CERT *ssl_cert_new(void)
{
- CERT *ret;
+ CERT *ret = OPENSSL_malloc(sizeof(*ret));
- ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
if (ret == NULL) {
SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
return (NULL);
}
- memset(ret, 0, sizeof(CERT));
+ memset(ret, 0, sizeof(*ret));
ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);
ret->references = 1;
CERT *ssl_cert_dup(CERT *cert)
{
- CERT *ret;
+ CERT *ret = OPENSSL_malloc(sizeof(*ret));
int i;
- ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
if (ret == NULL) {
SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
return (NULL);
}
- memset(ret, 0, sizeof(CERT));
-
- ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
- /*
- * or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that
- * more readable
- */
+ memset(ret, 0, sizeof(*ret));
+ ret->key = &ret->pkeys[cert->key - cert->pkeys];
ret->valid = cert->valid;
ret->mask_k = cert->mask_k;
ret->mask_a = cert->mask_a;
return;
for (i = 0; i < SSL_PKEY_NUM; i++) {
CERT_PKEY *cpk = c->pkeys + i;
- if (cpk->x509) {
- X509_free(cpk->x509);
- cpk->x509 = NULL;
- }
+ X509_free(cpk->x509);
+ cpk->x509 = NULL;
EVP_PKEY_free(cpk->privatekey);
cpk->privatekey = NULL;
- if (cpk->chain) {
- sk_X509_pop_free(cpk->chain, X509_free);
- cpk->chain = NULL;
- }
+ sk_X509_pop_free(cpk->chain, X509_free);
+ cpk->chain = NULL;
#ifndef OPENSSL_NO_TLSEXT
- if (cpk->serverinfo) {
- OPENSSL_free(cpk->serverinfo);
- cpk->serverinfo = NULL;
- cpk->serverinfo_length = 0;
- }
+ OPENSSL_free(cpk->serverinfo);
+ cpk->serverinfo = NULL;
+ cpk->serverinfo_length = 0;
#endif
/* Clear all flags apart from explicit sign */
cpk->valid_flags &= CERT_PKEY_EXPLICIT_SIGN;
#endif
ssl_cert_clear_certs(c);
- if (c->peer_sigalgs)
- OPENSSL_free(c->peer_sigalgs);
- if (c->conf_sigalgs)
- OPENSSL_free(c->conf_sigalgs);
- if (c->client_sigalgs)
- OPENSSL_free(c->client_sigalgs);
- if (c->shared_sigalgs)
- OPENSSL_free(c->shared_sigalgs);
- if (c->ctypes)
- OPENSSL_free(c->ctypes);
- if (c->verify_store)
- X509_STORE_free(c->verify_store);
- if (c->chain_store)
- X509_STORE_free(c->chain_store);
- if (c->ciphers_raw)
- OPENSSL_free(c->ciphers_raw);
+ OPENSSL_free(c->peer_sigalgs);
+ OPENSSL_free(c->conf_sigalgs);
+ OPENSSL_free(c->client_sigalgs);
+ OPENSSL_free(c->shared_sigalgs);
+ OPENSSL_free(c->ctypes);
+ X509_STORE_free(c->verify_store);
+ X509_STORE_free(c->chain_store);
+ OPENSSL_free(c->ciphers_raw);
#ifndef OPENSSL_NO_TLSEXT
custom_exts_free(&c->cli_ext);
custom_exts_free(&c->srv_ext);
#endif
- if (c->pms) {
- OPENSSL_cleanse(c->pms, c->pmslen);
- OPENSSL_free(c->pms);
- c->pms = NULL;
- }
+ OPENSSL_clear_free(c->pms, c->pmslen);
+ c->pms = NULL;
OPENSSL_free(c);
}
CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
if (!cpk)
return 0;
- if (cpk->chain)
- sk_X509_pop_free(cpk->chain, X509_free);
+ sk_X509_pop_free(cpk->chain, X509_free);
for (i = 0; i < sk_X509_num(chain); i++) {
r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0);
if (r != 1) {
{
SESS_CERT *ret;
- ret = OPENSSL_malloc(sizeof *ret);
+ ret = OPENSSL_malloc(sizeof(*ret));
if (ret == NULL) {
SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
- memset(ret, 0, sizeof *ret);
+ memset(ret, 0, sizeof(*ret));
ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
ret->references = 1;
#endif
/* i == 0 */
- if (sc->cert_chain != NULL)
- sk_X509_pop_free(sc->cert_chain, X509_free);
+ sk_X509_pop_free(sc->cert_chain, X509_free);
for (i = 0; i < SSL_PKEY_NUM; i++) {
- if (sc->peer_pkeys[i].x509 != NULL)
- X509_free(sc->peer_pkeys[i].x509);
+ X509_free(sc->peer_pkeys[i].x509);
#if 0
/*
- * We don't have the peer's private key. These lines are just
+ * We don't have the peer's private key. This line is just
* here as a reminder that we're still using a not-quite-appropriate
* data structure.
*/
- if (sc->peer_pkeys[i].privatekey != NULL)
- EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
+ EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
#endif
}
static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
STACK_OF(X509_NAME) *name_list)
{
- if (*ca_list != NULL)
- sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
-
+ sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
*ca_list = name_list;
}
sk_X509_NAME_push(ret, xn);
}
}
+ goto done;
- if (0) {
err:
- if (ret != NULL)
- sk_X509_NAME_pop_free(ret, X509_NAME_free);
- ret = NULL;
- }
- if (sk != NULL)
- sk_X509_NAME_free(sk);
+ sk_X509_NAME_pop_free(ret, X509_NAME_free);
+ ret = NULL;
+ done:
+ sk_X509_NAME_free(sk);
BIO_free(in);
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
if (ret != NULL)
ERR_clear_error();
return (ret);
}
ERR_clear_error();
+ goto done;
- if (0) {
err:
ret = 0;
- }
+ done:
BIO_free(in);
- if (x != NULL)
- X509_free(x);
-
+ X509_free(x);
(void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
-
return ret;
}
goto err;
}
}
- if (cpk->chain)
- sk_X509_pop_free(cpk->chain, X509_free);
+ sk_X509_pop_free(cpk->chain, X509_free);
cpk->chain = chain;
if (rv == 0)
rv = 1;
pstore = &c->chain_store;
else
pstore = &c->verify_store;
- if (*pstore)
- X509_STORE_free(*pstore);
+ X509_STORE_free(*pstore);
*pstore = store;
if (ref && store)
CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);