From 2c3823491d8812560922a58677e3ad2db4b2ec8d Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sat, 14 Mar 2015 18:09:44 +0100 Subject: [PATCH] Remove ssl_cert_inst() It created the cert structure in SSL_CTX or SSL if it was NULL, but they can never be NULL as the comments already said. Reviewed-by: Dr. Stephen Henson --- ssl/s3_lib.c | 32 -------------------------------- ssl/ssl_cert.c | 25 ------------------------- ssl/ssl_err.c | 1 - ssl/ssl_lib.c | 28 ++++++++++++---------------- ssl/ssl_locl.h | 1 - ssl/ssl_rsa.c | 28 ---------------------------- 6 files changed, 12 insertions(+), 103 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index f4369eb928..3e6530e32b 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3252,22 +3252,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret = 0; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) - if ( -# ifndef OPENSSL_NO_RSA - cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || -# endif -# ifndef OPENSSL_NO_DSA - cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB || -# endif - 0) { - if (!ssl_cert_inst(&s->cert)) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); - return (0); - } - } -#endif - switch (cmd) { case SSL_CTRL_GET_SESSION_REUSED: ret = s->hit; @@ -3705,22 +3689,6 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) { int ret = 0; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) - if ( -# ifndef OPENSSL_NO_RSA - cmd == SSL_CTRL_SET_TMP_RSA_CB || -# endif -# ifndef OPENSSL_NO_DSA - cmd == SSL_CTRL_SET_TMP_DH_CB || -# endif - 0) { - if (!ssl_cert_inst(&s->cert)) { - SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); - return (0); - } - } -#endif - switch (cmd) { #ifndef OPENSSL_NO_RSA case SSL_CTRL_SET_TMP_RSA_CB: diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index fa0c693b2f..a88d211bc5 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -484,31 +484,6 @@ void ssl_cert_free(CERT *c) OPENSSL_free(c); } -int ssl_cert_inst(CERT **o) -{ - /* - * Create a CERT if there isn't already one (which cannot really happen, - * as it is initially created in SSL_CTX_new; but the earlier code - * usually allows for that one being non-existant, so we follow that - * behaviour, as it might turn out that there actually is a reason for it - * -- but I'm not sure that *all* of the existing code could cope with - * s->cert being NULL, otherwise we could do without the initialization - * in SSL_CTX_new). - */ - - if (o == NULL) { - SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); - return (0); - } - if (*o == NULL) { - if ((*o = ssl_cert_new()) == NULL) { - SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); - return (0); - } - } - return (1); -} - int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) { int i, r; diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index e7adcf5004..f370e9e383 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -202,7 +202,6 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "ssl_bytes_to_cipher_list"}, {ERR_FUNC(SSL_F_SSL_CERT_ADD0_CHAIN_CERT), "ssl_cert_add0_chain_cert"}, {ERR_FUNC(SSL_F_SSL_CERT_DUP), "ssl_cert_dup"}, - {ERR_FUNC(SSL_F_SSL_CERT_INST), "ssl_cert_inst"}, {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, {ERR_FUNC(SSL_F_SSL_CERT_NEW), "ssl_cert_new"}, {ERR_FUNC(SSL_F_SSL_CERT_SET0_CHAIN), "ssl_cert_set0_chain"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 3bce4cf9a2..a5eb3dba61 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -288,22 +288,18 @@ SSL *SSL_new(SSL_CTX *ctx) s->mode = ctx->mode; s->max_cert_list = ctx->max_cert_list; - if (ctx->cert != NULL) { - /* - * Earlier library versions used to copy the pointer to the CERT, not - * its contents; only when setting new parameters for the per-SSL - * copy, ssl_cert_new would be called (and the direct reference to - * the per-SSL_CTX settings would be lost, but those still were - * indirectly accessed for various purposes, and for that reason they - * used to be known as s->ctx->default_cert). Now we don't look at the - * SSL_CTX's CERT after having duplicated it once. - */ - - s->cert = ssl_cert_dup(ctx->cert); - if (s->cert == NULL) - goto err; - } else - s->cert = NULL; /* Cannot really happen (see SSL_CTX_new) */ + /* + * Earlier library versions used to copy the pointer to the CERT, not + * its contents; only when setting new parameters for the per-SSL + * copy, ssl_cert_new would be called (and the direct reference to + * the per-SSL_CTX settings would be lost, but those still were + * indirectly accessed for various purposes, and for that reason they + * used to be known as s->ctx->default_cert). Now we don't look at the + * SSL_CTX's CERT after having duplicated it once. + */ + s->cert = ssl_cert_dup(ctx->cert); + if (s->cert == NULL) + goto err; s->read_ahead = ctx->read_ahead; s->msg_callback = ctx->msg_callback; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a16ad08047..339657246c 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2053,7 +2053,6 @@ int ssl_clear_bad_session(SSL *s); CERT *ssl_cert_new(void); CERT *ssl_cert_dup(CERT *cert); void ssl_cert_set_default_md(CERT *cert); -int ssl_cert_inst(CERT **o); void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); SESS_CERT *ssl_sess_cert_new(void); diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 723da6e430..8799d3dd56 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -79,10 +79,6 @@ int SSL_use_certificate(SSL *ssl, X509 *x) return 0; } - if (!ssl_cert_inst(&ssl->cert)) { - SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); - return (0); - } return (ssl_set_cert(ssl->cert, x)); } @@ -157,10 +153,6 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); return (0); } - if (!ssl_cert_inst(&ssl->cert)) { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); - return (0); - } if ((pkey = EVP_PKEY_new()) == NULL) { SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); return (0); @@ -302,10 +294,6 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); return (0); } - if (!ssl_cert_inst(&ssl->cert)) { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); - return (0); - } ret = ssl_set_pkey(ssl->cert, pkey); return (ret); } @@ -383,10 +371,6 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv); return 0; } - if (!ssl_cert_inst(&ctx->cert)) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); - return (0); - } return (ssl_set_cert(ctx->cert, x)); } @@ -519,10 +503,6 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); return (0); } - if (!ssl_cert_inst(&ctx->cert)) { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); - return (0); - } if ((pkey = EVP_PKEY_new()) == NULL) { SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); return (0); @@ -603,10 +583,6 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); return (0); } - if (!ssl_cert_inst(&ctx->cert)) { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); - return (0); - } return (ssl_set_pkey(ctx->cert, pkey)); } @@ -900,10 +876,6 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, SSL_R_INVALID_SERVERINFO_DATA); return 0; } - if (!ssl_cert_inst(&ctx->cert)) { - SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_MALLOC_FAILURE); - return 0; - } if (ctx->cert->key == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_INTERNAL_ERROR); return 0; -- 2.25.1