1 files changed, 28 insertions, 28 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index c3d62957ae..7ecf7e0658 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -162,7 +162,7 @@ tls1_free(SSL *s)
 {
 #ifndef OPENSSL_NO_TLSEXT
        if (s->tlsext_session_ticket) {
-                OPENSSL_free(s->tlsext_session_ticket);
+                free(s->tlsext_session_ticket);
        }
 #endif /* OPENSSL_NO_TLSEXT */
        ssl3_free(s);
@@ -515,7 +515,7 @@ unsigned char
                else if (s->session && s->tlsext_session_ticket &&
                        s->tlsext_session_ticket->data) {
                        ticklen = s->tlsext_session_ticket->length;
-                        s->session->tlsext_tick = OPENSSL_malloc(ticklen);
+                        s->session->tlsext_tick = malloc(ticklen);
                        if (!s->session->tlsext_tick)
                                return NULL;
                        memcpy(s->session->tlsext_tick,
@@ -1037,14 +1037,14 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                                                        *al = TLS1_AD_UNRECOGNIZED_NAME;
                                                        return 0;
                                                }
-                                                if ((s->session->tlsext_hostname = OPENSSL_malloc(len + 1)) == NULL) {
+                                                if ((s->session->tlsext_hostname = malloc(len + 1)) == NULL) {
                                                        *al = TLS1_AD_INTERNAL_ERROR;
                                                        return 0;
                                                }
                                                memcpy(s->session->tlsext_hostname, sdata, len);
                                                s->session->tlsext_hostname[len] = '\0';
                                                if (strlen(s->session->tlsext_hostname) != len) {
-                                                        OPENSSL_free(s->session->tlsext_hostname);
+                                                        free(s->session->tlsext_hostname);
                                                        s->session->tlsext_hostname = NULL;
                                                        *al = TLS1_AD_UNRECOGNIZED_NAME;
                                                        return 0;
@@ -1081,7 +1081,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                                *al = SSL_AD_DECODE_ERROR;
                                return 0;
                        }
-                        if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL)
+                        if ((s->srp_ctx.login = malloc(len + 1)) == NULL)
                                return -1;
                        memcpy(s->srp_ctx.login, &data[1], len);
                        s->srp_ctx.login[len] = '\0';
@@ -1105,11 +1105,11 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                        }
                        if (!s->hit) {
                                if (s->session->tlsext_ecpointformatlist) {
-                                        OPENSSL_free(s->session->tlsext_ecpointformatlist);
+                                        free(s->session->tlsext_ecpointformatlist);
                                        s->session->tlsext_ecpointformatlist = NULL;
                                }
                                s->session->tlsext_ecpointformatlist_length = 0;
-                                if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) {
+                                if ((s->session->tlsext_ecpointformatlist = malloc(ecpointformatlist_length)) == NULL) {
                                        *al = TLS1_AD_INTERNAL_ERROR;
                                        return 0;
                                }
@@ -1140,7 +1140,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                                        return 0;
                                }
                                s->session->tlsext_ellipticcurvelist_length = 0;
-                                if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) {
+                                if ((s->session->tlsext_ellipticcurvelist = malloc(ellipticcurvelist_length)) == NULL) {
                                        *al = TLS1_AD_INTERNAL_ERROR;
                                        return 0;
                                }
@@ -1172,9 +1172,9 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                        }
                        if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
-                                OPENSSL_free(s->s3->client_opaque_prf_input);
+                                free(s->s3->client_opaque_prf_input);
                        if (s->s3->client_opaque_prf_input_len == 0)
