Browse Source

free NULL cleanup 5a

Don't check for NULL before calling a free routine.  This gets X509_.*free:
    x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
    X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
    X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
master
Rich Salz 7 years ago
parent
commit
222561fe8e
65 changed files with 189 additions and 355 deletions
  1. +1
    -2
      apps/apps.c
  2. +15
    -29
      apps/ca.c
  3. +2
    -4
      apps/crl2p7.c
  4. +1
    -2
      apps/ocsp.c
  5. +2
    -4
      apps/pkcs12.c
  6. +5
    -10
      apps/s_cb.c
  7. +4
    -8
      apps/s_client.c
  8. +8
    -14
      apps/s_server.c
  9. +1
    -2
      apps/smime.c
  10. +3
    -6
      apps/verify.c
  11. +3
    -6
      crypto/asn1/x_info.c
  12. +1
    -2
      crypto/asn1/x_pkey.c
  13. +3
    -6
      crypto/asn1/x_pubkey.c
  14. +2
    -4
      crypto/cms/cms_asn1.c
  15. +1
    -2
      crypto/cms/cms_pwri.c
  16. +1
    -2
      crypto/cms/cms_sd.c
  17. +2
    -4
      crypto/cms/cms_smime.c
  18. +4
    -8
      crypto/dh/dh_ameth.c
  19. +4
    -8
      crypto/ec/ec_ameth.c
  20. +1
    -2
      crypto/evp/p_lib.c
  21. +1
    -2
      crypto/ocsp/ocsp_vfy.c
  22. +1
    -2
      crypto/pem/pem_info.c
  23. +5
    -9
      crypto/pkcs12/p12_kiss.c
  24. +2
    -4
      crypto/pkcs7/pk7_doit.c
  25. +1
    -2
      crypto/pkcs7/pk7_smime.c
  26. +4
    -8
      crypto/rsa/rsa_ameth.c
  27. +1
    -2
      crypto/rsa/rsa_sign.c
  28. +3
    -6
      crypto/ts/ts_rsp_sign.c
  29. +2
    -4
      crypto/x509/by_file.c
  30. +2
    -4
      crypto/x509/x509_att.c
  31. +5
    -2
      crypto/x509/x509_lu.c
  32. +4
    -5
      crypto/x509/x509_r2x.c
  33. +2
    -4
      crypto/x509/x509_v3.c
  34. +11
    -18
      crypto/x509/x509_vfy.c
  35. +3
    -3
      crypto/x509/x509_vpm.c
  36. +1
    -2
      crypto/x509/x509name.c
  37. +1
    -2
      crypto/x509/x_attrib.c
  38. +6
    -9
      crypto/x509/x_name.c
  39. +1
    -2
      crypto/x509v3/pcy_cache.c
  40. +3
    -7
      crypto/x509v3/pcy_tree.c
  41. +2
    -4
      crypto/x509v3/v3_crld.c
  42. +1
    -2
      demos/cms/cms_ddec.c
  43. +1
    -2
      demos/cms/cms_dec.c
  44. +2
    -4
      demos/cms/cms_denc.c
  45. +2
    -4
      demos/cms/cms_enc.c
  46. +1
    -2
      demos/cms/cms_sign.c
  47. +2
    -6
      demos/cms/cms_sign2.c
  48. +1
    -2
      demos/cms/cms_ver.c
  49. +1
    -2
      demos/easy_tls/easy-tls.c
  50. +1
    -2
      demos/smime/smdec.c
  51. +2
    -4
      demos/smime/smenc.c
  52. +1
    -2
      demos/smime/smsign.c
  53. +2
    -4
      demos/smime/smsign2.c
  54. +1
    -2
      demos/smime/smver.c
  55. +1
    -2
      demos/spkigen.c
  56. +1
    -0
      doc/crypto/X509_STORE_CTX_new.pod
  57. +1
    -0
      doc/crypto/X509_new.pod
  58. +6
    -12
      ssl/s3_clnt.c
  59. +4
    -8
      ssl/s3_lib.c
  60. +4
    -8
      ssl/s3_srvr.c
  61. +15
    -31
      ssl/ssl_cert.c
  62. +8
    -17
      ssl/ssl_lib.c
  63. +3
    -6
      ssl/ssl_rsa.c
  64. +1
    -2
      ssl/ssl_sess.c
  65. +2
    -5
      ssl/t1_lib.c

+ 1
- 2
apps/apps.c View File

@ -971,8 +971,7 @@ static int load_certs_crls(const char *file, int format,
end:
if (xis)
sk_X509_INFO_pop_free(xis, X509_INFO_free);
sk_X509_INFO_pop_free(xis, X509_INFO_free);
if (rv == 0) {
if (pcerts) {


