Remove ssl_cert_inst()
It created the cert structure in SSL_CTX or SSL if it was NULL, but they can
never be NULL as the comments already said.
(Imported from upstream's 2c3823491d8812560922a58677e3ad2db4b2ec8d.)
Change-Id: I97c7bb306d6f3c18597850db9f08023b2ef74839
Reviewed-on: https://boringssl-review.googlesource.com/4042
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 3ad526c..264a59e 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -685,14 +685,6 @@
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) {
int ret = 0;
- if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
- cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
- if (!ssl_cert_inst(&s->cert)) {
- OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
-
switch (cmd) {
case SSL_CTRL_GET_SESSION_REUSED:
ret = s->hit;
@@ -973,12 +965,6 @@
long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) {
int ret = 0;
- if ((cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) &&
- !ssl_cert_inst(&s->cert)) {
- OPENSSL_PUT_ERROR(SSL, ssl3_callback_ctrl, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
switch (cmd) {
case SSL_CTRL_SET_TMP_RSA_CB:
/* Ignore the callback; temporary RSA keys are never used. */
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index f0f8da5..a1b69da 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -370,29 +370,6 @@
OPENSSL_free(c);
}
-int ssl_cert_inst(CERT **o) {
- /* Create a CERT if there isn't already one (which cannot really happen, as
- * it is initially created in SSL_CTX_new; but the earlier code usually
- * allows for that one being non-existant, so we follow that behaviour, as it
- * might turn out that there actually is a reason for it -- but I'm not sure
- * that *all* of the existing code could cope with s->cert being NULL,
- * otherwise we could do without the initialization in SSL_CTX_new). */
-
- if (o == NULL) {
- OPENSSL_PUT_ERROR(SSL, ssl_cert_inst, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (*o == NULL) {
- *o = ssl_cert_new();
- if (*o == NULL) {
- OPENSSL_PUT_ERROR(SSL, ssl_cert_new, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
-
- return 1;
-}
-
int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) * chain) {
CERT_PKEY *cpk = c->key;
if (!cpk) {
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 04f6c54..e17ee5a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -265,21 +265,9 @@
s->mode = ctx->mode;
s->max_cert_list = ctx->max_cert_list;
- if (ctx->cert != NULL) {
- /* Earlier library versions used to copy the pointer to the CERT, not its
- * contents; only when setting new parameters for the per-SSL copy,
- * ssl_cert_new would be called (and the direct reference to the
- * per-SSL_CTX settings would be lost, but those still were indirectly
- * accessed for various purposes, and for that reason they used to be known
- * as s->ctx->default_cert). Now we don't look at the SSL_CTX's CERT after
- * having duplicated it once. */
-
- s->cert = ssl_cert_dup(ctx->cert);
- if (s->cert == NULL) {
- goto err;
- }
- } else {
- s->cert = NULL; /* Cannot really happen (see SSL_CTX_new) */
+ s->cert = ssl_cert_dup(ctx->cert);
+ if (s->cert == NULL) {
+ goto err;
}
s->read_ahead = ctx->read_ahead;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index fdf292a..c42eec3 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -645,7 +645,6 @@
int ssl_clear_bad_session(SSL *s);
CERT *ssl_cert_new(void);
CERT *ssl_cert_dup(CERT *cert);
-int ssl_cert_inst(CERT **o);
void ssl_cert_clear_certs(CERT *c);
void ssl_cert_free(CERT *c);
SESS_CERT *ssl_sess_cert_new(void);
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 9fe73a7..5bef56b 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -74,10 +74,6 @@
OPENSSL_PUT_ERROR(SSL, SSL_use_certificate, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- if (!ssl_cert_inst(&ssl->cert)) {
- OPENSSL_PUT_ERROR(SSL, SSL_use_certificate, ERR_R_MALLOC_FAILURE);
- return 0;
- }
return ssl_set_cert(ssl->cert, x);
}
@@ -152,11 +148,6 @@
return 0;
}
- if (!ssl_cert_inst(&ssl->cert)) {
- OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
pkey = EVP_PKEY_new();
if (pkey == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_use_RSAPrivateKey, ERR_R_EVP_LIB);
@@ -269,11 +260,6 @@
return 0;
}
- if (!ssl_cert_inst(&ssl->cert)) {
- OPENSSL_PUT_ERROR(SSL, SSL_use_PrivateKey, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
ret = ssl_set_pkey(ssl->cert, pkey);
return ret;
}
@@ -343,10 +329,6 @@
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- if (!ssl_cert_inst(&ctx->cert)) {
- OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_certificate, ERR_R_MALLOC_FAILURE);
- return 0;
- }
return ssl_set_cert(ctx->cert, x);
}
@@ -466,11 +448,6 @@
return 0;
}
- if (!ssl_cert_inst(&ctx->cert)) {
- OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
pkey = EVP_PKEY_new();
if (pkey == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_RSAPrivateKey, ERR_R_EVP_LIB);
@@ -551,11 +528,6 @@
return 0;
}
- if (!ssl_cert_inst(&ctx->cert)) {
- OPENSSL_PUT_ERROR(SSL, SSL_CTX_use_PrivateKey, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
return ssl_set_pkey(ctx->cert, pkey);
}
