Loading ssl/s3_clnt.c +1 −38 Original line number Diff line number Diff line Loading @@ -1243,7 +1243,6 @@ int ssl3_get_server_certificate(SSL *s) const unsigned char *q, *p; unsigned char *d; STACK_OF(X509) *sk = NULL; SESS_CERT *sc; EVP_PKEY *pkey = NULL; n = s->method->ssl_get_message(s, Loading Loading @@ -1322,13 +1321,6 @@ int ssl3_get_server_certificate(SSL *s) goto f_err; } sc = ssl_sess_cert_new(); if (sc == NULL) goto err; ssl_sess_cert_free(s->session->sess_cert); s->session->sess_cert = sc; s->session->peer_chain = sk; /* * Inconsistency alert: cert_chain does include the peer's certificate, Loading Loading @@ -1446,7 +1438,6 @@ int ssl3_get_key_exchange(SSL *s) * problems later. */ if (alg_k & SSL_kPSK) { s->session->sess_cert = ssl_sess_cert_new(); OPENSSL_free(s->ctx->psk_identity_hint); s->ctx->psk_identity_hint = NULL; } Loading @@ -1470,9 +1461,6 @@ int ssl3_get_key_exchange(SSL *s) s->s3->peer_ecdh_tmp = NULL; #endif if (s->session->sess_cert == NULL) s->session->sess_cert = ssl_sess_cert_new(); /* Total length of the parameters including the length prefix */ param_len = 0; Loading Loading @@ -2397,7 +2385,7 @@ int ssl3_send_client_key_exchange(SSL *s) if (!pms) goto memerr; if (s->session->sess_cert == NULL) { if (s->session->peer == NULL) { /* * We should always have a server certificate with SSL_kRSA. */ Loading Loading @@ -2452,15 +2440,6 @@ int ssl3_send_client_key_exchange(SSL *s) #ifndef OPENSSL_NO_DH else if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) { DH *dh_srvr, *dh_clnt; SESS_CERT *scert = s->session->sess_cert; if (scert == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); goto err; } if (s->s3->peer_dh_tmp != NULL) dh_srvr = s->s3->peer_dh_tmp; else { Loading Loading @@ -2543,14 +2522,6 @@ int ssl3_send_client_key_exchange(SSL *s) EC_KEY *tkey; int ecdh_clnt_cert = 0; int field_size = 0; if (s->session->sess_cert == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); goto err; } /* * Did we send out the client's ECDH share for use in premaster * computation as part of client certificate? If so, set Loading Loading @@ -3280,7 +3251,6 @@ int ssl3_check_cert_and_algorithm(SSL *s) long alg_k, alg_a; EVP_PKEY *pkey = NULL; int pkey_bits; SESS_CERT *sc; #ifndef OPENSSL_NO_RSA RSA *rsa; #endif Loading @@ -3295,12 +3265,6 @@ int ssl3_check_cert_and_algorithm(SSL *s) /* we don't have a certificate */ if ((alg_a & SSL_aNULL) || (alg_k & SSL_kPSK)) return (1); sc = s->session->sess_cert; if (sc == NULL) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); goto err; } #ifndef OPENSSL_NO_RSA rsa = s->s3->peer_rsa_tmp; #endif Loading Loading @@ -3437,7 +3401,6 @@ int ssl3_check_cert_and_algorithm(SSL *s) return (1); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: return (0); } Loading ssl/s3_lib.c +2 −2 Original line number Diff line number Diff line Loading @@ -3327,7 +3327,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_PEER_SIGNATURE_NID: if (SSL_USE_SIGALGS(s)) { if (s->session && s->session->sess_cert) { if (s->session) { const EVP_MD *sig; sig = s->s3->tmp.peer_md; if (sig) { Loading @@ -3342,7 +3342,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return 0; case SSL_CTRL_GET_SERVER_TMP_KEY: if (s->server || !s->session || !s->session->sess_cert) if (s->server || !s->session) return 0; else { EVP_PKEY *ptmp; Loading ssl/s3_srvr.c +0 −11 Original line number Diff line number Diff line Loading @@ -3195,17 +3195,6 @@ int ssl3_get_client_certificate(SSL *s) s->session->peer = sk_X509_shift(sk); s->session->verify_result = s->verify_result; /* * With the current implementation, sess_cert will always be NULL when we * arrive here. */ if (s->session->sess_cert == NULL) { s->session->sess_cert = ssl_sess_cert_new(); if (s->session->sess_cert == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE); goto done; } } sk_X509_pop_free(s->session->peer_chain, X509_free); s->session->peer_chain = sk; /* Loading ssl/ssl_cert.c +0 −40 Original line number Diff line number Diff line Loading @@ -519,46 +519,6 @@ void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg) c->cert_cb_arg = arg; } SESS_CERT *ssl_sess_cert_new(void) { SESS_CERT *ret; ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); return NULL; } memset(ret, 0, sizeof(*ret)); ret->references = 1; return ret; } void ssl_sess_cert_free(SESS_CERT *sc) { int i; if (sc == NULL) return; i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT); #ifdef REF_PRINT REF_PRINT("SESS_CERT", sc); #endif if (i > 0) return; #ifdef REF_CHECK if (i < 0) { fprintf(stderr, "ssl_sess_cert_free, bad reference count\n"); abort(); /* ok */ } #endif /* i == 0 */ OPENSSL_free(sc); } int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) { X509 *x; Loading ssl/ssl_locl.h +0 −7 Original line number Diff line number Diff line Loading @@ -624,8 +624,6 @@ struct ssl_session_st { * to disable session caching and tickets. */ int not_resumable; /* The cert is the certificate used to establish this connection */ struct sess_cert_st /* SESS_CERT */ *sess_cert; /* This is the cert and type for the other end. */ X509 *peer; int peer_type; Loading Loading @@ -1588,9 +1586,6 @@ typedef struct cert_st { int references; /* >1 only if SSL_copy_session_id is used */ } CERT; typedef struct sess_cert_st { int references; /* actually always 1 at the moment */ } SESS_CERT; /* Structure containing decoded values of signature algorithms extension */ struct tls_sigalgs_st { /* NID of hash algorithm */ Loading Loading @@ -1845,8 +1840,6 @@ __owur CERT *ssl_cert_new(void); __owur CERT *ssl_cert_dup(CERT *cert); void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); __owur SESS_CERT *ssl_sess_cert_new(void); void ssl_sess_cert_free(SESS_CERT *sc); __owur int ssl_get_new_session(SSL *s, int session); __owur int ssl_get_prev_session(SSL *s, unsigned char *session, int len, const unsigned char *limit); Loading Loading
ssl/s3_clnt.c +1 −38 Original line number Diff line number Diff line Loading @@ -1243,7 +1243,6 @@ int ssl3_get_server_certificate(SSL *s) const unsigned char *q, *p; unsigned char *d; STACK_OF(X509) *sk = NULL; SESS_CERT *sc; EVP_PKEY *pkey = NULL; n = s->method->ssl_get_message(s, Loading Loading @@ -1322,13 +1321,6 @@ int ssl3_get_server_certificate(SSL *s) goto f_err; } sc = ssl_sess_cert_new(); if (sc == NULL) goto err; ssl_sess_cert_free(s->session->sess_cert); s->session->sess_cert = sc; s->session->peer_chain = sk; /* * Inconsistency alert: cert_chain does include the peer's certificate, Loading Loading @@ -1446,7 +1438,6 @@ int ssl3_get_key_exchange(SSL *s) * problems later. */ if (alg_k & SSL_kPSK) { s->session->sess_cert = ssl_sess_cert_new(); OPENSSL_free(s->ctx->psk_identity_hint); s->ctx->psk_identity_hint = NULL; } Loading @@ -1470,9 +1461,6 @@ int ssl3_get_key_exchange(SSL *s) s->s3->peer_ecdh_tmp = NULL; #endif if (s->session->sess_cert == NULL) s->session->sess_cert = ssl_sess_cert_new(); /* Total length of the parameters including the length prefix */ param_len = 0; Loading Loading @@ -2397,7 +2385,7 @@ int ssl3_send_client_key_exchange(SSL *s) if (!pms) goto memerr; if (s->session->sess_cert == NULL) { if (s->session->peer == NULL) { /* * We should always have a server certificate with SSL_kRSA. */ Loading Loading @@ -2452,15 +2440,6 @@ int ssl3_send_client_key_exchange(SSL *s) #ifndef OPENSSL_NO_DH else if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) { DH *dh_srvr, *dh_clnt; SESS_CERT *scert = s->session->sess_cert; if (scert == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); goto err; } if (s->s3->peer_dh_tmp != NULL) dh_srvr = s->s3->peer_dh_tmp; else { Loading Loading @@ -2543,14 +2522,6 @@ int ssl3_send_client_key_exchange(SSL *s) EC_KEY *tkey; int ecdh_clnt_cert = 0; int field_size = 0; if (s->session->sess_cert == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); goto err; } /* * Did we send out the client's ECDH share