+ 15
- 29
apps/ca.c View File

@ -1349,9 +1349,7 @@ end_of_options:
BIO_free_all(Sout);
BIO_free_all(out);
BIO_free_all(in);
if (cert_sk)
sk_X509_pop_free(cert_sk, X509_free);
sk_X509_pop_free(cert_sk, X509_free);
if (ret)
ERR_print_errors(bio_err);
@ -1364,8 +1362,7 @@ end_of_options:
if (sigopts)
sk_OPENSSL_STRING_free(sigopts);
EVP_PKEY_free(pkey);
if (x509)
X509_free(x509);
X509_free(x509);
X509_CRL_free(crl);
NCONF_free(conf);
NCONF_free(extconf);
@ -1440,8 +1437,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
ext_copy, selfsign);
end:
if (req != NULL)
X509_REQ_free(req);
X509_REQ_free(req);
BIO_free(in);
return (ok);
}
@ -1495,10 +1491,8 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
ext_copy, 0);
end:
if (rreq != NULL)
X509_REQ_free(rreq);
if (req != NULL)
X509_free(req);
X509_REQ_free(rreq);
X509_free(req);
return (ok);
}
@ -1700,8 +1694,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (push != NULL) {
if (!X509_NAME_add_entry(subject, push, -1, 0)) {
if (push != NULL)
X509_NAME_ENTRY_free(push);
X509_NAME_ENTRY_free(push);
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
@ -1876,8 +1869,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/*
* Free the current entries if any, there should not be any I believe
*/
if (ci->extensions != NULL)
sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free);
sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free);
ci->extensions = NULL;
@ -2027,18 +2019,14 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (row[i] != NULL)
OPENSSL_free(row[i]);
if (CAname != NULL)
X509_NAME_free(CAname);
if (subject != NULL)
X509_NAME_free(subject);
if ((dn_subject != NULL) && !email_dn)
X509_NAME_free(CAname);
X509_NAME_free(subject);
if (dn_subject != subject)
X509_NAME_free(dn_subject);
ASN1_UTCTIME_free(tmptm);
if (ok <= 0) {
if (ret != NULL)
X509_free(ret);
ret = NULL;
} else
if (ok <= 0)
X509_free(ret);
else
*xret = ret;
return (ok);
}
@ -2186,14 +2174,12 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
ext_copy, 0);
end:
if (req != NULL)
X509_REQ_free(req);
X509_REQ_free(req);
if (parms != NULL)
CONF_free(parms);
if (spki != NULL)
NETSCAPE_SPKI_free(spki);
if (ne != NULL)
X509_NAME_ENTRY_free(ne);
X509_NAME_ENTRY_free(ne);
return (ok);
}


+ 2
- 4
apps/crl2p7.c View File

@ -215,8 +215,7 @@ int crl2pkcs7_main(int argc, char **argv)
BIO_free(in);
BIO_free_all(out);
PKCS7_free(p7);
if (crl != NULL)
X509_CRL_free(crl);
X509_CRL_free(crl);
return (ret);
}
@ -267,7 +266,6 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
end:
/* never need to OPENSSL_free x */
BIO_free(in);
if (sk != NULL)
sk_X509_INFO_free(sk);
sk_X509_INFO_free(sk);
return (ret);
}

+ 1
- 2
apps/ocsp.c View File

@ -735,8 +735,7 @@ int ocsp_main(int argc, char **argv)
ERR_print_errors(bio_err);
X509_free(signer);
X509_STORE_free(store);
if (vpm)
X509_VERIFY_PARAM_free(vpm);
X509_VERIFY_PARAM_free(vpm);
EVP_PKEY_free(key);
EVP_PKEY_free(rkey);
X509_free(cert);


+ 2
- 4
apps/pkcs12.c View File

@ -504,10 +504,8 @@ int pkcs12_main(int argc, char **argv)
export_end:
EVP_PKEY_free(key);
if (certs)
sk_X509_pop_free(certs, X509_free);
if (ucert)
X509_free(ucert);
sk_X509_pop_free(certs, X509_free);
X509_free(ucert);
goto end;