-                                s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+                                s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
                        else
                                s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
                        if (s->s3->client_opaque_prf_input == NULL) {
@@ -1432,8 +1432,8 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
                        }
                        s->session->tlsext_ecpointformatlist_length = 0;
                        if (s->session->tlsext_ecpointformatlist != NULL)
-                                OPENSSL_free(s->session->tlsext_ecpointformatlist);
+                                free(s->session->tlsext_ecpointformatlist);
-                        if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) {
+                        if ((s->session->tlsext_ecpointformatlist = malloc(ecpointformatlist_length)) == NULL) {
                                *al = TLS1_AD_INTERNAL_ERROR;
                                return 0;
                        }
@@ -1478,9 +1478,9 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
                        }
                        if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
-                                OPENSSL_free(s->s3->server_opaque_prf_input);
+                                free(s->s3->server_opaque_prf_input);
                        if (s->s3->server_opaque_prf_input_len == 0)
-                                s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+                                s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
                        else
                                s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
@@ -1522,7 +1522,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
                                *al = TLS1_AD_INTERNAL_ERROR;
                                return 0;
                        }
-                        s->next_proto_negotiated = OPENSSL_malloc(selected_len);
+                        s->next_proto_negotiated = malloc(selected_len);
                        if (!s->next_proto_negotiated) {
                                *al = TLS1_AD_INTERNAL_ERROR;
                                return 0;
@@ -1619,8 +1619,8 @@ ssl_prepare_clienthello_tlsext(SSL *s)
        using_ecc = using_ecc && (s->version >= TLS1_VERSION);
        if (using_ecc) {
                if (s->tlsext_ecpointformatlist != NULL)
-                        OPENSSL_free(s->tlsext_ecpointformatlist);
+                        free(s->tlsext_ecpointformatlist);
-                if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) {
+                if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
                        SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
                        return -1;
                }
@@ -1631,9 +1631,9 @@ ssl_prepare_clienthello_tlsext(SSL *s)
                /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
                if (s->tlsext_ellipticcurvelist != NULL)
-                        OPENSSL_free(s->tlsext_ellipticcurvelist);
+                        free(s->tlsext_ellipticcurvelist);
                s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
-                if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
+                if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
                        s->tlsext_ellipticcurvelist_length = 0;
                        SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
                        return -1;
@@ -1660,10 +1660,10 @@ ssl_prepare_clienthello_tlsext(SSL *s)
                if (s->tlsext_opaque_prf_input != NULL) {
                        if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
-                                OPENSSL_free(s->s3->client_opaque_prf_input);
+                                free(s->s3->client_opaque_prf_input);
                        if (s->tlsext_opaque_prf_input_len == 0)
-                                s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+                                s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
                        else
                                s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
                        if (s->s3->client_opaque_prf_input == NULL) {
@@ -1698,8 +1698,8 @@ ssl_prepare_serverhello_tlsext(SSL *s)
        if (using_ecc) {
                if (s->tlsext_ecpointformatlist != NULL)
-                        OPENSSL_free(s->tlsext_ecpointformatlist);
+                        free(s->tlsext_ecpointformatlist);
-                if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) {
+                if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
                        SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
                        return -1;
                }
