summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authormmcc <>2016-03-11 07:08:45 +0000
committermmcc <>2016-03-11 07:08:45 +0000
commit13f852f88b7f59607c91ef9ac8a34ae4e55e08ca (patch)
treeb799fc9672743546b69747e9e1d53d9423de380c /src
parente11a59757e997c4effb65f1ad3aa27df9dff42f5 (diff)
downloadopenbsd-13f852f88b7f59607c91ef9ac8a34ae4e55e08ca.tar.gz
openbsd-13f852f88b7f59607c91ef9ac8a34ae4e55e08ca.tar.bz2
openbsd-13f852f88b7f59607c91ef9ac8a34ae4e55e08ca.zip
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/asn1/x_info.c5
-rw-r--r--src/lib/libcrypto/cms/cms_asn1.c8
-rw-r--r--src/lib/libcrypto/cms/cms_sd.c5
-rw-r--r--src/lib/libcrypto/pkcs12/p12_kiss.c10
-rw-r--r--src/lib/libcrypto/ts/ts_rsp_sign.c5
-rw-r--r--src/lib/libcrypto/x509/by_file.c5
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c5
-rw-r--r--src/lib/libcrypto/x509v3/pcy_tree.c5
-rw-r--r--src/lib/libssl/d1_clnt.c5
-rw-r--r--src/lib/libssl/s3_clnt.c11
-rw-r--r--src/lib/libssl/s3_srvr.c8
-rw-r--r--src/lib/libssl/src/crypto/asn1/x_info.c5
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_asn1.c8
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_sd.c5
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/p12_kiss.c10
-rw-r--r--src/lib/libssl/src/crypto/ts/ts_rsp_sign.c5
-rw-r--r--src/lib/libssl/src/crypto/x509/by_file.c5
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_vfy.c5
-rw-r--r--src/lib/libssl/src/crypto/x509v3/pcy_tree.c5
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c5
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c11
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c8
-rw-r--r--src/lib/libssl/src/ssl/ssl_asn1.c9
-rw-r--r--src/lib/libssl/src/ssl/ssl_cert.c20
-rw-r--r--src/lib/libssl/src/ssl/ssl_rsa.c14
-rw-r--r--src/lib/libssl/src/ssl/ssl_sess.c5
-rw-r--r--src/lib/libssl/ssl_asn1.c9
-rw-r--r--src/lib/libssl/ssl_cert.c20
-rw-r--r--src/lib/libssl/ssl_rsa.c14
-rw-r--r--src/lib/libssl/ssl_sess.c5
30 files changed, 92 insertions, 148 deletions
diff --git a/src/lib/libcrypto/asn1/x_info.c b/src/lib/libcrypto/asn1/x_info.c
index 466deaf6ce..05ac364fa7 100644
--- a/src/lib/libcrypto/asn1/x_info.c
+++ b/src/lib/libcrypto/asn1/x_info.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x_info.c,v 1.15 2015/02/10 11:22:21 jsing Exp $ */ 1/* $OpenBSD: x_info.c,v 1.16 2016/03/11 07:08:44 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -97,8 +97,7 @@ X509_INFO_free(X509_INFO *x)
97 if (i > 0) 97 if (i > 0)
98 return; 98 return;
99 99
100 if (x->x509 != NULL) 100 X509_free(x->x509);
101 X509_free(x->x509);
102 if (x->crl != NULL) 101 if (x->crl != NULL)
103 X509_CRL_free(x->crl); 102 X509_CRL_free(x->crl);
104 if (x->x_pkey != NULL) 103 if (x->x_pkey != NULL)
diff --git a/src/lib/libcrypto/cms/cms_asn1.c b/src/lib/libcrypto/cms/cms_asn1.c
index e450259832..42e33d5b46 100644
--- a/src/lib/libcrypto/cms/cms_asn1.c
+++ b/src/lib/libcrypto/cms/cms_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_asn1.c,v 1.7 2015/09/10 15:56:25 jsing Exp $ */ 1/* $OpenBSD: cms_asn1.c,v 1.8 2016/03/11 07:08:44 mmcc Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -220,8 +220,7 @@ cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
220 if (operation == ASN1_OP_FREE_POST) { 220 if (operation == ASN1_OP_FREE_POST) {
221 CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; 221 CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
222 EVP_PKEY_free(si->pkey); 222 EVP_PKEY_free(si->pkey);
223 if (si->signer) 223 X509_free(si->signer);
224 X509_free(si->signer);
225 } 224 }
226 return 1; 225 return 1;
227} 226}
@@ -883,8 +882,7 @@ cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
883 if (ri->type == CMS_RECIPINFO_TRANS) { 882 if (ri->type == CMS_RECIPINFO_TRANS) {
884 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; 883 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
885 EVP_PKEY_free(ktri->pkey); 884 EVP_PKEY_free(ktri->pkey);
886 if (ktri->recip) 885 X509_free(ktri->recip);
887 X509_free(ktri->recip);
888 } else if (ri->type == CMS_RECIPINFO_KEK) { 886 } else if (ri->type == CMS_RECIPINFO_KEK) {
889 CMS_KEKRecipientInfo *kekri = ri->d.kekri; 887 CMS_KEKRecipientInfo *kekri = ri->d.kekri;
890 if (kekri->key) { 888 if (kekri->key) {
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
index f4119f7a1c..1623126e77 100644
