summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/bio_ssl.c3
-rw-r--r--src/lib/libssl/d1_both.c9
-rw-r--r--src/lib/libssl/d1_clnt.c15
-rw-r--r--src/lib/libssl/d1_lib.c8
-rw-r--r--src/lib/libssl/d1_pkt.c6
-rw-r--r--src/lib/libssl/s3_both.c12
-rw-r--r--src/lib/libssl/s3_clnt.c27
-rw-r--r--src/lib/libssl/s3_lib.c39
-rw-r--r--src/lib/libssl/s3_srvr.c9
-rw-r--r--src/lib/libssl/src/ssl/bio_ssl.c3
-rw-r--r--src/lib/libssl/src/ssl/d1_both.c9
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c15
-rw-r--r--src/lib/libssl/src/ssl/d1_lib.c8
-rw-r--r--src/lib/libssl/src/ssl/d1_pkt.c6
-rw-r--r--src/lib/libssl/src/ssl/s3_both.c12
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c27
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c39
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c9
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c30
-rw-r--r--src/lib/libssl/src/ssl/ssl_sess.c30
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c6
-rw-r--r--src/lib/libssl/src/ssl/t1_lib.c50
-rw-r--r--src/lib/libssl/ssl_lib.c30
-rw-r--r--src/lib/libssl/ssl_sess.c30
-rw-r--r--src/lib/libssl/t1_enc.c6
-rw-r--r--src/lib/libssl/t1_lib.c50
26 files changed, 168 insertions, 320 deletions
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
index 5b14ea3824..8ffbe0a67a 100644
--- a/src/lib/libssl/bio_ssl.c
+++ b/src/lib/libssl/bio_ssl.c
@@ -132,8 +132,7 @@ ssl_free(BIO *a)
132 a->init = 0; 132 a->init = 0;
133 a->flags = 0; 133 a->flags = 0;
134 } 134 }
135 if (a->ptr != NULL) 135 free(a->ptr);
136 free(a->ptr);
137 return (1); 136 return (1);
138} 137}
139 138
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 0e32825695..59987bc1d8 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -200,8 +200,7 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
200 if (reassembly) { 200 if (reassembly) {
201 bitmask = malloc(RSMBLY_BITMASK_SIZE(frag_len)); 201 bitmask = malloc(RSMBLY_BITMASK_SIZE(frag_len));
202 if (bitmask == NULL) { 202 if (bitmask == NULL) {
203 if (buf != NULL) 203 free(buf);
204 free(buf);
205 free(frag); 204 free(frag);
206 return NULL; 205 return NULL;
207 } 206 }
@@ -223,10 +222,8 @@ dtls1_hm_fragment_free(hm_fragment *frag)
223 EVP_MD_CTX_destroy( 222 EVP_MD_CTX_destroy(
224 frag->msg_header.saved_retransmit_state.write_hash); 223 frag->msg_header.saved_retransmit_state.write_hash);
225 } 224 }
226 if (frag->fragment) 225 free(frag->fragment);
227 free(frag->fragment); 226 free(frag->reassembly);
228 if (frag->reassembly)
229 free(frag->reassembly);
230 free(frag); 227 free(frag);
231} 228}
232 229
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 8f304a75ff..d82b099e08 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1231,8 +1231,7 @@ dtls1_send_client_key_exchange(SSL *s)
1231 1231
1232 /* Free allocated memory */ 1232 /* Free allocated memory */
1233 BN_CTX_free(bn_ctx); 1233 BN_CTX_free(bn_ctx);
1234 if (encodedPoint != NULL) 1234 free(encodedPoint);
1235 free(encodedPoint);
1236 if (clnt_ecdh != NULL) 1235 if (clnt_ecdh != NULL)
1237 EC_KEY_free(clnt_ecdh); 1236 EC_KEY_free(clnt_ecdh);
1238 EVP_PKEY_free(srvr_pub_pkey); 1237 EVP_PKEY_free(srvr_pub_pkey);
@@ -1277,9 +1276,9 @@ dtls1_send_client_key_exchange(SSL *s)
1277 t += psk_len; 1276 t += psk_len;
1278 s2n(psk_len, t); 1277 s2n(psk_len, t);
1279 1278
1280 if (s->session->psk_identity_hint != NULL) 1279 free(s->session->psk_identity_hint);
1281 free(s->session->psk_identity_hint); 1280 s->session->psk_identity_hint =
1282 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 1281 BUF_strdup(s->ctx->psk_identity_hint);
1283 if (s->ctx->psk_identity_hint != NULL && 1282 if (s->ctx->psk_identity_hint != NULL &&
1284 s->session->psk_identity_hint == NULL) { 1283 s->session->psk_identity_hint == NULL) {
1285 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1284 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
@@ -1287,8 +1286,7 @@ dtls1_send_client_key_exchange(SSL *s)
1287 goto psk_err; 1286 goto psk_err;
1288 } 1287 }
1289 1288
1290 if (s->session->psk_identity != NULL) 1289 free(s->session->psk_identity);
1291 free(s->session->psk_identity);
1292 s->session->psk_identity = BUF_strdup(identity); 1290 s->session->psk_identity = BUF_strdup(identity);
1293 if (s->session->psk_identity == NULL) { 1291 if (s->session->psk_identity == NULL) {
1294 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1292 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
@@ -1344,8 +1342,7 @@ psk_err:
1344err: 1342err:
1345#ifndef OPENSSL_NO_ECDH 1343#ifndef OPENSSL_NO_ECDH
1346 BN_CTX_free(bn_ctx); 1344 BN_CTX_free(bn_ctx);
1347 if (encodedPoint != NULL) 1345 free(encodedPoint);
1348 free(encodedPoint);
1349 if (clnt_ecdh != NULL) 1346 if (clnt_ecdh != NULL)
1350 EC_KEY_free(clnt_ecdh); 1347 EC_KEY_free(clnt_ecdh);
1351 EVP_PKEY_free(srvr_pub_pkey); 1348 EVP_PKEY_free(srvr_pub_pkey);
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index f0b9c1920a..87bc9b68c6 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -149,18 +149,14 @@ dtls1_clear_queues(SSL *s)
149 149
150 while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) { 150 while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
151 rdata = (DTLS1_RECORD_DATA *) item->data; 151 rdata = (DTLS1_RECORD_DATA *) item->data;
152 if (rdata->rbuf.buf) { 152 free(rdata->rbuf.buf);
153 free(rdata->rbuf.buf);
154 }
155 free(item->data); 153 free(item->data);
156 pitem_free(item); 154 pitem_free(item);
157 } 155 }
158 156
159 while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) { 157 while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {
160 rdata = (DTLS1_RECORD_DATA *) item->data; 158 rdata = (DTLS1_RECORD_DATA *) item->data;
161 if (rdata->rbuf.buf) { 159 free(rdata->rbuf.buf);
162 free(rdata->rbuf.buf);
163 }
164 free(item->data); 160 free(item->data);
165 pitem_free(item); 161 pitem_free(item);
166 } 162 }
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index c855d0e2a6..db898f507a 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -197,8 +197,7 @@ dtls1_copy_record(SSL *s, pitem *item)
197 197
198 rdata = (DTLS1_RECORD_DATA *)item->data; 198 rdata = (DTLS1_RECORD_DATA *)item->data;
199 199
200 if (s->s3->rbuf.buf != NULL) 200 free(s->s3->rbuf.buf);
201 free(s->s3->rbuf.buf);
202 201
203 s->packet = rdata->packet; 202 s->packet = rdata->packet;
204 s->packet_length = rdata->packet_length; 203 s->packet_length = rdata->packet_length;
@@ -349,8 +348,7 @@ dtls1_get_buffered_record(SSL *s)
349 item = pqueue_pop(s->d1->rcvd_records); 348 item = pqueue_pop(s->d1->rcvd_records);
350 rdata = (DTLS1_RECORD_DATA *)item->data; 349 rdata = (DTLS1_RECORD_DATA *)item->data;
351 350
352 if (s->s3->rbuf.buf != NULL) 351 free(s->s3->rbuf.buf);
353 free(s->s3->rbuf.buf);
354 352
355 s->packet = rdata->packet; 353 s->packet = rdata->packet;
356 s->packet_length = rdata->packet_length; 354 s->packet_length = rdata->packet_length;
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 9dcdd7b998..f1d686b56f 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -719,20 +719,16 @@ ssl3_setup_buffers(SSL *s)
719int 719int
720ssl3_release_write_buffer(SSL *s) 720ssl3_release_write_buffer(SSL *s)
721{ 721{
722 if (s->s3->wbuf.buf != NULL) { 722 free(s->s3->wbuf.buf);
723 free(s->s3->wbuf.buf); 723 s->s3->wbuf.buf = NULL;
724 s->s3->wbuf.buf = NULL;
725 }
726 return 1; 724 return 1;
727} 725}
728 726
729int 727int
730ssl3_release_read_buffer(SSL *s) 728ssl3_release_read_buffer(SSL *s)
731{ 729{
732 if (s->s3->rbuf.buf != NULL) { 730 free(s->s3->rbuf.buf);
733 free(s->s3->rbuf.buf); 731 s->s3->rbuf.buf = NULL;
734 s->s3->rbuf.buf = NULL;
735 }
736 return 1; 732 return 1;
737} 733}
738 734
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 863a05adb3..ffbd83b060 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1292,8 +1292,7 @@ ssl3_get_key_exchange(SSL *s)
1292 */ 1292 */
1293 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) { 1293 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) {
1294 s->session->sess_cert = ssl_sess_cert_new(); 1294 s->session->sess_cert = ssl_sess_cert_new();
1295 if (s->ctx->psk_identity_hint) 1295 free(s->ctx->psk_identity_hint);
1296 free(s->ctx->psk_identity_hint);
1297 s->ctx->psk_identity_hint = NULL; 1296 s->ctx->psk_identity_hint = NULL;
1298 } 1297 }
1299#endif 1298#endif
@@ -1360,8 +1359,7 @@ ssl3_get_key_exchange(SSL *s)
