From d64070838ebba86f00fb3755df5d3e65106e1628 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Tue, 24 Mar 2015 10:17:37 -0400 Subject: [PATCH] free NULL cleanup Start ensuring all OpenSSL "free" routines allow NULL, and remove any if check before calling them. This gets DH_free, DSA_free, RSA_free Reviewed-by: Matt Caswell --- apps/dh.c | 3 +-- apps/dhparam.c | 6 ++---- apps/dsa.c | 3 +-- apps/dsaparam.c | 3 +-- apps/gendh.c | 3 +-- apps/gendsa.c | 3 +-- apps/genrsa.c | 3 +-- apps/rsa.c | 3 +-- apps/s_server.c | 3 +-- apps/speed.c | 6 ++---- crypto/dh/dh_ameth.c | 6 ++---- crypto/dh/dh_asn1.c | 3 +-- crypto/dh/dh_lib.c | 1 + crypto/dh/dhtest.c | 6 ++---- crypto/dsa/dsa_ameth.c | 3 +-- crypto/dsa/dsa_depr.c | 7 +++---- crypto/dsa/dsa_lib.c | 3 +-- crypto/dsa/dsatest.c | 3 +-- crypto/evp/evp_extra_test.c | 4 +--- crypto/pem/pvkfmt.c | 6 ++---- crypto/rsa/rsa_depr.c | 3 +-- demos/easy_tls/easy-tls.c | 3 +-- doc/crypto/DH_new.pod | 1 + doc/crypto/DSA_new.pod | 1 + doc/crypto/RSA_new.pod | 1 + engines/ccgost/gost_ameth.c | 4 +--- engines/e_capi.c | 6 ++---- engines/e_chil.c | 3 +-- engines/e_sureware.c | 6 ++---- ssl/s3_clnt.c | 18 ++++++------------ ssl/s3_lib.c | 21 +++++++-------------- ssl/ssl_cert.c | 12 ++++-------- ssl/ssl_conf.c | 3 +-- ssl/ssltest.c | 6 ++---- 34 files changed, 58 insertions(+), 108 deletions(-) diff --git a/apps/dh.c b/apps/dh.c index cdb5f4a1b0..a9216336e5 100644 --- a/apps/dh.c +++ b/apps/dh.c @@ -314,8 +314,7 @@ int MAIN(int argc, char **argv) BIO_free(in); if (out != NULL) BIO_free_all(out); - if (dh != NULL) - DH_free(dh); + DH_free(dh); apps_shutdown(); OPENSSL_EXIT(ret); } diff --git a/apps/dhparam.c b/apps/dhparam.c index 0e6a3c3198..12a2be6455 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -319,8 +319,7 @@ int MAIN(int argc, char **argv) if (!dsa || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, cb)) { - if (dsa) - DSA_free(dsa); + DSA_free(dsa); BN_GENCB_free(cb); ERR_print_errors(bio_err); goto end; @@ -520,8 +519,7 @@ int MAIN(int argc, char **argv) BIO_free(in); if (out != NULL) BIO_free_all(out); - if (dh != NULL) - DH_free(dh); + DH_free(dh); apps_shutdown(); OPENSSL_EXIT(ret); } diff --git a/apps/dsa.c b/apps/dsa.c index 7ff6ee960f..8d085bcef2 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -360,8 +360,7 @@ int MAIN(int argc, char **argv) BIO_free(in); if (out != NULL) BIO_free_all(out); - if (dsa != NULL) - DSA_free(dsa); + DSA_free(dsa); if (passin) OPENSSL_free(passin); if (passout) diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 74eefdc871..fc1c817604 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -438,8 +438,7 @@ int MAIN(int argc, char **argv) BIO_free(in); if (out != NULL) BIO_free_all(out); - if (dsa != NULL) - DSA_free(dsa); + DSA_free(dsa); apps_shutdown(); OPENSSL_EXIT(ret); } diff --git a/apps/gendh.c b/apps/gendh.c index bbeba06714..6102b79511 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -212,8 +212,7 @@ int MAIN(int argc, char **argv) ERR_print_errors(bio_err); if (out != NULL) BIO_free_all(out); - if (dh != NULL) - DH_free(dh); + DH_free(dh); if (cb != NULL) BN_GENCB_free(cb); apps_shutdown(); diff --git a/apps/gendsa.c b/apps/gendsa.c index fd1360acd5..d330a01002 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -271,8 +271,7 @@ int MAIN(int argc, char **argv) BIO_free(in); if (out != NULL) BIO_free_all(out); - if (dsa != NULL) - DSA_free(dsa); + DSA_free(dsa); if (passout) OPENSSL_free(passout); apps_shutdown(); diff --git a/apps/genrsa.c b/apps/genrsa.c index 5770c8d1ec..1b06c82e40 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -311,8 +311,7 @@ int MAIN(int argc, char **argv) BN_free(bn); if (cb) BN_GENCB_free(cb); - if (rsa) - RSA_free(rsa); + RSA_free(rsa); if (out) BIO_free_all(out); if (passout) diff --git a/apps/rsa.c b/apps/rsa.c index 419e50455a..ac4a3c43ef 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -424,8 +424,7 @@ int MAIN(int argc, char **argv) end: if (out != NULL) BIO_free_all(out); - if (rsa != NULL) - RSA_free(rsa); + RSA_free(rsa); if (passin) OPENSSL_free(passin); if (passout) diff --git a/apps/s_server.c b/apps/s_server.c index 298e665d97..97aa23da19 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -3180,8 +3180,7 @@ static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength) } if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) || !