--- a/src/lib/libcrypto/cms/cms_sd.c
+++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_sd.c,v 1.9 2014/11/09 19:17:13 miod Exp $ */ 1/* $OpenBSD: cms_sd.c,v 1.10 2016/03/11 07:08:44 mmcc Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -498,8 +498,7 @@ CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
498 EVP_PKEY_free(si->pkey); 498 EVP_PKEY_free(si->pkey);
499 si->pkey = X509_get_pubkey(signer); 499 si->pkey = X509_get_pubkey(signer);
500 } 500 }
501 if (si->signer) 501 X509_free(si->signer);
502 X509_free(si->signer);
503 si->signer = signer; 502 si->signer = signer;
504} 503}
505 504
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
index eaaa2bc911..df992a68fc 100644
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ b/src/lib/libcrypto/pkcs12/p12_kiss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_kiss.c,v 1.16 2014/07/11 08:44:49 jsing Exp $ */ 1/* $OpenBSD: p12_kiss.c,v 1.17 2016/03/11 07:08:44 mmcc Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -149,8 +149,7 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
149 goto err; 149 goto err;
150 x = NULL; 150 x = NULL;
151 } 151 }
152 if (x) 152 X509_free(x);
153 X509_free(x);
154 } 153 }
155 154
156 if (ocerts) 155 if (ocerts)
@@ -161,10 +160,9 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
161err: 160err:
162 if (pkey && *pkey) 161 if (pkey && *pkey)
163 EVP_PKEY_free(*pkey); 162 EVP_PKEY_free(*pkey);
164 if (cert && *cert) 163 if (cert)
165 X509_free(*cert); 164 X509_free(*cert);
166 if (x) 165 X509_free(x);
167 X509_free(x);
168 if (ocerts) 166 if (ocerts)
169 sk_X509_pop_free(ocerts, X509_free); 167 sk_X509_pop_free(ocerts, X509_free);
170 return 0; 168 return 0;
diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c
index 758d747384..f9e8c53cc8 100644
--- a/src/lib/libcrypto/ts/ts_rsp_sign.c
+++ b/src/lib/libcrypto/ts/ts_rsp_sign.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts_rsp_sign.c,v 1.19 2015/09/30 18:04:02 jsing Exp $ */ 1/* $OpenBSD: ts_rsp_sign.c,v 1.20 2016/03/11 07:08:45 mmcc Exp $ */
2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL 2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3 * project 2002. 3 * project 2002.
4 */ 4 */
@@ -185,8 +185,7 @@ TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
185 TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE); 185 TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
186 return 0; 186 return 0;
187 } 187 }
188 if (ctx->signer_cert) 188 X509_free(ctx->signer_cert);
189 X509_free(ctx->signer_cert);
190 ctx->signer_cert = signer; 189 ctx->signer_cert = signer;
191 CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509); 190 CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509);
192 return 1; 191 return 1;
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
index 68920271fc..377b3b0a8b 100644
--- a/src/lib/libcrypto/x509/by_file.c
+++ b/src/lib/libcrypto/x509/by_file.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: by_file.c,v 1.19 2015/04/11 16:03:21 deraadt Exp $ */ 1/* $OpenBSD: by_file.c,v 1.20 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -172,8 +172,7 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
172 goto err; 172 goto err;
173 } 173 }
174err: 174err:
175 if (x != NULL) 175 X509_free(x);
176 X509_free(x);
177 BIO_free(in); 176 BIO_free(in);
178 return (ret); 177 return (ret);
179} 178}
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index c9950adb27..5c043aa7b1 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_vfy.c,v 1.48 2015/12/14 03:38:13 beck Exp $ */ 1/* $OpenBSD: x509_vfy.c,v 1.49 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -388,8 +388,7 @@ end:
388 } 388 }
389 if (sktmp != NULL) 389 if (sktmp != NULL)
390 sk_X509_free(sktmp); 390 sk_X509_free(sktmp);
391 if (chain_ss != NULL) 391 X509_free(chain_ss);
392 X509_free(chain_ss);
393 return ok; 392 return ok;
394} 393}
395 394
diff --git a/src/lib/libcrypto/x509v3/pcy_tree.c b/src/lib/libcrypto/x509v3/pcy_tree.c
index af9bf00c66..7b28acbe1f 100644
--- a/src/lib/libcrypto/x509v3/pcy_tree.c
+++ b/src/lib/libcrypto/x509v3/pcy_tree.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pcy_tree.c,v 1.15 2015/07/18 00:01:05 beck Exp $ */ 1/* $OpenBSD: pcy_tree.c,v 1.16 2016/03/11 07:08:45 mmcc Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004. 3 * project 2004.