1360 */ 1359 */
1361 memcpy(tmp_id_hint, p, i); 1360 memcpy(tmp_id_hint, p, i);
1362 memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); 1361 memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
1363 if (s->ctx->psk_identity_hint != NULL) 1362 free(s->ctx->psk_identity_hint);
1364 free(s->ctx->psk_identity_hint);
1365 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); 1363 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
1366 if (s->ctx->psk_identity_hint == NULL) { 1364 if (s->ctx->psk_identity_hint == NULL) {
1367 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1365 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
@@ -1952,10 +1950,8 @@ ssl3_get_new_session_ticket(SSL *s)
1952 SSL_R_LENGTH_MISMATCH); 1950 SSL_R_LENGTH_MISMATCH);
1953 goto f_err; 1951 goto f_err;
1954 } 1952 }
1955 if (s->session->tlsext_tick) { 1953 free(s->session->tlsext_tick);
1956 free(s->session->tlsext_tick); 1954 s->session->tlsext_ticklen = 0;
1957 s->session->tlsext_ticklen = 0;
1958 }
1959 s->session->tlsext_tick = malloc(ticklen); 1955 s->session->tlsext_tick = malloc(ticklen);
1960 if (!s->session->tlsext_tick) { 1956 if (!s->session->tlsext_tick) {
1961 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, 1957 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
@@ -2024,8 +2020,7 @@ ssl3_get_cert_status(SSL *s)
2024 SSL_R_LENGTH_MISMATCH); 2020 SSL_R_LENGTH_MISMATCH);
2025 goto f_err; 2021 goto f_err;
2026 } 2022 }
2027 if (s->tlsext_ocsp_resp) 2023 free(s->tlsext_ocsp_resp);
2028 free(s->tlsext_ocsp_resp);
2029 s->tlsext_ocsp_resp = BUF_memdup(p, resplen); 2024 s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
2030 if (!s->tlsext_ocsp_resp) { 2025 if (!s->tlsext_ocsp_resp) {
2031 al = SSL_AD_INTERNAL_ERROR; 2026 al = SSL_AD_INTERNAL_ERROR;
@@ -2399,8 +2394,7 @@ ssl3_send_client_key_exchange(SSL *s)
2399 2394
2400 /* Free allocated memory */ 2395 /* Free allocated memory */
2401 BN_CTX_free(bn_ctx); 2396 BN_CTX_free(bn_ctx);
2402 if (encodedPoint != NULL) 2397 free(encodedPoint);
2403 free(encodedPoint);
2404 if (clnt_ecdh != NULL) 2398 if (clnt_ecdh != NULL)
2405 EC_KEY_free(clnt_ecdh); 2399 EC_KEY_free(clnt_ecdh);
2406 EVP_PKEY_free(srvr_pub_pkey); 2400 EVP_PKEY_free(srvr_pub_pkey);
@@ -2551,8 +2545,7 @@ ssl3_send_client_key_exchange(SSL *s)
2551 t += psk_len; 2545 t += psk_len;
2552 s2n(psk_len, t); 2546 s2n(psk_len, t);
2553 2547
2554 if (s->session->psk_identity_hint != NULL) 2548 free(s->session->psk_identity_hint);
2555 free(s->session->psk_identity_hint);
2556 s->session->psk_identity_hint = 2549 s->session->psk_identity_hint =
2557 BUF_strdup(s->ctx->psk_identity_hint); 2550 BUF_strdup(s->ctx->psk_identity_hint);
2558 if (s->ctx->psk_identity_hint != NULL && 2551 if (s->ctx->psk_identity_hint != NULL &&
@@ -2562,8 +2555,7 @@ ssl3_send_client_key_exchange(SSL *s)
2562 goto psk_err; 2555 goto psk_err;
2563 } 2556 }
2564 2557
2565 if (s->session->psk_identity != NULL) 2558 free(s->session->psk_identity);
2566 free(s->session->psk_identity);
2567 s->session->psk_identity = BUF_strdup(identity); 2559 s->session->psk_identity = BUF_strdup(identity);
2568 if (s->session->psk_identity == NULL) { 2560 if (s->session->psk_identity == NULL) {
2569 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2561 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
@@ -2613,8 +2605,7 @@ ssl3_send_client_key_exchange(SSL *s)
2613 err: 2605 err:
2614#ifndef OPENSSL_NO_ECDH 2606#ifndef OPENSSL_NO_ECDH
2615 BN_CTX_free(bn_ctx); 2607 BN_CTX_free(bn_ctx);
2616 if (encodedPoint != NULL) 2608 free(encodedPoint);
2617 free(encodedPoint);
2618 if (clnt_ecdh != NULL) 2609 if (clnt_ecdh != NULL)
2619 EC_KEY_free(clnt_ecdh); 2610 EC_KEY_free(clnt_ecdh);
2620 EVP_PKEY_free(srvr_pub_pkey); 2611 EVP_PKEY_free(srvr_pub_pkey);
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index d8a186040b..2f4ab38863 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -2332,10 +2332,8 @@ ssl3_free(SSL *s)
2332 return; 2332 return;
2333 2333
2334#ifdef TLSEXT_TYPE_opaque_prf_input 2334#ifdef TLSEXT_TYPE_opaque_prf_input
2335 if (s->s3->client_opaque_prf_input != NULL) 2335 free(s->s3->client_opaque_prf_input);
2336 free(s->s3->client_opaque_prf_input); 2336 free(s->s3->server_opaque_prf_input);
2337 if (s->s3->server_opaque_prf_input != NULL)
2338 free(s->s3->server_opaque_prf_input);
2339#endif 2337#endif
2340 2338
2341 ssl3_cleanup_key_block(s); 2339 ssl3_cleanup_key_block(s);
@@ -2343,8 +2341,7 @@ ssl3_free(SSL *s)
2343 ssl3_release_read_buffer(s); 2341 ssl3_release_read_buffer(s);
2344 if (s->s3->wbuf.buf != NULL) 2342 if (s->s3->wbuf.buf != NULL)
2345 ssl3_release_write_buffer(s); 2343 ssl3_release_write_buffer(s);
2346 if (s->s3->rrec.comp != NULL) 2344 free(s->s3->rrec.comp);
2347 free(s->s3->rrec.comp);
2348#ifndef OPENSSL_NO_DH 2345#ifndef OPENSSL_NO_DH
2349 if (s->s3->tmp.dh != NULL) 2346 if (s->s3->tmp.dh != NULL)
2350 DH_free(s->s3->tmp.dh); 2347 DH_free(s->s3->tmp.dh);
@@ -2374,11 +2371,9 @@ ssl3_clear(SSL *s)
2374 int init_extra; 2371 int init_extra;
2375 2372
2376#ifdef TLSEXT_TYPE_opaque_prf_input 2373#ifdef TLSEXT_TYPE_opaque_prf_input
2377 if (s->s3->client_opaque_prf_input != NULL) 2374 free(s->s3->client_opaque_prf_input);
2378 free(s->s3->client_opaque_prf_input);
2379 s->s3->client_opaque_prf_input = NULL; 2375 s->s3->client_opaque_prf_input = NULL;
2380 if (s->s3->server_opaque_prf_input != NULL) 2376 free(s->s3->server_opaque_prf_input);
2381 free(s->s3->server_opaque_prf_input);
2382 s->s3->server_opaque_prf_input = NULL; 2377 s->s3->server_opaque_prf_input = NULL;
2383#endif 2378#endif
2384 2379
@@ -2386,10 +2381,9 @@ ssl3_clear(SSL *s)
2386 if (s->s3->tmp.ca_names != NULL) 2381 if (s->s3->tmp.ca_names != NULL)
2387 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2382 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2388 2383
2389 if (s->s3->rrec.comp != NULL) { 2384 free(s->s3->rrec.comp);
2390 free(s->s3->rrec.comp); 2385 s->s3->rrec.comp = NULL;
2391 s->s3->rrec.comp = NULL; 2386
2392 }
2393#ifndef OPENSSL_NO_DH 2387#ifndef OPENSSL_NO_DH
2394 if (s->s3->tmp.dh != NULL) { 2388 if (s->s3->tmp.dh != NULL) {
2395 DH_free(s->s3->tmp.dh); 2389 DH_free(s->s3->tmp.dh);
@@ -2437,11 +2431,9 @@ ssl3_clear(SSL *s)
2437 s->version = SSL3_VERSION; 2431 s->version = SSL3_VERSION;
2438 2432
2439#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 2433#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2440 if (s->next_proto_negotiated) { 2434 free(s->next_proto_negotiated);
2441 free(s->next_proto_negotiated); 2435 s->next_proto_negotiated = NULL;
2442 s->next_proto_negotiated = NULL; 2436 s->next_proto_negotiated_len = 0;
2443 s->next_proto_negotiated_len = 0;
2444 }
2445#endif 2437#endif
2446} 2438}
2447 2439
@@ -2589,8 +2581,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2589#ifndef OPENSSL_NO_TLSEXT 2581#ifndef OPENSSL_NO_TLSEXT
2590 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 2582 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2591 if (larg == TLSEXT_NAMETYPE_host_name) { 2583 if (larg == TLSEXT_NAMETYPE_host_name) {
2592 if (s->tlsext_hostname != NULL) 2584 free(s->tlsext_hostname);
2593 free(s->tlsext_hostname);
2594 s->tlsext_hostname = NULL; 2585 s->tlsext_hostname = NULL;
2595 2586
2596 ret = 1; 2587 ret = 1;
@@ -2630,8 +2621,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2630 SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); 2621 SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2631 break; 2622 break;
2632 } 2623 }
2633 if (s->tlsext_opaque_prf_input != NULL) 2624 free(s->tlsext_opaque_prf_input);
2634 free(s->tlsext_opaque_prf_input);
2635 if ((size_t)larg == 0) { 2625 if ((size_t)larg == 0) {
2636 s->tlsext_opaque_prf_input = NULL; 2626 s->tlsext_opaque_prf_input = NULL;
2637 s->tlsext_opaque_prf_input_len = 0; 2627 s->tlsext_opaque_prf_input_len = 0;
@@ -2678,8 +2668,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2678 return s->tlsext_ocsp_resplen; 2668 return s->tlsext_ocsp_resplen;
2679 2669
2680 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 2670 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2681 if (s->tlsext_ocsp_resp) 2671 free(s->tlsext_ocsp_resp);
2682 free(s->tlsext_ocsp_resp);
2683 s->tlsext_ocsp_resp = parg; 2672 s->tlsext_ocsp_resp = parg;
2684 s->tlsext_ocsp_resplen = larg; 2673 s->tlsext_ocsp_resplen = larg;
