free null cleanup finale Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index da98ea0..284d3ad 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c
@@ -130,8 +130,7 @@ a->init = 0; a->flags = 0; } - if (a->ptr != NULL) - OPENSSL_free(a->ptr); + OPENSSL_free(a->ptr); return (1); }
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 2a76474..7b7f876 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c
@@ -189,8 +189,7 @@ if (reassembly) { bitmask = OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); if (bitmask == NULL) { - if (buf != NULL) - OPENSSL_free(buf); + OPENSSL_free(buf); OPENSSL_free(frag); return NULL; } @@ -211,10 +210,8 @@ EVP_MD_CTX_destroy(frag->msg_header. saved_retransmit_state.write_hash); } - if (frag->fragment) - OPENSSL_free(frag->fragment); - if (frag->reassembly) - OPENSSL_free(frag->reassembly); + OPENSSL_free(frag->fragment); + OPENSSL_free(frag->reassembly); OPENSSL_free(frag); }
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 3183bcf..a78f150 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c
@@ -177,27 +177,21 @@ while ((item = pqueue_pop(d->unprocessed_rcds.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *)item->data; - if (rdata->rbuf.buf) { - OPENSSL_free(rdata->rbuf.buf); - } + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(item->data); pitem_free(item); } while ((item = pqueue_pop(d->processed_rcds.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *)item->data; - if (rdata->rbuf.buf) { - OPENSSL_free(rdata->rbuf.buf); - } + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(item->data); pitem_free(item); } while ((item = pqueue_pop(d->buffered_app_data.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *)item->data; - if (rdata->rbuf.buf) { - OPENSSL_free(rdata->rbuf.buf); - } + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(item->data); pitem_free(item); } @@ -271,8 +265,7 @@ rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); item = pitem_new(priority, rdata); if (rdata == NULL || item == NULL) { - if (rdata != NULL) - OPENSSL_free(rdata); + OPENSSL_free(rdata); if (item != NULL) pitem_free(item); @@ -304,8 +297,7 @@ if (!ssl3_setup_buffers(s)) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); - if (rdata->rbuf.buf != NULL) - OPENSSL_free(rdata->rbuf.buf); + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); return (-1); @@ -314,8 +306,7 @@ /* insert should not fail, since duplicates are dropped */ if (pqueue_insert(queue->q, item) == NULL) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); - if (rdata->rbuf.buf != NULL) - OPENSSL_free(rdata->rbuf.buf); + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); return (-1);
diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 732420e..5a8d34c 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c
@@ -122,8 +122,7 @@ void SSL3_BUFFER_release(SSL3_BUFFER *b) { - if (b->buf != NULL) - OPENSSL_free(b->buf); + OPENSSL_free(b->buf); b->buf = NULL; } @@ -224,10 +223,8 @@ wb = RECORD_LAYER_get_wbuf(&s->rlayer); - if (wb->buf != NULL) { - OPENSSL_free(wb->buf); - wb->buf = NULL; - } + OPENSSL_free(wb->buf); + wb->buf = NULL; return 1; } @@ -236,9 +233,7 @@ SSL3_BUFFER *b; b = RECORD_LAYER_get_rbuf(&s->rlayer); - if (b->buf != NULL) { - OPENSSL_free(b->buf); - b->buf = NULL; - } + OPENSSL_free(b->buf); + b->buf = NULL; return 1; }
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 33d0b30..1e6f88e 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c
@@ -139,8 +139,7 @@ void SSL3_RECORD_release(SSL3_RECORD *r) { - if (r->comp != NULL) - OPENSSL_free(r->comp); + OPENSSL_free(r->comp); r->comp = NULL; }
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 71756cd..52ddec1 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c