@@ -1752,7 +1752,7 @@ ssl_check_clienthello_tlsext_early(SSL *s)
                }
                if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
-                        OPENSSL_free(s->s3->server_opaque_prf_input);
+                        free(s->s3->server_opaque_prf_input);
                s->s3->server_opaque_prf_input = NULL;
                if (s->tlsext_opaque_prf_input != NULL) {
@@ -1762,7 +1762,7 @@ ssl_check_clienthello_tlsext_early(SSL *s)
                                 * of the same length as the client opaque PRF input! */
                                if (s->tlsext_opaque_prf_input_len == 0)
-                                        s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+                                        s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
                                else
                                        s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
                                if (s->s3->server_opaque_prf_input == NULL) {
@@ -1937,7 +1937,7 @@ ssl_check_serverhello_tlsext(SSL *s)
                 * there is no response.
                 */
                if (s->tlsext_ocsp_resp) {
-                        OPENSSL_free(s->tlsext_ocsp_resp);
+                        free(s->tlsext_ocsp_resp);
                        s->tlsext_ocsp_resp = NULL;
                }
                s->tlsext_ocsp_resplen = -1;
@@ -2156,7 +2156,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
        /* Move p after IV to start of encrypted ticket, update length */
        p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
        eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
-        sdec = OPENSSL_malloc(eticklen);
+        sdec = malloc(eticklen);
        if (!sdec) {
                EVP_CIPHER_CTX_cleanup(&ctx);
                return -1;
@@ -2169,7 +2169,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
        p = sdec;
        sess = d2i_SSL_SESSION(NULL, &p, slen);
-        OPENSSL_free(sdec);
+        free(sdec);
        if (sess) {
                /* The session ID, if non-empty, is used by some clients to
                 * detect that the ticket has been accepted. So we copy it to

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index c3d62957ae..7ecf7e0658 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -162,7 +162,7 @@ tls1_free(SSL *s)
162	{	162	{
163	#ifndef OPENSSL_NO_TLSEXT	163	#ifndef OPENSSL_NO_TLSEXT
164	if (s->tlsext_session_ticket) {	164	if (s->tlsext_session_ticket) {
165	OPENSSL_free(s->tlsext_session_ticket);	165	free(s->tlsext_session_ticket);
166	}	166	}
167	#endif /* OPENSSL_NO_TLSEXT */	167	#endif /* OPENSSL_NO_TLSEXT */
168	ssl3_free(s);	168	ssl3_free(s);
@@ -515,7 +515,7 @@ unsigned char
515	else if (s->session && s->tlsext_session_ticket &&	515	else if (s->session && s->tlsext_session_ticket &&
516	s->tlsext_session_ticket->data) {	516	s->tlsext_session_ticket->data) {
517	ticklen = s->tlsext_session_ticket->length;	517	ticklen = s->tlsext_session_ticket->length;
518	s->session->tlsext_tick = OPENSSL_malloc(ticklen);	518	s->session->tlsext_tick = malloc(ticklen);
519	if (!s->session->tlsext_tick)	519	if (!s->session->tlsext_tick)
520	return NULL;	520	return NULL;
521	memcpy(s->session->tlsext_tick,	521	memcpy(s->session->tlsext_tick,
@@ -1037,14 +1037,14 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1037	*al = TLS1_AD_UNRECOGNIZED_NAME;	1037	*al = TLS1_AD_UNRECOGNIZED_NAME;
1038	return 0;	1038	return 0;
1039	}	1039	}
1040	if ((s->session->tlsext_hostname = OPENSSL_malloc(len + 1)) == NULL) {	1040	if ((s->session->tlsext_hostname = malloc(len + 1)) == NULL) {
1041	*al = TLS1_AD_INTERNAL_ERROR;	1041	*al = TLS1_AD_INTERNAL_ERROR;
1042	return 0;	1042	return 0;
1043	}	1043	}
1044	memcpy(s->session->tlsext_hostname, sdata, len);	1044	memcpy(s->session->tlsext_hostname, sdata, len);
1045	s->session->tlsext_hostname[len] = '\0';	1045	s->session->tlsext_hostname[len] = '\0';
1046	if (strlen(s->session->tlsext_hostname) != len) {	1046	if (strlen(s->session->tlsext_hostname) != len) {
1047	OPENSSL_free(s->session->tlsext_hostname);	1047	free(s->session->tlsext_hostname);
1048	s->session->tlsext_hostname = NULL;	1048	s->session->tlsext_hostname = NULL;
1049	*al = TLS1_AD_UNRECOGNIZED_NAME;	1049	*al = TLS1_AD_UNRECOGNIZED_NAME;
1050	return 0;	1050	return 0;
@@ -1081,7 +1081,7 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1081	*al = SSL_AD_DECODE_ERROR;	1081	*al = SSL_AD_DECODE_ERROR;
1082	return 0;	1082	return 0;
1083	}	1083	}
1084	if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL)	1084	if ((s->srp_ctx.login = malloc(len + 1)) == NULL)
1085	return -1;	1085	return -1;
1086	memcpy(s->srp_ctx.login, &data[1], len);	1086	memcpy(s->srp_ctx.login, &data[1], len);
1087	s->srp_ctx.login[len] = '\0';	1087	s->srp_ctx.login[len] = '\0';
@@ -1105,11 +1105,11 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1105	}	1105	}
