free NULL cleanup
Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets DH_free, DSA_free, RSA_free
Reviewed-by: Matt Caswell <matt@openssl.org>
diff --git a/apps/dh.c b/apps/dh.c
index cdb5f4a..a921633 100644
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -314,8 +314,7 @@
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
- if (dh != NULL)
- DH_free(dh);
+ DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 0e6a3c3..12a2be6 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -319,8 +319,7 @@
if (!dsa
|| !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
cb)) {
- if (dsa)
- DSA_free(dsa);
+ DSA_free(dsa);
BN_GENCB_free(cb);
ERR_print_errors(bio_err);
goto end;
@@ -520,8 +519,7 @@
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
- if (dh != NULL)
- DH_free(dh);
+ DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/dsa.c b/apps/dsa.c
index 7ff6ee9..8d085bc 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -360,8 +360,7 @@
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
- if (dsa != NULL)
- DSA_free(dsa);
+ DSA_free(dsa);
if (passin)
OPENSSL_free(passin);
if (passout)
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 74eefdc..fc1c817 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -438,8 +438,7 @@
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
- if (dsa != NULL)
- DSA_free(dsa);
+ DSA_free(dsa);
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/gendh.c b/apps/gendh.c
index bbeba06..6102b79 100644
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -212,8 +212,7 @@
ERR_print_errors(bio_err);
if (out != NULL)
BIO_free_all(out);
- if (dh != NULL)
- DH_free(dh);
+ DH_free(dh);
if (cb != NULL)
BN_GENCB_free(cb);
apps_shutdown();
diff --git a/apps/gendsa.c b/apps/gendsa.c
index fd1360a..d330a01 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -271,8 +271,7 @@
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
- if (dsa != NULL)
- DSA_free(dsa);
+ DSA_free(dsa);
if (passout)
OPENSSL_free(passout);
apps_shutdown();
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 5770c8d..1b06c82 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -311,8 +311,7 @@
BN_free(bn);
if (cb)
BN_GENCB_free(cb);
- if (rsa)
- RSA_free(rsa);
+ RSA_free(rsa);
if (out)
BIO_free_all(out);
if (passout)
diff --git a/apps/rsa.c b/apps/rsa.c
index 419e504..ac4a3c4 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -424,8 +424,7 @@
end:
if (out != NULL)
BIO_free_all(out);
- if (rsa != NULL)
- RSA_free(rsa);
+ RSA_free(rsa);
if (passin)
OPENSSL_free(passin);
if (passout)
diff --git a/apps/s_server.c b/apps/s_server.c
index 298e665..97aa23d 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -3180,8 +3180,7 @@
}
if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
- if (rsa_tmp)
- RSA_free(rsa_tmp);
+ RSA_free(rsa_tmp);
rsa_tmp = NULL;
}
if (!s_quiet) {
diff --git a/apps/speed.c b/apps/speed.c
index 44c276a..b023f28 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -2448,13 +2448,11 @@
OPENSSL_free(buf2_malloc);
#ifndef OPENSSL_NO_RSA
for (i = 0; i < RSA_NUM; i++)
- if (rsa_key[i] != NULL)
- RSA_free(rsa_key[i]);
+ RSA_free(rsa_key[i]);
#endif
#ifndef OPENSSL_NO_DSA
for (i = 0; i < DSA_NUM; i++)
- if (dsa_key[i] != NULL)
- DSA_free(dsa_key[i]);
+ DSA_free(dsa_key[i]);
#endif
#ifndef OPENSSL_NO_EC
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 17027c5..c71538f 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -142,8 +142,7 @@
err:
if (public_key)
ASN1_INTEGER_free(public_key);
- if (dh)
- DH_free(dh);
+ DH_free(dh);
return 0;
}
@@ -711,8 +710,7 @@
ASN1_INTEGER_free(public_key);
if (pkpeer)
EVP_PKEY_free(pkpeer);
- if (dhpeer)
- DH_free(dhpeer);
+ DH_free(dhpeer);
