X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=0a2c04e7414098d6109abd67b780ac8651fd6248;hp=a5eb3dba61e0d100873e6c449aff50e23dfff5d9;hb=16f8d4ebf0fd4847fa83d9c61f4150273cb4f533;hpb=2c3823491d8812560922a58677e3ad2db4b2ec8d diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a5eb3dba61..0a2c04e741 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -189,7 +189,6 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { int SSL_clear(SSL *s) { - if (s->method == NULL) { SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); return (0); @@ -216,17 +215,12 @@ int SSL_clear(SSL *s) s->version = s->method->version; s->client_version = s->version; s->rwstate = SSL_NOTHING; - s->rstate = SSL_ST_READ_HEADER; - - if (s->init_buf != NULL) { - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; - } + BUF_MEM_free(s->init_buf); + s->init_buf = NULL; ssl_clear_cipher_ctx(s); ssl_clear_hash_ctx(&s->read_hash); ssl_clear_hash_ctx(&s->write_hash); - s->first_packet = 0; /* @@ -241,6 +235,9 @@ int SSL_clear(SSL *s) return (0); } else s->method->ssl_clear(s); + + RECORD_LAYER_clear(&s->rlayer); + return (1); } @@ -275,10 +272,12 @@ SSL *SSL_new(SSL_CTX *ctx) return (NULL); } - s = (SSL *)OPENSSL_malloc(sizeof(SSL)); + s = OPENSSL_malloc(sizeof(*s)); if (s == NULL) goto err; - memset(s, 0, sizeof(SSL)); + memset(s, 0, sizeof(*s)); + + RECORD_LAYER_init(&s->rlayer, s); #ifndef OPENSSL_NO_KRB5 s->kssl_ctx = kssl_ctx_new(); @@ -301,7 +300,7 @@ SSL *SSL_new(SSL_CTX *ctx) if (s->cert == NULL) goto err; - s->read_ahead = ctx->read_ahead; + RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead); s->msg_callback = ctx->msg_callback; s->msg_callback_arg = ctx->msg_callback_arg; s->verify_mode = ctx->verify_mode; @@ -378,7 +377,8 @@ SSL *SSL_new(SSL_CTX *ctx) s->references = 1; s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; - SSL_clear(s); + if (!SSL_clear(s)) + goto err; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); @@ -389,8 +389,7 @@ SSL *SSL_new(SSL_CTX *ctx) return (s); err: - if (s != NULL) - SSL_free(s); + SSL_free(s); SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } @@ -529,9 +528,7 @@ void SSL_free(SSL *s) } #endif - if (s->param) - X509_VERIFY_PARAM_free(s->param); - + X509_VERIFY_PARAM_free(s->param); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); if (s->bbio != NULL) { @@ -542,19 +539,15 @@ void SSL_free(SSL *s) BIO_free(s->bbio); s->bbio = NULL; } - if (s->rbio != NULL) - BIO_free_all(s->rbio); - if ((s->wbio != NULL) && (s->wbio != s->rbio)) + BIO_free_all(s->rbio); + if (s->wbio != s->rbio) BIO_free_all(s->wbio); - if (s->init_buf != NULL) - BUF_MEM_free(s->init_buf); + BUF_MEM_free(s->init_buf); /* add extra stuff */ - if (s->cipher_list != NULL) - sk_SSL_CIPHER_free(s->cipher_list); - if (s->cipher_list_by_id != NULL) - sk_SSL_CIPHER_free(s->cipher_list_by_id); + sk_SSL_CIPHER_free(s->cipher_list); + sk_SSL_CIPHER_free(s->cipher_list_by_id); /* Make the next call work :-) */ if (s->session != NULL) { @@ -566,39 +559,30 @@ void SSL_free(SSL *s) ssl_clear_hash_ctx(&s->read_hash); ssl_clear_hash_ctx(&s->write_hash); - if (s->cert != NULL) - ssl_cert_free(s->cert); + ssl_cert_free(s->cert); /* Free up if allocated */ #ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_hostname) - OPENSSL_free(s->tlsext_hostname); - if (s->initial_ctx) - SSL_CTX_free(s->initial_ctx); + OPENSSL_free(s->tlsext_hostname); + SSL_CTX_free(s->initial_ctx); # ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist) - OPENSSL_free(s->tlsext_ecpointformatlist); - if (s->tlsext_ellipticcurvelist) - OPENSSL_free(s->tlsext_ellipticcurvelist); + OPENSSL_free(s->tlsext_ecpointformatlist); + OPENSSL_free(s->tlsext_ellipticcurvelist); # endif /* OPENSSL_NO_EC */ - if (s->tlsext_ocsp_exts) - sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); - if (s->tlsext_ocsp_ids) - sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); - if (s->tlsext_ocsp_resp) - OPENSSL_free(s->tlsext_ocsp_resp); - if (s->alpn_client_proto_list) - OPENSSL_free(s->alpn_client_proto_list); + sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); + sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); + OPENSSL_free(s->tlsext_ocsp_resp); + OPENSSL_free(s->alpn_client_proto_list); #endif - if (s->client_CA != NULL) - sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); + sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); if (s->method != NULL) s->method->ssl_free(s); - if (s->ctx) - SSL_CTX_free(s->ctx); + RECORD_LAYER_release(&s->rlayer); + + SSL_CTX_free(s->ctx); #ifndef OPENSSL_NO_KRB5 if (s->kssl_ctx != NULL) @@ -606,13 +590,11 @@ void SSL_free(SSL *s) #endif /* OPENSSL_NO_KRB5 */ #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) - if (s->next_proto_negotiated) - OPENSSL_free(s->next_proto_negotiated); + OPENSSL_free(s->next_proto_negotiated); #endif #ifndef OPENSSL_NO_SRTP - if (s->srtp_profiles) - sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); + sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); #endif OPENSSL_free(s); @@ -620,7 +602,7 @@ void SSL_free(SSL *s) void SSL_set_rbio(SSL *s, BIO *rbio) { - if ((s->rbio != NULL) && (s->rbio != rbio)) + if (s->rbio != rbio) BIO_free_all(s->rbio); s->rbio = rbio; } @@ -636,7 +618,7 @@ void SSL_set_wbio(SSL *s, BIO *wbio) s->bbio->next_bio = NULL; } } - if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) + if (s->wbio != wbio && s->rbio != s->wbio) BIO_free_all(s->wbio); s->wbio = wbio; } @@ -821,12 +803,12 @@ void SSL_set_verify_depth(SSL *s, int depth) void SSL_set_read_ahead(SSL *s, int yes) { - s->read_ahead = yes; + RECORD_LAYER_set_read_ahead(&s->rlayer, yes); } int SSL_get_read_ahead(const SSL *s) { - return (s->read_ahead); + return RECORD_LAYER_get_read_ahead(&s->rlayer); } int SSL_pending(const SSL *s) @@ -880,12 +862,12 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) * Now in theory, since the calling process own 't' it should be safe to * modify. We need to be able to read f without being hassled */ -void SSL_copy_session_id(SSL *t, const SSL *f) +int SSL_copy_session_id(SSL *t, const SSL *f) { - CERT *tmp; - /* Do we need to to SSL locking? */ - SSL_set_session(t, SSL_get_session(f)); + if (!SSL_set_session(t, SSL_get_session(f))) { + return 0; + } /* * what if we are setup as SSLv2 but want to talk SSLv3 or vice-versa @@ -896,22 +878,21 @@ void SSL_copy_session_id(SSL *t, const SSL *f) t->method->ssl_new(t); /* setup new */ } - tmp = t->cert; - if (f->cert != NULL) { - CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); - t->cert = f->cert; - } else - t->cert = NULL; - if (tmp != NULL) - ssl_cert_free(tmp); - SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length); + CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); + ssl_cert_free(t->cert); + t->cert = f->cert; + if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) { + return 0; + } + + return 1; } /* Fix this so it checks all the valid key/cert options */ int