Remove unnecessary NULL checks, part 5. Finally, the ssl stack. Change-Id: Iea10e302825947da36ad46eaf3e8e2bce060fde2 Reviewed-on: https://boringssl-review.googlesource.com/4518 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index ec2d920..85b0af9 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c
@@ -199,12 +199,8 @@ if (frag == NULL) { return; } - if (frag->fragment) { - OPENSSL_free(frag->fragment); - } - if (frag->reassembly) { - OPENSSL_free(frag->reassembly); - } + OPENSSL_free(frag->fragment); + OPENSSL_free(frag->reassembly); OPENSSL_free(frag); } @@ -660,12 +656,8 @@ f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: - if (item != NULL) { - pitem_free(item); - } - if (frag != NULL) { - dtls1_hm_fragment_free(frag); - } + pitem_free(item); + dtls1_hm_fragment_free(frag); *ok = 0; return -1; }
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 9e41618..c063247 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c
@@ -510,9 +510,7 @@ end: s->in_handshake--; - if (buf != NULL) { - BUF_MEM_free(buf); - } + BUF_MEM_free(buf); if (cb != NULL) { cb(s, SSL_CB_CONNECT_EXIT, ret); }
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 9dadb28..3c1fd09 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c
@@ -101,12 +101,8 @@ d1->sent_messages = pqueue_new(); if (!d1->buffered_messages || !d1->sent_messages) { - if (d1->buffered_messages) { - pqueue_free(d1->buffered_messages); - } - if (d1->sent_messages) { - pqueue_free(d1->sent_messages); - } + pqueue_free(d1->buffered_messages); + pqueue_free(d1->sent_messages); OPENSSL_free(d1); ssl3_free(s); return 0;
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 3ae0513..3415f98 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c
@@ -516,9 +516,7 @@ end: s->in_handshake--; - if (buf != NULL) { - BUF_MEM_free(buf); - } + BUF_MEM_free(buf); if (cb != NULL) { cb(s, SSL_CB_ACCEPT_EXIT, ret); }
diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 9ab8e1b..889a732 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c
@@ -658,18 +658,14 @@ } int ssl3_release_write_buffer(SSL *s) { - if (s->s3->wbuf.buf != NULL) { - OPENSSL_free(s->s3->wbuf.buf); - s->s3->wbuf.buf = NULL; - } + OPENSSL_free(s->s3->wbuf.buf); + s->s3->wbuf.buf = NULL; return 1; } int ssl3_release_read_buffer(SSL *s) { - if (s->s3->rbuf.buf != NULL) { - OPENSSL_free(s->s3->rbuf.buf); - s->s3->rbuf.buf = NULL; - } + OPENSSL_free(s->s3->rbuf.buf); + s->s3->rbuf.buf = NULL; return 1; }
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index dda637d..5efccd4 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c
@@ -545,10 +545,8 @@ /* clean a few things up */ ssl3_cleanup_key_block(s); - if (s->init_buf != NULL) { - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; - } + BUF_MEM_free(s->init_buf); + s->init_buf = NULL; /* Remove write buffering now. */ ssl_free_wbio_buffer(s); @@ -588,9 +586,7 @@ end: s->in_handshake--; - if (buf != NULL) { - BUF_MEM_free(buf); - } + BUF_MEM_free(buf); if (cb != NULL) { cb(s, SSL_CB_CONNECT_EXIT, ret); } @@ -993,9 +989,7 @@ goto err; } - if (s->session->sess_cert) { - ssl_sess_cert_free(s->session->sess_cert); - } + ssl_sess_cert_free(s->session->sess_cert); s->session->sess_cert = sc; sc->cert_chain = sk; @@ -1033,17 +1027,11 @@ goto f_err; } sc->peer_cert_type = i; - /* Why would the following ever happen? We just created sc a couple of lines - * ago. */ - if (sc->peer_pkeys[i].x509 != NULL) { - X509_free(sc->peer_pkeys[i].x509); - } + X509_free(sc->peer_pkeys[i].x509); sc->peer_pkeys[i].x509 = X509_up_ref(x); sc->peer_key = &(sc->peer_pkeys[i]); - if (s->session->peer != NULL) { - X509_free(s->session->peer); - } + X509_free(s->session->peer); s->session->peer = X509_up_ref(x); s->session->verify_result = s->verify_result; @@ -1108,10 +1096,8 @@ /* TODO(davidben): This should be reset in one place with the rest of the * handshake state. */ - if (s->s3->tmp.peer_psk_identity_hint) { - OPENSSL_free(s->s3->tmp.peer_psk_identity_hint); - s->s3->tmp.peer_psk_identity_hint = NULL; - } + OPENSSL_free(s->s3->tmp.peer_psk_identity_hint); + s->s3->tmp.peer_psk_identity_hint = NULL; } s->s3->tmp.reuse_message = 1; return 1; @@ -1122,14 +1108,10 @@ server_key_exchange_orig = server_key_exchange; if (s->session->sess_cert != NULL) { - if (s->session->sess_cert->peer_dh_tmp) { - DH_free(s->session->sess_cert->peer_dh_tmp); - s->session->sess_cert->peer_dh_tmp = NULL; - } - if (s->session->sess_cert->peer_ecdh_tmp) { - EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); - s->session->sess_cert->peer_ecdh_tmp = NULL; - } + DH_free(s->session->sess_cert->peer_dh_tmp); + s->session->sess_cert->peer_dh_tmp = NULL; + EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); + s->session->sess_cert->peer_ecdh_tmp = NULL; } else { s->session->sess_cert = ssl_sess_cert_new(); if (s->session->sess_cert == NULL) { @@ -1364,17 +1346,11 @@ ssl3_send_alert(s, SSL3_AL_FATAL, al); err: EVP_PKEY_free(pkey); - if (rsa != NULL) { - RSA_free(rsa); - } - if (dh != NULL) { - DH_free(dh); - } + RSA_free(rsa); + DH_free(dh); BN_CTX_free(bn_ctx); EC_POINT_free(srvr_ecpoint); - if (ecdh != NULL) { - EC_KEY_free(ecdh); - } + EC_KEY_free(ecdh); EVP_MD_CTX_cleanup(&md_ctx); return -1; } @@ -1506,18 +1482,14 @@ /* we should setup a certificate to return.... */ s->s3->tmp.cert_req = 1; - if (s->s3->tmp.ca_names != NULL) { - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); - } + sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); s->s3->tmp.ca_names = ca_sk; ca_sk = NULL; ret = 1; err: - if (ca_sk != NULL) { - sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); - } + sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); return ret; } @@ -1693,10 +1665,7 @@ goto err; } - if (s->session->psk_identity != NULL) { - OPENSSL_free(s->session->psk_identity); - } - + OPENSSL_free(s->session->psk_identity); s->session->psk_identity = BUF_strdup(identity); if (s->session->psk_identity == NULL) { OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, @@ -1738,9 +1707,7 @@ pkey->pkey.rsa == NULL) { OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, ERR_R_INTERNAL_ERROR); - if (pkey != NULL) { - EVP_PKEY_free(pkey); - } + EVP_PKEY_free(pkey); goto err; } @@ -2007,12 +1974,8 @@ err: BN_CTX_free(bn_ctx); - if (encodedPoint != NULL) { - OPENSSL_free(encodedPoint); - } - if (clnt_ecdh != NULL) { - EC_KEY_free(clnt_ecdh); - } + OPENSSL_free(encodedPoint); + EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); if (pms) { OPENSSL_cleanse(pms, pms_len); @@ -2154,12 +2117,8 @@ SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); } - if (x509 != NULL) { - X509_free(x509); - } - if (pkey != NULL) { - EVP_PKEY_free(pkey); - } + X509_free(x509); + EVP_PKEY_free(pkey); if (i && !ssl3_has_client_certificate(s)) { i = 0; } @@ -2399,15 +2358,9 @@ err: EVP_MD_CTX_cleanup(&md_ctx); - if (public_key) { - OPENSSL_free(public_key); - } - if (der_sig) { - OPENSSL_free(der_sig); - } - if (sig) { - ECDSA_SIG_free(sig); - } + OPENSSL_free(public_key); + OPENSSL_free(der_sig); + ECDSA_SIG_free(sig); return ret; }
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 50df40c..fbe68da 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c
@@ -236,12 +236,8 @@ } int ssl3_init_finished_mac(SSL *s) { - if (s->s3->handshake_buffer) { - BIO_free(s->s3->handshake_buffer); - } - if (s->s3->handshake_dgst) { - ssl3_free_digest_list(s); - } + BIO_free(s->s3->handshake_buffer); + ssl3_free_digest_list(s); s->s3->handshake_buffer = BIO_new(BIO_s_mem()); if (s->s3->handshake_buffer == NULL) { return 0;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3d80565..4537e2e 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c
@@ -554,47 +554,21 @@ return; } - if (s->s3->sniff_buffer != NULL) { - BUF_MEM_free(s->s3->sniff_buffer); - } + BUF_MEM_free(s->s3->sniff_buffer); ssl3_cleanup_key_block(s); - if (s->s3->rbuf.buf != NULL) { - ssl3_release_read_buffer(s); - } - if (s->s3->wbuf.buf != NULL) { - ssl3_release_write_buffer(s); - } - if (s->s3->tmp.dh != NULL) { - DH_free(s->s3->tmp.dh); - } - if (s->s3->tmp.ecdh != NULL) { - EC_KEY_free(s->s3->tmp.ecdh); - } + ssl3_release_read_buffer(s); + ssl3_release_write_buffer(s); + DH_free(s->s3->tmp.dh); + EC_KEY_free(s->s3->tmp.ecdh); - if (s->s3->tmp.ca_names != NULL) { - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); - } - if (s->s3->tmp.certificate_types != NULL) { - OPENSSL_free(s->s3->tmp.certificate_types); - } - if (s->s3->tmp.peer_ecpointformatlist) { - OPENSSL_free(s->s3->tmp.peer_ecpointformatlist); - } - if (s->s3->tmp.peer_ellipticcurvelist) { - OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist); - } - if (s->s3->tmp.peer_psk_identity_hint) { - OPENSSL_free(s->s3->tmp.peer_psk_identity_hint); - } - if (s->s3->handshake_buffer) { - BIO_free(s->s3->handshake_buffer); - } - if (s->s3->handshake_dgst) { - ssl3_free_digest_list(s); - } - if (s->s3->alpn_selected) { - OPENSSL_free(s->s3->alpn_selected); - } + sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + OPENSSL_free(s->s3->tmp.certificate_types); + OPENSSL_free(s->s3->tmp.peer_ecpointformatlist); + OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist); + OPENSSL_free(s->s3->tmp.peer_psk_identity_hint); + BIO_free(s->s3->handshake_buffer); + ssl3_free_digest_list(s); + OPENSSL_free(s->s3->alpn_selected); OPENSSL_cleanse(s->s3, sizeof *s->s3); OPENSSL_free(s->s3); @@ -661,9 +635,7 @@ OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_DH_LIB); return ret; } - if (s->cert->dh_tmp != NULL) { - DH_free(s->cert->dh_tmp); - } + DH_free(s->cert->dh_tmp); s->cert->dh_tmp = dh; ret = 1; break; @@ -692,9 +664,7 @@ case SSL_CTRL_SET_TLSEXT_HOSTNAME: if (larg == TLSEXT_NAMETYPE_host_name) { - if (s->tlsext_hostname != NULL) { - OPENSSL_free(s->tlsext_hostname); - } + OPENSSL_free(s->tlsext_hostname); s->tlsext_hostname = NULL; ret = 1; @@ -846,9 +816,7 @@ OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_CHANNEL_ID_NOT_P256); break; } - if (s->tlsext_channel_id_private) { - EVP_PKEY_free(s->tlsext_channel_id_private); - } + EVP_PKEY_free(s->tlsext_channel_id_private); s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY *)parg); ret = 1; break; @@ -927,9 +895,7 @@ DH_free(new); return 0; } - if (cert->dh_tmp != NULL) { - DH_free(cert->dh_tmp); - } + DH_free(cert->dh_tmp); cert->dh_tmp = new; return 1; } @@ -1026,10 +992,8 @@ break; case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: - if (ctx->extra_certs) { - sk_X509_pop_free(ctx->extra_certs, X509_free); - ctx->extra_certs = NULL; - } + sk_X509_pop_free(ctx->extra_certs, X509_free); + ctx->extra_certs = NULL; break; case SSL_CTRL_CHAIN: @@ -1063,9 +1027,7 @@ OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_CHANNEL_ID_NOT_P256); break; } - if (ctx->tlsext_channel_id_private) { - EVP_PKEY_free(ctx->tlsext_channel_id_private); - } + EVP_PKEY_free(ctx->tlsext_channel_id_private); ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY *)parg); break; @@ -1266,12 +1228,10 @@ } static int ssl3_set_req_cert_type(CERT *c, const uint8_t *p, size_t len) { - if (c->client_certificate_types) { - OPENSSL_free(c->client_certificate_types); - c->client_certificate_types = NULL; - } - + OPENSSL_free(c->client_certificate_types); + c->client_certificate_types = NULL; c->num_client_certificate_types = 0; + if (!p || !len) { return 1; }
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 8f5712e..b7fc545 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c
@@ -644,7 +644,7 @@ /* If we aren't retaining peer certificates then we can discard it * now. */ - if (s->session->peer && s->ctx->retain_only_sha256_of_client_certs) { + if (s->ctx->retain_only_sha256_of_client_certs) { X509_free(s->session->peer); s->session->peer = NULL; } @@ -681,9 +681,7 @@ end: s->in_handshake--; - if (buf != NULL) { - BUF_MEM_free(buf); - } + BUF_MEM_free(buf); if (cb != NULL) { cb(s, SSL_CB_ACCEPT_EXIT, ret); } @@ -1215,9 +1213,7 @@ } err: - if (ciphers != NULL) { - sk_SSL_CIPHER_free(ciphers); - } + sk_SSL_CIPHER_free(ciphers); return ret; } @@ -1608,9 +1604,7 @@ f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: - if (encodedPoint != NULL) { - OPENSSL_free(encodedPoint); - } + OPENSSL_free(encodedPoint); BN_CTX_free(bn_ctx); EVP_MD_CTX_cleanup(&md_ctx); return -1; @@ -2105,14 +2099,10 @@ } OPENSSL_free(premaster_secret); } - if (decrypt_buf) { - OPENSSL_free(decrypt_buf); - } + OPENSSL_free(decrypt_buf); EVP_PKEY_free(clnt_pub_pkey); EC_POINT_free(clnt_ecpoint); - if (srvr_ecdh != NULL) { - EC_KEY_free(srvr_ecdh); - } + EC_KEY_free(srvr_ecdh); BN_CTX_free(bn_ctx); return -1; @@ -2351,11 +2341,7 @@ } } - if (s->session->peer != NULL) { - /* This should not be needed */ - X509_free(s->session->peer); - } - + X509_free(s->session->peer); s->session->peer = sk_X509_shift(sk); s->session->verify_result = s->verify_result; @@ -2368,9 +2354,7 @@ goto err; } } - if (s->session->sess_cert->cert_chain != NULL) { - sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); - } + sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); s->session->sess_cert->cert_chain = sk; /* Inconsistency alert: cert_chain does *not* include the peer's own * certificate, while we do include it in s3_clnt.c */ @@ -2385,12 +2369,8 @@ } err: - if (x != NULL) { - X509_free(x); - } - if (sk != NULL) { - sk_X509_pop_free(sk, X509_free); - } + X509_free(x); + sk_X509_pop_free(sk, X509_free); return ret; } @@ -2539,9 +2519,7 @@ ret = ssl_do_write(s); err: - if (session != NULL) { - OPENSSL_free(session); - } + OPENSSL_free(session); EVP_CIPHER_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&hctx); return ret; @@ -2731,14 +2709,8 @@ BN_free(&y); BN_free(sig.r); BN_free(sig.s); - if (key) { - EC_KEY_free(key); - } - if (point) { - EC_POINT_free(point); - } - if (p256) { - EC_GROUP_free(p256); - } + EC_KEY_free(key); + EC_POINT_free(point); + EC_GROUP_free(p256); return ret; }
