssl3_free(SSL *s)
                explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
        free(S3I(s)->tmp.x25519);
-        if (S3I(s)->tmp.ca_names != NULL)
+        sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
-                sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
        BIO_free(S3I(s)->handshake_buffer);
        tls1_free_digest_list(s);
        free(S3I(s)->alpn_selected);
@@ -1861,8 +1860,7 @@ ssl3_clear(SSL *s)
        size_t           rlen, wlen;
        tls1_cleanup_key_block(s);
-        if (S3I(s)->tmp.ca_names != NULL)
+        sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
-                sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
        DH_free(S3I(s)->tmp.dh);
        S3I(s)->tmp.dh = NULL;
@@ -2330,10 +2328,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                break;
        case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
-                if (ctx->extra_certs) {
+                sk_X509_pop_free(ctx->extra_certs, X509_free);
-                        sk_X509_pop_free(ctx->extra_certs, X509_free);
+                ctx->extra_certs = NULL;
-                        ctx->extra_certs = NULL;
-                }
                break;
        default:
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 3709587742..c6d340026a 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.152 2017/01/24 12:22:23 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.153 2017/01/24 14:57:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2595,8 +2595,7 @@ ssl3_get_client_certificate(SSL *s)
                        goto err;
                }
        }
-        if (SSI(s)->sess_cert->cert_chain != NULL)
+        sk_X509_pop_free(SSI(s)->sess_cert->cert_chain, X509_free);
-                sk_X509_pop_free(SSI(s)->sess_cert->cert_chain, X509_free);
        SSI(s)->sess_cert->cert_chain = sk;
        /*
@@ -2617,8 +2616,8 @@ f_err:
        }
 err:
        X509_free(x);
-        if (sk != NULL)
+        sk_X509_pop_free(sk, X509_free);
-                sk_X509_pop_free(sk, X509_free);
        return (ret);
 }
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index c23e789bf8..9ce8585d46 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.58 2017/01/23 06:45:30 beck Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.59 2017/01/24 14:57:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -395,9 +395,7 @@ ssl_sess_cert_free(SESS_CERT *sc)
        if (i > 0)
                return;
-        /* i == 0 */
+        sk_X509_pop_free(sc->cert_chain, X509_free);
-        if (sc->cert_chain != NULL)
-                sk_X509_pop_free(sc->cert_chain, X509_free);
        for (i = 0; i < SSL_PKEY_NUM; i++)
                X509_free(sc->peer_pkeys[i].x509);
@@ -459,9 +457,7 @@ static void
 set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
    STACK_OF(X509_NAME) *name_list)
 {
-        if (*ca_list != NULL)
+        sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
-                sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
        *ca_list = name_list;
 }
@@ -611,8 +607,7 @@ SSL_load_client_CA_file(const char *file)
        if (0) {
 err:
-                if (ret != NULL)
+                sk_X509_NAME_pop_free(ret, X509_NAME_free);
-                        sk_X509_NAME_pop_free(ret, X509_NAME_free);
                ret = NULL;
        }
        if (sk != NULL)
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 21d2d231d1..bdf6bc6ee3 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.146 2017/01/24 13:34:26 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.147 2017/01/24 14:57:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -561,17 +561,16 @@ SSL_free(SSL *s)
        free(s->tlsext_hostname);
        SSL_CTX_free(s->initial_ctx);
