free NULL cleanup

Start ensuring all OpenSSL "free" routines allow NULL, and remove any if check before calling them. This gets DH_free, DSA_free, RSA_free Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 10:17:37 -04:00
parent 1300705a47
commit d64070838e
34 changed files with 58 additions and 108 deletions
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -314,7 +314,6 @@ int MAIN(int argc, char **argv)
        BIO_free(in);
    if (out != NULL)
        BIO_free_all(out);
-    if (dh != NULL)
    DH_free(dh);
    apps_shutdown();
    OPENSSL_EXIT(ret);
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -319,7 +319,6 @@ int MAIN(int argc, char **argv)
            if (!dsa
                || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
                                               cb)) {
-                if (dsa)
                DSA_free(dsa);
                BN_GENCB_free(cb);
                ERR_print_errors(bio_err);
@@ -520,7 +519,6 @@ int MAIN(int argc, char **argv)
        BIO_free(in);
    if (out != NULL)
        BIO_free_all(out);
-    if (dh != NULL)
    DH_free(dh);
    apps_shutdown();
    OPENSSL_EXIT(ret);
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -360,7 +360,6 @@ int MAIN(int argc, char **argv)
        BIO_free(in);
    if (out != NULL)
        BIO_free_all(out);
-    if (dsa != NULL)
    DSA_free(dsa);
    if (passin)
        OPENSSL_free(passin);
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -438,7 +438,6 @@ int MAIN(int argc, char **argv)
        BIO_free(in);
    if (out != NULL)
        BIO_free_all(out);
-    if (dsa != NULL)
    DSA_free(dsa);
    apps_shutdown();
    OPENSSL_EXIT(ret);
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -212,7 +212,6 @@ int MAIN(int argc, char **argv)
        ERR_print_errors(bio_err);
    if (out != NULL)
        BIO_free_all(out);
-    if (dh != NULL)
    DH_free(dh);
    if (cb != NULL)
        BN_GENCB_free(cb);
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -271,7 +271,6 @@ int MAIN(int argc, char **argv)
        BIO_free(in);
    if (out != NULL)
        BIO_free_all(out);
-    if (dsa != NULL)
    DSA_free(dsa);
    if (passout)
        OPENSSL_free(passout);
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -311,7 +311,6 @@ int MAIN(int argc, char **argv)
        BN_free(bn);
    if (cb)
        BN_GENCB_free(cb);
-    if (rsa)
    RSA_free(rsa);
    if (out)
        BIO_free_all(out);
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -424,7 +424,6 @@ int MAIN(int argc, char **argv)
 end:
    if (out != NULL)
        BIO_free_all(out);
-    if (rsa != NULL)
    RSA_free(rsa);
    if (passin)
        OPENSSL_free(passin);
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -3180,7 +3180,6 @@ static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength)
        }
        if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
            !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
-            if (rsa_tmp)
            RSA_free(rsa_tmp);
            rsa_tmp = NULL;
        }
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -2448,12 +2448,10 @@ int MAIN(int argc, char **argv)
        OPENSSL_free(buf2_malloc);
 #ifndef OPENSSL_NO_RSA
    for (i = 0; i < RSA_NUM; i++)
-        if (rsa_key[i] != NULL)
        RSA_free(rsa_key[i]);
 #endif
 #ifndef OPENSSL_NO_DSA
    for (i = 0; i < DSA_NUM; i++)
-        if (dsa_key[i] != NULL)
        DSA_free(dsa_key[i]);
 #endif

--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -142,7 +142,6 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
 err:
    if (public_key)
        ASN1_INTEGER_free(public_key);
-    if (dh)
    DH_free(dh);
    return 0;

@@ -711,7 +710,6 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
        ASN1_INTEGER_free(public_key);
    if (pkpeer)
        EVP_PKEY_free(pkpeer);
-    if (dhpeer)
    DH_free(dhpeer);
    return rv;
 }
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@@ -142,7 +142,6 @@ DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length)
    }

    if (a) {
-        if (*a)
        DH_free(*a);
        *a = dh;
    }
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -170,6 +170,7 @@ DH *DH_new_method(ENGINE *engine)
 void DH_free(DH *r)
 {
    int i;
+
    if (r == NULL)
        return;
    i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@@ -199,9 +199,7 @@ int main(int argc, char *argv[])
        OPENSSL_free(abuf);
    if (bbuf != NULL)
        OPENSSL_free(bbuf);
-    if (b != NULL)
    DH_free(b);
-    if (a != NULL)
    DH_free(a);
    if (_cb)
        BN_GENCB_free(_cb);
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -120,7 +120,6 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
 err:
    if (public_key)
        ASN1_INTEGER_free(public_key);
-    if (dsa)
    DSA_free(dsa);
    return 0;

