[openssl-commits] [openssl] master update
Kurt Roeckx
kurt at openssl.org
Sun Mar 15 11:17:49 UTC 2015
The branch master has been updated
via 2c3823491d8812560922a58677e3ad2db4b2ec8d (commit)
from 9fbbdd73c58c29dc46cc314f7165e45e6d43fd60 (commit)
- Log -----------------------------------------------------------------
commit 2c3823491d8812560922a58677e3ad2db4b2ec8d
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat Mar 14 18:09:44 2015 +0100
Remove ssl_cert_inst()
It created the cert structure in SSL_CTX or SSL if it was NULL, but they can
never be NULL as the comments already said.
Reviewed-by: Dr. Stephen Henson <steve at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_lib.c | 32 --------------------------------
ssl/ssl_cert.c | 25 -------------------------
ssl/ssl_err.c | 1 -
ssl/ssl_lib.c | 28 ++++++++++++----------------
ssl/ssl_locl.h | 1 -
ssl/ssl_rsa.c | 28 ----------------------------
6 files changed, 12 insertions(+), 103 deletions(-)
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index f4369eb..3e6530e 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3252,22 +3252,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
{
int ret = 0;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
- if (
-# ifndef OPENSSL_NO_RSA
- cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-# endif
-# ifndef OPENSSL_NO_DSA
- cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB ||
-# endif
- 0) {
- if (!ssl_cert_inst(&s->cert)) {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
- return (0);
- }
- }
-#endif
-
switch (cmd) {
case SSL_CTRL_GET_SESSION_REUSED:
ret = s->hit;
@@ -3705,22 +3689,6 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
{
int ret = 0;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
- if (
-# ifndef OPENSSL_NO_RSA
- cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-# endif
-# ifndef OPENSSL_NO_DSA
- cmd == SSL_CTRL_SET_TMP_DH_CB ||
-# endif
- 0) {
- if (!ssl_cert_inst(&s->cert)) {
- SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
- return (0);
- }
- }
-#endif
-
switch (cmd) {
#ifndef OPENSSL_NO_RSA
case SSL_CTRL_SET_TMP_RSA_CB:
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index fa0c693..a88d211 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -484,31 +484,6 @@ void ssl_cert_free(CERT *c)
OPENSSL_free(c);
}
-int ssl_cert_inst(CERT **o)
-{
- /*
- * Create a CERT if there isn't already one (which cannot really happen,
- * as it is initially created in SSL_CTX_new; but the earlier code
- * usually allows for that one being non-existant, so we follow that
- * behaviour, as it might turn out that there actually is a reason for it
- * -- but I'm not sure that *all* of the existing code could cope with
- * s->cert being NULL, otherwise we could do without the initialization
- * in SSL_CTX_new).
- */
-
- if (o == NULL) {
- SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
- return (0);
- }
- if (*o == NULL) {
- if ((*o = ssl_cert_new()) == NULL) {
- SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
- return (0);
- }
- }
- return (1);
-}
-
int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
{
int i, r;
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index e7adcf5..f370e9e 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -202,7 +202,6 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "ssl_bytes_to_cipher_list"},
{ERR_FUNC(SSL_F_SSL_CERT_ADD0_CHAIN_CERT), "ssl_cert_add0_chain_cert"},
{ERR_FUNC(SSL_F_SSL_CERT_DUP), "ssl_cert_dup"},
- {ERR_FUNC(SSL_F_SSL_CERT_INST), "ssl_cert_inst"},
{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
{ERR_FUNC(SSL_F_SSL_CERT_NEW), "ssl_cert_new"},
{ERR_FUNC(SSL_F_SSL_CERT_SET0_CHAIN), "ssl_cert_set0_chain"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 3bce4cf..a5eb3db 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -288,22 +288,18 @@ SSL *SSL_new(SSL_CTX *ctx)
s->mode = ctx->mode;
s->max_cert_list = ctx->max_cert_list;
- if (ctx->cert != NULL) {
- /*
- * Earlier library versions used to copy the pointer to the CERT, not
- * its contents; only when setting new parameters for the per-SSL
- * copy, ssl_cert_new would be called (and the direct reference to
- * the per-SSL_CTX settings would be lost, but those still were
- * indirectly accessed for various purposes, and for that reason they
- * used to be known as s->ctx->default_cert). Now we don't look at the
- * SSL_CTX's CERT after having duplicated it once.
- */
-
- s->cert = ssl_cert_dup(ctx->cert);
- if (s->cert == NULL)
- goto err;
- } else
- s->cert = NULL; /* Cannot really happen (see SSL_CTX_new) */
+ /*
+ * Earlier library versions used to copy the pointer to the CERT, not
+ * its contents; only when setting new parameters for the per-SSL
+ * copy, ssl_cert_new would be called (and the direct reference to
+ * the per-SSL_CTX settings would be lost, but those still were
+ * indirectly accessed for various purposes, and for that reason they
+ * used to be known as s->ctx->default_cert). Now we don't look at the
+ * SSL_CTX's CERT after having duplicated it once.
+ */
+ s->cert = ssl_cert_dup(ctx->cert);
+ if (s->cert == NULL)
+ goto err;
s->read_ahead = ctx->read_ahead;
s->msg_callback = ctx->msg_callback;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index a16ad08..3396572 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2053,7 +2053,6 @@ int ssl_clear_bad_session(SSL *s);
CERT *ssl_cert_new(void);
CERT *ssl_cert_dup(CERT *cert);
void ssl_cert_set_default_md(CERT *cert);
-int ssl_cert_inst(CERT **o);
void ssl_cert_clear_certs(CERT *c);
void ssl_cert_free(CERT *c);
SESS_CERT *ssl_sess_cert_new(void);
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 723da6e..8799d3d 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -79,10 +79,6 @@ int SSL_use_certificate(SSL *ssl, X509 *x)
return 0;
}
- if (!ssl_cert_inst(&ssl->cert)) {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
- return (0);
- }
return (ssl_set_cert(ssl->cert, x));
}
@@ -157,10 +153,6 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
return (0);
}
- if (!ssl_cert_inst(&ssl->cert)) {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
- return (0);
- }
if ((pkey = EVP_PKEY_new()) == NULL) {
SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
return (0);
@@ -302,10 +294,6 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
return (0);
}
- if (!ssl_cert_inst(&ssl->cert)) {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
- return (0);
- }
ret = ssl_set_pkey(ssl->cert, pkey);
return (ret);
}
@@ -383,10 +371,6 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv);
return 0;
}
- if (!ssl_cert_inst(&ctx->cert)) {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
- return (0);
- }
return (ssl_set_cert(ctx->cert, x));
}
@@ -519,10 +503,6 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
return (0);
}
- if (!ssl_cert_inst(&ctx->cert)) {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
- return (0);
- }
if ((pkey = EVP_PKEY_new()) == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
return (0);
@@ -603,10 +583,6 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
return (0);
}
- if (!ssl_cert_inst(&ctx->cert)) {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
- return (0);
- }
return (ssl_set_pkey(ctx->cert, pkey));
}
@@ -900,10 +876,6 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, SSL_R_INVALID_SERVERINFO_DATA);
return 0;
}
- if (!ssl_cert_inst(&ctx->cert)) {
- SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_MALLOC_FAILURE);
- return 0;
- }
if (ctx->cert->key == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_INTERNAL_ERROR);
return 0;
More information about the openssl-commits
mailing list