+ 5
- 10
apps/s_cb.c View File

@ -1219,11 +1219,9 @@ void ssl_excert_free(SSL_EXCERT *exc)
{
SSL_EXCERT *curr;
while (exc) {
if (exc->cert)
X509_free(exc->cert);
X509_free(exc->cert);
EVP_PKEY_free(exc->key);
if (exc->chain)
sk_X509_pop_free(exc->chain, X509_free);
sk_X509_pop_free(exc->chain, X509_free);
curr = exc;
exc = exc->next;
OPENSSL_free(curr);
@ -1385,8 +1383,7 @@ void print_ssl_summary(SSL *s)
BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
} else
BIO_puts(bio_err, "No peer certificate\n");
if (peer)
X509_free(peer);
X509_free(peer);
#ifndef OPENSSL_NO_EC
ssl_print_point_formats(bio_err, s);
if (SSL_is_server(s))
@ -1501,10 +1498,8 @@ int ssl_load_stores(SSL_CTX *ctx,
}
rv = 1;
err:
if (vfy)
X509_STORE_free(vfy);
if (ch)
X509_STORE_free(ch);
X509_STORE_free(vfy);
X509_STORE_free(ch);
return rv;
}


+ 4
- 8
apps/s_client.c View File

@ -1998,17 +1998,14 @@ int s_client_main(int argc, char **argv)
OPENSSL_free(next_proto.data);
#endif
SSL_CTX_free(ctx);
if (cert)
X509_free(cert);
X509_free(cert);
if (crls)
sk_X509_CRL_pop_free(crls, X509_CRL_free);
EVP_PKEY_free(key);
if (chain)
sk_X509_pop_free(chain, X509_free);
sk_X509_pop_free(chain, X509_free);
if (pass)
OPENSSL_free(pass);
if (vpm)
X509_VERIFY_PARAM_free(vpm);
X509_VERIFY_PARAM_free(vpm);
ssl_excert_free(exc);
sk_OPENSSL_STRING_free(ssl_args);
SSL_CONF_CTX_free(cctx);
@ -2197,8 +2194,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
}
}
BIO_printf(bio, "---\n");
if (peer != NULL)
X509_free(peer);
X509_free(peer);
/* flush, or debugging output gets mixed with http response */
(void)BIO_flush(bio);
}


+ 8
- 14
apps/s_server.c View File

@ -1925,24 +1925,18 @@ int s_server_main(int argc, char *argv[])
ret = 0;
end:
SSL_CTX_free(ctx);
if (s_cert)
X509_free(s_cert);
if (crls)
sk_X509_CRL_pop_free(crls, X509_CRL_free);
if (s_dcert)
X509_free(s_dcert);
X509_free(s_cert);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
X509_free(s_dcert);
EVP_PKEY_free(s_key);
EVP_PKEY_free(s_dkey);
if (s_chain)
sk_X509_pop_free(s_chain, X509_free);
if (s_dchain)
sk_X509_pop_free(s_dchain, X509_free);
sk_X509_pop_free(s_chain, X509_free);
sk_X509_pop_free(s_dchain, X509_free);
if (pass)
OPENSSL_free(pass);
if (dpass)
OPENSSL_free(dpass);
if (vpm)
X509_VERIFY_PARAM_free(vpm);
X509_VERIFY_PARAM_free(vpm);
free_sessions();
#ifndef OPENSSL_NO_TLSEXT
if (tlscstatp.host)
@ -1951,9 +1945,9 @@ int s_server_main(int argc, char *argv[])
OPENSSL_free(tlscstatp.port);
if (tlscstatp.path)
OPENSSL_free(tlscstatp.path);
if (ctx2 != NULL)
SSL_CTX_free(ctx2);
if (s_cert2)
X509_free(s_cert2);
X509_free(s_cert2);
EVP_PKEY_free(s_key2);
BIO_free(serverinfo_in);
# ifndef OPENSSL_NO_NEXTPROTONEG


+ 1
- 2
apps/smime.c View File

@ -650,8 +650,7 @@ int smime_main(int argc, char **argv)
ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free);
if (vpm)
X509_VERIFY_PARAM_free(vpm);
X509_VERIFY_PARAM_free(vpm);
if (sksigners)
sk_OPENSSL_STRING_free(sksigners);
if (skkeys)


+ 3
- 6
apps/verify.c View File

@ -221,10 +221,8 @@ int verify_main(int argc, char **argv)
}
end:
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (store != NULL)
X509_STORE_free(store);
X509_VERIFY_PARAM_free(vpm);
X509_STORE_free(store);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
@ -283,8 +281,7 @@ static int check(X509_STORE *ctx, char *file,
}
sk_X509_pop_free(chain, X509_free);
}
if (x != NULL)
X509_free(x);
X509_free(x);
return (ret);
}


+ 3
- 6
crypto/asn1/x_info.c View File

@ -103,12 +103,9 @@ void X509_INFO_free(X509_INFO *x)
}
#endif
if (x->x509 != NULL)
X509_free(x->x509);
if (x->crl != NULL)
X509_CRL_free(x->crl);
if (x->x_pkey != NULL)
X509_PKEY_free(x->x_pkey);
X509_free(x->x509);
X509_CRL_free(x->crl);
X509_PKEY_free(x->x_pkey);
if (x->enc_data != NULL)
OPENSSL_free(x->enc_data);
OPENSSL_free(x);