--- a/crypto/dsa/dsa_depr.c
+++ b/crypto/dsa/dsa_depr.c
@@ -89,10 +89,8 @@ DSA *DSA_generate_parameters(int bits,
    if ((ret = DSA_new()) == NULL)
        return NULL;
    cb = BN_GENCB_new();
-    if (!cb) {
-        DSA_free(ret);
-        return NULL;
-    }
+    if (!cb)
+        goto err;

    BN_GENCB_set_old(cb, callback, cb_arg);

@@ -102,6 +100,7 @@ DSA *DSA_generate_parameters(int bits,
        return ret;
    }
    BN_GENCB_free(cb);
+err:
    DSA_free(ret);
    return NULL;
 }
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -315,7 +315,6 @@ DH *DSA_dup_DH(const DSA *r)
    return ret;

 err:
-    if (ret != NULL)
    DH_free(ret);
    return NULL;
 }
--- a/crypto/dsa/dsatest.c
+++ b/crypto/dsa/dsatest.c
@@ -211,7 +211,6 @@ int main(int argc, char **argv)
 end:
    if (!ret)
        ERR_print_errors(bio_err);
-    if (dsa != NULL)
    DSA_free(dsa);
    if (cb != NULL)
        BN_GENCB_free(cb);
--- a/crypto/evp/evp_extra_test.c
+++ b/crypto/evp/evp_extra_test.c
@@ -268,9 +268,7 @@ static EVP_PKEY *load_example_rsa_key(void)
    if (pkey) {
        EVP_PKEY_free(pkey);
    }
-    if (rsa) {
    RSA_free(rsa);
-    }

    return ret;
 }
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -335,7 +335,6 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,

 memerr:
    PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
-    if (dsa)
    DSA_free(dsa);
    if (ret)
        EVP_PKEY_free(ret);
@@ -385,7 +384,6 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
    return ret;
 memerr:
    PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
-    if (rsa)
    RSA_free(rsa);
    if (ret)
        EVP_PKEY_free(ret);
--- a/crypto/rsa/rsa_depr.c
+++ b/crypto/rsa/rsa_depr.c
@@ -101,7 +101,6 @@ RSA *RSA_generate_key(int bits, unsigned long e_value,
 err:
    if (e)
        BN_free(e);
-    if (rsa)
    RSA_free(rsa);
    if (cb)
        BN_GENCB_free(cb);
--- a/demos/easy_tls/easy-tls.c
+++ b/demos/easy_tls/easy-tls.c
@@ -637,7 +637,6 @@ void tls_set_dhe1024(int i, void *apparg)
        tls_openssl_errors("", "", NULL, apparg);
        return;
    }
-    if (tls_dhe1024 != NULL)
    DH_free(tls_dhe1024);
    tls_dhe1024 = dhparams;
 }
--- a/doc/crypto/DH_new.pod
+++ b/doc/crypto/DH_new.pod
@@ -18,6 +18,7 @@ DH_new() allocates and initializes a B<DH> structure.

 DH_free() frees the B<DH> structure and its components. The values are
 erased before the memory is returned to the system.
+If B<dh> is NULL nothing is done.

 =head1 RETURN VALUES

--- a/doc/crypto/DSA_new.pod
+++ b/doc/crypto/DSA_new.pod
@@ -19,6 +19,7 @@ calling DSA_new_method(NULL).

 DSA_free() frees the B<DSA> structure and its components. The values are
 erased before the memory is returned to the system.
+If B<dsa> is NULL nothing is done.

 =head1 RETURN VALUES

--- a/doc/crypto/RSA_new.pod
+++ b/doc/crypto/RSA_new.pod
@@ -19,6 +19,7 @@ calling RSA_new_method(NULL).

 RSA_free() frees the B<RSA> structure and its components. The key is
 erased before the memory is returned to the system.
+If B<rsa> is NULL nothing is done.

 =head1 RETURN VALUES

--- a/engines/ccgost/gost_ameth.c
+++ b/engines/ccgost/gost_ameth.c
@@ -276,10 +276,8 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 /* --------------------- free functions * ------------------------------*/
 static void pkey_free_gost94(EVP_PKEY *key)
 {
-    if (key->pkey.dsa) {
    DSA_free(key->pkey.dsa);
 }
-}

 static void pkey_free_gost01(EVP_PKEY *key)
 {
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -754,9 +754,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
    if (pubkey)
        OPENSSL_free(pubkey);
    if (!ret) {
-        if (rkey)
        RSA_free(rkey);
-        if (dkey)
        DSA_free(dkey);
    }