        free(s->internal->tlsext_ecpointformatlist);
        free(s->internal->tlsext_supportedgroups);
-        if (s->internal->tlsext_ocsp_exts)
-                sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
+        sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
-                    X509_EXTENSION_free);
+            X509_EXTENSION_free);
-        if (s->internal->tlsext_ocsp_ids)
+        sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free);
-                sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free);
        free(s->internal->tlsext_ocsp_resp);
-        if (s->internal->client_CA != NULL)
+        sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free);
-                sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free);
        if (s->method != NULL)
                s->method->internal->ssl_free(s);
@@ -2011,10 +2010,8 @@ SSL_CTX_free(SSL_CTX *ctx)
        sk_SSL_CIPHER_free(ctx->cipher_list);
        sk_SSL_CIPHER_free(ctx->internal->cipher_list_by_id);
        ssl_cert_free(ctx->internal->cert);
-        if (ctx->internal->client_CA != NULL)
+        sk_X509_NAME_pop_free(ctx->internal->client_CA, X509_NAME_free);
-                sk_X509_NAME_pop_free(ctx->internal->client_CA, X509_NAME_free);
+        sk_X509_pop_free(ctx->extra_certs, X509_free);
-        if (ctx->extra_certs != NULL)
-                sk_X509_pop_free(ctx->extra_certs, X509_free);
 #ifndef OPENSSL_NO_SRTP
        if (ctx->internal->srtp_profiles)
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index 82c8cc0a87..03eedc0d8a 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_rsa.c,v 1.24 2017/01/23 22:34:38 beck Exp $ */
+/* $OpenBSD: ssl_rsa.c,v 1.25 2017/01/24 14:57:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -671,10 +671,8 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
                int r;
                unsigned long err;
-                if (ctx->extra_certs != NULL) {
+                sk_X509_pop_free(ctx->extra_certs, X509_free);
-                        sk_X509_pop_free(ctx->extra_certs, X509_free);
+                ctx->extra_certs = NULL;
-                        ctx->extra_certs = NULL;
-                }
                while ((ca = PEM_read_bio_X509(in, NULL,
                    ctx->default_passwd_callback,
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 23e1a2d350..9b60d664e5 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.110 2017/01/24 12:24:07 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.111 2017/01/24 14:57:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1593,10 +1593,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                                }
                                sdata = data;
                                if (dsize > 0) {
-                                        if (s->internal->tlsext_ocsp_exts) {
+                                        sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
-                                                sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
+                                            X509_EXTENSION_free);
-                                                    X509_EXTENSION_free);
-                                        }
                                        s->internal->tlsext_ocsp_exts =
                                            d2i_X509_EXTENSIONS(NULL,
author	jsing <>	2017-01-24 14:57:31 +0000
committer	jsing <>	2017-01-24 14:57:31 +0000
commit	66e0d0ee54e4c4af19fda4ee640663c25db4ff98 (patch)
tree	011d7c934d9ef4ec841c1eca72c4ea94099316ff /src
parent	1f69a13dbd8fc8afa993eb1a81c801b20e83db93 (diff)
download	openbsd-66e0d0ee54e4c4af19fda4ee640663c25db4ff98.tar.gz openbsd-66e0d0ee54e4c4af19fda4ee640663c25db4ff98.tar.bz2 openbsd-66e0d0ee54e4c4af19fda4ee640663c25db4ff98.zip