4 */ 4 */
@@ -639,8 +639,7 @@ X509_policy_tree_free(X509_POLICY_TREE *tree)
639 sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); 639 sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
640 640
641 for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) { 641 for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) {
642 if (curr->cert) 642 X509_free(curr->cert);
643 X509_free(curr->cert);
644 if (curr->nodes) 643 if (curr->nodes)
645 sk_X509_POLICY_NODE_pop_free(curr->nodes, 644 sk_X509_POLICY_NODE_pop_free(curr->nodes,
646 policy_node_free); 645 policy_node_free);
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index fd26bb5a1e..e018874f0d 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.55 2015/09/12 16:10:07 doug Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.56 2016/03/11 07:08:45 mmcc Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -697,8 +697,7 @@ dtls1_send_client_certificate(SSL *s)
697 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); 697 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
698 } 698 }
699 699
700 if (x509 != NULL) 700 X509_free(x509);
701 X509_free(x509);
702 EVP_PKEY_free(pkey); 701 EVP_PKEY_free(pkey);
703 if (i == 0) 702 if (i == 0)
704 s->s3->tmp.cert_req = 2; 703 s->s3->tmp.cert_req = 2;
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index afeb499e71..af3ba50072 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.136 2015/10/02 14:30:10 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.137 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1063,13 +1063,11 @@ ssl3_get_server_certificate(SSL *s)
1063 * Why would the following ever happen? 1063 * Why would the following ever happen?
1064 * We just created sc a couple of lines ago. 1064 * We just created sc a couple of lines ago.
1065 */ 1065 */
1066 if (sc->peer_pkeys[i].x509 != NULL) 1066 X509_free(sc->peer_pkeys[i].x509);
1067 X509_free(sc->peer_pkeys[i].x509);
1068 sc->peer_pkeys[i].x509 = x; 1067 sc->peer_pkeys[i].x509 = x;
1069 sc->peer_key = &(sc->peer_pkeys[i]); 1068 sc->peer_key = &(sc->peer_pkeys[i]);
1070 1069
1071 if (s->session->peer != NULL) 1070 X509_free(s->session->peer);
1072 X509_free(s->session->peer);
1073 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 1071 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1074 s->session->peer = x; 1072 s->session->peer = x;
1075 s->session->verify_result = s->verify_result; 1073 s->session->verify_result = s->verify_result;
@@ -2465,8 +2463,7 @@ ssl3_send_client_certificate(SSL *s)
2465 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); 2463 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
2466 } 2464 }
2467 2465
2468 if (x509 != NULL) 2466 X509_free(x509);
2469 X509_free(x509);
2470 EVP_PKEY_free(pkey); 2467 EVP_PKEY_free(pkey);
2471 if (i == 0) 2468 if (i == 0)
2472 s->s3->tmp.cert_req = 2; 2469 s->s3->tmp.cert_req = 2;
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index c992406ca8..10b6312834 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.124 2016/01/27 02:06:16 beck Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.125 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2376,8 +2376,7 @@ ssl3_get_client_certificate(SSL *s)
2376 } 2376 }
2377 } 2377 }
2378 2378
2379 if (s->session->peer != NULL) /* This should not be needed */ 2379 X509_free(s->session->peer);
2380 X509_free(s->session->peer);
2381 s->session->peer = sk_X509_shift(sk); 2380 s->session->peer = sk_X509_shift(sk);
2382 s->session->verify_result = s->verify_result; 2381 s->session->verify_result = s->verify_result;
2383 2382
@@ -2414,8 +2413,7 @@ f_err:
2414 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2413 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2415 } 2414 }
2416err: 2415err:
2417 if (x != NULL) 2416 X509_free(x);
2418 X509_free(x);
2419 if (sk != NULL) 2417 if (sk != NULL)
2420 sk_X509_pop_free(sk, X509_free); 2418 sk_X509_pop_free(sk, X509_free);
2421 return (ret); 2419 return (ret);
diff --git a/src/lib/libssl/src/crypto/asn1/x_info.c b/src/lib/libssl/src/crypto/asn1/x_info.c
index 466deaf6ce..05ac364fa7 100644
--- a/src/lib/libssl/src/crypto/asn1/x_info.c
+++ b/src/lib/libssl/src/crypto/asn1/x_info.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x_info.c,v 1.15 2015/02/10 11:22:21 jsing Exp $ */ 1/* $OpenBSD: x_info.c,v 1.16 2016/03/11 07:08:44 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -97,8 +97,7 @@ X509_INFO_free(X509_INFO *x)