2685 ret = 1; 2674 ret = 1;
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 521f6a21e8..c16f7bb2ef 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1927,8 +1927,7 @@ f_err:
1927 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1927 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1928err: 1928err:
1929#ifndef OPENSSL_NO_ECDH 1929#ifndef OPENSSL_NO_ECDH
1930 if (encodedPoint != NULL) 1930 free(encodedPoint);
1931 free(encodedPoint);
1932 BN_CTX_free(bn_ctx); 1931 BN_CTX_free(bn_ctx);
1933#endif 1932#endif
1934 EVP_MD_CTX_cleanup(&md_ctx); 1933 EVP_MD_CTX_cleanup(&md_ctx);
@@ -2435,8 +2434,7 @@ ssl3_get_client_key_exchange(SSL *s)
2435 t += psk_len; 2434 t += psk_len;
2436 s2n(psk_len, t); 2435 s2n(psk_len, t);
2437 2436
2438 if (s->session->psk_identity != NULL) 2437 free(s->session->psk_identity);
2439 free(s->session->psk_identity);
2440 s->session->psk_identity = BUF_strdup((char *)p); 2438 s->session->psk_identity = BUF_strdup((char *)p);
2441 if (s->session->psk_identity == NULL) { 2439 if (s->session->psk_identity == NULL) {
2442 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2440 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
@@ -2444,8 +2442,7 @@ ssl3_get_client_key_exchange(SSL *s)
2444 goto psk_err; 2442 goto psk_err;
2445 } 2443 }
2446 2444
2447 if (s->session->psk_identity_hint != NULL) 2445 free(s->session->psk_identity_hint);
2448 free(s->session->psk_identity_hint);
2449 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 2446 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2450 if (s->ctx->psk_identity_hint != NULL && 2447 if (s->ctx->psk_identity_hint != NULL &&
2451 s->session->psk_identity_hint == NULL) { 2448 s->session->psk_identity_hint == NULL) {
diff --git a/src/lib/libssl/src/ssl/bio_ssl.c b/src/lib/libssl/src/ssl/bio_ssl.c
index 5b14ea3824..8ffbe0a67a 100644
--- a/src/lib/libssl/src/ssl/bio_ssl.c
+++ b/src/lib/libssl/src/ssl/bio_ssl.c
@@ -132,8 +132,7 @@ ssl_free(BIO *a)
132 a->init = 0; 132 a->init = 0;
133 a->flags = 0; 133 a->flags = 0;
134 } 134 }
135 if (a->ptr != NULL) 135 free(a->ptr);
136 free(a->ptr);
137 return (1); 136 return (1);
138} 137}
139 138
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index 0e32825695..59987bc1d8 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -200,8 +200,7 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
200 if (reassembly) { 200 if (reassembly) {
201 bitmask = malloc(RSMBLY_BITMASK_SIZE(frag_len)); 201 bitmask = malloc(RSMBLY_BITMASK_SIZE(frag_len));
202 if (bitmask == NULL) { 202 if (bitmask == NULL) {
203 if (buf != NULL) 203 free(buf);
204 free(buf);
205 free(frag); 204 free(frag);
206 return NULL; 205 return NULL;
207 } 206 }
@@ -223,10 +222,8 @@ dtls1_hm_fragment_free(hm_fragment *frag)
223 EVP_MD_CTX_destroy( 222 EVP_MD_CTX_destroy(
224 frag->msg_header.saved_retransmit_state.write_hash); 223 frag->msg_header.saved_retransmit_state.write_hash);
225 } 224 }
226 if (frag->fragment) 225 free(frag->fragment);
227 free(frag->fragment); 226 free(frag->reassembly);
228 if (frag->reassembly)
229 free(frag->reassembly);
230 free(frag); 227 free(frag);
231} 228}
232 229
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 8f304a75ff..d82b099e08 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1231,8 +1231,7 @@ dtls1_send_client_key_exchange(SSL *s)
1231 1231
1232 /* Free allocated memory */ 1232 /* Free allocated memory */
1233 BN_CTX_free(bn_ctx); 1233 BN_CTX_free(bn_ctx);
1234 if (encodedPoint != NULL) 1234 free(encodedPoint);
1235 free(encodedPoint);
1236 if (clnt_ecdh != NULL) 1235 if (clnt_ecdh != NULL)
1237 EC_KEY_free(clnt_ecdh); 1236 EC_KEY_free(clnt_ecdh);
1238 EVP_PKEY_free(srvr_pub_pkey); 1237 EVP_PKEY_free(srvr_pub_pkey);
@@ -1277,9 +1276,9 @@ dtls1_send_client_key_exchange(SSL *s)
1277 t += psk_len; 1276 t += psk_len;
1278 s2n(psk_len, t); 1277 s2n(psk_len, t);
1279 1278
1280 if (s->session->psk_identity_hint != NULL) 1279 free(s->session->psk_identity_hint);
1281 free(s->session->psk_identity_hint); 1280 s->session->psk_identity_hint =
1282 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 1281 BUF_strdup(s->ctx->psk_identity_hint);
1283 if (s->ctx->psk_identity_hint != NULL && 1282 if (s->ctx->psk_identity_hint != NULL &&
1284 s->session->psk_identity_hint == NULL) { 1283 s->session->psk_identity_hint == NULL) {
1285 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1284 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
@@ -1287,8 +1286,7 @@ dtls1_send_client_key_exchange(SSL *s)
1287 goto psk_err; 1286 goto psk_err;
1288 } 1287 }
1289 1288
1290 if (s->session->psk_identity != NULL) 1289 free(s->session->psk_identity);
1291 free(s->session->psk_identity);
1292 s->session->psk_identity = BUF_strdup(identity); 1290 s->session->psk_identity = BUF_strdup(identity);
1293 if (s->session->psk_identity == NULL) { 1291 if (s->session->psk_identity == NULL) {
1294 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 1292 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
@@ -1344,8 +1342,7 @@ psk_err:
1344err: 1342err:
1345#ifndef OPENSSL_NO_ECDH 1343#ifndef OPENSSL_NO_ECDH
1346 BN_CTX_free(bn_ctx); 1344 BN_CTX_free(bn_ctx);
1347 if (encodedPoint != NULL) 1345 free(encodedPoint);
1348 free(encodedPoint);
1349 if (clnt_ecdh != NULL) 1346 if (clnt_ecdh != NULL)
1350 EC_KEY_free(clnt_ecdh); 1347 EC_KEY_free(clnt_ecdh);
1351 EVP_PKEY_free(srvr_pub_pkey); 1348 EVP_PKEY_free(srvr_pub_pkey);
diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c
index f0b9c1920a..87bc9b68c6 100644
--- a/src/lib/libssl/src/ssl/d1_lib.c
+++ b/src/lib/libssl/src/ssl/d1_lib.c
@@ -149,18 +149,14 @@ dtls1_clear_queues(SSL *s)
149 149
150 while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) { 150 while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
151 rdata = (DTLS1_RECORD_DATA *) item->data; 151 rdata = (DTLS1_RECORD_DATA *) item->data;
152 if (rdata->rbuf.buf) { 152 free(rdata->rbuf.buf);
153 free(rdata->rbuf.buf);
154 }
155 free(item->data); 153 free(item->data);
156 pitem_free(item); 154 pitem_free(item);
157 } 155 }
158 156
159 while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) { 157 while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {
160 rdata = (DTLS1_RECORD_DATA *) item->data; 158 rdata = (DTLS1_RECORD_DATA *) item->data;
161 if (rdata->rbuf.buf) { 159 free(rdata->rbuf.buf);
162 free(rdata->rbuf.buf);
163 }
164 free(item->data); 160 free(item->data);
165 pitem_free(item); 161 pitem_free(item);
166 } 162 }
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index c855d0e2a6..db898f507a 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -197,8 +197,7 @@ dtls1_copy_record(SSL *s, pitem *item)
197 197
198 rdata = (DTLS1_RECORD_DATA *)item->data; 198 rdata = (DTLS1_RECORD_DATA *)item->data;
199 199
200 if (s->s3->rbuf.buf != NULL) 200 free(s->s3->rbuf.buf);
201 free(s->s3->rbuf.buf);
202 201
203 s->packet = rdata->packet; 202 s->packet = rdata->packet;
204 s->packet_length = rdata->packet_length; 203 s->packet_length = rdata->packet_length;
@@ -349,8 +348,7 @@ dtls1_get_buffered_record(SSL *s)
349 item = pqueue_pop(s->d1->rcvd_records); 348 item = pqueue_pop(s->d1->rcvd_records);
350 rdata = (DTLS1_RECORD_DATA *)item->data; 349 rdata = (DTLS1_RECORD_DATA *)item->data;
351 350
352 if (s->s3->rbuf.buf != NULL) 351 free(s->s3->rbuf.buf);
353 free(s->s3->rbuf.buf);
354 352
355 s->packet = rdata->packet; 353 s->packet = rdata->packet;
356 s->packet_length = rdata->packet_length; 354 s->packet_length = rdata->packet_length;
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index 9dcdd7b998..f1d686b56f 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -719,20 +719,16 @@ ssl3_setup_buffers(SSL *s)
719int 719int
720ssl3_release_write_buffer(SSL *s) 720ssl3_release_write_buffer(SSL *s)
721{ 721{
722 if (s->s3->wbuf.buf != NULL) { 722 free(s->s3->wbuf.buf);
723 free(s->s3->wbuf.buf); 723 s->s3->wbuf.buf = NULL;
724 s->s3->wbuf.buf = NULL;
725 }
726 return 1; 724 return 1;
727} 725}
728 726
729int 727int
730ssl3_release_read_buffer(SSL *s) 728ssl3_release_read_buffer(SSL *s)
731{ 729{
732 if (s->s3->rbuf.buf != NULL) { 730 free(s->s3->rbuf.buf);
733 free(s->s3->rbuf.buf); 731 s->s3->rbuf.buf = NULL;
734 s->s3->rbuf.buf = NULL;
735 }
736 return 1; 732 return 1;
737} 733}
738 734