+ 1
- 2
crypto/asn1/x_pkey.c View File

@ -110,8 +110,7 @@ void X509_PKEY_free(X509_PKEY *x)
}
#endif
if (x->enc_algor != NULL)
X509_ALGOR_free(x->enc_algor);
X509_ALGOR_free(x->enc_algor);
ASN1_OCTET_STRING_free(x->enc_pkey);
EVP_PKEY_free(x->dec_pkey);
if ((x->key_data != NULL) && (x->key_free))


+ 3
- 6
crypto/asn1/x_pubkey.c View File

@ -112,15 +112,12 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
goto error;
}
if (*x != NULL)
X509_PUBKEY_free(*x);
X509_PUBKEY_free(*x);
*x = pk;
return 1;
error:
if (pk != NULL)
X509_PUBKEY_free(pk);
X509_PUBKEY_free(pk);
return 0;
}


+ 2
- 4
crypto/cms/cms_asn1.c View File

@ -94,8 +94,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
if (operation == ASN1_OP_FREE_POST) {
CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
EVP_PKEY_free(si->pkey);
if (si->signer)
X509_free(si->signer);
X509_free(si->signer);
if (si->pctx)
EVP_MD_CTX_cleanup(&si->mctx);
}
@ -248,8 +247,7 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
if (ri->type == CMS_RECIPINFO_TRANS) {
CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
EVP_PKEY_free(ktri->pkey);
if (ktri->recip)
X509_free(ktri->recip);
X509_free(ktri->recip);
EVP_PKEY_CTX_free(ktri->pctx);
} else if (ri->type == CMS_RECIPINFO_KEK) {
CMS_KEKRecipientInfo *kekri = ri->d.kekri;


+ 1
- 2
crypto/cms/cms_pwri.c View File

@ -204,8 +204,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
EVP_CIPHER_CTX_cleanup(&ctx);
if (ri)
M_ASN1_free_of(ri, CMS_RecipientInfo);
if (encalg)
X509_ALGOR_free(encalg);
X509_ALGOR_free(encalg);
return NULL;
}


+ 1
- 2
crypto/cms/cms_sd.c View File

@ -489,8 +489,7 @@ void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
EVP_PKEY_free(si->pkey);
si->pkey = X509_get_pubkey(signer);
}
if (si->signer)
X509_free(si->signer);
X509_free(si->signer);
si->signer = signer;
}


+ 2
- 4
crypto/cms/cms_smime.c View File

@ -455,10 +455,8 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
if (out != tmpout)
BIO_free_all(tmpout);
if (cms_certs)
sk_X509_pop_free(cms_certs, X509_free);
if (crls)
sk_X509_CRL_pop_free(crls, X509_CRL_free);
sk_X509_pop_free(cms_certs, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
return ret;
}


+ 4
- 8
crypto/dh/dh_ameth.c View File

@ -782,10 +782,8 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
rv = 1;
err:
if (kekalg)
X509_ALGOR_free(kekalg);
if (dukm)
OPENSSL_free(dukm);
X509_ALGOR_free(kekalg);
OPENSSL_free(dukm);
return rv;
}
@ -945,10 +943,8 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
rv = 1;
err:
if (penc)
OPENSSL_free(penc);
if (wrap_alg)
X509_ALGOR_free(wrap_alg);
OPENSSL_free(penc);
X509_ALGOR_free(wrap_alg);
return rv;
}


+ 4
- 8
crypto/ec/ec_ameth.c View File

@ -796,10 +796,8 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
rv = 1;
err:
if (kekalg)
X509_ALGOR_free(kekalg);
if (der)
OPENSSL_free(der);
X509_ALGOR_free(kekalg);
OPENSSL_free(der);
return rv;
}
@ -967,10 +965,8 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
rv = 1;
err:
if (penc)
OPENSSL_free(penc);
if (wrap_alg)
X509_ALGOR_free(wrap_alg);
OPENSSL_free(penc);
X509_ALGOR_free(wrap_alg);
return rv;
}


+ 1
- 2
crypto/evp/p_lib.c View File

@ -401,8 +401,7 @@ void EVP_PKEY_free(EVP_PKEY *x)
}
#endif
EVP_PKEY_free_it(x);
if (x->attributes)
sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
OPENSSL_free(x);
}


+ 1
- 2
crypto/ocsp/ocsp_vfy.c View File

@ -171,8 +171,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
}
end:
if (chain)
sk_X509_pop_free(chain, X509_free);
sk_X509_pop_free(chain, X509_free);
if (bs->certs && certs)
sk_X509_free(untrusted);
return ret;