1106	if (!s->hit) {	1106	if (!s->hit) {
1107	if (s->session->tlsext_ecpointformatlist) {	1107	if (s->session->tlsext_ecpointformatlist) {
1108	OPENSSL_free(s->session->tlsext_ecpointformatlist);	1108	free(s->session->tlsext_ecpointformatlist);
1109	s->session->tlsext_ecpointformatlist = NULL;	1109	s->session->tlsext_ecpointformatlist = NULL;
1110	}	1110	}
1111	s->session->tlsext_ecpointformatlist_length = 0;	1111	s->session->tlsext_ecpointformatlist_length = 0;
1112	if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) {	1112	if ((s->session->tlsext_ecpointformatlist = malloc(ecpointformatlist_length)) == NULL) {
1113	*al = TLS1_AD_INTERNAL_ERROR;	1113	*al = TLS1_AD_INTERNAL_ERROR;
1114	return 0;	1114	return 0;
1115	}	1115	}
@@ -1140,7 +1140,7 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1140	return 0;	1140	return 0;
1141	}	1141	}
1142	s->session->tlsext_ellipticcurvelist_length = 0;	1142	s->session->tlsext_ellipticcurvelist_length = 0;
1143	if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) {	1143	if ((s->session->tlsext_ellipticcurvelist = malloc(ellipticcurvelist_length)) == NULL) {
1144	*al = TLS1_AD_INTERNAL_ERROR;	1144	*al = TLS1_AD_INTERNAL_ERROR;
1145	return 0;	1145	return 0;
1146	}	1146	}
@@ -1172,9 +1172,9 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1172	}	1172	}
1173		1173
1174	if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */	1174	if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
1175	OPENSSL_free(s->s3->client_opaque_prf_input);	1175	free(s->s3->client_opaque_prf_input);
1176	if (s->s3->client_opaque_prf_input_len == 0)	1176	if (s->s3->client_opaque_prf_input_len == 0)
1177	s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */	1177	s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
1178	else	1178	else
1179	s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);	1179	s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
1180	if (s->s3->client_opaque_prf_input == NULL) {	1180	if (s->s3->client_opaque_prf_input == NULL) {
@@ -1432,8 +1432,8 @@ ssl_parse_serverhello_tlsext(SSL s, unsigned char p, unsigned char d, int n,
1432	}	1432	}
1433	s->session->tlsext_ecpointformatlist_length = 0;	1433	s->session->tlsext_ecpointformatlist_length = 0;
1434	if (s->session->tlsext_ecpointformatlist != NULL)	1434	if (s->session->tlsext_ecpointformatlist != NULL)
1435	OPENSSL_free(s->session->tlsext_ecpointformatlist);	1435	free(s->session->tlsext_ecpointformatlist);
1436	if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) {	1436	if ((s->session->tlsext_ecpointformatlist = malloc(ecpointformatlist_length)) == NULL) {
1437	*al = TLS1_AD_INTERNAL_ERROR;	1437	*al = TLS1_AD_INTERNAL_ERROR;
1438	return 0;	1438	return 0;
1439	}	1439	}
@@ -1478,9 +1478,9 @@ ssl_parse_serverhello_tlsext(SSL s, unsigned char p, unsigned char d, int n,
1478	}	1478	}
1479		1479
1480	if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */	1480	if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
1481	OPENSSL_free(s->s3->server_opaque_prf_input);	1481	free(s->s3->server_opaque_prf_input);
1482	if (s->s3->server_opaque_prf_input_len == 0)	1482	if (s->s3->server_opaque_prf_input_len == 0)
1483	s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */	1483	s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
1484	else	1484	else
1485	s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);	1485	s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
1486		1486
@@ -1522,7 +1522,7 @@ ssl_parse_serverhello_tlsext(SSL s, unsigned char p, unsigned char d, int n,
1522	*al = TLS1_AD_INTERNAL_ERROR;	1522	*al = TLS1_AD_INTERNAL_ERROR;
1523	return 0;	1523	return 0;
1524	}	1524	}
1525	s->next_proto_negotiated = OPENSSL_malloc(selected_len);	1525	s->next_proto_negotiated = malloc(selected_len);
1526	if (!s->next_proto_negotiated) {	1526	if (!s->next_proto_negotiated) {
1527	*al = TLS1_AD_INTERNAL_ERROR;	1527	*al = TLS1_AD_INTERNAL_ERROR;
1528	return 0;	1528	return 0;
@@ -1619,8 +1619,8 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1619	using_ecc = using_ecc && (s->version >= TLS1_VERSION);	1619	using_ecc = using_ecc && (s->version >= TLS1_VERSION);
1620	if (using_ecc) {	1620	if (using_ecc) {
1621	if (s->tlsext_ecpointformatlist != NULL)	1621	if (s->tlsext_ecpointformatlist != NULL)
1622	OPENSSL_free(s->tlsext_ecpointformatlist);	1622	free(s->tlsext_ecpointformatlist);
1623	if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) {	1623	if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
1624	SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);	1624	SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
1625	return -1;	1625	return -1;
1626	}	1626	}
@@ -1631,9 +1631,9 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1631		1631
1632	/* we support all named elliptic curves in draft-ietf-tls-ecc-12 */	1632	/* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