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) { - if (rsa_tmp) - RSA_free(rsa_tmp); + RSA_free(rsa_tmp); rsa_tmp = NULL; } if (!s_quiet) { diff --git a/apps/speed.c b/apps/speed.c index 44c276ab21..b023f2877f 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2448,13 +2448,11 @@ int MAIN(int argc, char **argv) OPENSSL_free(buf2_malloc); #ifndef OPENSSL_NO_RSA for (i = 0; i < RSA_NUM; i++) - if (rsa_key[i] != NULL) - RSA_free(rsa_key[i]); + RSA_free(rsa_key[i]); #endif #ifndef OPENSSL_NO_DSA for (i = 0; i < DSA_NUM; i++) - if (dsa_key[i] != NULL) - DSA_free(dsa_key[i]); + DSA_free(dsa_key[i]); #endif #ifndef OPENSSL_NO_EC diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 17027c544f..c71538fa15 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -142,8 +142,7 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) err: if (public_key) ASN1_INTEGER_free(public_key); - if (dh) - DH_free(dh); + DH_free(dh); return 0; } @@ -711,8 +710,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, ASN1_INTEGER_free(public_key); if (pkpeer) EVP_PKEY_free(pkpeer); - if (dhpeer) - DH_free(dhpeer); + DH_free(dhpeer); return rv; } diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index f470214399..7066cafce6 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -142,8 +142,7 @@ DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length) } if (a) { - if (*a) - DH_free(*a); + DH_free(*a); *a = dh; } diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 46d1a2b7b9..4f07a277ea 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -170,6 +170,7 @@ DH *DH_new_method(ENGINE *engine) void DH_free(DH *r) { int i; + if (r == NULL) return; i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index 9bb9a00212..6c063daf3d 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -199,10 +199,8 @@ int main(int argc, char *argv[]) OPENSSL_free(abuf); if (bbuf != NULL) OPENSSL_free(bbuf); - if (b != NULL) - DH_free(b); - if (a != NULL) - DH_free(a); + DH_free(b); + DH_free(a); if (_cb) BN_GENCB_free(_cb); BIO_free(out); diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 61a9d0fc5e..96d5c5ae79 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -120,8 +120,7 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) err: if (public_key) ASN1_INTEGER_free(public_key); - if (dsa) - DSA_free(dsa); + DSA_free(dsa); return 0; } diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index be1df138cb..10f0314f18 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -89,10 +89,8 @@ DSA *DSA_generate_parameters(int bits, if ((ret = DSA_new()) == NULL) return NULL; cb = BN_GENCB_new(); - if (!cb) { - DSA_free(ret); - return NULL; - } + if (!cb) + goto err; BN_GENCB_set_old(cb, callback, cb_arg); @@ -102,6 +100,7 @@ DSA *DSA_generate_parameters(int bits, return ret; } BN_GENCB_free(cb); +err: DSA_free(ret); return NULL; } diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index eb13fbbbe7..bfd91062f5 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -315,8 +315,7 @@ DH *DSA_dup_DH(const DSA *r) return ret; err: - if (ret != NULL) - DH_free(ret); + DH_free(ret); return NULL; } #endif diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 9b1308926f..bf47816037 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -211,8 +211,7 @@ int main(int argc, char **argv) end: if (!ret) ERR_print_errors(bio_err); - if (dsa != NULL) - DSA_free(dsa); + DSA_free(dsa); if (cb != NULL) BN_GENCB_free(cb); CRYPTO_cleanup_all_ex_data(); diff --git a/crypto/evp/evp_extra_test.c b/crypto/evp/evp_extra_test.c index 0f7b011ce8..c474134a2d 100644 --- a/crypto/evp/evp_extra_test.c +++ b/crypto/evp/evp_extra_test.c @@ -268,9 +268,7 @@ static EVP_PKEY *load_example_rsa_key(void) if (pkey) { EVP_PKEY_free(pkey); } - if (rsa) { - RSA_free(rsa); - } + RSA_free(rsa); return