@@ -1401,8 +1401,7 @@ */ if (alg_k & SSL_kPSK) { s->session->sess_cert = ssl_sess_cert_new(); - if (s->ctx->psk_identity_hint) - OPENSSL_free(s->ctx->psk_identity_hint); + OPENSSL_free(s->ctx->psk_identity_hint); s->ctx->psk_identity_hint = NULL; } #endif @@ -1471,8 +1470,7 @@ */ memcpy(tmp_id_hint, p, i); memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); - if (s->ctx->psk_identity_hint != NULL) - OPENSSL_free(s->ctx->psk_identity_hint); + OPENSSL_free(s->ctx->psk_identity_hint); s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); if (s->ctx->psk_identity_hint == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; @@ -2054,10 +2052,8 @@ /* get the certificate types */ ctype_num = *(p++); - if (s->cert->ctypes) { - OPENSSL_free(s->cert->ctypes); - s->cert->ctypes = NULL; - } + OPENSSL_free(s->cert->ctypes); + s->cert->ctypes = NULL; if (ctype_num > SSL3_CT_NUMBER) { /* If we exceed static buffer copy all to cert structure */ s->cert->ctypes = OPENSSL_malloc(ctype_num); @@ -2193,10 +2189,8 @@ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); goto f_err; } - if (s->session->tlsext_tick) { - OPENSSL_free(s->session->tlsext_tick); - s->session->tlsext_ticklen = 0; - } + OPENSSL_free(s->session->tlsext_tick); + s->session->tlsext_ticklen = 0; s->session->tlsext_tick = OPENSSL_malloc(ticklen); if (!s->session->tlsext_tick) { SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); @@ -2257,8 +2251,7 @@ SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH); goto f_err; } - if (s->tlsext_ocsp_resp) - OPENSSL_free(s->tlsext_ocsp_resp); + OPENSSL_free(s->tlsext_ocsp_resp); s->tlsext_ocsp_resp = BUF_memdup(p, resplen); if (!s->tlsext_ocsp_resp) { al = SSL_AD_INTERNAL_ERROR; @@ -2786,8 +2779,7 @@ /* Free allocated memory */ BN_CTX_free(bn_ctx); - if (encodedPoint != NULL) - OPENSSL_free(encodedPoint); + OPENSSL_free(encodedPoint); EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); } @@ -2919,8 +2911,7 @@ ERR_R_INTERNAL_ERROR); goto err; } - if (s->session->srp_username != NULL) - OPENSSL_free(s->session->srp_username); + OPENSSL_free(s->session->srp_username); s->session->srp_username = BUF_strdup(s->srp_ctx.login); if (s->session->srp_username == NULL) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, @@ -2985,8 +2976,7 @@ t += psk_len; s2n(psk_len, t); - if (s->session->psk_identity_hint != NULL) - OPENSSL_free(s->session->psk_identity_hint); + OPENSSL_free(s->session->psk_identity_hint); s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); if (s->ctx->psk_identity_hint != NULL @@ -2996,8 +2986,7 @@ goto psk_err; } - if (s->session->psk_identity != NULL) - OPENSSL_free(s->session->psk_identity); + OPENSSL_free(s->session->psk_identity); s->session->psk_identity = BUF_strdup(identity); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, @@ -3090,8 +3079,7 @@ s->cert->pms = NULL; #ifndef OPENSSL_NO_EC BN_CTX_free(bn_ctx); - if (encodedPoint != NULL) - OPENSSL_free(encodedPoint); + OPENSSL_free(encodedPoint); EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); #endif
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 190d0f1..16a60c6 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c
@@ -3187,11 +3187,9 @@ s->version = SSL3_VERSION; #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) - if (s->next_proto_negotiated) { - OPENSSL_free(s->next_proto_negotiated); - s->next_proto_negotiated = NULL; - s->next_proto_negotiated_len = 0; - } + OPENSSL_free(s->next_proto_negotiated); + s->next_proto_negotiated = NULL; + s->next_proto_negotiated_len = 0; #endif } @@ -3331,8 +3329,7 @@ #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_HOSTNAME: if (larg == TLSEXT_NAMETYPE_host_name) { - if (s->tlsext_hostname != NULL) - OPENSSL_free(s->tlsext_hostname); + OPENSSL_free(s->tlsext_hostname); s->tlsext_hostname = NULL; ret = 1; @@ -3386,8 +3383,7 @@ return s->tlsext_ocsp_resplen; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: - if (s->tlsext_ocsp_resp) - OPENSSL_free(s->tlsext_ocsp_resp); + OPENSSL_free(s->tlsext_ocsp_resp); s->tlsext_ocsp_resp = parg; s->tlsext_ocsp_resplen = larg; ret = 1; @@ -3833,8 +3829,7 @@ # ifndef OPENSSL_NO_SRP case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME: ctx->srp_ctx.srp_Mask |= SSL_kSRP; - if (ctx->srp_ctx.login != NULL) - OPENSSL_free(ctx->srp_ctx.login); + OPENSSL_free(ctx->srp_ctx.login); ctx->srp_ctx.login = NULL; if (parg == NULL) break; @@ -4281,10 +4276,8 @@ static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len) { - if (c->ctypes) { - OPENSSL_free(c->ctypes); - c->ctypes = NULL; - } + OPENSSL_free(c->ctypes); + c->ctypes = NULL; if (!p || !len) return 1; if (len > 0xff)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 77420a1..3e5c57a 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c
@@ -2019,8 +2019,7 @@ ssl3_send_alert(s, SSL3_AL_FATAL, al); err: #ifndef OPENSSL_NO_EC - if (encodedPoint != NULL) - OPENSSL_free(encodedPoint); + OPENSSL_free(encodedPoint); BN_CTX_free(bn_ctx); #endif EVP_MD_CTX_cleanup(&md_ctx); @@ -2763,16 +2762,14 @@ t += psk_len; s2n(psk_len, t); - if (s->session->psk_identity != NULL) - OPENSSL_free(s->session->psk_identity); + OPENSSL_free(s->session->psk_identity); s->session->psk_identity = BUF_strdup((char *)p); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto psk_err; } - if (s->session->psk_identity_hint != NULL) - OPENSSL_free(s->session->psk_identity_hint); + OPENSSL_free(s->session->psk_identity_hint); s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); if (s->ctx->psk_identity_hint != NULL && s->session->psk_identity_hint == NULL) { @@ -2821,8 +2818,7 @@ SSL_R_BAD_SRP_PARAMETERS); goto f_err; } - if (s->session->srp_username != NULL) - OPENSSL_free(s->session->srp_username); + OPENSSL_free(s->session->srp_username); s->session->srp_username = BUF_strdup(s->srp_ctx.login); if (s->session->srp_username == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); @@ -3473,8 +3469,7 @@ /* SSL3_ST_SW_SESSION_TICKET_B */ return ssl_do_write(s); err: - if (senc) - OPENSSL_free(senc); + OPENSSL_free(senc); EVP_CIPHER_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&hctx); return -1;
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index b6e7849..2a07a9b 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c
@@ -285,10 +285,8 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) { - if (*pdst) { - OPENSSL_free(*pdst); - *pdst = NULL; - } + OPENSSL_free(*pdst); + *pdst = NULL; if (src == NULL) return 1; *pdst = BUF_strndup((char *)src->data, src->length);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 14decbc..41af4f6 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c
@@ -1560,7 +1560,7 @@ if (ok && (strlen(rule_p) > 0)) ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c); - OPENSSL_free((void *)ca_list); /* Not needed anymore */ + OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ OPENSSL_free(co_list);
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 97b4fb9..5a19a75 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c
@@ -380,8 +380,7 @@ } if (rv > 0 && c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) { char **pfilename = &cctx->cert_filename[c->key - c->pkeys]; - if (*pfilename) - OPENSSL_free(*pfilename); + OPENSSL_free(*pfilename); *pfilename = BUF_strdup(value); if (!*pfilename) rv = 0; @@ -659,11 +658,9 @@ if (cctx) { size_t i; for (i = 0; i < SSL_PKEY_NUM; i++) { - if (cctx->cert_filename[i]) - OPENSSL_free(cctx->cert_filename[i]); + OPENSSL_free(cctx->cert_filename[i]); } - if (cctx->prefix) - OPENSSL_free(cctx->prefix); + OPENSSL_free(cctx->prefix); OPENSSL_free(cctx); } } @@ -688,8 +685,7 @@ if (tmp == NULL) return 0; } - if (cctx->prefix) - OPENSSL_free(cctx->prefix); + OPENSSL_free(cctx->prefix); cctx->prefix = tmp; if (tmp) cctx->prefixlen = strlen(tmp);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 7319cd8..5b56ac7 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c