+ 1
- 2
crypto/pem/pem_info.c View File

@ -276,8 +276,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
}
ok = 1;
err:
if (xi != NULL)
X509_INFO_free(xi);
X509_INFO_free(xi);
if (!ok) {
for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
xi = sk_X509_INFO_value(ret, i);


+ 5
- 9
crypto/pkcs12/p12_kiss.c View File

@ -150,12 +150,10 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
goto err;
x = NULL;
}
if (x)
X509_free(x);
X509_free(x);
}
if (ocerts)
sk_X509_pop_free(ocerts, X509_free);
sk_X509_pop_free(ocerts, X509_free);
return 1;
@ -163,12 +161,10 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
if (pkey)
EVP_PKEY_free(*pkey);
if (cert && *cert)
if (cert)
X509_free(*cert);
if (x)
X509_free(x);
if (ocerts)
sk_X509_pop_free(ocerts, X509_free);
X509_free(x);
sk_X509_pop_free(ocerts, X509_free);
return 0;
}


+ 2
- 4
crypto/pkcs7/pk7_doit.c View File

@ -1134,8 +1134,7 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
{
int i;
if (p7si->auth_attr != NULL)
sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
if (p7si->auth_attr == NULL)
return 0;
@ -1154,8 +1153,7 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
{
int i;
if (p7si->unauth_attr != NULL)
sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
if (p7si->unauth_attr == NULL)
return 0;


+ 1
- 2
crypto/pkcs7/pk7_smime.c View File

@ -208,8 +208,7 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
}
return si;
err:
if (smcap)
sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
return NULL;
}


+ 4
- 8
crypto/rsa/rsa_ameth.c View File

@ -381,8 +381,7 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
rv = rsa_pss_param_print(bp, pss, maskHash, indent);
if (pss)
RSA_PSS_PARAMS_free(pss);
if (maskHash)
X509_ALGOR_free(maskHash);
X509_ALGOR_free(maskHash);
if (!rv)
return 0;
} else if (!sig && BIO_puts(bp, "\n") <= 0)
@ -474,8 +473,7 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
stmp = NULL;
err:
ASN1_STRING_free(stmp);
if (algtmp)
X509_ALGOR_free(algtmp);
X509_ALGOR_free(algtmp);
if (*palg)
return 1;
return 0;
@ -652,8 +650,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
err:
RSA_PSS_PARAMS_free(pss);
if (maskHash)
X509_ALGOR_free(maskHash);
X509_ALGOR_free(maskHash);
return rv;
}
@ -840,8 +837,7 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
err:
RSA_OAEP_PARAMS_free(oaep);
if (maskHash)
X509_ALGOR_free(maskHash);
X509_ALGOR_free(maskHash);
return rv;
}


+ 1
- 2
crypto/rsa/rsa_sign.c View File

@ -266,8 +266,7 @@ int int_rsa_verify(int dtype, const unsigned char *m,
ret = 1;
}
err:
if (sig != NULL)
X509_SIG_free(sig);
X509_SIG_free(sig);
if (s != NULL) {
OPENSSL_cleanse(s, (unsigned int)siglen);
OPENSSL_free(s);


+ 3
- 6
crypto/ts/ts_rsp_sign.c View File

@ -207,8 +207,7 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
return 0;
}
if (ctx->signer_cert)
X509_free(ctx->signer_cert);
X509_free(ctx->signer_cert);
ctx->signer_cert = signer;
CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509);
return 1;
@ -237,10 +236,8 @@ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy)
int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
{
if (ctx->certs) {
sk_X509_pop_free(ctx->certs, X509_free);
ctx->certs = NULL;
}
sk_X509_pop_free(ctx->certs, X509_free);
ctx->certs = NULL;
if (!certs)
return 1;
if (!(ctx->certs = X509_chain_up_ref(certs))) {


+ 2
- 4
crypto/x509/by_file.c View File

@ -174,8 +174,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
goto err;
}
err:
if (x != NULL)
X509_free(x);
X509_free(x);
BIO_free(in);
return (ret);
}
@ -232,8 +231,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
goto err;
}
err:
if (x != NULL)
X509_CRL_free(x);
X509_CRL_free(x);
BIO_free(in);
return (ret);
}


+ 2
- 4
crypto/x509/x509_att.c View File

@ -147,10 +147,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
err:
X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
err2:
if (new_attr != NULL)
X509_ATTRIBUTE_free(new_attr);
if (sk != NULL)
sk_X509_ATTRIBUTE_free(sk);
X509_ATTRIBUTE_free(new_attr);
sk_X509_ATTRIBUTE_free(sk);
return (NULL);
}


