aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/lib/tls/tortls.c17
-rw-r--r--src/lib/tls/tortls_internal.h6
-rw-r--r--src/lib/tls/tortls_nss.c6
-rw-r--r--src/lib/tls/tortls_openssl.c5
-rw-r--r--src/lib/tls/x509.c5
-rw-r--r--src/lib/tls/x509_internal.h2
-rw-r--r--src/test/test_tortls.c6
-rw-r--r--src/test/test_x509.c3
8 files changed, 27 insertions, 23 deletions
diff --git a/src/lib/tls/tortls.c b/src/lib/tls/tortls.c
index 64c26f7e14..923b0db4c4 100644
--- a/src/lib/tls/tortls.c
+++ b/src/lib/tls/tortls.c
@@ -335,12 +335,9 @@ tor_tls_context_init_certificates(tor_tls_context_t *result,
tor_free(nickname);
tor_free(nn2);
- if (cert)
- tor_x509_cert_impl_free_(cert);
- if (idcert)
- tor_x509_cert_impl_free_(idcert);
- if (authcert)
- tor_x509_cert_impl_free_(authcert);
+ tor_x509_cert_impl_free(cert);
+ tor_x509_cert_impl_free(idcert);
+ tor_x509_cert_impl_free(authcert);
crypto_pk_free(rsa);
crypto_pk_free(rsa_auth);
@@ -379,7 +376,7 @@ tor_tls_free_(tor_tls_t *tls)
size_t r,w;
tor_tls_get_n_raw_bytes(tls,&r,&w); /* ensure written_by_tls is updated */
}
- tor_tls_impl_free_(tls->ssl);
+ tor_tls_impl_free(tls->ssl);
tls->ssl = NULL;
#ifdef ENABLE_OPENSSL
tls->negotiated_callback = NULL;
@@ -424,10 +421,8 @@ tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity)
rv = 0;
done:
- if (cert)
- tor_x509_cert_impl_free_(cert);
- if (id_cert)
- tor_x509_cert_impl_free_(id_cert);
+ tor_x509_cert_impl_free(cert);
+ tor_x509_cert_impl_free(id_cert);
tor_x509_cert_free(peer_x509);
tor_x509_cert_free(id_x509);
diff --git a/src/lib/tls/tortls_internal.h b/src/lib/tls/tortls_internal.h
index b9e01e0c54..2bf2212104 100644
--- a/src/lib/tls/tortls_internal.h
+++ b/src/lib/tls/tortls_internal.h
@@ -28,8 +28,12 @@ int tor_tls_context_init_certificates(tor_tls_context_t *result,
unsigned key_lifetime,
unsigned flags);
void tor_tls_impl_free_(tor_tls_impl_t *ssl);
+#define tor_tls_impl_free(tls) \
+ FREE_AND_NULL(tor_tls_impl_t, tor_tls_impl_free_, (tls))
-void tor_tls_context_impl_free(tor_tls_context_impl_t *);
+void tor_tls_context_impl_free_(tor_tls_context_impl_t *);
+#define tor_tls_context_impl_free(ctx) \
+ FREE_AND_NULL(tor_tls_context_impl_t, tor_tls_context_impl_free_, (ctx))
#ifdef ENABLE_OPENSSL
tor_tls_t *tor_tls_get_by_ssl(const struct ssl_st *ssl);
diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c
index 266455049e..548a817e63 100644
--- a/src/lib/tls/tortls_nss.c
+++ b/src/lib/tls/tortls_nss.c
@@ -298,8 +298,10 @@ tor_tls_context_new(crypto_pk_t *identity,
}
void
-tor_tls_context_impl_free(tor_tls_context_impl_t *ctx)
+tor_tls_context_impl_free_(tor_tls_context_impl_t *ctx)
{
+ if (!ctx)
+ return;
PR_Close(ctx);
}
@@ -409,6 +411,8 @@ tor_tls_impl_free_(tor_tls_impl_t *tls)
{
// XXXX This will close the underlying fd, which our OpenSSL version does
// not do!