SSL_CTX_check_private_key(const SSL_CTX *ctx) { if ((ctx == NULL) || - (ctx->cert == NULL) || (ctx->cert->key->x509 == NULL)) { + (ctx->cert->key->x509 == NULL)) { SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); return (0); @@ -932,10 +913,6 @@ int SSL_check_private_key(const SSL *ssl) SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); return (0); } - if (ssl->cert == NULL) { - SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); - return 0; - } if (ssl->cert->key->x509 == NULL) { SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); return (0); @@ -1068,10 +1045,10 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) switch (cmd) { case SSL_CTRL_GET_READ_AHEAD: - return (s->read_ahead); + return (RECORD_LAYER_get_read_ahead(&s->rlayer)); case SSL_CTRL_SET_READ_AHEAD: - l = s->read_ahead; - s->read_ahead = larg; + l = RECORD_LAYER_get_read_ahead(&s->rlayer); + RECORD_LAYER_set_read_ahead(&s->rlayer, larg); return (l); case SSL_CTRL_SET_MSG_CALLBACK_ARG: @@ -1513,8 +1490,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, sk_SSL_CIPHER_zero(sk); } - if (s->cert->ciphers_raw) - OPENSSL_free(s->cert->ciphers_raw); + OPENSSL_free(s->cert->ciphers_raw); s->cert->ciphers_raw = BUF_memdup(p, num); if (s->cert->ciphers_raw == NULL) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); @@ -1735,9 +1711,7 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned protos_len) { - if (ctx->alpn_client_proto_list) - OPENSSL_free(ctx->alpn_client_proto_list); - + OPENSSL_free(ctx->alpn_client_proto_list); ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len); if (!ctx->alpn_client_proto_list) return 1; @@ -1755,9 +1729,7 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, unsigned protos_len) { - if (ssl->alpn_client_proto_list) - OPENSSL_free(ssl->alpn_client_proto_list); - + OPENSSL_free(ssl->alpn_client_proto_list); ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len); if (!ssl->alpn_client_proto_list) return 1; @@ -1872,11 +1844,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; } - ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) goto err; - memset(ret, 0, sizeof(SSL_CTX)); + memset(ret, 0, sizeof(*ret)); ret->method = meth; @@ -1894,7 +1866,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->get_session_cb = 0; ret->generate_session_id = 0; - memset((char *)&ret->stats, 0, sizeof(ret->stats)); + memset(&ret->stats, 0, sizeof(ret->stats)); ret->references = 1; ret->quiet_shutdown = 0; @@ -1924,10 +1896,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) if (ret->cert_store == NULL) goto err; - ssl_create_cipher_list(ret->method, + if (!ssl_create_cipher_list(ret->method, &ret->cipher_list, &ret->cipher_list_by_id, - SSL_DEFAULT_CIPHER_LIST, ret->cert); - if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { + SSL_DEFAULT_CIPHER_LIST, ret->cert) + || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; } @@ -1961,7 +1933,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->tlsext_servername_callback = 0; ret->tlsext_servername_arg = NULL; /* Setup RFC4507 ticket keys */ - if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) + if ((RAND_bytes(ret->tlsext_tick_key_name, 16) <= 0) || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) ret->options |= SSL_OP_NO_TICKET; @@ -1980,7 +1952,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->psk_server_callback = NULL; #endif #ifndef OPENSSL_NO_SRP - SSL_CTX_SRP_CTX_init(ret); + if (!SSL_CTX_SRP_CTX_init(ret)) + goto err; #endif #ifndef OPENSSL_NO_ENGINE ret->client_cert_engine = NULL; @@ -2011,8 +1984,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) err: SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); err2: - if (ret != NULL) - SSL_CTX_free(ret); + SSL_CTX_free(ret); return (NULL); } @@ -2036,8 +2008,7 @@ void SSL_CTX_free(SSL_CTX *a) } #endif - if (a->param) - X509_VERIFY_PARAM_free(a->param); + X509_VERIFY_PARAM_free(a->param); /* * Free internal session cache. However: the remove_cb() may reference @@ -2052,32 +2023,19 @@ void SSL_CTX_free(SSL_CTX *a) SSL_CTX_flush_sessions(a, 0); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); - - if (a->sessions != NULL) - lh_SSL_SESSION_free(a->sessions); - - if (a->cert_store != NULL) - X509_STORE_free(a->cert_store); - if (a->cipher_list != NULL) - sk_SSL_CIPHER_free(a->cipher_list); - if (a->cipher_list_by_id != NULL) - sk_SSL_CIPHER_free(a->cipher_list_by_id); - if (a->cert != NULL) - ssl_cert_free(a->cert); - if (a->client_CA != NULL) - sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); - if (a->extra_certs != NULL) - sk_X509_pop_free(a->extra_certs, X509_free); + lh_SSL_SESSION_free(a->sessions); + X509_STORE_free(a->cert_store); + sk_SSL_CIPHER_free(a->cipher_list); + sk_SSL_CIPHER_free(a->cipher_list_by_id); + ssl_cert_free(a->cert); + sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); + sk_X509_pop_free(a->extra_certs, X509_free); a->comp_methods = NULL; - #ifndef OPENSSL_NO_SRTP - if (a->srtp_profiles) - sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); + sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); #endif - #ifndef OPENSSL_NO_PSK - if (a->psk_identity_hint) - OPENSSL_free(a->psk_identity_hint); + OPENSSL_free(a->psk_identity_hint); #endif #ifndef OPENSSL_NO_SRP SSL_CTX_SRP_CTX_free(a); @@ -2089,13 +2047,10 @@ void SSL_CTX_free(SSL_CTX *a) #ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_EC - if (a->tlsext_ecpointformatlist) - OPENSSL_free(a->tlsext_ecpointformatlist); - if (a->tlsext_ellipticcurvelist) - OPENSSL_free(a->tlsext_ellipticcurvelist); -# endif /* OPENSSL_NO_EC */ - if (a->alpn_client_proto_list != NULL) - OPENSSL_free(a->alpn_client_proto_list); + OPENSSL_free(a->tlsext_ecpointformatlist); + OPENSSL_free(a->tlsext_ellipticcurvelist); +# endif + OPENSSL_free(a->alpn_client_proto_list); #endif OPENSSL_free(a); @@ -2735,6 +2690,12 @@ const char *SSL_get_version(const SSL *s) return ("TLSv1"); else if (s->version == SSL3_VERSION) return ("SSLv3"); + else if (s->version == DTLS1_BAD_VER) + return ("DTLSv0.9"); + else if (s->version == DTLS1_VERSION) + return ("DTLSv1"); + else if (s->version == DTLS1_2_VERSION) + return ("DTLSv1.2"); else return ("unknown"); } @@ -2755,7 +2716,8 @@ SSL *SSL_dup(SSL *s) if (s->session != NULL) { /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ - SSL_copy_session_id(ret, s); + if (!SSL_copy_session_id(ret, s)) + goto err; } else { /* * No session has been established yet, so we have to expect that @@ -2769,15 +2731,14 @@ SSL *SSL_dup(SSL *s) ret->method->ssl_new(ret); if (s->cert != NULL) { - if (ret->cert != NULL) { - ssl_cert_free(ret->cert); - } + ssl_cert_free(ret->cert); ret->cert = ssl_cert_dup(s->cert); if (ret->cert == NULL) goto err; } - SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length); + if (!SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length)) + goto err; } ret->options = s->options; @@ -2820,7 +2781,7 @@ SSL *SSL_dup(SSL *s) ret->shutdown = s->shutdown; ret->state = s->state; /* SSL_dup does not really work at any state, * though */ - ret->rstate = s->rstate; + RECORD_LAYER_dup(&ret->rlayer, &s->rlayer); ret->init_num = 0; /* would have to copy ret->init_buf, * ret->init_msg, ret->init_num, * ret->init_off */ @@ -2851,14 +2812,11 @@ SSL *SSL_dup(SSL *s) } } } + return ret; - if (0) { err: - if (ret != NULL) - SSL_free(ret); - ret = NULL; - } - return (ret); + SSL_free(ret); + return NULL; } void ssl_clear_cipher_ctx(SSL *s) @@ -2874,14 +2832,10 @@ void ssl_clear_cipher_ctx(SSL *s) s->enc_write_ctx = NULL; } #ifndef OPENSSL_NO_COMP - if (s->expand != NULL) { - COMP_CTX_free(s->expand); - s->expand = NULL; - } - if (s->compress != NULL) { - COMP_CTX_free(s->compress); - s->compress = NULL; - } + COMP_CTX_free(s->expand); + s->expand = NULL; + COMP_CTX_free(s->compress); + s->compress = NULL; #endif } @@ -2983,6 +2937,7 @@ int ssl_init_wbio_buffer(SSL *s, int push) void ssl_free_wbio_buffer(SSL *s) { + /* callers ensure s is never null */ if (s->bbio == NULL) return; @@ -3040,26 +2995,28 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) { - CERT *ocert = ssl->cert; + CERT *new_cert; if (ssl->ctx == ctx) return ssl->ctx; #ifndef OPENSSL_NO_TLSEXT if (ctx == NULL) ctx = ssl->initial_ctx; #endif - ssl->cert = ssl_cert_dup(ctx->cert); - if (ocert) { - /* Preserve any already negotiated parameters */ - if (ssl->server) { - ssl->cert->peer_sigalgs = ocert->peer_sigalgs; - ssl->cert->peer_sigalgslen = ocert->peer_sigalgslen; - ocert->peer_sigalgs = NULL; - ssl->cert->ciphers_raw = ocert->ciphers_raw; - ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen; - ocert->ciphers_raw = NULL; - } - ssl_cert_free(ocert); + new_cert = ssl_cert_dup(ctx->cert); + if (new_cert == NULL) { + return NULL; + } + /* Preserve any already negotiated parameters */ + if (ssl->server) { + new_cert->peer_sigalgs = ssl->cert->peer_sigalgs; + new_cert->peer_sigalgslen = ssl->cert->peer_sigalgslen; + ssl->cert->peer_sigalgs = NULL; + new_cert->ciphers_raw = ssl->cert->ciphers_raw; + new_cert->ciphers_rawlen = ssl->cert->ciphers_rawlen; + ssl->cert->ciphers_raw = NULL; } + ssl_cert_free(ssl->cert); + ssl->cert = new_cert; /* * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), @@ -3081,8 +3038,7 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) } CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); - if (ssl->ctx != NULL) - SSL_CTX_free(ssl->ctx); /* decrement reference count */ + SSL_CTX_free(ssl->ctx); /* decrement reference count */ ssl->ctx = ctx; return (ssl->ctx); @@ -3184,8 +3140,7 @@ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) { - if (ctx->cert_store != NULL) - X509_STORE_free(ctx->cert_store); + X509_STORE_free(ctx->cert_store); ctx->cert_store = store; } @@ -3278,8 +3233,7 @@ int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) SSL_R_DATA_LENGTH_TOO_LONG); return 0; } - if (ctx->psk_identity_hint != NULL) - OPENSSL_free(ctx->psk_identity_hint); + OPENSSL_free(ctx->psk_identity_hint); if (identity_hint != NULL) { ctx->psk_identity_hint = BUF_strdup(identity_hint); if (ctx->psk_identity_hint == NULL) @@ -3301,8 +3255,7 @@ int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); return 0; } - if (s->session->psk_identity_hint != NULL) - OPENSSL_free(s->session->psk_identity_hint); + OPENSSL_free(s->session->psk_identity_hint); if (identity_hint != NULL) { s->session->psk_identity_hint = BUF_strdup(identity_hint); if (s->session->psk_identity_hint == NULL)