1633	if (s->tlsext_ellipticcurvelist != NULL)	1633	if (s->tlsext_ellipticcurvelist != NULL)
1634	OPENSSL_free(s->tlsext_ellipticcurvelist);	1634	free(s->tlsext_ellipticcurvelist);
1635	s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;	1635	s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
1636	if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {	1636	if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
1637	s->tlsext_ellipticcurvelist_length = 0;	1637	s->tlsext_ellipticcurvelist_length = 0;
1638	SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);	1638	SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
1639	return -1;	1639	return -1;
@@ -1660,10 +1660,10 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1660		1660
1661	if (s->tlsext_opaque_prf_input != NULL) {	1661	if (s->tlsext_opaque_prf_input != NULL) {
1662	if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */	1662	if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
1663	OPENSSL_free(s->s3->client_opaque_prf_input);	1663	free(s->s3->client_opaque_prf_input);
1664		1664
1665	if (s->tlsext_opaque_prf_input_len == 0)	1665	if (s->tlsext_opaque_prf_input_len == 0)
1666	s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */	1666	s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
1667	else	1667	else
1668	s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);	1668	s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
1669	if (s->s3->client_opaque_prf_input == NULL) {	1669	if (s->s3->client_opaque_prf_input == NULL) {
@@ -1698,8 +1698,8 @@ ssl_prepare_serverhello_tlsext(SSL *s)
1698		1698
1699	if (using_ecc) {	1699	if (using_ecc) {
1700	if (s->tlsext_ecpointformatlist != NULL)	1700	if (s->tlsext_ecpointformatlist != NULL)
1701	OPENSSL_free(s->tlsext_ecpointformatlist);	1701	free(s->tlsext_ecpointformatlist);
1702	if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) {	1702	if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
1703	SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);	1703	SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
1704	return -1;	1704	return -1;
1705	}	1705	}
@@ -1752,7 +1752,7 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1752	}	1752	}
1753		1753
1754	if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */	1754	if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
1755	OPENSSL_free(s->s3->server_opaque_prf_input);	1755	free(s->s3->server_opaque_prf_input);
1756	s->s3->server_opaque_prf_input = NULL;	1756	s->s3->server_opaque_prf_input = NULL;
1757		1757
1758	if (s->tlsext_opaque_prf_input != NULL) {	1758	if (s->tlsext_opaque_prf_input != NULL) {
@@ -1762,7 +1762,7 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1762	* of the same length as the client opaque PRF input! */	1762	* of the same length as the client opaque PRF input! */
1763		1763
1764	if (s->tlsext_opaque_prf_input_len == 0)	1764	if (s->tlsext_opaque_prf_input_len == 0)
1765	s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */	1765	s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
1766	else	1766	else
1767	s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);	1767	s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
1768	if (s->s3->server_opaque_prf_input == NULL) {	1768	if (s->s3->server_opaque_prf_input == NULL) {
@@ -1937,7 +1937,7 @@ ssl_check_serverhello_tlsext(SSL *s)
1937	* there is no response.	1937	* there is no response.
1938	*/	1938	*/
1939	if (s->tlsext_ocsp_resp) {	1939	if (s->tlsext_ocsp_resp) {
1940	OPENSSL_free(s->tlsext_ocsp_resp);	1940	free(s->tlsext_ocsp_resp);
1941	s->tlsext_ocsp_resp = NULL;	1941	s->tlsext_ocsp_resp = NULL;
1942	}	1942	}
1943	s->tlsext_ocsp_resplen = -1;	1943	s->tlsext_ocsp_resplen = -1;
@@ -2156,7 +2156,7 @@ tls_decrypt_ticket(SSL s, const unsigned char etick, int eticklen,
2156	/* Move p after IV to start of encrypted ticket, update length */	2156	/* Move p after IV to start of encrypted ticket, update length */
2157	p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);	2157	p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
2158	eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);	2158	eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
2159	sdec = OPENSSL_malloc(eticklen);	2159	sdec = malloc(eticklen);
2160	if (!sdec) {	2160	if (!sdec) {
2161	EVP_CIPHER_CTX_cleanup(&ctx);	2161	EVP_CIPHER_CTX_cleanup(&ctx);
2162	return -1;	2162	return -1;
@@ -2169,7 +2169,7 @@ tls_decrypt_ticket(SSL s, const unsigned char etick, int eticklen,
2169	p = sdec;	2169	p = sdec;
2170		2170
2171	sess = d2i_SSL_SESSION(NULL, &p, slen);	2171	sess = d2i_SSL_SESSION(NULL, &p, slen);
2172	OPENSSL_free(sdec);	2172	free(sdec);
2173	if (sess) {	2173	if (sess) {
2174	/* The session ID, if non-empty, is used by some clients to	2174	/* The session ID, if non-empty, is used by some clients to
2175	* detect that the ticket has been accepted. So we copy it to	2175	* detect that the ticket has been accepted. So we copy it to