return rv;
}
diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
index f470214..7066caf 100644
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@@ -142,8 +142,7 @@
}
if (a) {
- if (*a)
- DH_free(*a);
+ DH_free(*a);
*a = dh;
}
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 46d1a2b..4f07a27 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -170,6 +170,7 @@
void DH_free(DH *r)
{
int i;
+
if (r == NULL)
return;
i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c
index 9bb9a00..6c063da 100644
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@@ -199,10 +199,8 @@
OPENSSL_free(abuf);
if (bbuf != NULL)
OPENSSL_free(bbuf);
- if (b != NULL)
- DH_free(b);
- if (a != NULL)
- DH_free(a);
+ DH_free(b);
+ DH_free(a);
if (_cb)
BN_GENCB_free(_cb);
BIO_free(out);
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 61a9d0f..96d5c5a 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -120,8 +120,7 @@
err:
if (public_key)
ASN1_INTEGER_free(public_key);
- if (dsa)
- DSA_free(dsa);
+ DSA_free(dsa);
return 0;
}
diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c
index be1df13..10f0314 100644
--- a/crypto/dsa/dsa_depr.c
+++ b/crypto/dsa/dsa_depr.c
@@ -89,10 +89,8 @@
if ((ret = DSA_new()) == NULL)
return NULL;
cb = BN_GENCB_new();
- if (!cb) {
- DSA_free(ret);
- return NULL;
- }
+ if (!cb)
+ goto err;
BN_GENCB_set_old(cb, callback, cb_arg);
@@ -102,6 +100,7 @@
return ret;
}
BN_GENCB_free(cb);
+err:
DSA_free(ret);
return NULL;
}
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index eb13fbb..bfd9106 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -315,8 +315,7 @@
return ret;
err:
- if (ret != NULL)
- DH_free(ret);
+ DH_free(ret);
return NULL;
}
#endif
diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c
index 9b13089..bf47816 100644
--- a/crypto/dsa/dsatest.c
+++ b/crypto/dsa/dsatest.c
@@ -211,8 +211,7 @@
end:
if (!ret)
ERR_print_errors(bio_err);
- if (dsa != NULL)
- DSA_free(dsa);
+ DSA_free(dsa);
if (cb != NULL)
BN_GENCB_free(cb);
CRYPTO_cleanup_all_ex_data();
diff --git a/crypto/evp/evp_extra_test.c b/crypto/evp/evp_extra_test.c
index 0f7b011..c474134 100644
--- a/crypto/evp/evp_extra_test.c
+++ b/crypto/evp/evp_extra_test.c
@@ -268,9 +268,7 @@
if (pkey) {
EVP_PKEY_free(pkey);
}
- if (rsa) {
- RSA_free(rsa);
- }
+ RSA_free(rsa);
return ret;
}
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index ee4b6a8..0f2390d 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -335,8 +335,7 @@
memerr:
PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
- if (dsa)
- DSA_free(dsa);
+ DSA_free(dsa);
if (ret)
EVP_PKEY_free(ret);
if (ctx)
@@ -385,8 +384,7 @@
return ret;
memerr:
PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
- if (rsa)
- RSA_free(rsa);
+ RSA_free(rsa);
if (ret)
EVP_PKEY_free(ret);
return NULL;
diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c
index a6ec385..8da6ec1 100644
--- a/crypto/rsa/rsa_depr.c
+++ b/crypto/rsa/rsa_depr.c
@@ -101,8 +101,7 @@
err:
if (e)
BN_free(e);
- if (rsa)
- RSA_free(rsa);
+ RSA_free(rsa);
if (cb)
BN_GENCB_free(cb);
return 0;
diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c
index 610b4f9..33303cc 100644
--- a/demos/easy_tls/easy-tls.c
+++ b/demos/easy_tls/easy-tls.c
@@ -637,8 +637,7 @@
tls_openssl_errors("", "", NULL, apparg);
return;
}
- if (tls_dhe1024 != NULL)
- DH_free(tls_dhe1024);
+ DH_free(tls_dhe1024);
tls_dhe1024 = dhparams;
}
diff --git a/doc/crypto/DH_new.pod b/doc/crypto/DH_new.pod
index 60c9300..6245e4a 100644
--- a/doc/crypto/DH_new.pod
+++ b/doc/crypto/DH_new.pod
@@ -18,6 +18,7 @@
DH_free() frees the B<DH> structure and its components. The values are
erased before the memory is returned to the system.