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 863a05adb3..ffbd83b060 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1292,8 +1292,7 @@ ssl3_get_key_exchange(SSL *s)
1292 */ 1292 */
1293 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) { 1293 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) {
1294 s->session->sess_cert = ssl_sess_cert_new(); 1294 s->session->sess_cert = ssl_sess_cert_new();
1295 if (s->ctx->psk_identity_hint) 1295 free(s->ctx->psk_identity_hint);
1296 free(s->ctx->psk_identity_hint);
1297 s->ctx->psk_identity_hint = NULL; 1296 s->ctx->psk_identity_hint = NULL;
1298 } 1297 }
1299#endif 1298#endif
@@ -1360,8 +1359,7 @@ ssl3_get_key_exchange(SSL *s)
1360 */ 1359 */
1361 memcpy(tmp_id_hint, p, i); 1360 memcpy(tmp_id_hint, p, i);
1362 memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); 1361 memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
1363 if (s->ctx->psk_identity_hint != NULL) 1362 free(s->ctx->psk_identity_hint);
1364 free(s->ctx->psk_identity_hint);
1365 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); 1363 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
1366 if (s->ctx->psk_identity_hint == NULL) { 1364 if (s->ctx->psk_identity_hint == NULL) {
1367 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1365 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
@@ -1952,10 +1950,8 @@ ssl3_get_new_session_ticket(SSL *s)
1952 SSL_R_LENGTH_MISMATCH); 1950 SSL_R_LENGTH_MISMATCH);
1953 goto f_err; 1951 goto f_err;
1954 } 1952 }
1955 if (s->session->tlsext_tick) { 1953 free(s->session->tlsext_tick);
1956 free(s->session->tlsext_tick); 1954 s->session->tlsext_ticklen = 0;
1957 s->session->tlsext_ticklen = 0;
1958 }
1959 s->session->tlsext_tick = malloc(ticklen); 1955 s->session->tlsext_tick = malloc(ticklen);
1960 if (!s->session->tlsext_tick) { 1956 if (!s->session->tlsext_tick) {
1961 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, 1957 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
@@ -2024,8 +2020,7 @@ ssl3_get_cert_status(SSL *s)
2024 SSL_R_LENGTH_MISMATCH); 2020 SSL_R_LENGTH_MISMATCH);
2025 goto f_err; 2021 goto f_err;
2026 } 2022 }
2027 if (s->tlsext_ocsp_resp) 2023 free(s->tlsext_ocsp_resp);
2028 free(s->tlsext_ocsp_resp);
2029 s->tlsext_ocsp_resp = BUF_memdup(p, resplen); 2024 s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
2030 if (!s->tlsext_ocsp_resp) { 2025 if (!s->tlsext_ocsp_resp) {
2031 al = SSL_AD_INTERNAL_ERROR; 2026 al = SSL_AD_INTERNAL_ERROR;
@@ -2399,8 +2394,7 @@ ssl3_send_client_key_exchange(SSL *s)
2399 2394
2400 /* Free allocated memory */ 2395 /* Free allocated memory */
2401 BN_CTX_free(bn_ctx); 2396 BN_CTX_free(bn_ctx);
2402 if (encodedPoint != NULL) 2397 free(encodedPoint);
2403 free(encodedPoint);
2404 if (clnt_ecdh != NULL) 2398 if (clnt_ecdh != NULL)
2405 EC_KEY_free(clnt_ecdh); 2399 EC_KEY_free(clnt_ecdh);
2406 EVP_PKEY_free(srvr_pub_pkey); 2400 EVP_PKEY_free(srvr_pub_pkey);
@@ -2551,8 +2545,7 @@ ssl3_send_client_key_exchange(SSL *s)
2551 t += psk_len; 2545 t += psk_len;
2552 s2n(psk_len, t); 2546 s2n(psk_len, t);
2553 2547
2554 if (s->session->psk_identity_hint != NULL) 2548 free(s->session->psk_identity_hint);
2555 free(s->session->psk_identity_hint);
2556 s->session->psk_identity_hint = 2549 s->session->psk_identity_hint =
2557 BUF_strdup(s->ctx->psk_identity_hint); 2550 BUF_strdup(s->ctx->psk_identity_hint);
2558 if (s->ctx->psk_identity_hint != NULL && 2551 if (s->ctx->psk_identity_hint != NULL &&
@@ -2562,8 +2555,7 @@ ssl3_send_client_key_exchange(SSL *s)
2562 goto psk_err; 2555 goto psk_err;
2563 } 2556 }
2564 2557
2565 if (s->session->psk_identity != NULL) 2558 free(s->session->psk_identity);
2566 free(s->session->psk_identity);
2567 s->session->psk_identity = BUF_strdup(identity); 2559 s->session->psk_identity = BUF_strdup(identity);
2568 if (s->session->psk_identity == NULL) { 2560 if (s->session->psk_identity == NULL) {
2569 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2561 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
@@ -2613,8 +2605,7 @@ ssl3_send_client_key_exchange(SSL *s)
2613 err: 2605 err:
2614#ifndef OPENSSL_NO_ECDH 2606#ifndef OPENSSL_NO_ECDH
2615 BN_CTX_free(bn_ctx); 2607 BN_CTX_free(bn_ctx);
2616 if (encodedPoint != NULL) 2608 free(encodedPoint);
2617 free(encodedPoint);
2618 if (clnt_ecdh != NULL) 2609 if (clnt_ecdh != NULL)
2619 EC_KEY_free(clnt_ecdh); 2610 EC_KEY_free(clnt_ecdh);
2620 EVP_PKEY_free(srvr_pub_pkey); 2611 EVP_PKEY_free(srvr_pub_pkey);
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index d8a186040b..2f4ab38863 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -2332,10 +2332,8 @@ ssl3_free(SSL *s)
2332 return; 2332 return;
2333 2333
2334#ifdef TLSEXT_TYPE_opaque_prf_input 2334#ifdef TLSEXT_TYPE_opaque_prf_input
2335 if (s->s3->client_opaque_prf_input != NULL) 2335 free(s->s3->client_opaque_prf_input);
2336 free(s->s3->client_opaque_prf_input); 2336 free(s->s3->server_opaque_prf_input);
2337 if (s->s3->server_opaque_prf_input != NULL)
2338 free(s->s3->server_opaque_prf_input);
2339#endif 2337#endif
2340 2338
2341 ssl3_cleanup_key_block(s); 2339 ssl3_cleanup_key_block(s);
@@ -2343,8 +2341,7 @@ ssl3_free(SSL *s)
2343 ssl3_release_read_buffer(s); 2341 ssl3_release_read_buffer(s);
2344 if (s->s3->wbuf.buf != NULL) 2342 if (s->s3->wbuf.buf != NULL)
2345 ssl3_release_write_buffer(s); 2343 ssl3_release_write_buffer(s);
2346 if (s->s3->rrec.comp != NULL) 2344 free(s->s3->rrec.comp);
2347 free(s->s3->rrec.comp);
2348#ifndef OPENSSL_NO_DH 2345#ifndef OPENSSL_NO_DH
2349 if (s->s3->tmp.dh != NULL) 2346 if (s->s3->tmp.dh != NULL)
2350 DH_free(s->s3->tmp.dh); 2347 DH_free(s->s3->tmp.dh);
@@ -2374,11 +2371,9 @@ ssl3_clear(SSL *s)
2374 int init_extra; 2371 int init_extra;
2375 2372
2376#ifdef TLSEXT_TYPE_opaque_prf_input 2373#ifdef TLSEXT_TYPE_opaque_prf_input
2377 if (s->s3->client_opaque_prf_input != NULL) 2374 free(s->s3->client_opaque_prf_input);
2378 free(s->s3->client_opaque_prf_input);
2379 s->s3->client_opaque_prf_input = NULL; 2375 s->s3->client_opaque_prf_input = NULL;
2380 if (s->s3->server_opaque_prf_input != NULL) 2376 free(s->s3->server_opaque_prf_input);
2381 free(s->s3->server_opaque_prf_input);
2382 s->s3->server_opaque_prf_input = NULL; 2377 s->s3->server_opaque_prf_input = NULL;
2383#endif 2378#endif
2384 2379
@@ -2386,10 +2381,9 @@ ssl3_clear(SSL *s)
2386 if (s->s3->tmp.ca_names != NULL) 2381 if (s->s3->tmp.ca_names != NULL)
2387 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2382 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2388 2383
2389 if (s->s3->rrec.comp != NULL) { 2384 free(s->s3->rrec.comp);
2390 free(s->s3->rrec.comp); 2385 s->s3->rrec.comp = NULL;
2391 s->s3->rrec.comp = NULL; 2386
2392 }
2393#ifndef OPENSSL_NO_DH 2387#ifndef OPENSSL_NO_DH
2394 if (s->s3->tmp.dh != NULL) { 2388 if (s->s3->tmp.dh != NULL) {
2395 DH_free(s->s3->tmp.dh); 2389 DH_free(s->s3->tmp.dh);
@@ -2437,11 +2431,9 @@ ssl3_clear(SSL *s)
2437 s->version = SSL3_VERSION; 2431 s->version = SSL3_VERSION;
2438 2432
2439#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 2433#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2440 if (s->next_proto_negotiated) { 2434 free(s->next_proto_negotiated);
2441 free(s->next_proto_negotiated); 2435 s->next_proto_negotiated = NULL;
2442 s->next_proto_negotiated = NULL; 2436 s->next_proto_negotiated_len = 0;
2443 s->next_proto_negotiated_len = 0;
2444 }
2445#endif 2437#endif
2446} 2438}
2447 2439
@@ -2589,8 +2581,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2589#ifndef OPENSSL_NO_TLSEXT 2581#ifndef OPENSSL_NO_TLSEXT
2590 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 2582 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2591 if (larg == TLSEXT_NAMETYPE_host_name) { 2583 if (larg == TLSEXT_NAMETYPE_host_name) {
2592 if (s->tlsext_hostname != NULL) 2584 free(s->tlsext_hostname);
2593 free(s->tlsext_hostname);
2594 s->tlsext_hostname = NULL; 2585 s->tlsext_hostname = NULL;
2595 2586
2596 ret = 1; 2587 ret = 1;
@@ -2630,8 +2621,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2630 SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); 2621 SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2631 break; 2622 break;
2632 } 2623 }
2633 if (s->tlsext_opaque_prf_input != NULL) 2624 free(s->tlsext_opaque_prf_input);
2634 free(s->tlsext_opaque_prf_input);
2635 if ((size_t)larg == 0) { 2625 if ((size_t)larg == 0) {