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 3bca0c9..eb0c725 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c
@@ -382,7 +382,7 @@ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, ERR_R_MALLOC_FAILURE); return 0; } - } else if (*out) { + } else { OPENSSL_free(*out); *out = NULL; } @@ -526,10 +526,8 @@ ret->time = session_time; ret->timeout = timeout; - if (ret->peer != NULL) { - X509_free(ret->peer); - ret->peer = NULL; - } + X509_free(ret->peer); + ret->peer = NULL; if (has_peer) { const uint8_t *ptr; ptr = CBS_data(&peer); @@ -585,8 +583,6 @@ return ret; err: - if (allocated) { - SSL_SESSION_free(allocated); - } + SSL_SESSION_free(allocated); return NULL; }
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 384cf26..a21256f 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c
@@ -314,35 +314,17 @@ return; } - if (c->dh_tmp) { - DH_free(c->dh_tmp); - } + DH_free(c->dh_tmp); ssl_cert_clear_certs(c); - if (c->peer_sigalgs) { - OPENSSL_free(c->peer_sigalgs); - } - if (c->conf_sigalgs) { - OPENSSL_free(c->conf_sigalgs); - } - if (c->client_sigalgs) { - OPENSSL_free(c->client_sigalgs); - } - if (c->shared_sigalgs) { - OPENSSL_free(c->shared_sigalgs); - } - if (c->client_certificate_types) { - OPENSSL_free(c->client_certificate_types); - } - if (c->verify_store) { - X509_STORE_free(c->verify_store); - } - if (c->chain_store) { - X509_STORE_free(c->chain_store); - } - if (c->ciphers_raw) { - OPENSSL_free(c->ciphers_raw); - } + OPENSSL_free(c->peer_sigalgs); + OPENSSL_free(c->conf_sigalgs); + OPENSSL_free(c->client_sigalgs); + OPENSSL_free(c->shared_sigalgs); + OPENSSL_free(c->client_certificate_types); + X509_STORE_free(c->verify_store); + X509_STORE_free(c->chain_store); + OPENSSL_free(c->ciphers_raw); OPENSSL_free(c); } @@ -352,9 +334,7 @@ if (!cpk) { return 0; } - if (cpk->chain) { - sk_X509_pop_free(cpk->chain, X509_free); - } + sk_X509_pop_free(cpk->chain, X509_free); cpk->chain = chain; return 1; } @@ -453,22 +433,14 @@ return; } - if (sc->cert_chain != NULL) { - sk_X509_pop_free(sc->cert_chain, X509_free); - } + sk_X509_pop_free(sc->cert_chain, X509_free); for (i = 0; i < SSL_PKEY_NUM; i++) { - if (sc->peer_pkeys[i].x509 != NULL) { - X509_free(sc->peer_pkeys[i].x509); - } + X509_free(sc->peer_pkeys[i].x509); } - if (sc->peer_dh_tmp != NULL) { - DH_free(sc->peer_dh_tmp); - } - if (sc->peer_ecdh_tmp != NULL) { - EC_KEY_free(sc->peer_ecdh_tmp); - } + DH_free(sc->peer_dh_tmp); + EC_KEY_free(sc->peer_ecdh_tmp); OPENSSL_free(sc); } @@ -527,10 +499,7 @@ static void set_client_CA_list(STACK_OF(X509_NAME) * *ca_list, STACK_OF(X509_NAME) * name_list) { - if (*ca_list != NULL) { - sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); - } - + sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); *ca_list = name_list; } @@ -673,21 +642,13 @@ if (0) { err: - if (ret != NULL) { - sk_X509_NAME_pop_free(ret, X509_NAME_free); - } + sk_X509_NAME_pop_free(ret, X509_NAME_free); ret = NULL; } - if (sk != NULL) { - sk_X509_NAME_free(sk); - } - if (in != NULL) { - BIO_free(in); - } - if (x != NULL) { - X509_free(x); - } + sk_X509_NAME_free(sk); + BIO_free(in); + X509_free(x); if (ret != NULL) { ERR_clear_error(); } @@ -748,12 +709,8 @@ ret = 0; } - if (in != NULL) { - BIO_free(in); - } - if (x != NULL) { - X509_free(x); - } + BIO_free(in); + X509_free(x); (void) sk_X509_NAME_set_cmp_func(stack, oldcmp); @@ -1024,9 +981,7 @@ pstore = &c->verify_store; } - if (*pstore) { - X509_STORE_free(*pstore); - } + X509_STORE_free(*pstore); *pstore = store; if (ref && store) {
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c index 857b2a4..7e0ade8 100644 --- a/ssl/ssl_cipher.c +++ b/ssl/ssl_cipher.c
