free NULL cleanup -- coda

[openssl.git] / crypto / pkcs7 / pk7_doit.c

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 639e2174256df5e7981b3ab7acf66e0fc770d80f..e5ad95fb1d9efc687caa876dc38c526fea252b4f 100644 (file)
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -181,8 +181,7 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
  err:
     EVP_PKEY_free(pkey);
     EVP_PKEY_CTX_free(pctx);
-    if (ek)
-        OPENSSL_free(ek);
+    OPENSSL_free(ek);
     return ret;
 
 }
@@ -229,17 +228,13 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
 
     ret = 1;
 
-    if (*pek) {
-        OPENSSL_cleanse(*pek, *peklen);
-        OPENSSL_free(*pek);
-    }
-
+    OPENSSL_clear_free(*pek, *peklen);
     *pek = ek;
     *peklen = eklen;
 
  err:
     EVP_PKEY_CTX_free(pctx);
-    if (!ret && ek)
+    if (!ret)
         OPENSSL_free(ek);
 
     return ret;
@@ -576,8 +571,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
              */
             if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
                 /* Use random key as MMA defence */
-                OPENSSL_cleanse(ek, eklen);
-                OPENSSL_free(ek);
+                OPENSSL_clear_free(ek, eklen);
                 ek = tkey;
                 eklen = tkeylen;
                 tkey = NULL;
@@ -588,16 +582,10 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
         if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
             goto err;
 
-        if (ek) {
-            OPENSSL_cleanse(ek, eklen);
-            OPENSSL_free(ek);
-            ek = NULL;
-        }
-        if (tkey) {
-            OPENSSL_cleanse(tkey, tkeylen);
-            OPENSSL_free(tkey);
-            tkey = NULL;
-        }
+        OPENSSL_clear_free(ek, eklen);
+        ek = NULL;
+        OPENSSL_clear_free(tkey, tkeylen);
+        tkey = NULL;
 
         if (out == NULL)
             out = etmp;
@@ -619,23 +607,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
     }
     BIO_push(out, bio);
     bio = NULL;
-    if (0) {
+    return out;
+
  err:
-        if (ek) {
-            OPENSSL_cleanse(ek, eklen);
-            OPENSSL_free(ek);
-        }
-        if (tkey) {
-            OPENSSL_cleanse(tkey, tkeylen);
-            OPENSSL_free(tkey);
-        }
-        BIO_free_all(out);
-        BIO_free_all(btmp);
-        BIO_free_all(etmp);
-        BIO_free_all(bio);
-        out = NULL;
-    }
-    return (out);
+    OPENSSL_clear_free(ek, eklen);
+    OPENSSL_clear_free(tkey, tkeylen);
+    BIO_free_all(out);
+    BIO_free_all(btmp);
+    BIO_free_all(etmp);
+    BIO_free_all(bio);
+    return  NULL;
 }
 
 static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
@@ -908,8 +889,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
     return 1;
 
  err:
-    if (abuf)
-        OPENSSL_free(abuf);
+    OPENSSL_free(abuf);
     EVP_MD_CTX_cleanup(&mctx);
     return 0;
 
@@ -1134,8 +1114,7 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
 {
     int i;
 
-    if (p7si->auth_attr != NULL)
-        sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
+    sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
     p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
     if (p7si->auth_attr == NULL)
         return 0;
@@ -1154,8 +1133,7 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
 {
     int i;
 
-    if (p7si->unauth_attr != NULL)
-        sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
+    sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
     p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
     if (p7si->unauth_attr == NULL)
         return 0;