2636 s->tlsext_opaque_prf_input = NULL; 2626 s->tlsext_opaque_prf_input = NULL;
2637 s->tlsext_opaque_prf_input_len = 0; 2627 s->tlsext_opaque_prf_input_len = 0;
@@ -2678,8 +2668,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2678 return s->tlsext_ocsp_resplen; 2668 return s->tlsext_ocsp_resplen;
2679 2669
2680 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: 2670 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2681 if (s->tlsext_ocsp_resp) 2671 free(s->tlsext_ocsp_resp);
2682 free(s->tlsext_ocsp_resp);
2683 s->tlsext_ocsp_resp = parg; 2672 s->tlsext_ocsp_resp = parg;
2684 s->tlsext_ocsp_resplen = larg; 2673 s->tlsext_ocsp_resplen = larg;
2685 ret = 1; 2674 ret = 1;
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 521f6a21e8..c16f7bb2ef 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1927,8 +1927,7 @@ f_err:
1927 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1927 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1928err: 1928err:
1929#ifndef OPENSSL_NO_ECDH 1929#ifndef OPENSSL_NO_ECDH
1930 if (encodedPoint != NULL) 1930 free(encodedPoint);
1931 free(encodedPoint);
1932 BN_CTX_free(bn_ctx); 1931 BN_CTX_free(bn_ctx);
1933#endif 1932#endif
1934 EVP_MD_CTX_cleanup(&md_ctx); 1933 EVP_MD_CTX_cleanup(&md_ctx);
@@ -2435,8 +2434,7 @@ ssl3_get_client_key_exchange(SSL *s)
2435 t += psk_len; 2434 t += psk_len;
2436 s2n(psk_len, t); 2435 s2n(psk_len, t);
2437 2436
2438 if (s->session->psk_identity != NULL) 2437 free(s->session->psk_identity);
2439 free(s->session->psk_identity);
2440 s->session->psk_identity = BUF_strdup((char *)p); 2438 s->session->psk_identity = BUF_strdup((char *)p);
2441 if (s->session->psk_identity == NULL) { 2439 if (s->session->psk_identity == NULL) {
2442 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2440 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
@@ -2444,8 +2442,7 @@ ssl3_get_client_key_exchange(SSL *s)
2444 goto psk_err; 2442 goto psk_err;
2445 } 2443 }
2446 2444
2447 if (s->session->psk_identity_hint != NULL) 2445 free(s->session->psk_identity_hint);
2448 free(s->session->psk_identity_hint);
2449 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 2446 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2450 if (s->ctx->psk_identity_hint != NULL && 2447 if (s->ctx->psk_identity_hint != NULL &&
2451 s->session->psk_identity_hint == NULL) { 2448 s->session->psk_identity_hint == NULL) {
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index e607060d42..bf98354294 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -549,25 +549,20 @@ SSL_free(SSL *s)
549 /* Free up if allocated */ 549 /* Free up if allocated */
550 550
551#ifndef OPENSSL_NO_TLSEXT 551#ifndef OPENSSL_NO_TLSEXT
552 if (s->tlsext_hostname) 552 free(s->tlsext_hostname);
553 free(s->tlsext_hostname);
554 if (s->initial_ctx) 553 if (s->initial_ctx)
555 SSL_CTX_free(s->initial_ctx); 554 SSL_CTX_free(s->initial_ctx);
556#ifndef OPENSSL_NO_EC 555#ifndef OPENSSL_NO_EC
557 if (s->tlsext_ecpointformatlist) 556 free(s->tlsext_ecpointformatlist);
558 free(s->tlsext_ecpointformatlist); 557 free(s->tlsext_ellipticcurvelist);
559 if (s->tlsext_ellipticcurvelist)
560 free(s->tlsext_ellipticcurvelist);
561#endif /* OPENSSL_NO_EC */ 558#endif /* OPENSSL_NO_EC */
562 if (s->tlsext_opaque_prf_input) 559 free(s->tlsext_opaque_prf_input);
563 free(s->tlsext_opaque_prf_input);
564 if (s->tlsext_ocsp_exts) 560 if (s->tlsext_ocsp_exts)
565 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, 561 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
566 X509_EXTENSION_free); 562 X509_EXTENSION_free);
567 if (s->tlsext_ocsp_ids) 563 if (s->tlsext_ocsp_ids)
568 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); 564 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
569 if (s->tlsext_ocsp_resp) 565 free(s->tlsext_ocsp_resp);
570 free(s->tlsext_ocsp_resp);
571#endif 566#endif
572 567
573 if (s->client_CA != NULL) 568 if (s->client_CA != NULL)
@@ -581,8 +576,7 @@ SSL_free(SSL *s)
581 576
582 577
583#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 578#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
584 if (s->next_proto_negotiated) 579 free(s->next_proto_negotiated);
585 free(s->next_proto_negotiated);
586#endif 580#endif
587 581
588#ifndef OPENSSL_NO_SRTP 582#ifndef OPENSSL_NO_SRTP
@@ -1893,7 +1887,8 @@ SSL_CTX_new(const SSL_METHOD *meth)
1893#if 0 1887#if 0
1894static void 1888static void
1895SSL_COMP_free(SSL_COMP *comp) 1889SSL_COMP_free(SSL_COMP *comp)
1896 { free(comp); 1890{
1891 free(comp);
1897} 1892}
1898#endif 1893#endif
1899 1894
@@ -1954,8 +1949,7 @@ SSL_CTX_free(SSL_CTX *a)
1954#endif 1949#endif
1955 1950
1956#ifndef OPENSSL_NO_PSK 1951#ifndef OPENSSL_NO_PSK
1957 if (a->psk_identity_hint) 1952 free(a->psk_identity_hint);
1958 free(a->psk_identity_hint);
1959#endif 1953#endif
1960#ifndef OPENSSL_NO_ENGINE 1954#ifndef OPENSSL_NO_ENGINE
1961 if (a->client_cert_engine) 1955 if (a->client_cert_engine)
@@ -3129,8 +3123,7 @@ SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
3129 SSL_R_DATA_LENGTH_TOO_LONG); 3123 SSL_R_DATA_LENGTH_TOO_LONG);
3130 return (0); 3124 return (0);
3131 } 3125 }
3132 if (ctx->psk_identity_hint != NULL) 3126 free(ctx->psk_identity_hint);
3133 free(ctx->psk_identity_hint);
3134 if (identity_hint != NULL) { 3127 if (identity_hint != NULL) {
3135 ctx->psk_identity_hint = BUF_strdup(identity_hint); 3128 ctx->psk_identity_hint = BUF_strdup(identity_hint);
3136 if (ctx->psk_identity_hint == NULL) 3129 if (ctx->psk_identity_hint == NULL)
@@ -3155,8 +3148,7 @@ SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
3155 SSL_R_DATA_LENGTH_TOO_LONG); 3148 SSL_R_DATA_LENGTH_TOO_LONG);
3156 return (0); 3149 return (0);
3157 } 3150 }
3158 if (s->session->psk_identity_hint != NULL) 3151 free(s->session->psk_identity_hint);
3159 free(s->session->psk_identity_hint);
3160 if (identity_hint != NULL) { 3152 if (identity_hint != NULL) {
3161 s->session->psk_identity_hint = BUF_strdup(identity_hint); 3153 s->session->psk_identity_hint = BUF_strdup(identity_hint);
3162 if (s->session->psk_identity_hint == NULL) 3154 if (s->session->psk_identity_hint == NULL)
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 05c6948efc..632d6a6860 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -366,8 +366,7 @@ ssl_get_new_session(SSL *s, int session)
366 } 366 }
367#ifndef OPENSSL_NO_EC 367#ifndef OPENSSL_NO_EC
368 if (s->tlsext_ecpointformatlist) { 368 if (s->tlsext_ecpointformatlist) {
369 if (ss->tlsext_ecpointformatlist != NULL) 369 free(ss->tlsext_ecpointformatlist);
370 free(ss->tlsext_ecpointformatlist);
371 if ((ss->tlsext_ecpointformatlist = malloc(s->tlsext_ecpointformatlist_length)) == NULL) { 370 if ((ss->tlsext_ecpointformatlist = malloc(s->tlsext_ecpointformatlist_length)) == NULL) {
372 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); 371 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
373 SSL_SESSION_free(ss); 372 SSL_SESSION_free(ss);
@@ -377,8 +376,7 @@ ssl_get_new_session(SSL *s, int session)
377 memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); 376 memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
378 } 377 }
379 if (s->tlsext_ellipticcurvelist) { 378 if (s->tlsext_ellipticcurvelist) {
380 if (ss->tlsext_ellipticcurvelist != NULL) 379 free(ss->tlsext_ellipticcurvelist);
381 free(ss->tlsext_ellipticcurvelist);
382 if ((ss->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { 380 if ((ss->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
383 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); 381 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
384 SSL_SESSION_free(ss); 382 SSL_SESSION_free(ss);
@@ -704,24 +702,18 @@ SSL_SESSION_free(SSL_SESSION *ss)
704 if (ss->ciphers != NULL) 702 if (ss->ciphers != NULL)
705 sk_SSL_CIPHER_free(ss->ciphers); 703 sk_SSL_CIPHER_free(ss->ciphers);
706#ifndef OPENSSL_NO_TLSEXT 704#ifndef OPENSSL_NO_TLSEXT
707 if (ss->tlsext_hostname != NULL) 705 free(ss->tlsext_hostname);
708 free(ss->tlsext_hostname); 706 free(ss->tlsext_tick);
709 if (ss->tlsext_tick != NULL)
710 free(ss->tlsext_tick);
711#ifndef OPENSSL_NO_EC 707#ifndef OPENSSL_NO_EC
712 ss->tlsext_ecpointformatlist_length = 0; 708 ss->tlsext_ecpointformatlist_length = 0;
713 if (ss->tlsext_ecpointformatlist != NULL) 709 free(ss->tlsext_ecpointformatlist);
714 free(ss->tlsext_ecpointformatlist);
715 ss->tlsext_ellipticcurvelist_length = 0; 710 ss->tlsext_ellipticcurvelist_length = 0;