ret; } diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index ee4b6a8241..0f2390d3b4 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -335,8 +335,7 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, memerr: PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE); - if (dsa) - DSA_free(dsa); + DSA_free(dsa); if (ret) EVP_PKEY_free(ret); if (ctx) @@ -385,8 +384,7 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, return ret; memerr: PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE); - if (rsa) - RSA_free(rsa); + RSA_free(rsa); if (ret) EVP_PKEY_free(ret); return NULL; diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c index a6ec38548b..8da6ec1238 100644 --- a/crypto/rsa/rsa_depr.c +++ b/crypto/rsa/rsa_depr.c @@ -101,8 +101,7 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, err: if (e) BN_free(e); - if (rsa) - RSA_free(rsa); + RSA_free(rsa); if (cb) BN_GENCB_free(cb); return 0; diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c index 610b4f9cf2..33303cc117 100644 --- a/demos/easy_tls/easy-tls.c +++ b/demos/easy_tls/easy-tls.c @@ -637,8 +637,7 @@ void tls_set_dhe1024(int i, void *apparg) tls_openssl_errors("", "", NULL, apparg); return; } - if (tls_dhe1024 != NULL) - DH_free(tls_dhe1024); + DH_free(tls_dhe1024); tls_dhe1024 = dhparams; } diff --git a/doc/crypto/DH_new.pod b/doc/crypto/DH_new.pod index 60c930093e..6245e4adaf 100644 --- a/doc/crypto/DH_new.pod +++ b/doc/crypto/DH_new.pod @@ -18,6 +18,7 @@ DH_new() allocates and initializes a B structure. DH_free() frees the B structure and its components. The values are erased before the memory is returned to the system. +If B is NULL nothing is done. =head1 RETURN VALUES diff --git a/doc/crypto/DSA_new.pod b/doc/crypto/DSA_new.pod index 48e9b82a09..3a6d582465 100644 --- a/doc/crypto/DSA_new.pod +++ b/doc/crypto/DSA_new.pod @@ -19,6 +19,7 @@ calling DSA_new_method(NULL). DSA_free() frees the B structure and its components. The values are erased before the memory is returned to the system. +If B is NULL nothing is done. =head1 RETURN VALUES diff --git a/doc/crypto/RSA_new.pod b/doc/crypto/RSA_new.pod index 3d15b92824..70901a556b 100644 --- a/doc/crypto/RSA_new.pod +++ b/doc/crypto/RSA_new.pod @@ -19,6 +19,7 @@ calling RSA_new_method(NULL). RSA_free() frees the B structure and its components. The key is erased before the memory is returned to the system. +If B is NULL nothing is done. =head1 RETURN VALUES diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c index ad8480daad..a5d80a10a8 100644 --- a/engines/ccgost/gost_ameth.c +++ b/engines/ccgost/gost_ameth.c @@ -276,9 +276,7 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) /* --------------------- free functions * ------------------------------*/ static void pkey_free_gost94(EVP_PKEY *key) { - if (key->pkey.dsa) { - DSA_free(key->pkey.dsa); - } + DSA_free(key->pkey.dsa); } static void pkey_free_gost01(EVP_PKEY *key) diff --git a/engines/e_capi.c b/engines/e_capi.c index f280397ad8..2373d69033 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -754,10 +754,8 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key) if (pubkey) OPENSSL_free(pubkey); if (!ret) { - if (rkey) - RSA_free(rkey); - if (dkey) - DSA_free(dkey); + RSA_free(rkey); + DSA_free(dkey); } return ret; diff --git a/engines/e_chil.c b/engines/e_chil.c index 69d49d7d3a..19d29d7e62 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -849,8 +849,7 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, return res; err: # ifndef OPENSSL_NO_RSA - if (rtmp) - RSA_free(rtmp); + RSA_free(rtmp); # endif return NULL; } diff --git a/engines/e_sureware.c b/engines/e_sureware.c index 36f6f43104..262766c602 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -801,12 +801,10 @@ static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id, return res; err: # ifndef OPENSSL_NO_RSA - if (rsatmp) - RSA_free(rsatmp); + RSA_free(rsatmp); # endif # ifndef OPENSSL_NO_DSA - if (dsatmp) - DSA_free(dsatmp); + DSA_free(dsatmp); # endif return NULL; } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index