+ 5
- 2
crypto/x509/x509_lu.c View File

@ -217,6 +217,8 @@ X509_STORE *X509_STORE_new(void)
static void cleanup(X509_OBJECT *a)
{
if (!a)
return;
if (a->type == X509_LU_X509) {
X509_free(a->data.x509);
} else if (a->type == X509_LU_CRL) {
@ -260,8 +262,7 @@ void X509_STORE_free(X509_STORE *vfy)
sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
if (vfy->param)
X509_VERIFY_PARAM_free(vfy->param);
X509_VERIFY_PARAM_free(vfy->param);
OPENSSL_free(vfy);
}
@ -413,6 +414,8 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a)
void X509_OBJECT_free_contents(X509_OBJECT *a)
{
if (!a)
return;
switch (a->type) {
case X509_LU_X509:
X509_free(a->data.x509);


+ 4
- 5
crypto/x509/x509_r2x.c View File

@ -104,10 +104,9 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
if (!X509_sign(ret, pkey, EVP_md5()))
goto err;
if (0) {
return ret;
err:
X509_free(ret);
ret = NULL;
}
return (ret);
X509_free(ret);
return NULL;
}

+ 2
- 4
crypto/x509/x509_v3.c View File

@ -176,10 +176,8 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
err:
X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
err2:
if (new_ex != NULL)
X509_EXTENSION_free(new_ex);
if (sk != NULL)
sk_X509_EXTENSION_free(sk);
X509_EXTENSION_free(new_ex);
sk_X509_EXTENSION_free(sk);
return (NULL);
}


+ 11
- 18
crypto/x509/x509_vfy.c View File

@ -495,10 +495,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
end:
X509_get_pubkey_parameters(NULL, ctx->chain);
}
if (sktmp != NULL)
sk_X509_free(sktmp);
if (chain_ss != NULL)
X509_free(chain_ss);
sk_X509_free(sktmp);
X509_free(chain_ss);
return ok;
}
@ -1016,8 +1014,7 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
}
if (best_crl) {
if (*pcrl)
X509_CRL_free(*pcrl);
X509_CRL_free(*pcrl);
*pcrl = best_crl;
*pissuer = best_crl_issuer;
*pscore = best_score;
@ -2058,8 +2055,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
memerr:
X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE);
if (crl)
X509_CRL_free(crl);
X509_CRL_free(crl);
return NULL;
}
@ -2230,6 +2226,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void)
void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
{
if (!ctx)
return;
X509_STORE_CTX_cleanup(ctx);
OPENSSL_free(ctx);
}
@ -2376,14 +2374,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
X509_VERIFY_PARAM_free(ctx->param);
ctx->param = NULL;
}
if (ctx->tree != NULL) {
X509_policy_tree_free(ctx->tree);
ctx->tree = NULL;
}
if (ctx->chain != NULL) {
sk_X509_pop_free(ctx->chain, X509_free);
ctx->chain = NULL;
}
X509_policy_tree_free(ctx->tree);
ctx->tree = NULL;
sk_X509_pop_free(ctx->chain, X509_free);
ctx->chain = NULL;
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
}
@ -2436,7 +2430,6 @@ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
{
if (ctx->param)
X509_VERIFY_PARAM_free(ctx->param);
X509_VERIFY_PARAM_free(ctx->param);
ctx->param = param;
}

+ 3
- 3
crypto/x509/x509_vpm.c View File

@ -168,6 +168,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
{
X509_VERIFY_PARAM *param;
X509_VERIFY_PARAM_ID *paramid;
param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
if (!param)
return NULL;
@ -185,7 +186,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
{
if (param == NULL)
if (!param)
return;
x509_verify_param_zero(param);
OPENSSL_free(param->id);
@ -644,7 +645,6 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
void X509_VERIFY_PARAM_table_cleanup(void)
{
if (param_table)
sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
param_table = NULL;
}

+ 1
- 2
crypto/x509/x509name.c View File

@ -277,8 +277,7 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
}
return (1);
err:
if (new_name != NULL)
X509_NAME_ENTRY_free(new_name);
X509_NAME_ENTRY_free(new_name);
return (0);
}


+ 1
- 2
crypto/x509/x_attrib.c View File

@ -98,8 +98,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
ASN1_TYPE_set(val, atrtype, value);
return (ret);
err:
if (ret != NULL)
X509_ATTRIBUTE_free(ret);
X509_ATTRIBUTE_free(ret);
ASN1_TYPE_free(val);
return (NULL);
}