716 if (ss->tlsext_ellipticcurvelist != NULL) 711 free(ss->tlsext_ellipticcurvelist);
717 free(ss->tlsext_ellipticcurvelist);
718#endif /* OPENSSL_NO_EC */ 712#endif /* OPENSSL_NO_EC */
719#endif 713#endif
720#ifndef OPENSSL_NO_PSK 714#ifndef OPENSSL_NO_PSK
721 if (ss->psk_identity_hint != NULL) 715 free(ss->psk_identity_hint);
722 free(ss->psk_identity_hint); 716 free(ss->psk_identity);
723 if (ss->psk_identity != NULL)
724 free(ss->psk_identity);
725#endif 717#endif
726 OPENSSL_cleanse(ss, sizeof(*ss)); 718 OPENSSL_cleanse(ss, sizeof(*ss));
727 free(ss); 719 free(ss);
@@ -874,11 +866,7 @@ int
874SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) 866SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
875{ 867{
876 if (s->version >= TLS1_VERSION) { 868 if (s->version >= TLS1_VERSION) {
877 if (s->tlsext_session_ticket) { 869 free(s->tlsext_session_ticket);
878 free(s->tlsext_session_ticket);
879 s->tlsext_session_ticket = NULL;
880 }
881
882 s->tlsext_session_ticket = malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); 870 s->tlsext_session_ticket = malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
883 if (!s->tlsext_session_ticket) { 871 if (!s->tlsext_session_ticket) {
884 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); 872 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index a9be8bdb4c..7b4afa4d27 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -1019,10 +1019,8 @@ err2:
1019 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE); 1019 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
1020 rv = 0; 1020 rv = 0;
1021ret: 1021ret:
1022 if (buff != NULL) 1022 free(buff);
1023 free(buff); 1023 free(val);
1024 if (val != NULL)
1025 free(val);
1026 return (rv); 1024 return (rv);
1027} 1025}
1028 1026
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index c45708bf78..205c2558fb 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -163,9 +163,7 @@ void
163tls1_free(SSL *s) 163tls1_free(SSL *s)
164{ 164{
165#ifndef OPENSSL_NO_TLSEXT 165#ifndef OPENSSL_NO_TLSEXT
166 if (s->tlsext_session_ticket) { 166 free(s->tlsext_session_ticket);
167 free(s->tlsext_session_ticket);
168 }
169#endif /* OPENSSL_NO_TLSEXT */ 167#endif /* OPENSSL_NO_TLSEXT */
170 ssl3_free(s); 168 ssl3_free(s);
171} 169}
@@ -1082,10 +1080,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1082 return 0; 1080 return 0;
1083 } 1081 }
1084 if (!s->hit) { 1082 if (!s->hit) {
1085 if (s->session->tlsext_ecpointformatlist) { 1083 free(s->session->tlsext_ecpointformatlist);
1086 free(s->session->tlsext_ecpointformatlist);
1087 s->session->tlsext_ecpointformatlist = NULL;
1088 }
1089 s->session->tlsext_ecpointformatlist_length = 0; 1084 s->session->tlsext_ecpointformatlist_length = 0;
1090 if ((s->session->tlsext_ecpointformatlist = 1085 if ((s->session->tlsext_ecpointformatlist =
1091 malloc(ecpointformatlist_length)) == NULL) { 1086 malloc(ecpointformatlist_length)) == NULL) {
@@ -1151,8 +1146,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1151 return 0; 1146 return 0;
1152 } 1147 }
1153 1148
1154 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ 1149 free(s->s3->client_opaque_prf_input);
1155 free(s->s3->client_opaque_prf_input); 1150
1156 if (s->s3->client_opaque_prf_input_len == 0) 1151 if (s->s3->client_opaque_prf_input_len == 0)
1157 s->s3->client_opaque_prf_input = NULL; 1152 s->s3->client_opaque_prf_input = NULL;
1158 else { 1153 else {
@@ -1413,8 +1408,8 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1413 return 0; 1408 return 0;
1414 } 1409 }
1415 s->session->tlsext_ecpointformatlist_length = 0; 1410 s->session->tlsext_ecpointformatlist_length = 0;
1416 if (s->session->tlsext_ecpointformatlist != NULL) 1411
1417 free(s->session->tlsext_ecpointformatlist); 1412 free(s->session->tlsext_ecpointformatlist);
1418 if ((s->session->tlsext_ecpointformatlist = 1413 if ((s->session->tlsext_ecpointformatlist =
1419 malloc(ecpointformatlist_length)) == NULL) { 1414 malloc(ecpointformatlist_length)) == NULL) {
1420 *al = TLS1_AD_INTERNAL_ERROR; 1415 *al = TLS1_AD_INTERNAL_ERROR;
@@ -1458,14 +1453,13 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1458 return 0; 1453 return 0;
1459 } 1454 }
1460 1455
1461 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ 1456 free(s->s3->server_opaque_prf_input);
1462 free(s->s3->server_opaque_prf_input); 1457 s->s3->server_opaque_prf_input = NULL;
1463 if (s->s3->server_opaque_prf_input_len == 0) 1458
1464 s->s3->server_opaque_prf_input = NULL; 1459 if (s->s3->server_opaque_prf_input_len != 0)
1465 else {
1466 s->s3->server_opaque_prf_input = 1460 s->s3->server_opaque_prf_input =
1467 BUF_memdup(sdata, 1461 BUF_memdup(sdata,
1468 s->s3->server_opaque_prf_input_len); 1462 s->s3->server_opaque_prf_input_len);
1469 if (s->s3->server_opaque_prf_input == NULL) { 1463 if (s->s3->server_opaque_prf_input == NULL) {
1470 *al = TLS1_AD_INTERNAL_ERROR; 1464 *al = TLS1_AD_INTERNAL_ERROR;
1471 return 0; 1465 return 0;
@@ -1600,8 +1594,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1600 } 1594 }
1601 using_ecc = using_ecc && (s->version >= TLS1_VERSION); 1595 using_ecc = using_ecc && (s->version >= TLS1_VERSION);
1602 if (using_ecc) { 1596 if (using_ecc) {
1603 if (s->tlsext_ecpointformatlist != NULL) 1597 free(s->tlsext_ecpointformatlist);
1604 free(s->tlsext_ecpointformatlist);
1605 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { 1598 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
1606 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, 1599 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
1607 ERR_R_MALLOC_FAILURE); 1600 ERR_R_MALLOC_FAILURE);
@@ -1613,8 +1606,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1613 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1606 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1614 1607
1615 /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ 1608 /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
1616 if (s->tlsext_ellipticcurvelist != NULL) 1609 free(s->tlsext_ellipticcurvelist);
1617 free(s->tlsext_ellipticcurvelist);
1618 s->tlsext_ellipticcurvelist_length = sizeof(pref_list) / sizeof(pref_list[0]) * 2; 1610 s->tlsext_ellipticcurvelist_length = sizeof(pref_list) / sizeof(pref_list[0]) * 2;
1619 if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { 1611 if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
1620 s->tlsext_ellipticcurvelist_length = 0; 1612 s->tlsext_ellipticcurvelist_length = 0;
@@ -1640,9 +1632,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1640 } 1632 }
1641 1633
1642 if (s->tlsext_opaque_prf_input != NULL) { 1634 if (s->tlsext_opaque_prf_input != NULL) {
1643 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ 1635 free(s->s3->client_opaque_prf_input);
1644 free(s->s3->client_opaque_prf_input);
1645
1646 if (s->tlsext_opaque_prf_input_len == 0) 1636 if (s->tlsext_opaque_prf_input_len == 0)
1647 s->s3->client_opaque_prf_input = NULL; 1637 s->s3->client_opaque_prf_input = NULL;
1648 else { 1638 else {
@@ -1684,8 +1674,7 @@ ssl_prepare_serverhello_tlsext(SSL *s)
1684 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); 1674 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
1685 1675
1686 if (using_ecc) { 1676 if (using_ecc) {
1687 if (s->tlsext_ecpointformatlist != NULL) 1677 free(s->tlsext_ecpointformatlist);
1688 free(s->tlsext_ecpointformatlist);
1689 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { 1678 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
1690 SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); 1679 SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
1691 return -1; 1680 return -1;
@@ -1738,8 +1727,7 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1738 } 1727 }
1739 } 1728 }
1740 1729
1741 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ 1730 free(s->s3->server_opaque_prf_input);
1742 free(s->s3->server_opaque_prf_input);
1743 s->s3->server_opaque_prf_input = NULL; 1731 s->s3->server_opaque_prf_input = NULL;
1744 1732
1745 if (s->tlsext_opaque_prf_input != NULL) { 1733 if (s->tlsext_opaque_prf_input != NULL) {
@@ -1922,10 +1910,8 @@ ssl_check_serverhello_tlsext(SSL *s)
1922 /* Set resp to NULL, resplen to -1 so callback knows 1910 /* Set resp to NULL, resplen to -1 so callback knows
1923 * there is no response. 1911 * there is no response.