97 if (i > 0) 97 if (i > 0)
98 return; 98 return;
99 99
100 if (x->x509 != NULL) 100 X509_free(x->x509);
101 X509_free(x->x509);
102 if (x->crl != NULL) 101 if (x->crl != NULL)
103 X509_CRL_free(x->crl); 102 X509_CRL_free(x->crl);
104 if (x->x_pkey != NULL) 103 if (x->x_pkey != NULL)
diff --git a/src/lib/libssl/src/crypto/cms/cms_asn1.c b/src/lib/libssl/src/crypto/cms/cms_asn1.c
index e450259832..42e33d5b46 100644
--- a/src/lib/libssl/src/crypto/cms/cms_asn1.c
+++ b/src/lib/libssl/src/crypto/cms/cms_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_asn1.c,v 1.7 2015/09/10 15:56:25 jsing Exp $ */ 1/* $OpenBSD: cms_asn1.c,v 1.8 2016/03/11 07:08:44 mmcc Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -220,8 +220,7 @@ cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
220 if (operation == ASN1_OP_FREE_POST) { 220 if (operation == ASN1_OP_FREE_POST) {
221 CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; 221 CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
222 EVP_PKEY_free(si->pkey); 222 EVP_PKEY_free(si->pkey);
223 if (si->signer) 223 X509_free(si->signer);
224 X509_free(si->signer);
225 } 224 }
226 return 1; 225 return 1;
227} 226}
@@ -883,8 +882,7 @@ cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
883 if (ri->type == CMS_RECIPINFO_TRANS) { 882 if (ri->type == CMS_RECIPINFO_TRANS) {
884 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; 883 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
885 EVP_PKEY_free(ktri->pkey); 884 EVP_PKEY_free(ktri->pkey);
886 if (ktri->recip) 885 X509_free(ktri->recip);
887 X509_free(ktri->recip);
888 } else if (ri->type == CMS_RECIPINFO_KEK) { 886 } else if (ri->type == CMS_RECIPINFO_KEK) {
889 CMS_KEKRecipientInfo *kekri = ri->d.kekri; 887 CMS_KEKRecipientInfo *kekri = ri->d.kekri;
890 if (kekri->key) { 888 if (kekri->key) {
diff --git a/src/lib/libssl/src/crypto/cms/cms_sd.c b/src/lib/libssl/src/crypto/cms/cms_sd.c
index f4119f7a1c..1623126e77 100644
--- a/src/lib/libssl/src/crypto/cms/cms_sd.c
+++ b/src/lib/libssl/src/crypto/cms/cms_sd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_sd.c,v 1.9 2014/11/09 19:17:13 miod Exp $ */ 1/* $OpenBSD: cms_sd.c,v 1.10 2016/03/11 07:08:44 mmcc Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -498,8 +498,7 @@ CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
498 EVP_PKEY_free(si->pkey); 498 EVP_PKEY_free(si->pkey);
499 si->pkey = X509_get_pubkey(signer); 499 si->pkey = X509_get_pubkey(signer);
500 } 500 }
501 if (si->signer) 501 X509_free(si->signer);
502 X509_free(si->signer);
503 si->signer = signer; 502 si->signer = signer;
504} 503}
505 504
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c b/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c
index eaaa2bc911..df992a68fc 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_kiss.c,v 1.16 2014/07/11 08:44:49 jsing Exp $ */ 1/* $OpenBSD: p12_kiss.c,v 1.17 2016/03/11 07:08:44 mmcc Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -149,8 +149,7 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
149 goto err; 149 goto err;
150 x = NULL; 150 x = NULL;
151 } 151 }
152 if (x) 152 X509_free(x);
153 X509_free(x);
154 } 153 }
155 154
156 if (ocerts) 155 if (ocerts)
@@ -161,10 +160,9 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
161err: 160err:
162 if (pkey && *pkey) 161 if (pkey && *pkey)
163 EVP_PKEY_free(*pkey); 162 EVP_PKEY_free(*pkey);
164 if (cert && *cert) 163 if (cert)
165 X509_free(*cert); 164 X509_free(*cert);
166 if (x) 165 X509_free(x);
167 X509_free(x);
168 if (ocerts) 166 if (ocerts)
169 sk_X509_pop_free(ocerts, X509_free); 167 sk_X509_pop_free(ocerts, X509_free);
170 return 0; 168 return 0;
diff --git a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c
index 758d747384..f9e8c53cc8 100644
--- a/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c
+++ b/src/lib/libssl/src/crypto/ts/ts_rsp_sign.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts_rsp_sign.c,v 1.19 2015/09/30 18:04:02 jsing Exp $ */ 1/* $OpenBSD: ts_rsp_sign.c,v 1.20 2016/03/11 07:08:45 mmcc Exp $ */
2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL 2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3 * project 2002. 3 * project 2002.
