/* If we get this far evaluate policies */
if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
ok = ctx->check_policy(ctx);
- if (!ok)
- goto end;
- if (0) {
+ if (ok)
+ goto done;
+
end:
- X509_get_pubkey_parameters(NULL, ctx->chain);
- }
- if (sktmp != NULL)
- sk_X509_free(sktmp);
- if (chain_ss != NULL)
- X509_free(chain_ss);
+ X509_get_pubkey_parameters(NULL, ctx->chain);
+ done:
+ sk_X509_free(sktmp);
+ X509_free(chain_ss);
return ok;
}
}
if (best_crl) {
- if (*pcrl)
- X509_CRL_free(*pcrl);
+ X509_CRL_free(*pcrl);
*pcrl = best_crl;
*pissuer = best_crl_issuer;
*pscore = best_score;
*preasons = best_reasons;
CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL);
- if (*pdcrl) {
- X509_CRL_free(*pdcrl);
- *pdcrl = NULL;
- }
+ X509_CRL_free(*pdcrl);
+ *pdcrl = NULL;
get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
}
}
if (!EVP_PKEY_missing_parameters(ktmp))
break;
- else {
- EVP_PKEY_free(ktmp);
- ktmp = NULL;
- }
+ EVP_PKEY_free(ktmp);
+ ktmp = NULL;
}
if (ktmp == NULL) {
X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
memerr:
X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE);
- if (crl)
- X509_CRL_free(crl);
+ X509_CRL_free(crl);
return NULL;
}
X509_STORE_CTX *X509_STORE_CTX_new(void)
{
- X509_STORE_CTX *ctx;
- ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
+ X509_STORE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
+
if (!ctx) {
X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
- memset(ctx, 0, sizeof(X509_STORE_CTX));
+ memset(ctx, 0, sizeof(*ctx));
return ctx;
}
void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
{
+ if (!ctx)
+ return;
X509_STORE_CTX_cleanup(ctx);
OPENSSL_free(ctx);
}
ctx->check_policy = check_policy;
/*
- * This memset() can't make any sense anyway, so it's removed. As
- * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
- * corresponding "new" here and remove this bogus initialisation.
+ * Since X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we
+ * put a corresponding "new" here.
*/
- /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
&(ctx->ex_data))) {
OPENSSL_free(ctx);
X509_VERIFY_PARAM_free(ctx->param);
ctx->param = NULL;
}
- if (ctx->tree != NULL) {
- X509_policy_tree_free(ctx->tree);
- ctx->tree = NULL;
- }
- if (ctx->chain != NULL) {
- sk_X509_pop_free(ctx->chain, X509_free);
- ctx->chain = NULL;
- }
+ X509_policy_tree_free(ctx->tree);
+ ctx->tree = NULL;
+ sk_X509_pop_free(ctx->chain, X509_free);
+ ctx->chain = NULL;
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
- memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
+ memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
}
void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
{
- if (ctx->param)
- X509_VERIFY_PARAM_free(ctx->param);
+ X509_VERIFY_PARAM_free(ctx->param);
ctx->param = param;
}