+ if (!tls)
+ return;
PR_Close(tls);
}
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
index 6ff03ee818..370e7e4367 100644
--- a/src/lib/tls/tortls_openssl.c
+++ b/src/lib/tls/tortls_openssl.c
@@ -496,7 +496,7 @@ tor_tls_cert_matches_key,(const tor_tls_t *tls, const tor_x509_cert_t *cert))
}
void
-tor_tls_context_impl_free(struct ssl_ctx_st *ctx)
+tor_tls_context_impl_free_(struct ssl_ctx_st *ctx)
{
if (!ctx)
return;
@@ -1150,6 +1150,9 @@ tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls)
void
tor_tls_impl_free_(tor_tls_impl_t *ssl)
{
+ if (!ssl)
+ return;
+
#ifdef SSL_set_tlsext_host_name
SSL_set_tlsext_host_name(ssl, NULL);
#endif
diff --git a/src/lib/tls/x509.c b/src/lib/tls/x509.c
index 2e70206462..442cdf2c74 100644
--- a/src/lib/tls/x509.c
+++ b/src/lib/tls/x509.c
@@ -76,8 +76,7 @@ tor_x509_cert_free_(tor_x509_cert_t *cert)
{
if (! cert)
return;
- if (cert->cert)
- tor_x509_cert_impl_free_(cert->cert);
+ tor_x509_cert_impl_free(cert->cert);
#ifdef ENABLE_OPENSSL
tor_free(cert->encoded);
#endif
@@ -131,7 +130,7 @@ tor_x509_cert_new,(tor_x509_cert_impl_t *x509_cert))
err:
tor_free(cert);
log_err(LD_CRYPTO, "Couldn't wrap encoded X509 certificate.");
- tor_x509_cert_impl_free_(x509_cert);
+ tor_x509_cert_impl_free(x509_cert);
return NULL;
}
diff --git a/src/lib/tls/x509_internal.h b/src/lib/tls/x509_internal.h
index c08705cb25..139ecedd23 100644
--- a/src/lib/tls/x509_internal.h
+++ b/src/lib/tls/x509_internal.h
@@ -41,6 +41,8 @@ int tor_x509_check_cert_lifetime_internal(int severity,
int future_tolerance);
void tor_x509_cert_impl_free_(tor_x509_cert_impl_t *cert);
+#define tor_x509_cert_impl_free(cert) \
+ FREE_AND_NULL(tor_x509_cert_impl_t, tor_x509_cert_impl_free_, (cert))
tor_x509_cert_impl_t *tor_x509_cert_impl_dup_(tor_x509_cert_impl_t *cert);
#ifdef ENABLE_OPENSSL
int tor_x509_cert_set_cached_der_encoding(tor_x509_cert_t *cert);
diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c
index b260310adb..8e8487a408 100644
--- a/src/test/test_tortls.c
+++ b/src/test/test_tortls.c
@@ -496,10 +496,8 @@ test_tortls_verify(void *ignored)
done:
UNMOCK(try_to_extract_certs_from_tls);
- if (cert1)
- tor_x509_cert_impl_free_(cert1);
- if (cert2)
- tor_x509_cert_impl_free_(cert2);
+ tor_x509_cert_impl_free(cert1);
+ tor_x509_cert_impl_free(cert2);
tor_free(tls);
crypto_pk_free(k);
}
diff --git a/src/test/test_x509.c b/src/test/test_x509.c
index 9163977bd8..9ec0657d83 100644
--- a/src/test/test_x509.c
+++ b/src/test/test_x509.c
@@ -57,8 +57,7 @@ test_x509_cert_new_failing_digest(void *arg)
done:
crypto_pk_free(pk1);
crypto_pk_free(pk2);
- if (impl)
- tor_x509_cert_impl_free_(impl);
+ tor_x509_cert_impl_free(impl);
UNMOCK(crypto_digest);
teardown_capture_of_logs();
}