+ 6
- 9
crypto/x509/x_name.c View File

@ -150,8 +150,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
memerr:
ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
if (ret) {
if (ret->entries)
sk_X509_NAME_ENTRY_free(ret->entries);
sk_X509_NAME_ENTRY_free(ret->entries);
OPENSSL_free(ret);
}
return 0;
@ -160,6 +159,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
X509_NAME *a;
if (!pval || !*pval)
return;
a = (X509_NAME *)*pval;
@ -232,8 +232,7 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
*in = p;
return ret;
err:
if (nm.x != NULL)
X509_NAME_free(nm.x);
X509_NAME_free(nm.x);
ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0;
}
@ -394,11 +393,9 @@ static int x509_name_canon(X509_NAME *a)
err:
if (tmpentry)
X509_NAME_ENTRY_free(tmpentry);
if (intname)
sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
local_sk_X509_NAME_ENTRY_pop_free);
X509_NAME_ENTRY_free(tmpentry);
sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
local_sk_X509_NAME_ENTRY_pop_free);
return ret;
}


+ 1
- 2
crypto/x509v3/pcy_cache.c View File

@ -221,8 +221,7 @@ void policy_cache_free(X509_POLICY_CACHE *cache)
return;
if (cache->anyPolicy)
policy_data_free(cache->anyPolicy);
if (cache->data)
sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
OPENSSL_free(cache);
}


+ 3
- 7
crypto/x509v3/pcy_tree.c View File

@ -655,17 +655,13 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree)
sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) {
if (curr->cert)
X509_free(curr->cert);
if (curr->nodes)
sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
X509_free(curr->cert);
sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
if (curr->anyPolicy)
policy_node_free(curr->anyPolicy);
}
if (tree->extra_data)
sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
OPENSSL_free(tree->levels);
OPENSSL_free(tree);


+ 2
- 4
crypto/x509v3/v3_crld.c View File

@ -175,8 +175,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
err:
if (fnm)
sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
if (rnm)
sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
return -1;
}
@ -354,8 +353,7 @@ static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
break;
case ASN1_OP_FREE_POST:
if (dpn->dpname)
X509_NAME_free(dpn->dpname);
X509_NAME_free(dpn->dpname);
break;
}
return 1;


+ 1
- 2
demos/cms/cms_ddec.c View File

@ -70,8 +70,7 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
X509_free(rcert);
EVP_PKEY_free(rkey);
BIO_free(in);


+ 1
- 2
demos/cms/cms_dec.c View File

@ -61,8 +61,7 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
X509_free(rcert);
EVP_PKEY_free(rkey);
BIO_free(in);


+ 2
- 4
demos/cms/cms_denc.c View File

@ -79,10 +79,8 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
X509_free(rcert);
sk_X509_pop_free(recips, X509_free);
BIO_free(in);
BIO_free(out);


+ 2
- 4
demos/cms/cms_enc.c View File

@ -75,10 +75,8 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
X509_free(rcert);
sk_X509_pop_free(recips, X509_free);
BIO_free(in);
BIO_free(out);


+ 1
- 2
demos/cms/cms_sign.c View File

@ -71,8 +71,7 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
if (scert)
X509_free(scert);
X509_free(scert);
EVP_PKEY_free(skey);
BIO_free(in);


+ 2
- 6
demos/cms/cms_sign2.c View File

@ -80,14 +80,10 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
if (scert)
X509_free(scert);
X509_free(scert);
EVP_PKEY_free(skey);
if (scert2)
X509_free(scert2);
X509_free(scert2);
EVP_PKEY_free(skey2);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);


+ 1
- 2
demos/cms/cms_ver.c View File

@ -70,8 +70,7 @@ int main(int argc, char **argv)
if (cms)
CMS_ContentInfo_free(cms);
if (cacert)
X509_free(cacert);
X509_free(cacert);
BIO_free(in);
BIO_free(out);


+ 1
- 2
demos/easy_tls/easy-tls.c View File

@ -943,8 +943,7 @@ static void write_info(SSL *ssl, int *info_fd)
peercert = SSL_get_peer_certificate(ssl);
tls_get_x509_subject_name_oneline(peercert, &peer);
if (peercert != NULL)
X509_free(peercert);
X509_free(peercert);
}
if (peer.str[0] == '\0')
v_ok = '0'; /* no cert at all */


+ 1
- 2
demos/smime/smdec.c View File

@ -58,8 +58,7 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
if (rcert)
X509_free(rcert);
X509_free(rcert);
EVP_PKEY_free(rkey);
BIO_free(in);
BIO_free(out);


+ 2
- 4
demos/smime/smenc.c View File

@ -72,10 +72,8 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
X509_free(rcert);
sk_X509_pop_free(recips, X509_free);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);