f4b60bed49..27f03d4937 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1380,16 +1380,12 @@ int ssl3_get_key_exchange(SSL *s) param = p = (unsigned char *)s->init_msg; if (s->session->sess_cert != NULL) { #ifndef OPENSSL_NO_RSA - if (s->session->sess_cert->peer_rsa_tmp != NULL) { - RSA_free(s->session->sess_cert->peer_rsa_tmp); - s->session->sess_cert->peer_rsa_tmp = NULL; - } + RSA_free(s->session->sess_cert->peer_rsa_tmp); + s->session->sess_cert->peer_rsa_tmp = NULL; #endif #ifndef OPENSSL_NO_DH - if (s->session->sess_cert->peer_dh_tmp) { - DH_free(s->session->sess_cert->peer_dh_tmp); - s->session->sess_cert->peer_dh_tmp = NULL; - } + DH_free(s->session->sess_cert->peer_dh_tmp); + s->session->sess_cert->peer_dh_tmp = NULL; #endif #ifndef OPENSSL_NO_EC if (s->session->sess_cert->peer_ecdh_tmp) { @@ -1955,12 +1951,10 @@ int ssl3_get_key_exchange(SSL *s) err: EVP_PKEY_free(pkey); #ifndef OPENSSL_NO_RSA - if (rsa != NULL) - RSA_free(rsa); + RSA_free(rsa); #endif #ifndef OPENSSL_NO_DH - if (dh != NULL) - DH_free(dh); + DH_free(dh); #endif #ifndef OPENSSL_NO_EC BN_CTX_free(bn_ctx); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 6c59824901..9893930eef 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3138,8 +3138,7 @@ void ssl3_free(SSL *s) if (s->s3->rrec.comp != NULL) OPENSSL_free(s->s3->rrec.comp); #ifndef OPENSSL_NO_DH - if (s->s3->tmp.dh != NULL) - DH_free(s->s3->tmp.dh); + DH_free(s->s3->tmp.dh); #endif #ifndef OPENSSL_NO_EC if (s->s3->tmp.ecdh != NULL) @@ -3181,10 +3180,8 @@ void ssl3_clear(SSL *s) s->s3->rrec.comp = NULL; } #ifndef OPENSSL_NO_DH - if (s->s3->tmp.dh != NULL) { - DH_free(s->s3->tmp.dh); - s->s3->tmp.dh = NULL; - } + DH_free(s->s3->tmp.dh); + s->s3->tmp.dh = NULL; #endif #ifndef OPENSSL_NO_EC if (s->s3->tmp.ecdh != NULL) { @@ -3293,8 +3290,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); return (ret); } - if (s->cert->rsa_tmp != NULL) - RSA_free(s->cert->rsa_tmp); + RSA_free(s->cert->rsa_tmp); s->cert->rsa_tmp = rsa; ret = 1; } @@ -3329,8 +3325,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (ret); } } - if (s->cert->dh_tmp != NULL) - DH_free(s->cert->dh_tmp); + DH_free(s->cert->dh_tmp); s->cert->dh_tmp = dh; ret = 1; } @@ -3766,8 +3761,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB); return (0); } else { - if (cert->rsa_tmp != NULL) - RSA_free(cert->rsa_tmp); + RSA_free(cert->rsa_tmp); cert->rsa_tmp = rsa; return (1); } @@ -3801,8 +3795,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return 0; } } - if (cert->dh_tmp != NULL) - DH_free(cert->dh_tmp); + DH_free(cert->dh_tmp); cert->dh_tmp = new; return 1; } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index a88d211bc5..cbfe7bb416 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -443,12 +443,10 @@ void ssl_cert_free(CERT *c) #endif #ifndef OPENSSL_NO_RSA - if (c->rsa_tmp) - RSA_free(c->rsa_tmp); + RSA_free(c->rsa_tmp); #endif #ifndef OPENSSL_NO_DH - if (c->dh_tmp) - DH_free(c->dh_tmp); + DH_free(c->dh_tmp); #endif #ifndef OPENSSL_NO_EC if (c->ecdh_tmp) @@ -651,12 +649,10 @@ void ssl_sess_cert_free(SESS_CERT *sc) } #ifndef OPENSSL_NO_RSA - if (sc->peer_rsa_tmp != NULL) - RSA_free(sc->peer_rsa_tmp); + RSA_free(sc->peer_rsa_tmp); #endif #ifndef OPENSSL_NO_DH - if (sc->peer_dh_tmp != NULL) - DH_free(sc->peer_dh_tmp); + DH_free(sc->peer_dh_tmp); #endif #ifndef OPENSSL_NO_EC if (sc->peer_ecdh_tmp != NULL) diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index cfed40ddc2..25af065233 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -421,8 +421,7 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) if (cctx->ssl) rv = SSL_set_tmp_dh(cctx->ssl, dh); end: - if (dh) - DH_free(dh); + DH_free(dh); if (in) BIO_free(in); return rv > 0; diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 457ba86a7b..d244ba3cd9 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -2968,10 +2968,8 @@ static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength) static void free_tmp_rsa(void) { - if (rsa_tmp != NULL) { - RSA_free(rsa_tmp); - rsa_tmp = NULL; - } + RSA_free(rsa_tmp); + rsa_tmp = NULL; } #endif -- GitLab