1924 */ 1912 */
1925 if (s->tlsext_ocsp_resp) { 1913 free(s->tlsext_ocsp_resp);
1926 free(s->tlsext_ocsp_resp); 1914 s->tlsext_ocsp_resp = NULL;
1927 s->tlsext_ocsp_resp = NULL;
1928 }
1929 s->tlsext_ocsp_resplen = -1; 1915 s->tlsext_ocsp_resplen = -1;
1930 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 1916 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1931 if (r == 0) { 1917 if (r == 0) {
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index e607060d42..bf98354294 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -549,25 +549,20 @@ SSL_free(SSL *s)
549 /* Free up if allocated */ 549 /* Free up if allocated */
550 550
551#ifndef OPENSSL_NO_TLSEXT 551#ifndef OPENSSL_NO_TLSEXT
552 if (s->tlsext_hostname) 552 free(s->tlsext_hostname);
553 free(s->tlsext_hostname);
554 if (s->initial_ctx) 553 if (s->initial_ctx)
555 SSL_CTX_free(s->initial_ctx); 554 SSL_CTX_free(s->initial_ctx);
556#ifndef OPENSSL_NO_EC 555#ifndef OPENSSL_NO_EC
557 if (s->tlsext_ecpointformatlist) 556 free(s->tlsext_ecpointformatlist);
558 free(s->tlsext_ecpointformatlist); 557 free(s->tlsext_ellipticcurvelist);
559 if (s->tlsext_ellipticcurvelist)
560 free(s->tlsext_ellipticcurvelist);
561#endif /* OPENSSL_NO_EC */ 558#endif /* OPENSSL_NO_EC */
562 if (s->tlsext_opaque_prf_input) 559 free(s->tlsext_opaque_prf_input);
563 free(s->tlsext_opaque_prf_input);
564 if (s->tlsext_ocsp_exts) 560 if (s->tlsext_ocsp_exts)
565 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, 561 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
566 X509_EXTENSION_free); 562 X509_EXTENSION_free);
567 if (s->tlsext_ocsp_ids) 563 if (s->tlsext_ocsp_ids)
568 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); 564 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
569 if (s->tlsext_ocsp_resp) 565 free(s->tlsext_ocsp_resp);
570 free(s->tlsext_ocsp_resp);
571#endif 566#endif
572 567
573 if (s->client_CA != NULL) 568 if (s->client_CA != NULL)
@@ -581,8 +576,7 @@ SSL_free(SSL *s)
581 576
582 577
583#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 578#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
584 if (s->next_proto_negotiated) 579 free(s->next_proto_negotiated);
585 free(s->next_proto_negotiated);
586#endif 580#endif
587 581
588#ifndef OPENSSL_NO_SRTP 582#ifndef OPENSSL_NO_SRTP
@@ -1893,7 +1887,8 @@ SSL_CTX_new(const SSL_METHOD *meth)
1893#if 0 1887#if 0
1894static void 1888static void
1895SSL_COMP_free(SSL_COMP *comp) 1889SSL_COMP_free(SSL_COMP *comp)
1896 { free(comp); 1890{
1891 free(comp);
1897} 1892}
1898#endif 1893#endif
1899 1894
@@ -1954,8 +1949,7 @@ SSL_CTX_free(SSL_CTX *a)
1954#endif 1949#endif
1955 1950
1956#ifndef OPENSSL_NO_PSK 1951#ifndef OPENSSL_NO_PSK
1957 if (a->psk_identity_hint) 1952 free(a->psk_identity_hint);
1958 free(a->psk_identity_hint);
1959#endif 1953#endif
1960#ifndef OPENSSL_NO_ENGINE 1954#ifndef OPENSSL_NO_ENGINE
1961 if (a->client_cert_engine) 1955 if (a->client_cert_engine)
@@ -3129,8 +3123,7 @@ SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
3129 SSL_R_DATA_LENGTH_TOO_LONG); 3123 SSL_R_DATA_LENGTH_TOO_LONG);
3130 return (0); 3124 return (0);
3131 } 3125 }
3132 if (ctx->psk_identity_hint != NULL) 3126 free(ctx->psk_identity_hint);
3133 free(ctx->psk_identity_hint);
3134 if (identity_hint != NULL) { 3127 if (identity_hint != NULL) {
3135 ctx->psk_identity_hint = BUF_strdup(identity_hint); 3128 ctx->psk_identity_hint = BUF_strdup(identity_hint);
3136 if (ctx->psk_identity_hint == NULL) 3129 if (ctx->psk_identity_hint == NULL)
@@ -3155,8 +3148,7 @@ SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
3155 SSL_R_DATA_LENGTH_TOO_LONG); 3148 SSL_R_DATA_LENGTH_TOO_LONG);
3156 return (0); 3149 return (0);
3157 } 3150 }
3158 if (s->session->psk_identity_hint != NULL) 3151 free(s->session->psk_identity_hint);
3159 free(s->session->psk_identity_hint);
3160 if (identity_hint != NULL) { 3152 if (identity_hint != NULL) {
3161 s->session->psk_identity_hint = BUF_strdup(identity_hint); 3153 s->session->psk_identity_hint = BUF_strdup(identity_hint);
3162 if (s->session->psk_identity_hint == NULL) 3154 if (s->session->psk_identity_hint == NULL)
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 05c6948efc..632d6a6860 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -366,8 +366,7 @@ ssl_get_new_session(SSL *s, int session)
366 } 366 }
367#ifndef OPENSSL_NO_EC 367#ifndef OPENSSL_NO_EC
368 if (s->tlsext_ecpointformatlist) { 368 if (s->tlsext_ecpointformatlist) {
369 if (ss->tlsext_ecpointformatlist != NULL) 369 free(ss->tlsext_ecpointformatlist);
370 free(ss->tlsext_ecpointformatlist);
371 if ((ss->tlsext_ecpointformatlist = malloc(s->tlsext_ecpointformatlist_length)) == NULL) { 370 if ((ss->tlsext_ecpointformatlist = malloc(s->tlsext_ecpointformatlist_length)) == NULL) {
372 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); 371 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
373 SSL_SESSION_free(ss); 372 SSL_SESSION_free(ss);
@@ -377,8 +376,7 @@ ssl_get_new_session(SSL *s, int session)
377 memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); 376 memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
378 } 377 }
379 if (s->tlsext_ellipticcurvelist) { 378 if (s->tlsext_ellipticcurvelist) {
380 if (ss->tlsext_ellipticcurvelist != NULL) 379 free(ss->tlsext_ellipticcurvelist);
381 free(ss->tlsext_ellipticcurvelist);
382 if ((ss->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { 380 if ((ss->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
383 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); 381 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
384 SSL_SESSION_free(ss); 382 SSL_SESSION_free(ss);
@@ -704,24 +702,18 @@ SSL_SESSION_free(SSL_SESSION *ss)
704 if (ss->ciphers != NULL) 702 if (ss->ciphers != NULL)
705 sk_SSL_CIPHER_free(ss->ciphers); 703 sk_SSL_CIPHER_free(ss->ciphers);
706#ifndef OPENSSL_NO_TLSEXT 704#ifndef OPENSSL_NO_TLSEXT
707 if (ss->tlsext_hostname != NULL) 705 free(ss->tlsext_hostname);
708 free(ss->tlsext_hostname); 706 free(ss->tlsext_tick);
709 if (ss->tlsext_tick != NULL)
710 free(ss->tlsext_tick);
711#ifndef OPENSSL_NO_EC 707#ifndef OPENSSL_NO_EC
712 ss->tlsext_ecpointformatlist_length = 0; 708 ss->tlsext_ecpointformatlist_length = 0;
713 if (ss->tlsext_ecpointformatlist != NULL) 709 free(ss->tlsext_ecpointformatlist);
714 free(ss->tlsext_ecpointformatlist);
715 ss->tlsext_ellipticcurvelist_length = 0; 710 ss->tlsext_ellipticcurvelist_length = 0;
716 if (ss->tlsext_ellipticcurvelist != NULL) 711 free(ss->tlsext_ellipticcurvelist);
717 free(ss->tlsext_ellipticcurvelist);
718#endif /* OPENSSL_NO_EC */ 712#endif /* OPENSSL_NO_EC */
719#endif 713#endif
720#ifndef OPENSSL_NO_PSK 714#ifndef OPENSSL_NO_PSK
721 if (ss->psk_identity_hint != NULL) 715 free(ss->psk_identity_hint);
722 free(ss->psk_identity_hint); 716 free(ss->psk_identity);
723 if (ss->psk_identity != NULL)
724 free(ss->psk_identity);
725#endif 717#endif
726 OPENSSL_cleanse(ss, sizeof(*ss)); 718 OPENSSL_cleanse(ss, sizeof(*ss));
727 free(ss); 719 free(ss);
@@ -874,11 +866,7 @@ int
874SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) 866SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
875{ 867{
876 if (s->version >= TLS1_VERSION) { 868 if (s->version >= TLS1_VERSION) {
877 if (s->tlsext_session_ticket) { 869 free(s->tlsext_session_ticket);
878 free(s->tlsext_session_ticket);
879 s->tlsext_session_ticket = NULL;
880 }
881
882 s->tlsext_session_ticket = malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); 870 s->tlsext_session_ticket = malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