+If B<dh> is NULL nothing is done.
=head1 RETURN VALUES
diff --git a/doc/crypto/DSA_new.pod b/doc/crypto/DSA_new.pod
index 48e9b82a..3a6d582 100644
--- a/doc/crypto/DSA_new.pod
+++ b/doc/crypto/DSA_new.pod
@@ -19,6 +19,7 @@
DSA_free() frees the B<DSA> structure and its components. The values are
erased before the memory is returned to the system.
+If B<dsa> is NULL nothing is done.
=head1 RETURN VALUES
diff --git a/doc/crypto/RSA_new.pod b/doc/crypto/RSA_new.pod
index 3d15b92..70901a5 100644
--- a/doc/crypto/RSA_new.pod
+++ b/doc/crypto/RSA_new.pod
@@ -19,6 +19,7 @@
RSA_free() frees the B<RSA> structure and its components. The key is
erased before the memory is returned to the system.
+If B<rsa> is NULL nothing is done.
=head1 RETURN VALUES
diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c
index ad8480d..a5d80a1 100644
--- a/engines/ccgost/gost_ameth.c
+++ b/engines/ccgost/gost_ameth.c
@@ -276,9 +276,7 @@
/* --------------------- free functions * ------------------------------*/
static void pkey_free_gost94(EVP_PKEY *key)
{
- if (key->pkey.dsa) {
- DSA_free(key->pkey.dsa);
- }
+ DSA_free(key->pkey.dsa);
}
static void pkey_free_gost01(EVP_PKEY *key)
diff --git a/engines/e_capi.c b/engines/e_capi.c
index f280397..2373d69 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -754,10 +754,8 @@
if (pubkey)
OPENSSL_free(pubkey);
if (!ret) {
- if (rkey)
- RSA_free(rkey);
- if (dkey)
- DSA_free(dkey);
+ RSA_free(rkey);
+ DSA_free(dkey);
}
return ret;
diff --git a/engines/e_chil.c b/engines/e_chil.c
index 69d49d7..19d29d7 100644
--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@@ -849,8 +849,7 @@
return res;
err:
# ifndef OPENSSL_NO_RSA
- if (rtmp)
- RSA_free(rtmp);
+ RSA_free(rtmp);
# endif
return NULL;
}
diff --git a/engines/e_sureware.c b/engines/e_sureware.c
index 36f6f43..262766c 100644
--- a/engines/e_sureware.c
+++ b/engines/e_sureware.c
@@ -801,12 +801,10 @@
return res;
err:
# ifndef OPENSSL_NO_RSA
- if (rsatmp)
- RSA_free(rsatmp);
+ RSA_free(rsatmp);
# endif
# ifndef OPENSSL_NO_DSA
- if (dsatmp)
- DSA_free(dsatmp);
+ DSA_free(dsatmp);
# endif
return NULL;
}
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index f4b60be..27f03d4 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1380,16 +1380,12 @@
param = p = (unsigned char *)s->init_msg;
if (s->session->sess_cert != NULL) {
#ifndef OPENSSL_NO_RSA
- if (s->session->sess_cert->peer_rsa_tmp != NULL) {
- RSA_free(s->session->sess_cert->peer_rsa_tmp);
- s->session->sess_cert->peer_rsa_tmp = NULL;
- }
+ RSA_free(s->session->sess_cert->peer_rsa_tmp);
+ s->session->sess_cert->peer_rsa_tmp = NULL;
#endif
#ifndef OPENSSL_NO_DH
- if (s->session->sess_cert->peer_dh_tmp) {
- DH_free(s->session->sess_cert->peer_dh_tmp);
- s->session->sess_cert->peer_dh_tmp = NULL;
- }
+ DH_free(s->session->sess_cert->peer_dh_tmp);
+ s->session->sess_cert->peer_dh_tmp = NULL;
#endif
#ifndef OPENSSL_NO_EC
if (s->session->sess_cert->peer_ecdh_tmp) {