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index e8cc0e3905..e44a025e57 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.171 2017/01/24 01:39:13 jsing Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.172 2017/01/24 14:57:31 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1723,8 +1723,7 @@ ssl3_get_certificate_request(SSL *s)
1723	/* we should setup a certificate to return.... */	1723	/* we should setup a certificate to return.... */
1724	S3I(s)->tmp.cert_req = 1;	1724	S3I(s)->tmp.cert_req = 1;
1725	S3I(s)->tmp.ctype_num = ctype_num;	1725	S3I(s)->tmp.ctype_num = ctype_num;
1726	if (S3I(s)->tmp.ca_names != NULL)	1726	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
1727	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
1728	S3I(s)->tmp.ca_names = ca_sk;	1727	S3I(s)->tmp.ca_names = ca_sk;
1729	ca_sk = NULL;	1728	ca_sk = NULL;
1730		1729
@@ -1736,8 +1735,7 @@ truncated:
1736	}	1735	}
1737	err:	1736	err:
1738	X509_NAME_free(xn);	1737	X509_NAME_free(xn);
1739	if (ca_sk != NULL)	1738	sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
1740	sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
1741	return (ret);	1739	return (ret);
1742	}	1740	}
1743		1741


diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 9d0217e95f..977c170403 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.130 2017/01/24 09:03:21 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.131 2017/01/24 14:57:31 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1838,8 +1838,7 @@ ssl3_free(SSL *s)
1838	explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);	1838	explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
1839	free(S3I(s)->tmp.x25519);	1839	free(S3I(s)->tmp.x25519);
1840		1840
1841	if (S3I(s)->tmp.ca_names != NULL)	1841	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
1842	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
1843	BIO_free(S3I(s)->handshake_buffer);	1842	BIO_free(S3I(s)->handshake_buffer);
1844	tls1_free_digest_list(s);	1843	tls1_free_digest_list(s);
1845	free(S3I(s)->alpn_selected);	1844	free(S3I(s)->alpn_selected);
@@ -1861,8 +1860,7 @@ ssl3_clear(SSL *s)
1861	size_t rlen, wlen;	1860	size_t rlen, wlen;
1862		1861
1863	tls1_cleanup_key_block(s);	1862	tls1_cleanup_key_block(s);
1864	if (S3I(s)->tmp.ca_names != NULL)	1863	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
1865	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
1866		1864
1867	DH_free(S3I(s)->tmp.dh);	1865	DH_free(S3I(s)->tmp.dh);
1868	S3I(s)->tmp.dh = NULL;	1866	S3I(s)->tmp.dh = NULL;
@@ -2330,10 +2328,8 @@ ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
2330	break;	2328	break;
2331		2329
2332	case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:	2330	case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
2333	if (ctx->extra_certs) {	2331	sk_X509_pop_free(ctx->extra_certs, X509_free);
2334	sk_X509_pop_free(ctx->extra_certs, X509_free);	2332	ctx->extra_certs = NULL;
2335	ctx->extra_certs = NULL;
2336	}
2337	break;	2333	break;
2338		2334
2339	default:	2335	default:


diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 3709587742..c6d340026a 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.152 2017/01/24 12:22:23 jsing Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.153 2017/01/24 14:57:31 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2595,8 +2595,7 @@ ssl3_get_client_certificate(SSL *s)
2595	goto err;	2595	goto err;
2596	}	2596	}
2597	}	2597	}
2598	if (SSI(s)->sess_cert->cert_chain != NULL)	2598	sk_X509_pop_free(SSI(s)->sess_cert->cert_chain, X509_free);
2599	sk_X509_pop_free(SSI(s)->sess_cert->cert_chain, X509_free);
2600	SSI(s)->sess_cert->cert_chain = sk;	2599	SSI(s)->sess_cert->cert_chain = sk;
2601		2600
2602	/*	2601	/*
@@ -2617,8 +2616,8 @@ f_err:
2617	}	2616	}
2618	err:	2617	err:
2619	X509_free(x);	2618	X509_free(x);
2620	if (sk != NULL)	2619	sk_X509_pop_free(sk, X509_free);
2621	sk_X509_pop_free(sk, X509_free);	2620
2622	return (ret);	2621	return (ret);
2623	}	2622	}
2624		2623


diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index c23e789bf8..9ce8585d46 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_cert.c,v 1.58 2017/01/23 06:45:30 beck Exp $ */	1	/* $OpenBSD: ssl_cert.c,v 1.59 2017/01/24 14:57:31 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -395,9 +395,7 @@ ssl_sess_cert_free(SESS_CERT *sc)
395	if (i > 0)	395	if (i > 0)
396	return;	396	return;
397		397
398	/* i == 0 */	398	sk_X509_pop_free(sc->cert_chain, X509_free);
399	if (sc->cert_chain != NULL)
400	sk_X509_pop_free(sc->cert_chain, X509_free);
401	for (i = 0; i < SSL_PKEY_NUM; i++)	399	for (i = 0; i < SSL_PKEY_NUM; i++)
402	X509_free(sc->peer_pkeys[i].x509);	400	X509_free(sc->peer_pkeys[i].x509);
403		401
@@ -459,9 +457,7 @@ static void
459	set_client_CA_list(STACK_OF(X509_NAME) **ca_list,	457	set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
460	STACK_OF(X509_NAME) *name_list)	458	STACK_OF(X509_NAME) *name_list)
461	{	459	{
462	if (*ca_list != NULL)	460	sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
463	sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
464
465	*ca_list = name_list;	461	*ca_list = name_list;
466	}	462	}
467		463
@@ -611,8 +607,7 @@ SSL_load_client_CA_file(const char *file)
611		607
612	if (0) {	608	if (0) {
613	err:	609	err:
614	if (ret != NULL)	610	sk_X509_NAME_pop_free(ret, X509_NAME_free);
615	sk_X509_NAME_pop_free(ret, X509_NAME_free);
616	ret = NULL;	611	ret = NULL;
617	}	612	}
618	if (sk != NULL)	613	if (sk != NULL)


diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 21d2d231d1..bdf6bc6ee3 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.146 2017/01/24 13:34:26 jsing Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.147 2017/01/24 14:57:31 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -561,17 +561,16 @@ SSL_free(SSL *s)
561		561
562	free(s->tlsext_hostname);	562	free(s->tlsext_hostname);
563	SSL_CTX_free(s->initial_ctx);	563	SSL_CTX_free(s->initial_ctx);
		564
564	free(s->internal->tlsext_ecpointformatlist);	565	free(s->internal->tlsext_ecpointformatlist);
565	free(s->internal->tlsext_supportedgroups);	566	free(s->internal->tlsext_supportedgroups);
566	if (s->internal->tlsext_ocsp_exts)	567
567	sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,	568	sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
568	X509_EXTENSION_free);	569	X509_EXTENSION_free);
569	if (s->internal->tlsext_ocsp_ids)	570	sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free);
570	sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free);
571	free(s->internal->tlsext_ocsp_resp);	571	free(s->internal->tlsext_ocsp_resp);
572		572
573	if (s->internal->client_CA != NULL)	573	sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free);
574	sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free);
575		574
576	if (s->method != NULL)	575	if (s->method != NULL)
577	s->method->internal->ssl_free(s);	576	s->method->internal->ssl_free(s);
@@ -2011,10 +2010,8 @@ SSL_CTX_free(SSL_CTX *ctx)
2011	sk_SSL_CIPHER_free(ctx->cipher_list);	2010	sk_SSL_CIPHER_free(ctx->cipher_list);
2012	sk_SSL_CIPHER_free(ctx->internal->cipher_list_by_id);	2011	sk_SSL_CIPHER_free(ctx->internal->cipher_list_by_id);
2013	ssl_cert_free(ctx->internal->cert);	2012	ssl_cert_free(ctx->internal->cert);
2014	if (ctx->internal->client_CA != NULL)	2013	sk_X509_NAME_pop_free(ctx->internal->client_CA, X509_NAME_free);
2015	sk_X509_NAME_pop_free(ctx->internal->client_CA, X509_NAME_free);	2014	sk_X509_pop_free(ctx->extra_certs, X509_free);
2016	if (ctx->extra_certs != NULL)
2017	sk_X509_pop_free(ctx->extra_certs, X509_free);
2018		2015
2019	#ifndef OPENSSL_NO_SRTP	2016	#ifndef OPENSSL_NO_SRTP
2020	if (ctx->internal->srtp_profiles)	2017	if (ctx->internal->srtp_profiles)


diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index 82c8cc0a87..03eedc0d8a 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_rsa.c,v 1.24 2017/01/23 22:34:38 beck Exp $ */	1	/* $OpenBSD: ssl_rsa.c,v 1.25 2017/01/24 14:57:31 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -671,10 +671,8 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX ctx, BIO in)
671	int r;	671	int r;
672	unsigned long err;	672	unsigned long err;
673		673
674	if (ctx->extra_certs != NULL) {	674	sk_X509_pop_free(ctx->extra_certs, X509_free);
675	sk_X509_pop_free(ctx->extra_certs, X509_free);	675	ctx->extra_certs = NULL;
676	ctx->extra_certs = NULL;
677	}
678		676
679	while ((ca = PEM_read_bio_X509(in, NULL,	677	while ((ca = PEM_read_bio_X509(in, NULL,
680	ctx->default_passwd_callback,	678	ctx->default_passwd_callback,


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 23e1a2d350..9b60d664e5 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.110 2017/01/24 12:24:07 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.111 2017/01/24 14:57:31 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1593,10 +1593,8 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1593	}	1593	}
1594	sdata = data;	1594	sdata = data;
1595	if (dsize > 0) {	1595	if (dsize > 0) {
1596	if (s->internal->tlsext_ocsp_exts) {	1596	sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
1597	sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,	1597	X509_EXTENSION_free);
1598	X509_EXTENSION_free);
1599	}
1600		1598
1601	s->internal->tlsext_ocsp_exts =	1599	s->internal->tlsext_ocsp_exts =
1602	d2i_X509_EXTENSIONS(NULL,	1600	d2i_X509_EXTENSIONS(NULL,