+ 1
- 2
demos/smime/smsign.c View File

@ -68,8 +68,7 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
if (scert)
X509_free(scert);
X509_free(scert);
EVP_PKEY_free(skey);
BIO_free(in);
BIO_free(out);


+ 2
- 4
demos/smime/smsign2.c View File

@ -76,11 +76,9 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
if (scert)
X509_free(scert);
X509_free(scert);
EVP_PKEY_free(skey);
if (scert2)
X509_free(scert2);
X509_free(scert2);
EVP_PKEY_free(skey2);
BIO_free(in);
BIO_free(out);


+ 1
- 2
demos/smime/smver.c View File

@ -66,8 +66,7 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
if (cacert)
X509_free(cacert);
X509_free(cacert);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);


+ 1
- 2
demos/spkigen.c View File

@ -166,7 +166,6 @@ EVP_PKEY *pkey;
pk = NULL;
ok = 1;
err:
if (pk != NULL)
X509_PUBKEY_free(pk);
X509_PUBKEY_free(pk);
return (ok);
}

+ 1
- 0
doc/crypto/X509_STORE_CTX_new.pod View File

@ -37,6 +37,7 @@ The context can then be reused with an new call to X509_STORE_CTX_init().
X509_STORE_CTX_free() completely frees up B<ctx>. After this call B<ctx>
is no longer valid.
If B<ctx> is NULL nothing is done.
X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
The trusted certificate store is set to B<store>, the end entity certificate


+ 1
- 0
doc/crypto/X509_new.pod View File

@ -19,6 +19,7 @@ X509 structure, which represents an X509 certificate.
X509_new() allocates and initializes a X509 structure.
X509_free() frees up the B<X509> structure B<a>.
If B<a> is NULL nothing is done.
=head1 RETURN VALUES


+ 6
- 12
ssl/s3_clnt.c View File

@ -1314,21 +1314,18 @@ int ssl3_get_server_certificate(SSL *s)
* Why would the following ever happen? We just created sc a couple
* of lines ago.
*/
if (sc->peer_pkeys[i].x509 != NULL)
X509_free(sc->peer_pkeys[i].x509);
X509_free(sc->peer_pkeys[i].x509);
sc->peer_pkeys[i].x509 = x;
sc->peer_key = &(sc->peer_pkeys[i]);
if (s->session->peer != NULL)
X509_free(s->session->peer);
X509_free(s->session->peer);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
s->session->peer = x;
} else {
sc->peer_cert_type = i;
sc->peer_key = NULL;
if (s->session->peer != NULL)
X509_free(s->session->peer);
X509_free(s->session->peer);
s->session->peer = NULL;
}
s->session->verify_result = s->verify_result;
@ -2149,15 +2146,13 @@ int ssl3_get_certificate_request(SSL *s)
/* we should setup a certificate to return.... */
s->s3->tmp.cert_req = 1;
s->s3->tmp.ctype_num = ctype_num;
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
s->s3->tmp.ca_names = ca_sk;
ca_sk = NULL;
ret = 1;
err:
if (ca_sk != NULL)
sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
return (ret);
}
@ -3339,8 +3334,7 @@ int ssl3_send_client_certificate(SSL *s)
SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
}
if (x509 != NULL)
X509_free(x509);
X509_free(x509);
if (pkey != NULL)
EVP_PKEY_free(pkey);
if (i && !ssl3_check_client_certificate(s))


+ 4
- 8
ssl/s3_lib.c View File

@ -3126,8 +3126,7 @@ void ssl3_free(SSL *s)
EC_KEY_free(s->s3->tmp.ecdh);
#endif
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
BIO_free(s->s3->handshake_buffer);
if (s->s3->handshake_dgst)
ssl3_free_digest_list(s);
@ -3149,8 +3148,7 @@ void ssl3_clear(SSL *s)
int init_extra;
ssl3_cleanup_key_block(s);
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
#ifndef OPENSSL_NO_DH
DH_free(s->s3->tmp.dh);
@ -3925,10 +3923,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
break;
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
if (ctx->extra_certs) {
sk_X509_pop_free(ctx->extra_certs, X509_free);
ctx->extra_certs = NULL;
}
sk_X509_pop_free(ctx->extra_certs, X509_free);
ctx->extra_certs = NULL;
break;
case SSL_CTRL_CHAIN:


+ 4
- 8
ssl/s3_srvr.c View File

@ -3271,8 +3271,7 @@ int ssl3_get_client_certificate(SSL *s)
EVP_PKEY_free(pkey);
}
if (s->session->peer != NULL) /* This should not be needed */
X509_free(s->session->peer);