4 */ 4 */
@@ -185,8 +185,7 @@ TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
185 TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE); 185 TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
186 return 0; 186 return 0;
187 } 187 }
188 if (ctx->signer_cert) 188 X509_free(ctx->signer_cert);
189 X509_free(ctx->signer_cert);
190 ctx->signer_cert = signer; 189 ctx->signer_cert = signer;
191 CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509); 190 CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509);
192 return 1; 191 return 1;
diff --git a/src/lib/libssl/src/crypto/x509/by_file.c b/src/lib/libssl/src/crypto/x509/by_file.c
index 68920271fc..377b3b0a8b 100644
--- a/src/lib/libssl/src/crypto/x509/by_file.c
+++ b/src/lib/libssl/src/crypto/x509/by_file.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: by_file.c,v 1.19 2015/04/11 16:03:21 deraadt Exp $ */ 1/* $OpenBSD: by_file.c,v 1.20 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -172,8 +172,7 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
172 goto err; 172 goto err;
173 } 173 }
174err: 174err:
175 if (x != NULL) 175 X509_free(x);
176 X509_free(x);
177 BIO_free(in); 176 BIO_free(in);
178 return (ret); 177 return (ret);
179} 178}
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c
index c9950adb27..5c043aa7b1 100644
--- a/src/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_vfy.c,v 1.48 2015/12/14 03:38:13 beck Exp $ */ 1/* $OpenBSD: x509_vfy.c,v 1.49 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -388,8 +388,7 @@ end:
388 } 388 }
389 if (sktmp != NULL) 389 if (sktmp != NULL)
390 sk_X509_free(sktmp); 390 sk_X509_free(sktmp);
391 if (chain_ss != NULL) 391 X509_free(chain_ss);
392 X509_free(chain_ss);
393 return ok; 392 return ok;
394} 393}
395 394
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
index af9bf00c66..7b28acbe1f 100644
--- a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
+++ b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pcy_tree.c,v 1.15 2015/07/18 00:01:05 beck Exp $ */ 1/* $OpenBSD: pcy_tree.c,v 1.16 2016/03/11 07:08:45 mmcc Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004. 3 * project 2004.
4 */ 4 */
@@ -639,8 +639,7 @@ X509_policy_tree_free(X509_POLICY_TREE *tree)
639 sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); 639 sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
640 640
641 for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) { 641 for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) {
642 if (curr->cert) 642 X509_free(curr->cert);
643 X509_free(curr->cert);
644 if (curr->nodes) 643 if (curr->nodes)
645 sk_X509_POLICY_NODE_pop_free(curr->nodes, 644 sk_X509_POLICY_NODE_pop_free(curr->nodes,
646 policy_node_free); 645 policy_node_free);
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index fd26bb5a1e..e018874f0d 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.55 2015/09/12 16:10:07 doug Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.56 2016/03/11 07:08:45 mmcc Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -697,8 +697,7 @@ dtls1_send_client_certificate(SSL *s)
697 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); 697 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
698 } 698 }
699 699
700 if (x509 != NULL) 700 X509_free(x509);
701 X509_free(x509);
702 EVP_PKEY_free(pkey); 701 EVP_PKEY_free(pkey);
703 if (i == 0) 702 if (i == 0)
704 s->s3->tmp.cert_req = 2; 703 s->s3->tmp.cert_req = 2;
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index afeb499e71..af3ba50072 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.136 2015/10/02 14:30:10 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.137 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1063,13 +1063,11 @@ ssl3_get_server_certificate(SSL *s)
1063 * Why would the following ever happen? 1063 * Why would the following ever happen?
1064 * We just created sc a couple of lines ago. 1064 * We just created sc a couple of lines ago.
1065 */ 1065 */
1066 if (sc->peer_pkeys[i].x509 != NULL) 1066 X509_free(sc->peer_pkeys[i].x509);
1067 X509_free(sc->peer_pkeys[i].x509);
1068 sc->peer_pkeys[i].x509 = x; 1067 sc->peer_pkeys[i].x509 = x;
1069 sc->peer_key = &(sc->peer_pkeys[i]); 1068 sc->peer_key = &(sc->peer_pkeys[i]);
1070 1069
1071 if (s->session->peer != NULL) 1070 X509_free(s->session->peer);
1072 X509_free(s->session->peer);