@@ -1003,9 +1003,7 @@ pref_list = NULL; if (out_cipher_list_by_id != NULL) { - if (*out_cipher_list_by_id != NULL) { - sk_SSL_CIPHER_free(*out_cipher_list_by_id); - } + sk_SSL_CIPHER_free(*out_cipher_list_by_id); *out_cipher_list_by_id = tmp_cipher_list; tmp_cipher_list = NULL; (void) sk_SSL_CIPHER_set_cmp_func(*out_cipher_list_by_id, @@ -1020,24 +1018,14 @@ return cipherstack; err: - if (co_list) { - OPENSSL_free(co_list); - } - if (in_group_flags) { - OPENSSL_free(in_group_flags); - } - if (cipherstack) { - sk_SSL_CIPHER_free(cipherstack); - } - if (tmp_cipher_list) { - sk_SSL_CIPHER_free(tmp_cipher_list); - } - if (pref_list && pref_list->in_group_flags) { + OPENSSL_free(co_list); + OPENSSL_free(in_group_flags); + sk_SSL_CIPHER_free(cipherstack); + sk_SSL_CIPHER_free(tmp_cipher_list); + if (pref_list) { OPENSSL_free(pref_list->in_group_flags); } - if (pref_list) { - OPENSSL_free(pref_list); - } + OPENSSL_free(pref_list); return NULL; }
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 2d0bec7..696b13b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c
@@ -205,21 +205,17 @@ s->rwstate = SSL_NOTHING; s->rstate = SSL_ST_READ_HEADER; - if (s->init_buf != NULL) { - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; - } + BUF_MEM_free(s->init_buf); + s->init_buf = NULL; s->packet = NULL; s->packet_length = 0; ssl_clear_cipher_ctx(s); - if (s->next_proto_negotiated) { - OPENSSL_free(s->next_proto_negotiated); - s->next_proto_negotiated = NULL; - s->next_proto_negotiated_len = 0; - } + OPENSSL_free(s->next_proto_negotiated); + s->next_proto_negotiated = NULL; + s->next_proto_negotiated_len = 0; /* The s->d1->mtu is simultaneously configuration (preserved across * clear) and connection-specific state (gets reset). @@ -365,9 +361,7 @@ return s; err: - if (s != NULL) { - SSL_free(s); - } + SSL_free(s); OPENSSL_PUT_ERROR(SSL, SSL_new, ERR_R_MALLOC_FAILURE); return NULL; @@ -492,12 +486,7 @@ return ret; err: - if (ret && ret->ciphers) { - sk_SSL_CIPHER_free(ret->ciphers); - } - if (ret) { - OPENSSL_free(ret); - } + ssl_cipher_preference_list_free(ret); return NULL; } @@ -524,12 +513,7 @@ return ret; err: - if (ret && ret->ciphers) { - sk_SSL_CIPHER_free(ret->ciphers); - } - if (ret) { - OPENSSL_free(ret); - } + ssl_cipher_preference_list_free(ret); return NULL; } @@ -544,9 +528,7 @@ return; } - if (s->param) { - X509_VERIFY_PARAM_free(s->param); - } + X509_VERIFY_PARAM_free(s->param); CRYPTO_free_ex_data(&g_ex_data_class_ssl, s, &s->ex_data); @@ -559,74 +541,40 @@ s->bbio = NULL; } - if (s->rbio != NULL) { - BIO_free_all(s->rbio); - } - - if (s->wbio != NULL && s->wbio != s->rbio) { + int free_wbio = s->wbio != s->rbio; + BIO_free_all(s->rbio); + if (free_wbio) { BIO_free_all(s->wbio); } - if (s->init_buf != NULL) { - BUF_MEM_free(s->init_buf); - } + BUF_MEM_free(s->init_buf); /* add extra stuff */ - if (s->cipher_list != NULL) { - ssl_cipher_preference_list_free(s->cipher_list); - } - if (s->cipher_list_by_id != NULL) { - sk_SSL_CIPHER_free(s->cipher_list_by_id); - } + ssl_cipher_preference_list_free(s->cipher_list); + sk_SSL_CIPHER_free(s->cipher_list_by_id); - if (s->session != NULL) { - ssl_clear_bad_session(s); - SSL_SESSION_free(s->session); - } + ssl_clear_bad_session(s); + SSL_SESSION_free(s->session); ssl_clear_cipher_ctx(s); - if (s->cert != NULL) { - ssl_cert_free(s->cert); - } + ssl_cert_free(s->cert); - if (s->tlsext_hostname) { - OPENSSL_free(s->tlsext_hostname); - } - if (s->initial_ctx) { - SSL_CTX_free(s->initial_ctx); - } - if (s->tlsext_ecpointformatlist) { - OPENSSL_free(s->tlsext_ecpointformatlist); - } - if (s->tlsext_ellipticcurvelist) { - OPENSSL_free(s->tlsext_ellipticcurvelist); - } - if (s->alpn_client_proto_list) { - OPENSSL_free(s->alpn_client_proto_list); - } - if (s->tlsext_channel_id_private) { - EVP_PKEY_free(s->tlsext_channel_id_private); - } - if (s->psk_identity_hint) { - OPENSSL_free(s->psk_identity_hint); - } - if (s->client_CA != NULL) { - sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); - } - if (s->next_proto_negotiated) { - OPENSSL_free(s->next_proto_negotiated); - } - if (s->srtp_profiles) { - sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); - } + OPENSSL_free(s->tlsext_hostname); + SSL_CTX_free(s->initial_ctx); + OPENSSL_free(s->tlsext_ecpointformatlist); + OPENSSL_free(s->tlsext_ellipticcurvelist); + OPENSSL_free(s->alpn_client_proto_list); + EVP_PKEY_free(s->tlsext_channel_id_private); + OPENSSL_free(s->psk_identity_hint); + sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); + OPENSSL_free(s->next_proto_negotiated); + sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); if (s->method != NULL) { s->method->ssl_free(s); } - if (s->ctx) { - SSL_CTX_free(s->ctx); - } + SSL_CTX_free(s->ctx); OPENSSL_free(s); } @@ -640,10 +588,10 @@ } } - if (s->rbio != NULL && s->rbio != rbio) { + if (s->rbio != rbio) { BIO_free_all(s->rbio); } - if (s->wbio != NULL && s->wbio != wbio && s->rbio != s->wbio) { + if (s->wbio != wbio && s->rbio != s->wbio) { BIO_free_all(s->wbio); } s->rbio = rbio; @@ -1455,9 +1403,7 @@ return sk; err: - if (sk != NULL) { - sk_SSL_CIPHER_free(sk); - } + sk_SSL_CIPHER_free(sk); return NULL; } @@ -1645,10 +1591,7 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos, unsigned protos_len) { - if (ctx->alpn_client_proto_list) { - OPENSSL_free(ctx->alpn_client_proto_list); - } - + OPENSSL_free(ctx->alpn_client_proto_list); ctx->alpn_client_proto_list = BUF_memdup(protos, protos_len); if (!ctx->alpn_client_proto_list) { return 1; @@ -1659,10 +1602,7 @@ } int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len) { - if (ssl->alpn_client_proto_list) { - OPENSSL_free(ssl->alpn_client_proto_list); - } - + OPENSSL_free(ssl->alpn_client_proto_list); ssl->alpn_client_proto_list = BUF_memdup(protos, protos_len); if (!ssl->alpn_client_proto_list) { return 1; @@ -1867,9 +1807,7 @@ err: OPENSSL_PUT_ERROR(SSL, SSL_CTX_new, ERR_R_MALLOC_FAILURE); err2: - if (ret != NULL) { - SSL_CTX_free(ret); - } + SSL_CTX_free(ret); return NULL; } @@ -1879,9 +1817,7 @@ return; } - if (ctx->param) { - X509_VERIFY_PARAM_free(ctx->param); - } + X509_VERIFY_PARAM_free(ctx->param); /* Free internal session cache. However: the remove_cb() may reference the * ex_data of SSL_CTX, thus the ex_data store can only be removed after the @@ -1889,57 +1825,25 @@ * the session cache, the most secure solution seems to be: empty (flush) the * cache, then free ex_data, then finally free the cache. (See ticket * [openssl.org #212].) */ - if (ctx->sessions != NULL) { - SSL_CTX_flush_sessions(ctx, 0); - } + SSL_CTX_flush_sessions(ctx, 0); CRYPTO_free_ex_data(&g_ex_data_class_ssl_ctx, ctx, &ctx->ex_data); - if (ctx->sessions != NULL) { - lh_SSL_SESSION_free(ctx->sessions); - } - if (ctx->cert_store != NULL) { - X509_STORE_free(ctx->cert_store); - } - if (ctx->cipher_list != NULL) { - ssl_cipher_preference_list_free(ctx->cipher_list); - } - if (ctx->cipher_list_by_id != NULL) { - sk_SSL_CIPHER_free(ctx->cipher_list_by_id); - } - if (ctx->cipher_list_tls11 != NULL) { - ssl_cipher_preference_list_free(ctx->cipher_list_tls11); - } - if (ctx->cert != NULL) { - ssl_cert_free(ctx->cert); - } - if (ctx->client_CA != NULL) { - sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free); - } - if (ctx->extra_certs != NULL) { - sk_X509_pop_free(ctx->extra_certs, X509_free); - } - if (ctx->srtp_profiles) { - sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles); - } - if (ctx->psk_identity_hint) { - OPENSSL_free(ctx->psk_identity_hint); - } - if (ctx->tlsext_ecpointformatlist) { - OPENSSL_free(ctx->tlsext_ecpointformatlist); - } - if (ctx->tlsext_ellipticcurvelist) { - OPENSSL_free(ctx->tlsext_ellipticcurvelist); - } - if (ctx->alpn_client_proto_list != NULL) { - OPENSSL_free(ctx->alpn_client_proto_list); - } - if (ctx->tlsext_channel_id_private) { - EVP_PKEY_free(ctx->tlsext_channel_id_private); - } - if (ctx->keylog_bio) { - BIO_free(ctx->keylog_bio); - } + lh_SSL_SESSION_free(ctx->sessions); + X509_STORE_free(ctx->cert_store); + ssl_cipher_preference_list_free(ctx->cipher_list); + sk_SSL_CIPHER_free(ctx->cipher_list_by_id); + ssl_cipher_preference_list_free(ctx->cipher_list_tls11); + ssl_cert_free(ctx->cert); + sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free); + sk_X509_pop_free(ctx->extra_certs, X509_free); + sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles); + OPENSSL_free(ctx->psk_identity_hint); + OPENSSL_free(ctx->tlsext_ecpointformatlist); + OPENSSL_free(ctx->tlsext_ellipticcurvelist); + OPENSSL_free(ctx->alpn_client_proto_list); + EVP_PKEY_free(ctx->tlsext_channel_id_private); + BIO_free(ctx->keylog_bio); OPENSSL_free(ctx); } @@ -2487,15 +2391,11 @@ ctx = ssl->initial_ctx; } - if (ssl->cert != NULL) { - ssl_cert_free(ssl->cert); - } - + ssl_cert_free(ssl->cert); ssl->cert = ssl_cert_dup(ctx->cert); + CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); - if (ssl->ctx != NULL) { - SSL_CTX_free(ssl->ctx); /* decrement reference count */ - } + SSL_CTX_free(ssl->ctx); /* decrement reference count */ ssl->ctx = ctx; ssl->sid_ctx_length = ctx->sid_ctx_length; @@ -2576,9 +2476,7 @@ } void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) { - if (ctx->cert_store != NULL) { - X509_STORE_free(ctx->cert_store); - } + X509_STORE_free(ctx->cert_store); ctx->cert_store = store; } @@ -2626,9 +2524,7 @@ return 0; } - if (ctx->psk_identity_hint != NULL) { - OPENSSL_free(ctx->psk_identity_hint); - } + OPENSSL_free(ctx->psk_identity_hint); if (identity_hint != NULL) { ctx->psk_identity_hint = BUF_strdup(identity_hint); @@ -2654,10 +2550,8 @@ } /* Clear currently configured hint, if any. */ - if (s->psk_identity_hint != NULL) { - OPENSSL_free(s->psk_identity_hint); - s->psk_identity_hint = NULL; - } + OPENSSL_free(s->psk_identity_hint); + s->psk_identity_hint = NULL; if (identity_hint != NULL) { s->psk_identity_hint = BUF_strdup(identity_hint); @@ -2740,9 +2634,7 @@ } void SSL_CTX_set_keylog_bio(SSL_CTX *ctx, BIO *keylog_bio) { - if (ctx->keylog_bio != NULL) { - BIO_free(ctx->keylog_bio); - } + BIO_free(ctx->keylog_bio); ctx->keylog_bio = keylog_bio; }
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 45c9891..372748d 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c
@@ -114,12 +114,8 @@ ret = SSL_use_certificate(ssl, x); end: - if (x != NULL) { - X509_free(x); - } - if (in != NULL) { - BIO_free(in); - } + X509_free(x); + BIO_free(in); return ret; } @@ -183,9 +179,7 @@ } } - if (c->pkeys[i].privatekey != NULL) { - EVP_PKEY_free(c->pkeys[i].privatekey); - } + EVP_PKEY_free(c->pkeys[i].privatekey); c->pkeys[i].privatekey = EVP_PKEY_dup(pkey); c->key = &(c->pkeys[i]); @@ -229,9 +223,7 @@ RSA_free(rsa); end: - if (in != NULL) { - BIO_free(in); - } + BIO_free(in); return ret; } @@ -300,9 +292,7 @@ EVP_PKEY_free(pkey); end: - if (in != NULL) { - BIO_free(in); - } + BIO_free(in); return ret; } @@ -367,9 +357,7 @@ EVP_PKEY_free(pkey); - if (c->pkeys[i].x509 != NULL) { - X509_free(c->pkeys[i].x509); - } + X509_free(c->pkeys[i].x509); c->pkeys[i].x509 = X509_up_ref(x); c->key = &(c->pkeys[i]); @@ -414,12 +402,8 @@ ret = SSL_CTX_use_certificate(ctx, x); end: - if (x != NULL) { - X509_free(x); - } - if (in != NULL) { - BIO_free(in); - } + X509_free(x); + BIO_free(in); return ret; } @@ -499,9 +483,7 @@ RSA_free(rsa); end: - if (in != NULL) { - BIO_free(in); - } + BIO_free(in); return ret; } @@ -567,9 +549,7 @@ EVP_PKEY_free(pkey); end: - if (in != NULL) { - BIO_free(in); - } + BIO_free(in); return ret; } @@ -660,11 +640,7 @@ } end: - if (x != NULL) { - X509_free(x); - } - if (in != NULL) { - BIO_free(in); - } + X509_free(x); + BIO_free(in); return ret; }
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 75cc41f..f3f280c 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c
@@ -272,10 +272,8 @@ ss->timeout = s->initial_ctx->session_timeout; } - if (s->session != NULL) { - SSL_SESSION_free(s->session); - s->session = NULL; - } + SSL_SESSION_free(s->session); + s->session = NULL; if (session) { if (s->version == SSL3_VERSION || s->version == TLS1_VERSION || @@ -496,9 +494,7 @@ goto err; } - if (s->session != NULL) { - SSL_SESSION_free(s->session); - } + SSL_SESSION_free(s->session); s->session = ret; s->verify_result = s->session->verify_result; return 1; @@ -626,27 +622,13 @@ OPENSSL_cleanse(session->master_key, sizeof(session->master_key)); OPENSSL_cleanse(session->session_id, sizeof(session->session_id)); - if (session->sess_cert != NULL) { - ssl_sess_cert_free(session->sess_cert); - } - if (session->peer != NULL) { - X509_free(session->peer); - } - if (session->tlsext_hostname != NULL) { - OPENSSL_free(session->tlsext_hostname); - } - if (session->tlsext_tick != NULL) { - OPENSSL_free(session->tlsext_tick); - } - if (session->tlsext_signed_cert_timestamp_list != NULL) { - OPENSSL_free(session->tlsext_signed_cert_timestamp_list); - } - if (session->ocsp_response != NULL) { - OPENSSL_free(session->ocsp_response); - } - if (session->psk_identity != NULL) { - OPENSSL_free(session->psk_identity); - } + ssl_sess_cert_free(session->sess_cert); + X509_free(session->peer); + OPENSSL_free(session->tlsext_hostname); + OPENSSL_free(session->tlsext_tick); + OPENSSL_free(session->tlsext_signed_cert_timestamp_list); + OPENSSL_free(session->ocsp_response); + OPENSSL_free(session->psk_identity); OPENSSL_cleanse(session, sizeof(*session)); OPENSSL_free(session); } @@ -656,9 +638,7 @@ return 1; } - if (s->session != NULL) { - SSL_SESSION_free(s->session); - } + SSL_SESSION_free(s->session); s->session = session; if (session != NULL) { SSL_SESSION_up_ref(session);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 1e495b3..4be839c 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c