@@ -570,22 +570,17 @@ /* Free up if allocated */ #ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_hostname) - OPENSSL_free(s->tlsext_hostname); + OPENSSL_free(s->tlsext_hostname); SSL_CTX_free(s->initial_ctx); # ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist) - OPENSSL_free(s->tlsext_ecpointformatlist); - if (s->tlsext_ellipticcurvelist) - OPENSSL_free(s->tlsext_ellipticcurvelist); + OPENSSL_free(s->tlsext_ecpointformatlist); + OPENSSL_free(s->tlsext_ellipticcurvelist); # endif /* OPENSSL_NO_EC */ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); if (s->tlsext_ocsp_ids) sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); - if (s->tlsext_ocsp_resp) - OPENSSL_free(s->tlsext_ocsp_resp); - if (s->alpn_client_proto_list) - OPENSSL_free(s->alpn_client_proto_list); + OPENSSL_free(s->tlsext_ocsp_resp); + OPENSSL_free(s->alpn_client_proto_list); #endif sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); @@ -603,8 +598,7 @@ #endif /* OPENSSL_NO_KRB5 */ #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) - if (s->next_proto_negotiated) - OPENSSL_free(s->next_proto_negotiated); + OPENSSL_free(s->next_proto_negotiated); #endif #ifndef OPENSSL_NO_SRTP
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 34b6fac..a376875 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c
@@ -931,11 +931,8 @@ int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) { if (s->version >= TLS1_VERSION) { - if (s->tlsext_session_ticket) { - OPENSSL_free(s->tlsext_session_ticket); - s->tlsext_session_ticket = NULL; - } - + OPENSSL_free(s->tlsext_session_ticket); + s->tlsext_session_ticket = NULL; s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); if (!s->tlsext_session_ticket) {
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index edb6558..e87d4b3 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c
@@ -953,10 +953,8 @@ SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE); rv = 0; ret: - if (buff != NULL) - OPENSSL_free(buff); - if (val != NULL) - OPENSSL_free(val); + OPENSSL_free(buff); + OPENSSL_free(val); return (rv); }
diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index ce54f4f..193cae8 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c
@@ -195,8 +195,7 @@ void custom_exts_free(custom_ext_methods *exts) { - if (exts->meths) - OPENSSL_free(exts->meths); + OPENSSL_free(exts->meths); } /* Set callbacks for a custom extension. */
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index b77074a..31ebfdd 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c
@@ -209,9 +209,7 @@ void tls1_free(SSL *s) { #ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_session_ticket) { - OPENSSL_free(s->tlsext_session_ticket); - } + OPENSSL_free(s->tlsext_session_ticket); #endif /* OPENSSL_NO_TLSEXT */ ssl3_free(s); } @@ -576,8 +574,7 @@ dup_list |= idmask; s2n(id, p); } - if (*pext) - OPENSSL_free(*pext); + OPENSSL_free(*pext); *pext = clist; *pextlen = ncurves * 2; return 1; @@ -1779,8 +1776,7 @@ r = s->ctx->alpn_select_cb(s, &selected, &selected_len, data, data_len, s->ctx->alpn_select_cb_arg); if (r == SSL_TLSEXT_ERR_OK) { - if (s->s3->alpn_selected) - OPENSSL_free(s->s3->alpn_selected); + OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = OPENSSL_malloc(selected_len); if (!s->s3->alpn_selected) { *al = SSL_AD_INTERNAL_ERROR; @@ -1894,10 +1890,8 @@ s->s3->next_proto_neg_seen = 0; # endif - if (s->s3->alpn_selected) { - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - } + OPENSSL_free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; # ifndef OPENSSL_NO_HEARTBEATS s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | SSL_TLSEXT_HB_DONT_SEND_REQUESTS); @@ -1909,19 +1903,15 @@ # endif /* !OPENSSL_NO_EC */ /* Clear any signature algorithms extension received */ - if (s->cert->peer_sigalgs) { - OPENSSL_free(s->cert->peer_sigalgs); - s->cert->peer_sigalgs = NULL; - } + OPENSSL_free(s->cert->peer_sigalgs); + s->cert->peer_sigalgs = NULL; # ifdef TLSEXT_TYPE_encrypt_then_mac s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC; # endif # ifndef OPENSSL_NO_SRP - if (s->srp_ctx.login != NULL) { - OPENSSL_free(s->srp_ctx.login); - s->srp_ctx.login = NULL; - } + OPENSSL_free(s->srp_ctx.login); + s->srp_ctx.login = NULL; # endif s->srtp_profile = NULL; @@ -2078,10 +2068,8 @@ return 0; } if (!s->hit) { - if (s->session->tlsext_ecpointformatlist) { - OPENSSL_free(s->session->tlsext_ecpointformatlist); - s->session->tlsext_ecpointformatlist = NULL; - } + OPENSSL_free(s->session->tlsext_ecpointformatlist); + s->session->tlsext_ecpointformatlist = NULL; s->session->tlsext_ecpointformatlist_length = 0; if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) { @@ -2387,10 +2375,8 @@ # endif s->tlsext_ticket_expected = 0; - if (s->s3->alpn_selected) { - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - } + OPENSSL_free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; # ifndef OPENSSL_NO_HEARTBEATS s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | SSL_TLSEXT_HB_DONT_SEND_REQUESTS); @@ -2442,8 +2428,7 @@ } if (!s->hit) { s->session->tlsext_ecpointformatlist_length = 0; - if (s->session->tlsext_ecpointformatlist != NULL) - OPENSSL_free(s->session->tlsext_ecpointformatlist); + OPENSSL_free(s->session->tlsext_ecpointformatlist); if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) { *al = TLS1_AD_INTERNAL_ERROR; @@ -2548,8 +2533,7 @@ *al = TLS1_AD_DECODE_ERROR; return 0; } - if (s->s3->alpn_selected) - OPENSSL_free(s->s3->alpn_selected); + OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = OPENSSL_malloc(len); if (!s->s3->alpn_selected) { *al = TLS1_AD_INTERNAL_ERROR; @@ -2704,11 +2688,9 @@ int al; size_t i; /* Clear any shared sigtnature algorithms */ - if (s->cert->shared_sigalgs) { - OPENSSL_free(s->cert->shared_sigalgs); - s->cert->shared_sigalgs = NULL; - s->cert->shared_sigalgslen = 0; - } + OPENSSL_free(s->cert->shared_sigalgs); + s->cert->shared_sigalgs = NULL; + s->cert->shared_sigalgslen = 0; /* Clear certificate digests and validity flags */ for (i = 0; i < SSL_PKEY_NUM; i++) { s->cert->pkeys[i].digest = NULL; @@ -2860,10 +2842,8 @@ * Set resp to NULL, resplen to -1 so callback knows there is no * response. */ - if (s->tlsext_ocsp_resp) { - OPENSSL_free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = NULL; - } + OPENSSL_free(s->tlsext_ocsp_resp); + s->tlsext_ocsp_resp = NULL; s->tlsext_ocsp_resplen = -1; r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); if (r == 0) { @@ -3408,11 +3388,10 @@ TLS_SIGALGS *salgs = NULL; CERT *c = s->cert; unsigned int is_suiteb = tls1_suiteb(s); - if (c->shared_sigalgs) { - OPENSSL_free(c->shared_sigalgs); - c->shared_sigalgs = NULL; - c->shared_sigalgslen = 0; - } + + OPENSSL_free(c->shared_sigalgs); + c->shared_sigalgs = NULL; + c->shared_sigalgslen = 0; /* If client use client signature algorithms if not NULL */ if (!s->server && c->client_sigalgs && !is_suiteb) { conf = c->client_sigalgs; @@ -3459,8 +3438,7 @@ if (!c) return 0; - if (c->peer_sigalgs) - OPENSSL_free(c->peer_sigalgs); + OPENSSL_free(c->peer_sigalgs); c->peer_sigalgs = OPENSSL_malloc(dsize); if (!c->peer_sigalgs) return 0; @@ -3840,13 +3818,11 @@ } if (client) { - if (c->client_sigalgs) - OPENSSL_free(c->client_sigalgs); + OPENSSL_free(c->client_sigalgs); c->client_sigalgs = sigalgs; c->client_sigalgslen = salglen; } else { - if (c->conf_sigalgs) - OPENSSL_free(c->conf_sigalgs); + OPENSSL_free(c->conf_sigalgs); c->conf_sigalgs = sigalgs; c->conf_sigalgslen = salglen; }