883 if (!s->tlsext_session_ticket) { 871 if (!s->tlsext_session_ticket) {
884 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); 872 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index a9be8bdb4c..7b4afa4d27 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1019,10 +1019,8 @@ err2:
1019 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE); 1019 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
1020 rv = 0; 1020 rv = 0;
1021ret: 1021ret:
1022 if (buff != NULL) 1022 free(buff);
1023 free(buff); 1023 free(val);
1024 if (val != NULL)
1025 free(val);
1026 return (rv); 1024 return (rv);
1027} 1025}
1028 1026
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index c45708bf78..205c2558fb 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -163,9 +163,7 @@ void
163tls1_free(SSL *s) 163tls1_free(SSL *s)
164{ 164{
165#ifndef OPENSSL_NO_TLSEXT 165#ifndef OPENSSL_NO_TLSEXT
166 if (s->tlsext_session_ticket) { 166 free(s->tlsext_session_ticket);
167 free(s->tlsext_session_ticket);
168 }
169#endif /* OPENSSL_NO_TLSEXT */ 167#endif /* OPENSSL_NO_TLSEXT */
170 ssl3_free(s); 168 ssl3_free(s);
171} 169}
@@ -1082,10 +1080,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1082 return 0; 1080 return 0;
1083 } 1081 }
1084 if (!s->hit) { 1082 if (!s->hit) {
1085 if (s->session->tlsext_ecpointformatlist) { 1083 free(s->session->tlsext_ecpointformatlist);
1086 free(s->session->tlsext_ecpointformatlist);
1087 s->session->tlsext_ecpointformatlist = NULL;
1088 }
1089 s->session->tlsext_ecpointformatlist_length = 0; 1084 s->session->tlsext_ecpointformatlist_length = 0;
1090 if ((s->session->tlsext_ecpointformatlist = 1085 if ((s->session->tlsext_ecpointformatlist =
1091 malloc(ecpointformatlist_length)) == NULL) { 1086 malloc(ecpointformatlist_length)) == NULL) {
@@ -1151,8 +1146,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1151 return 0; 1146 return 0;
1152 } 1147 }
1153 1148
1154 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ 1149 free(s->s3->client_opaque_prf_input);
1155 free(s->s3->client_opaque_prf_input); 1150
1156 if (s->s3->client_opaque_prf_input_len == 0) 1151 if (s->s3->client_opaque_prf_input_len == 0)
1157 s->s3->client_opaque_prf_input = NULL; 1152 s->s3->client_opaque_prf_input = NULL;
1158 else { 1153 else {
@@ -1413,8 +1408,8 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1413 return 0; 1408 return 0;
1414 } 1409 }
1415 s->session->tlsext_ecpointformatlist_length = 0; 1410 s->session->tlsext_ecpointformatlist_length = 0;
1416 if (s->session->tlsext_ecpointformatlist != NULL) 1411
1417 free(s->session->tlsext_ecpointformatlist); 1412 free(s->session->tlsext_ecpointformatlist);
1418 if ((s->session->tlsext_ecpointformatlist = 1413 if ((s->session->tlsext_ecpointformatlist =
1419 malloc(ecpointformatlist_length)) == NULL) { 1414 malloc(ecpointformatlist_length)) == NULL) {
1420 *al = TLS1_AD_INTERNAL_ERROR; 1415 *al = TLS1_AD_INTERNAL_ERROR;
@@ -1458,14 +1453,13 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1458 return 0; 1453 return 0;
1459 } 1454 }
1460 1455
1461 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ 1456 free(s->s3->server_opaque_prf_input);
1462 free(s->s3->server_opaque_prf_input); 1457 s->s3->server_opaque_prf_input = NULL;
1463 if (s->s3->server_opaque_prf_input_len == 0) 1458
1464 s->s3->server_opaque_prf_input = NULL; 1459 if (s->s3->server_opaque_prf_input_len != 0)
1465 else {
1466 s->s3->server_opaque_prf_input = 1460 s->s3->server_opaque_prf_input =
1467 BUF_memdup(sdata, 1461 BUF_memdup(sdata,
1468 s->s3->server_opaque_prf_input_len); 1462 s->s3->server_opaque_prf_input_len);
1469 if (s->s3->server_opaque_prf_input == NULL) { 1463 if (s->s3->server_opaque_prf_input == NULL) {
1470 *al = TLS1_AD_INTERNAL_ERROR; 1464 *al = TLS1_AD_INTERNAL_ERROR;
1471 return 0; 1465 return 0;
@@ -1600,8 +1594,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1600 } 1594 }
1601 using_ecc = using_ecc && (s->version >= TLS1_VERSION); 1595 using_ecc = using_ecc && (s->version >= TLS1_VERSION);
1602 if (using_ecc) { 1596 if (using_ecc) {
1603 if (s->tlsext_ecpointformatlist != NULL) 1597 free(s->tlsext_ecpointformatlist);
1604 free(s->tlsext_ecpointformatlist);
1605 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { 1598 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
1606 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, 1599 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
1607 ERR_R_MALLOC_FAILURE); 1600 ERR_R_MALLOC_FAILURE);
@@ -1613,8 +1606,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1613 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1606 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1614 1607
1615 /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ 1608 /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
1616 if (s->tlsext_ellipticcurvelist != NULL) 1609 free(s->tlsext_ellipticcurvelist);
1617 free(s->tlsext_ellipticcurvelist);
1618 s->tlsext_ellipticcurvelist_length = sizeof(pref_list) / sizeof(pref_list[0]) * 2; 1610 s->tlsext_ellipticcurvelist_length = sizeof(pref_list) / sizeof(pref_list[0]) * 2;
1619 if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { 1611 if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
1620 s->tlsext_ellipticcurvelist_length = 0; 1612 s->tlsext_ellipticcurvelist_length = 0;
@@ -1640,9 +1632,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1640 } 1632 }
1641 1633
1642 if (s->tlsext_opaque_prf_input != NULL) { 1634 if (s->tlsext_opaque_prf_input != NULL) {
1643 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ 1635 free(s->s3->client_opaque_prf_input);
1644 free(s->s3->client_opaque_prf_input);
1645
1646 if (s->tlsext_opaque_prf_input_len == 0) 1636 if (s->tlsext_opaque_prf_input_len == 0)
1647 s->s3->client_opaque_prf_input = NULL; 1637 s->s3->client_opaque_prf_input = NULL;
1648 else { 1638 else {
@@ -1684,8 +1674,7 @@ ssl_prepare_serverhello_tlsext(SSL *s)
1684 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); 1674 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
1685 1675
1686 if (using_ecc) { 1676 if (using_ecc) {
1687 if (s->tlsext_ecpointformatlist != NULL) 1677 free(s->tlsext_ecpointformatlist);
1688 free(s->tlsext_ecpointformatlist);
1689 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { 1678 if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
1690 SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); 1679 SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
1691 return -1; 1680 return -1;
@@ -1738,8 +1727,7 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1738 } 1727 }
1739 } 1728 }
1740 1729
1741 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ 1730 free(s->s3->server_opaque_prf_input);
1742 free(s->s3->server_opaque_prf_input);
1743 s->s3->server_opaque_prf_input = NULL; 1731 s->s3->server_opaque_prf_input = NULL;
1744 1732
1745 if (s->tlsext_opaque_prf_input != NULL) { 1733 if (s->tlsext_opaque_prf_input != NULL) {
@@ -1922,10 +1910,8 @@ ssl_check_serverhello_tlsext(SSL *s)
1922 /* Set resp to NULL, resplen to -1 so callback knows 1910 /* Set resp to NULL, resplen to -1 so callback knows
1923 * there is no response. 1911 * there is no response.
1924 */ 1912 */
1925 if (s->tlsext_ocsp_resp) { 1913 free(s->tlsext_ocsp_resp);
1926 free(s->tlsext_ocsp_resp); 1914 s->tlsext_ocsp_resp = NULL;
1927 s->tlsext_ocsp_resp = NULL;
1928 }
1929 s->tlsext_ocsp_resplen = -1; 1915 s->tlsext_ocsp_resplen = -1;
1930 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 1916 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1931 if (r == 0) { 1917 if (r == 0) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 02:00:22 +0000