--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@@ -849,7 +849,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
    return res;
 err:
 #  ifndef OPENSSL_NO_RSA
-    if (rtmp)
    RSA_free(rtmp);
 #  endif
    return NULL;
--- a/engines/e_sureware.c
+++ b/engines/e_sureware.c
@@ -801,11 +801,9 @@ static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id,
    return res;
 err:
 #  ifndef OPENSSL_NO_RSA
-    if (rsatmp)
    RSA_free(rsatmp);
 #  endif
 #  ifndef OPENSSL_NO_DSA
-    if (dsatmp)
    DSA_free(dsatmp);
 #  endif
    return NULL;
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1380,16 +1380,12 @@ int ssl3_get_key_exchange(SSL *s)
    param = p = (unsigned char *)s->init_msg;
    if (s->session->sess_cert != NULL) {
 #ifndef OPENSSL_NO_RSA
-        if (s->session->sess_cert->peer_rsa_tmp != NULL) {
        RSA_free(s->session->sess_cert->peer_rsa_tmp);
        s->session->sess_cert->peer_rsa_tmp = NULL;
-        }
 #endif
 #ifndef OPENSSL_NO_DH
-        if (s->session->sess_cert->peer_dh_tmp) {
        DH_free(s->session->sess_cert->peer_dh_tmp);
        s->session->sess_cert->peer_dh_tmp = NULL;
-        }
 #endif
 #ifndef OPENSSL_NO_EC
        if (s->session->sess_cert->peer_ecdh_tmp) {
@@ -1955,11 +1951,9 @@ int ssl3_get_key_exchange(SSL *s)
 err:
    EVP_PKEY_free(pkey);
 #ifndef OPENSSL_NO_RSA
-    if (rsa != NULL)
    RSA_free(rsa);
 #endif
 #ifndef OPENSSL_NO_DH
-    if (dh != NULL)
    DH_free(dh);
 #endif
 #ifndef OPENSSL_NO_EC
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3138,7 +3138,6 @@ void ssl3_free(SSL *s)
    if (s->s3->rrec.comp != NULL)
        OPENSSL_free(s->s3->rrec.comp);
 #ifndef OPENSSL_NO_DH
-    if (s->s3->tmp.dh != NULL)
    DH_free(s->s3->tmp.dh);
 #endif
 #ifndef OPENSSL_NO_EC
@@ -3181,10 +3180,8 @@ void ssl3_clear(SSL *s)
        s->s3->rrec.comp = NULL;
    }
 #ifndef OPENSSL_NO_DH
-    if (s->s3->tmp.dh != NULL) {
    DH_free(s->s3->tmp.dh);
    s->s3->tmp.dh = NULL;
-    }
 #endif
 #ifndef OPENSSL_NO_EC
    if (s->s3->tmp.ecdh != NULL) {
@@ -3293,7 +3290,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
                return (ret);
            }
-            if (s->cert->rsa_tmp != NULL)
            RSA_free(s->cert->rsa_tmp);
            s->cert->rsa_tmp = rsa;
            ret = 1;
@@ -3329,7 +3325,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                    return (ret);
                }
            }
-            if (s->cert->dh_tmp != NULL)
            DH_free(s->cert->dh_tmp);
            s->cert->dh_tmp = dh;
            ret = 1;
@@ -3766,7 +3761,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
                return (0);
            } else {
-                if (cert->rsa_tmp != NULL)
                RSA_free(cert->rsa_tmp);
                cert->rsa_tmp = rsa;
                return (1);
@@ -3801,7 +3795,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                    return 0;
                }
            }
-            if (cert->dh_tmp != NULL)
            DH_free(cert->dh_tmp);
            cert->dh_tmp = new;
            return 1;
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -443,11 +443,9 @@ void ssl_cert_free(CERT *c)
 #endif

 #ifndef OPENSSL_NO_RSA
-    if (c->rsa_tmp)
    RSA_free(c->rsa_tmp);
 #endif
 #ifndef OPENSSL_NO_DH
-    if (c->dh_tmp)
    DH_free(c->dh_tmp);
 #endif
 #ifndef OPENSSL_NO_EC
@@ -651,11 +649,9 @@ void ssl_sess_cert_free(SESS_CERT *sc)
    }

 #ifndef OPENSSL_NO_RSA
-    if (sc->peer_rsa_tmp != NULL)
    RSA_free(sc->peer_rsa_tmp);
 #endif
 #ifndef OPENSSL_NO_DH
-    if (sc->peer_dh_tmp != NULL)
    DH_free(sc->peer_dh_tmp);
 #endif
 #ifndef OPENSSL_NO_EC
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -421,7 +421,6 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
    if (cctx->ssl)
        rv = SSL_set_tmp_dh(cctx->ssl, dh);
 end:
-    if (dh)
    DH_free(dh);
    if (in)
        BIO_free(in);
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -2968,11 +2968,9 @@ static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength)

 static void free_tmp_rsa(void)
 {
-    if (rsa_tmp != NULL) {
    RSA_free(rsa_tmp);
    rsa_tmp = NULL;
 }
-}
 #endif

 #ifndef OPENSSL_NO_DH