for use in premaster * computation as part of client certificate? If so, set Loading Loading @@ -3280,7 +3251,6 @@ int ssl3_check_cert_and_algorithm(SSL *s) long alg_k, alg_a; EVP_PKEY *pkey = NULL; int pkey_bits; SESS_CERT *sc; #ifndef OPENSSL_NO_RSA RSA *rsa; #endif Loading @@ -3295,12 +3265,6 @@ int ssl3_check_cert_and_algorithm(SSL *s) /* we don't have a certificate */ if ((alg_a & SSL_aNULL) || (alg_k & SSL_kPSK)) return (1); sc = s->session->sess_cert; if (sc == NULL) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); goto err; } #ifndef OPENSSL_NO_RSA rsa = s->s3->peer_rsa_tmp; #endif Loading Loading @@ -3437,7 +3401,6 @@ int ssl3_check_cert_and_algorithm(SSL *s) return (1); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: return (0); } Loading
ssl/s3_lib.c +2 −2 Original line number Diff line number Diff line Loading @@ -3327,7 +3327,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_PEER_SIGNATURE_NID: if (SSL_USE_SIGALGS(s)) { if (s->session && s->session->sess_cert) { if (s->session) { const EVP_MD *sig; sig = s->s3->tmp.peer_md; if (sig) { Loading @@ -3342,7 +3342,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return 0; case SSL_CTRL_GET_SERVER_TMP_KEY: if (s->server || !s->session || !s->session->sess_cert) if (s->server || !s->session) return 0; else { EVP_PKEY *ptmp; Loading
ssl/s3_srvr.c +0 −11 Original line number Diff line number Diff line Loading @@ -3195,17 +3195,6 @@ int ssl3_get_client_certificate(SSL *s) s->session->peer = sk_X509_shift(sk); s->session->verify_result = s->verify_result; /* * With the current implementation, sess_cert will always be NULL when we * arrive here. */ if (s->session->sess_cert == NULL) { s->session->sess_cert = ssl_sess_cert_new(); if (s->session->sess_cert == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE); goto done; } } sk_X509_pop_free(s->session->peer_chain, X509_free); s->session->peer_chain = sk; /* Loading
ssl/ssl_cert.c +0 −40 Original line number Diff line number Diff line Loading @@ -519,46 +519,6 @@ void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg) c->cert_cb_arg = arg; } SESS_CERT *ssl_sess_cert_new(void) { SESS_CERT *ret; ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); return NULL; } memset(ret, 0, sizeof(*ret)); ret->references = 1; return ret; } void ssl_sess_cert_free(SESS_CERT *sc) { int i; if (sc == NULL) return; i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT); #ifdef REF_PRINT REF_PRINT("SESS_CERT", sc); #endif if (i > 0) return; #ifdef REF_CHECK if (i < 0) { fprintf(stderr, "ssl_sess_cert_free, bad reference count\n"); abort(); /* ok */ } #endif /* i == 0 */ OPENSSL_free(sc); } int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) { X509 *x; Loading
ssl/ssl_locl.h +0 −7 Original line number Diff line number Diff line Loading @@ -624,8 +624,6 @@ struct ssl_session_st { * to disable session caching and tickets. */ int not_resumable; /* The cert is the certificate used to establish this connection */ struct sess_cert_st /* SESS_CERT */ *sess_cert; /* This is the cert and type for the other end. */ X509 *peer; int peer_type; Loading Loading @@ -1588,9 +1586,6 @@ typedef struct cert_st { int references; /* >1 only if SSL_copy_session_id is used */ } CERT; typedef struct sess_cert_st { int references; /* actually always 1 at the moment */ } SESS_CERT; /* Structure containing decoded values of signature algorithms extension */ struct tls_sigalgs_st { /* NID of hash algorithm */ Loading Loading @@ -1845,8 +1840,6 @@ __owur CERT *ssl_cert_new(void); __owur CERT *ssl_cert_dup(CERT *cert); void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); __owur SESS_CERT *ssl_sess_cert_new(void); void ssl_sess_cert_free(SESS_CERT *sc); __owur int ssl_get_new_session(SSL *s, int session); __owur int ssl_get_prev_session(SSL *s, unsigned char *session, int len, const unsigned char *limit); Loading
Richard Levitte <levitte@openssl.org>Richard Levitte <levitte@openssl.org>