1073 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 1071 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1074 s->session->peer = x; 1072 s->session->peer = x;
1075 s->session->verify_result = s->verify_result; 1073 s->session->verify_result = s->verify_result;
@@ -2465,8 +2463,7 @@ ssl3_send_client_certificate(SSL *s)
2465 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); 2463 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
2466 } 2464 }
2467 2465
2468 if (x509 != NULL) 2466 X509_free(x509);
2469 X509_free(x509);
2470 EVP_PKEY_free(pkey); 2467 EVP_PKEY_free(pkey);
2471 if (i == 0) 2468 if (i == 0)
2472 s->s3->tmp.cert_req = 2; 2469 s->s3->tmp.cert_req = 2;
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index c992406ca8..10b6312834 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.124 2016/01/27 02:06:16 beck Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.125 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2376,8 +2376,7 @@ ssl3_get_client_certificate(SSL *s)
2376 } 2376 }
2377 } 2377 }
2378 2378
2379 if (s->session->peer != NULL) /* This should not be needed */ 2379 X509_free(s->session->peer);
2380 X509_free(s->session->peer);
2381 s->session->peer = sk_X509_shift(sk); 2380 s->session->peer = sk_X509_shift(sk);
2382 s->session->verify_result = s->verify_result; 2381 s->session->verify_result = s->verify_result;
2383 2382
@@ -2414,8 +2413,7 @@ f_err:
2414 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2413 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2415 } 2414 }
2416err: 2415err:
2417 if (x != NULL) 2416 X509_free(x);
2418 X509_free(x);
2419 if (sk != NULL) 2417 if (sk != NULL)
2420 sk_X509_pop_free(sk, X509_free); 2418 sk_X509_pop_free(sk, X509_free);
2421 return (ret); 2419 return (ret);
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index b60b3ea3f8..ee00cb286d 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_asn1.c,v 1.40 2014/12/14 15:30:50 jsing Exp $ */ 1/* $OpenBSD: ssl_asn1.c,v 1.41 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -449,10 +449,9 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
449 ret->timeout = 3; 449 ret->timeout = 3;
450 450
451 /* 3 - Peer (X509). */ 451 /* 3 - Peer (X509). */
452 if (ret->peer != NULL) { 452 X509_free(ret->peer);
453 X509_free(ret->peer); 453 ret->peer = NULL;
454 ret->peer = NULL; 454
455 }
456 if (c.slen != 0L && 455 if (c.slen != 0L &&
457 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 3)) { 456 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 3)) {
458 c.q = c.p; 457 c.q = c.p;
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c
index cdac7bdb36..7e92812e56 100644
--- a/src/lib/libssl/src/ssl/ssl_cert.c
+++ b/src/lib/libssl/src/ssl/ssl_cert.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_cert.c,v 1.51 2015/09/11 17:37:47 jsing Exp $ */ 1/* $OpenBSD: ssl_cert.c,v 1.52 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -308,8 +308,7 @@ err:
308 EC_KEY_free(ret->ecdh_tmp); 308 EC_KEY_free(ret->ecdh_tmp);
309 309
310 for (i = 0; i < SSL_PKEY_NUM; i++) { 310 for (i = 0; i < SSL_PKEY_NUM; i++) {
311 if (ret->pkeys[i].x509 != NULL) 311 X509_free(ret->pkeys[i].x509);
312 X509_free(ret->pkeys[i].x509);
313 EVP_PKEY_free(ret->pkeys[i].privatekey); 312 EVP_PKEY_free(ret->pkeys[i].privatekey);
314 } 313 }
315 free (ret); 314 free (ret);
@@ -333,8 +332,7 @@ ssl_cert_free(CERT *c)
333 EC_KEY_free(c->ecdh_tmp); 332 EC_KEY_free(c->ecdh_tmp);
334 333
335 for (i = 0; i < SSL_PKEY_NUM; i++) { 334 for (i = 0; i < SSL_PKEY_NUM; i++) {
336 if (c->pkeys[i].x509 != NULL) 335 X509_free(c->pkeys[i].x509);
337 X509_free(c->pkeys[i].x509);
338 EVP_PKEY_free(c->pkeys[i].privatekey); 336 EVP_PKEY_free(c->pkeys[i].privatekey);
339 } 337 }
340 338
@@ -400,10 +398,8 @@ ssl_sess_cert_free(SESS_CERT *sc)
400 /* i == 0 */ 398 /* i == 0 */
401 if (sc->cert_chain != NULL) 399 if (sc->cert_chain != NULL)
402 sk_X509_pop_free(sc->cert_chain, X509_free); 400 sk_X509_pop_free(sc->cert_chain, X509_free);
403 for (i = 0; i < SSL_PKEY_NUM; i++) { 401 for (i = 0; i < SSL_PKEY_NUM; i++)
404 if (sc->peer_pkeys[i].x509 != NULL) 402 X509_free(sc->peer_pkeys[i].x509);
405 X509_free(sc->peer_pkeys[i].x509);
406 }
407 403
408 DH_free(sc->peer_dh_tmp); 404 DH_free(sc->peer_dh_tmp);
409 EC_KEY_free(sc->peer_ecdh_tmp); 405 EC_KEY_free(sc->peer_ecdh_tmp);