@@ -245,9 +245,7 @@ ret = 1; done: - if (extension_types) { - OPENSSL_free(extension_types); - } + OPENSSL_free(extension_types); return ret; } @@ -489,9 +487,7 @@ } } - if (*out_curve_ids) { - OPENSSL_free(*out_curve_ids); - } + OPENSSL_free(*out_curve_ids); *out_curve_ids = curve_ids; *out_curve_ids_len = ncurves; @@ -626,9 +622,7 @@ ret = 1; done: - if (pkey) { - EVP_PKEY_free(pkey); - } + EVP_PKEY_free(pkey); return ret; } @@ -1346,9 +1340,7 @@ s, &selected, &selected_len, CBS_data(&protocol_name_list), CBS_len(&protocol_name_list), s->ctx->alpn_select_cb_arg); if (r == SSL_TLSEXT_ERR_OK) { - if (s->s3->alpn_selected) { - OPENSSL_free(s->s3->alpn_selected); - } + OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = BUF_memdup(selected, selected_len); if (!s->s3->alpn_selected) { *out_alert = SSL_AD_INTERNAL_ERROR; @@ -1374,37 +1366,27 @@ s->s3->tmp.certificate_status_expected = 0; s->s3->tmp.extended_master_secret = 0; - if (s->s3->alpn_selected) { - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - } + OPENSSL_free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; /* Clear any signature algorithms extension received */ - if (s->cert->peer_sigalgs) { - OPENSSL_free(s->cert->peer_sigalgs); - s->cert->peer_sigalgs = NULL; - s->cert->peer_sigalgslen = 0; - } + OPENSSL_free(s->cert->peer_sigalgs); + s->cert->peer_sigalgs = NULL; + s->cert->peer_sigalgslen = 0; /* Clear any shared signature algorithms */ - if (s->cert->shared_sigalgs) { - OPENSSL_free(s->cert->shared_sigalgs); - s->cert->shared_sigalgs = NULL; - s->cert->shared_sigalgslen = 0; - } + OPENSSL_free(s->cert->shared_sigalgs); + s->cert->shared_sigalgs = NULL; + s->cert->shared_sigalgslen = 0; /* Clear ECC extensions */ - if (s->s3->tmp.peer_ecpointformatlist != 0) { - OPENSSL_free(s->s3->tmp.peer_ecpointformatlist); - s->s3->tmp.peer_ecpointformatlist = NULL; - s->s3->tmp.peer_ecpointformatlist_length = 0; - } + OPENSSL_free(s->s3->tmp.peer_ecpointformatlist); + s->s3->tmp.peer_ecpointformatlist = NULL; + s->s3->tmp.peer_ecpointformatlist_length = 0; - if (s->s3->tmp.peer_ellipticcurvelist != 0) { - OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist); - s->s3->tmp.peer_ellipticcurvelist = NULL; - s->s3->tmp.peer_ellipticcurvelist_length = 0; - } + OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist); + s->s3->tmp.peer_ellipticcurvelist = NULL; + s->s3->tmp.peer_ellipticcurvelist_length = 0; /* There may be no extensions. */ if (CBS_len(cbs) == 0) { @@ -1546,10 +1528,8 @@ return 0; } - if (s->s3->tmp.peer_ellipticcurvelist) { - OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist); - s->s3->tmp.peer_ellipticcurvelist_length = 0; - } + OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist); + s->s3->tmp.peer_ellipticcurvelist_length = 0; s->s3->tmp.peer_ellipticcurvelist = (uint16_t *)OPENSSL_malloc(CBS_len(&elliptic_curve_list)); @@ -1731,17 +1711,13 @@ s->s3->tmp.extended_master_secret = 0; s->srtp_profile = NULL; - if (s->s3->alpn_selected) { - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - } + OPENSSL_free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; /* Clear ECC extensions */ - if (s->s3->tmp.peer_ecpointformatlist != 0) { - OPENSSL_free(s->s3->tmp.peer_ecpointformatlist); - s->s3->tmp.peer_ecpointformatlist = NULL; - s->s3->tmp.peer_ecpointformatlist_length = 0; - } + OPENSSL_free(s->s3->tmp.peer_ecpointformatlist); + s->s3->tmp.peer_ecpointformatlist = NULL; + s->s3->tmp.peer_ecpointformatlist_length = 0; /* There may be no extensions. */ if (CBS_len(cbs) == 0) { @@ -2424,11 +2400,9 @@ TLS_SIGALGS *salgs = NULL; CERT *c = s->cert; - if (c->shared_sigalgs) { - OPENSSL_free(c->shared_sigalgs); - c->shared_sigalgs = NULL; - c->shared_sigalgslen = 0; - } + OPENSSL_free(c->shared_sigalgs); + c->shared_sigalgs = NULL; + c->shared_sigalgslen = 0; /* If client use client signature algorithms if not NULL */ if (!s->server && c->client_sigalgs) { @@ -2662,15 +2636,11 @@ } if (client) { - if (c->client_sigalgs) { - OPENSSL_free(c->client_sigalgs); - } + OPENSSL_free(c->client_sigalgs); c->client_sigalgs = sigalgs; c->client_sigalgslen = salglen; } else { - if (c->conf_sigalgs) { - OPENSSL_free(c->conf_sigalgs); - } + OPENSSL_free(c->conf_sigalgs); c->conf_sigalgs = sigalgs; c->conf_sigalgslen = salglen; }