diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/tls/tortls.c | 17 | ||||
-rw-r--r-- | src/lib/tls/tortls_internal.h | 6 | ||||
-rw-r--r-- | src/lib/tls/tortls_nss.c | 6 | ||||
-rw-r--r-- | src/lib/tls/tortls_openssl.c | 5 | ||||
-rw-r--r-- | src/lib/tls/x509.c | 5 | ||||
-rw-r--r-- | src/lib/tls/x509_internal.h | 2 | ||||
-rw-r--r-- | src/test/test_tortls.c | 6 | ||||
-rw-r--r-- | src/test/test_x509.c | 3 |
8 files changed, 27 insertions, 23 deletions
diff --git a/src/lib/tls/tortls.c b/src/lib/tls/tortls.c index 64c26f7e14..923b0db4c4 100644 --- a/src/lib/tls/tortls.c +++ b/src/lib/tls/tortls.c @@ -335,12 +335,9 @@ tor_tls_context_init_certificates(tor_tls_context_t *result, tor_free(nickname); tor_free(nn2); - if (cert) - tor_x509_cert_impl_free_(cert); - if (idcert) - tor_x509_cert_impl_free_(idcert); - if (authcert) - tor_x509_cert_impl_free_(authcert); + tor_x509_cert_impl_free(cert); + tor_x509_cert_impl_free(idcert); + tor_x509_cert_impl_free(authcert); crypto_pk_free(rsa); crypto_pk_free(rsa_auth); @@ -379,7 +376,7 @@ tor_tls_free_(tor_tls_t *tls) size_t r,w; tor_tls_get_n_raw_bytes(tls,&r,&w); /* ensure written_by_tls is updated */ } - tor_tls_impl_free_(tls->ssl); + tor_tls_impl_free(tls->ssl); tls->ssl = NULL; #ifdef ENABLE_OPENSSL tls->negotiated_callback = NULL; @@ -424,10 +421,8 @@ tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity) rv = 0; done: - if (cert) - tor_x509_cert_impl_free_(cert); - if (id_cert) - tor_x509_cert_impl_free_(id_cert); + tor_x509_cert_impl_free(cert); + tor_x509_cert_impl_free(id_cert); tor_x509_cert_free(peer_x509); tor_x509_cert_free(id_x509); diff --git a/src/lib/tls/tortls_internal.h b/src/lib/tls/tortls_internal.h index b9e01e0c54..2bf2212104 100644 --- a/src/lib/tls/tortls_internal.h +++ b/src/lib/tls/tortls_internal.h @@ -28,8 +28,12 @@ int tor_tls_context_init_certificates(tor_tls_context_t *result, unsigned key_lifetime, unsigned flags); void tor_tls_impl_free_(tor_tls_impl_t *ssl); +#define tor_tls_impl_free(tls) \ + FREE_AND_NULL(tor_tls_impl_t, tor_tls_impl_free_, (tls)) -void tor_tls_context_impl_free(tor_tls_context_impl_t *); +void tor_tls_context_impl_free_(tor_tls_context_impl_t *); +#define tor_tls_context_impl_free(ctx) \ + FREE_AND_NULL(tor_tls_context_impl_t, tor_tls_context_impl_free_, (ctx)) #ifdef ENABLE_OPENSSL tor_tls_t *tor_tls_get_by_ssl(const struct ssl_st *ssl); diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c index 266455049e..548a817e63 100644 --- a/src/lib/tls/tortls_nss.c +++ b/src/lib/tls/tortls_nss.c @@ -298,8 +298,10 @@ tor_tls_context_new(crypto_pk_t *identity, } void -tor_tls_context_impl_free(tor_tls_context_impl_t *ctx) +tor_tls_context_impl_free_(tor_tls_context_impl_t *ctx) { + if (!ctx) + return; PR_Close(ctx); } @@ -409,6 +411,8 @@ tor_tls_impl_free_(tor_tls_impl_t *tls) { // XXXX This will close the underlying fd, which our OpenSSL version does // not do! + if (!tls) + return; PR_Close(tls); } diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c index 6ff03ee818..370e7e4367 100644 --- a/src/lib/tls/tortls_openssl.c +++ b/src/lib/tls/tortls_openssl.c @@ -496,7 +496,7 @@ tor_tls_cert_matches_key,(const tor_tls_t *tls, const tor_x509_cert_t *cert)) } void -tor_tls_context_impl_free(struct ssl_ctx_st *ctx) +tor_tls_context_impl_free_(struct ssl_ctx_st *ctx) { if (!ctx) return; @@ -1150,6 +1150,9 @@ tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls) void tor_tls_impl_free_(tor_tls_impl_t *ssl) { + if (!ssl) + return; + #ifdef SSL_set_tlsext_host_name SSL_set_tlsext_host_name(ssl, NULL); #endif diff --git a/src/lib/tls/x509.c b/src/lib/tls/x509.c index 2e70206462..442cdf2c74 100644 --- a/src/lib/tls/x509.c +++ b/src/lib/tls/x509.c @@ -76,8 +76,7 @@ tor_x509_cert_free_(tor_x509_cert_t *cert) { if (! cert) return; - if (cert->cert) - tor_x509_cert_impl_free_(cert->cert); + tor_x509_cert_impl_free(cert->cert); #ifdef ENABLE_OPENSSL tor_free(cert->encoded); #endif @@ -131,7 +130,7 @@ tor_x509_cert_new,(tor_x509_cert_impl_t *x509_cert)) err: tor_free(cert); log_err(LD_CRYPTO, "Couldn't wrap encoded X509 certificate."); - tor_x509_cert_impl_free_(x509_cert); + tor_x509_cert_impl_free(x509_cert); return NULL; } diff --git a/src/lib/tls/x509_internal.h b/src/lib/tls/x509_internal.h index c08705cb25..139ecedd23 100644 --- a/src/lib/tls/x509_internal.h +++ b/src/lib/tls/x509_internal.h @@ -41,6 +41,8 @@ int tor_x509_check_cert_lifetime_internal(int severity, int future_tolerance); void tor_x509_cert_impl_free_(tor_x509_cert_impl_t *cert); +#define tor_x509_cert_impl_free(cert) \ + FREE_AND_NULL(tor_x509_cert_impl_t, tor_x509_cert_impl_free_, (cert)) tor_x509_cert_impl_t *tor_x509_cert_impl_dup_(tor_x509_cert_impl_t *cert); #ifdef ENABLE_OPENSSL int tor_x509_cert_set_cached_der_encoding(tor_x509_cert_t *cert); diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c index b260310adb..8e8487a408 100644 --- a/src/test/test_tortls.c +++ b/src/test/test_tortls.c @@ -496,10 +496,8 @@ test_tortls_verify(void *ignored) done: UNMOCK(try_to_extract_certs_from_tls); - if (cert1) - tor_x509_cert_impl_free_(cert1); - if (cert2) - tor_x509_cert_impl_free_(cert2); + tor_x509_cert_impl_free(cert1); + tor_x509_cert_impl_free(cert2); tor_free(tls); crypto_pk_free(k); } diff --git a/src/test/test_x509.c b/src/test/test_x509.c index 9163977bd8..9ec0657d83 100644 --- a/src/test/test_x509.c +++ b/src/test/test_x509.c @@ -57,8 +57,7 @@ test_x509_cert_new_failing_digest(void *arg) done: crypto_pk_free(pk1); crypto_pk_free(pk2); - if (impl) - tor_x509_cert_impl_free_(impl); + tor_x509_cert_impl_free(impl); UNMOCK(crypto_digest); teardown_capture_of_logs(); } |