@@ -620,8 +616,7 @@ err:
620 if (sk != NULL) 616 if (sk != NULL)
621 sk_X509_NAME_free(sk); 617 sk_X509_NAME_free(sk);
622 BIO_free(in); 618 BIO_free(in);
623 if (x != NULL) 619 X509_free(x);
624 X509_free(x);
625 if (ret != NULL) 620 if (ret != NULL)
626 ERR_clear_error(); 621 ERR_clear_error();
627 return (ret); 622 return (ret);
@@ -679,8 +674,7 @@ err:
679 ret = 0; 674 ret = 0;
680 } 675 }
681 BIO_free(in); 676 BIO_free(in);
682 if (x != NULL) 677 X509_free(x);
683 X509_free(x);
684 678
685 (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); 679 (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
686 680
diff --git a/src/lib/libssl/src/ssl/ssl_rsa.c b/src/lib/libssl/src/ssl/ssl_rsa.c
index 039bee7952..7481524942 100644
--- a/src/lib/libssl/src/ssl/ssl_rsa.c
+++ b/src/lib/libssl/src/ssl/ssl_rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_rsa.c,v 1.20 2015/02/06 01:37:11 reyk Exp $ */ 1/* $OpenBSD: ssl_rsa.c,v 1.21 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -122,8 +122,7 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type)
122 122
123 ret = SSL_use_certificate(ssl, x); 123 ret = SSL_use_certificate(ssl, x);
124end: 124end:
125 if (x != NULL) 125 X509_free(x);
126 X509_free(x);
127 BIO_free(in); 126 BIO_free(in);
128 return (ret); 127 return (ret);
129} 128}
@@ -409,8 +408,7 @@ ssl_set_cert(CERT *c, X509 *x)
409 408
410 EVP_PKEY_free(pkey); 409 EVP_PKEY_free(pkey);
411 410
412 if (c->pkeys[i].x509 != NULL) 411 X509_free(c->pkeys[i].x509);
413 X509_free(c->pkeys[i].x509);
414 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 412 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
415 c->pkeys[i].x509 = x; 413 c->pkeys[i].x509 = x;
416 c->key = &(c->pkeys[i]); 414 c->key = &(c->pkeys[i]);
@@ -456,8 +454,7 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
456 454
457 ret = SSL_CTX_use_certificate(ctx, x); 455 ret = SSL_CTX_use_certificate(ctx, x);
458end: 456end:
459 if (x != NULL) 457 X509_free(x);
460 X509_free(x);
461 BIO_free(in); 458 BIO_free(in);
462 return (ret); 459 return (ret);
463} 460}
@@ -706,8 +703,7 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
706 } 703 }
707 704
708end: 705end:
709 if (x != NULL) 706 X509_free(x);
710 X509_free(x);
711 return (ret); 707 return (ret);
712} 708}
713 709
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 7052e8aa56..16dd5c444c 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sess.c,v 1.48 2015/09/10 17:57:50 jsing Exp $ */ 1/* $OpenBSD: ssl_sess.c,v 1.49 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -697,8 +697,7 @@ SSL_SESSION_free(SSL_SESSION *ss)
697 explicit_bzero(ss->session_id, sizeof ss->session_id); 697 explicit_bzero(ss->session_id, sizeof ss->session_id);
698 if (ss->sess_cert != NULL) 698 if (ss->sess_cert != NULL)
699 ssl_sess_cert_free(ss->sess_cert); 699 ssl_sess_cert_free(ss->sess_cert);
700 if (ss->peer != NULL) 700 X509_free(ss->peer);
701 X509_free(ss->peer);
702 if (ss->ciphers != NULL) 701 if (ss->ciphers != NULL)
703 sk_SSL_CIPHER_free(ss->ciphers); 702 sk_SSL_CIPHER_free(ss->ciphers);
704 free(ss->tlsext_hostname); 703 free(ss->tlsext_hostname);
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index b60b3ea3f8..ee00cb286d 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_asn1.c,v 1.40 2014/12/14 15:30:50 jsing Exp $ */ 1/* $OpenBSD: ssl_asn1.c,v 1.41 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -449,10 +449,9 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
449 ret->timeout = 3; 449 ret->timeout = 3;
450 450
451 /* 3 - Peer (X509). */ 451 /* 3 - Peer (X509). */
452 if (ret->peer != NULL) { 452 X509_free(ret->peer);
453 X509_free(ret->peer); 453 ret->peer = NULL;
454 ret->peer = NULL; 454
455 }
456 if (c.slen != 0L && 455 if (c.slen != 0L &&
457 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 3)) { 456 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 3)) {
458 c.q = c.p; 457 c.q = c.p;
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index cdac7bdb36..7e92812e56 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_cert.c,v 1.51 2015/09/11 17:37:47 jsing Exp $ */ 1/* $OpenBSD: ssl_cert.c,v 1.52 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -308,8 +308,7 @@ err:
308 EC_KEY_free(ret->ecdh_tmp); 308 EC_KEY_free(ret->ecdh_tmp);
309 309
310 for (i = 0; i < SSL_PKEY_NUM; i++) { 310 for (i = 0; i < SSL_PKEY_NUM; i++) {