@@ -1955,12 +1951,10 @@
err:
EVP_PKEY_free(pkey);
#ifndef OPENSSL_NO_RSA
- if (rsa != NULL)
- RSA_free(rsa);
+ RSA_free(rsa);
#endif
#ifndef OPENSSL_NO_DH
- if (dh != NULL)
- DH_free(dh);
+ DH_free(dh);
#endif
#ifndef OPENSSL_NO_EC
BN_CTX_free(bn_ctx);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 6c59824..9893930 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3138,8 +3138,7 @@
if (s->s3->rrec.comp != NULL)
OPENSSL_free(s->s3->rrec.comp);
#ifndef OPENSSL_NO_DH
- if (s->s3->tmp.dh != NULL)
- DH_free(s->s3->tmp.dh);
+ DH_free(s->s3->tmp.dh);
#endif
#ifndef OPENSSL_NO_EC
if (s->s3->tmp.ecdh != NULL)
@@ -3181,10 +3180,8 @@
s->s3->rrec.comp = NULL;
}
#ifndef OPENSSL_NO_DH
- if (s->s3->tmp.dh != NULL) {
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh = NULL;
- }
+ DH_free(s->s3->tmp.dh);
+ s->s3->tmp.dh = NULL;
#endif
#ifndef OPENSSL_NO_EC
if (s->s3->tmp.ecdh != NULL) {
@@ -3293,8 +3290,7 @@
SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
return (ret);
}
- if (s->cert->rsa_tmp != NULL)
- RSA_free(s->cert->rsa_tmp);
+ RSA_free(s->cert->rsa_tmp);
s->cert->rsa_tmp = rsa;
ret = 1;
}
@@ -3329,8 +3325,7 @@
return (ret);
}
}
- if (s->cert->dh_tmp != NULL)
- DH_free(s->cert->dh_tmp);
+ DH_free(s->cert->dh_tmp);
s->cert->dh_tmp = dh;
ret = 1;
}
@@ -3766,8 +3761,7 @@
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
return (0);
} else {
- if (cert->rsa_tmp != NULL)
- RSA_free(cert->rsa_tmp);
+ RSA_free(cert->rsa_tmp);
cert->rsa_tmp = rsa;
return (1);
}
@@ -3801,8 +3795,7 @@
return 0;
}
}
- if (cert->dh_tmp != NULL)
- DH_free(cert->dh_tmp);
+ DH_free(cert->dh_tmp);
cert->dh_tmp = new;
return 1;
}
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index a88d211..cbfe7bb 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -443,12 +443,10 @@
#endif
#ifndef OPENSSL_NO_RSA
- if (c->rsa_tmp)
- RSA_free(c->rsa_tmp);
+ RSA_free(c->rsa_tmp);
#endif
#ifndef OPENSSL_NO_DH
- if (c->dh_tmp)
- DH_free(c->dh_tmp);
+ DH_free(c->dh_tmp);
#endif
#ifndef OPENSSL_NO_EC
if (c->ecdh_tmp)
@@ -651,12 +649,10 @@
}
#ifndef OPENSSL_NO_RSA
- if (sc->peer_rsa_tmp != NULL)
- RSA_free(sc->peer_rsa_tmp);
+ RSA_free(sc->peer_rsa_tmp);
#endif
#ifndef OPENSSL_NO_DH
- if (sc->peer_dh_tmp != NULL)
- DH_free(sc->peer_dh_tmp);
+ DH_free(sc->peer_dh_tmp);
#endif
#ifndef OPENSSL_NO_EC
if (sc->peer_ecdh_tmp != NULL)
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index cfed40d..25af065 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -421,8 +421,7 @@
if (cctx->ssl)
rv = SSL_set_tmp_dh(cctx->ssl, dh);
end:
- if (dh)
- DH_free(dh);
+ DH_free(dh);
if (in)
BIO_free(in);
return rv > 0;
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 457ba86..d244ba3 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -2968,10 +2968,8 @@
static void free_tmp_rsa(void)
{
- if (rsa_tmp != NULL) {
- RSA_free(rsa_tmp);
- rsa_tmp = NULL;
- }
+ RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
}
#endif