311 if (ret->pkeys[i].x509 != NULL) 311 X509_free(ret->pkeys[i].x509);
312 X509_free(ret->pkeys[i].x509);
313 EVP_PKEY_free(ret->pkeys[i].privatekey); 312 EVP_PKEY_free(ret->pkeys[i].privatekey);
314 } 313 }
315 free (ret); 314 free (ret);
@@ -333,8 +332,7 @@ ssl_cert_free(CERT *c)
333 EC_KEY_free(c->ecdh_tmp); 332 EC_KEY_free(c->ecdh_tmp);
334 333
335 for (i = 0; i < SSL_PKEY_NUM; i++) { 334 for (i = 0; i < SSL_PKEY_NUM; i++) {
336 if (c->pkeys[i].x509 != NULL) 335 X509_free(c->pkeys[i].x509);
337 X509_free(c->pkeys[i].x509);
338 EVP_PKEY_free(c->pkeys[i].privatekey); 336 EVP_PKEY_free(c->pkeys[i].privatekey);
339 } 337 }
340 338
@@ -400,10 +398,8 @@ ssl_sess_cert_free(SESS_CERT *sc)
400 /* i == 0 */ 398 /* i == 0 */
401 if (sc->cert_chain != NULL) 399 if (sc->cert_chain != NULL)
402 sk_X509_pop_free(sc->cert_chain, X509_free); 400 sk_X509_pop_free(sc->cert_chain, X509_free);
403 for (i = 0; i < SSL_PKEY_NUM; i++) { 401 for (i = 0; i < SSL_PKEY_NUM; i++)
404 if (sc->peer_pkeys[i].x509 != NULL) 402 X509_free(sc->peer_pkeys[i].x509);
405 X509_free(sc->peer_pkeys[i].x509);
406 }
407 403
408 DH_free(sc->peer_dh_tmp); 404 DH_free(sc->peer_dh_tmp);
409 EC_KEY_free(sc->peer_ecdh_tmp); 405 EC_KEY_free(sc->peer_ecdh_tmp);
@@ -620,8 +616,7 @@ err:
620 if (sk != NULL) 616 if (sk != NULL)
621 sk_X509_NAME_free(sk); 617 sk_X509_NAME_free(sk);
622 BIO_free(in); 618 BIO_free(in);
623 if (x != NULL) 619 X509_free(x);
624 X509_free(x);
625 if (ret != NULL) 620 if (ret != NULL)
626 ERR_clear_error(); 621 ERR_clear_error();
627 return (ret); 622 return (ret);
@@ -679,8 +674,7 @@ err:
679 ret = 0; 674 ret = 0;
680 } 675 }
681 BIO_free(in); 676 BIO_free(in);
682 if (x != NULL) 677 X509_free(x);
683 X509_free(x);
684 678
685 (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); 679 (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
686 680
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index 039bee7952..7481524942 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_rsa.c,v 1.20 2015/02/06 01:37:11 reyk Exp $ */ 1/* $OpenBSD: ssl_rsa.c,v 1.21 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -122,8 +122,7 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type)
122 122
123 ret = SSL_use_certificate(ssl, x); 123 ret = SSL_use_certificate(ssl, x);
124end: 124end:
125 if (x != NULL) 125 X509_free(x);
126 X509_free(x);
127 BIO_free(in); 126 BIO_free(in);
128 return (ret); 127 return (ret);
129} 128}
@@ -409,8 +408,7 @@ ssl_set_cert(CERT *c, X509 *x)
409 408
410 EVP_PKEY_free(pkey); 409 EVP_PKEY_free(pkey);
411 410
412 if (c->pkeys[i].x509 != NULL) 411 X509_free(c->pkeys[i].x509);
413 X509_free(c->pkeys[i].x509);
414 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 412 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
415 c->pkeys[i].x509 = x; 413 c->pkeys[i].x509 = x;
416 c->key = &(c->pkeys[i]); 414 c->key = &(c->pkeys[i]);
@@ -456,8 +454,7 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
456 454
457 ret = SSL_CTX_use_certificate(ctx, x); 455 ret = SSL_CTX_use_certificate(ctx, x);
458end: 456end:
459 if (x != NULL) 457 X509_free(x);
460 X509_free(x);
461 BIO_free(in); 458 BIO_free(in);
462 return (ret); 459 return (ret);
463} 460}
@@ -706,8 +703,7 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
706 } 703 }
707 704
708end: 705end:
709 if (x != NULL) 706 X509_free(x);
710 X509_free(x);
711 return (ret); 707 return (ret);
712} 708}
713 709
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 7052e8aa56..16dd5c444c 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sess.c,v 1.48 2015/09/10 17:57:50 jsing Exp $ */ 1/* $OpenBSD: ssl_sess.c,v 1.49 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -697,8 +697,7 @@ SSL_SESSION_free(SSL_SESSION *ss)
697 explicit_bzero(ss->session_id, sizeof ss->session_id); 697 explicit_bzero(ss->session_id, sizeof ss->session_id);
698 if (ss->sess_cert != NULL) 698 if (ss->sess_cert != NULL)
699 ssl_sess_cert_free(ss->sess_cert); 699 ssl_sess_cert_free(ss->sess_cert);
700 if (ss->peer != NULL) 700 X509_free(ss->peer);
701 X509_free(ss->peer);
702 if (ss->ciphers != NULL) 701 if (ss->ciphers != NULL)
703 sk_SSL_CIPHER_free(ss->ciphers); 702 sk_SSL_CIPHER_free(ss->ciphers);
704 free(ss->tlsext_hostname); 703 free(ss->tlsext_hostname);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:58:07 +0000