Stop pretending that a cert member in a SSL and SSL_CTX can be NULL.

ok beck@ tb@

8 files changed, 18 insertions, 121 deletions

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 6ca08774b0..356f43a356 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.174 2018/11/07 01:53:36 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.175 2018/11/08 20:55:18 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1728,11 +1728,6 @@ _SSL_set_tmp_dh(SSL *s, DH *dh)
 {
         DH *dh_tmp;
 
-        if (!ssl_cert_inst(&s->cert)) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-
         if (dh == NULL) {
                 SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
@@ -1762,11 +1757,6 @@ _SSL_set_tmp_ecdh(SSL *s, EC_KEY *ecdh)
         const EC_GROUP *group;
         int nid;
 
-        if (!ssl_cert_inst(&s->cert)) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-
         if (ecdh == NULL)
                 return 0;
         if ((group = EC_KEY_get0_group(ecdh)) == NULL)
@@ -1994,13 +1984,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 long
 ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
 {
-        if (cmd == SSL_CTRL_SET_TMP_DH_CB || cmd == SSL_CTRL_SET_TMP_ECDH_CB) {
-                if (!ssl_cert_inst(&s->cert)) {
-                        SSLerror(s, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-        }
-
         switch (cmd) {
         case SSL_CTRL_SET_TMP_RSA_CB:
                 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 567d8ea21f..bfd915d7df 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.68 2018/11/05 03:49:44 jsing Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.69 2018/11/08 20:55:18 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -321,34 +321,6 @@ ssl_cert_free(CERT *c)
         free(c);
 }
 
-int
-ssl_cert_inst(CERT **o)
-{
-        /*
-         * Create a CERT if there isn't already one
-         * (which cannot really happen, as it is initially created in
-         * SSL_CTX_new; but the earlier code usually allows for that one
-         * being non-existant, so we follow that behaviour, as it might
-         * turn out that there actually is a reason for it -- but I'm
-         * not sure that *all* of the existing code could cope with
-         * s->cert being NULL, otherwise we could do without the
-         * initialization in SSL_CTX_new).
-         */
-
-        if (o == NULL) {
-                SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        if (*o == NULL) {
-                if ((*o = ssl_cert_new()) == NULL) {
-                        SSLerrorx(ERR_R_MALLOC_FAILURE);
-                        return (0);
-                }
-        }
-        return (1);
-}
-
-
 SESS_CERT *
 ssl_sess_cert_new(void)
 {
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 8c3ec80060..22e41da953 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.35 2018/11/08 20:26:45 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.36 2018/11/08 20:55:18 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2527,8 +2527,8 @@ ssl3_send_client_certificate(SSL *s)
         memset(&cbb, 0, sizeof(cbb));
 
         if (S3I(s)->hs.state == SSL3_ST_CW_CERT_A) {
-                if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
-                    (s->cert->key->privatekey == NULL))
+                if (s->cert->key->x509 == NULL ||
+                    s->cert->key->privatekey == NULL)
                         S3I(s)->hs.state = SSL3_ST_CW_CERT_B;
                 else
                         S3I(s)->hs.state = SSL3_ST_CW_CERT_C;
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 3c4d116919..6b4c7e72a1 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.190 2018/11/07 01:53:36 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.191 2018/11/08 20:55:18 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -261,23 +261,8 @@ SSL_new(SSL_CTX *ctx)
         s->internal->mode = ctx->internal->mode;
         s->internal->max_cert_list = ctx->internal->max_cert_list;
 
-        if (ctx->internal->cert != NULL) {
-                /*
-                 * Earlier library versions used to copy the pointer to
-                 * the CERT, not its contents; only when setting new
-                 * parameters for the per-SSL copy, ssl_cert_new would be
-                 * called (and the direct reference to the per-SSL_CTX
-                 * settings would be lost, but those still were indirectly
-                 * accessed for various purposes, and for that reason they
-                 * used to be known as s->ctx->default_cert).
-                 * Now we don't look at the SSL_CTX's CERT after having
-                 * duplicated it once.
-                */
-                s->cert = ssl_cert_dup(ctx->internal->cert);
-                if (s->cert == NULL)
-                        goto err;
-        } else
-                s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
+        if ((s->cert = ssl_cert_dup(ctx->internal->cert)) == NULL)
+                goto err;
 
         s->internal->read_ahead = ctx->internal->read_ahead;
         s->internal->msg_callback = ctx->internal->msg_callback;
@@ -1855,6 +1840,7 @@ SSL_CTX_new(const SSL_METHOD *meth)
         ret->verify_mode = SSL_VERIFY_NONE;
         ret->sid_ctx_length = 0;
         ret->internal->default_verify_callback = NULL;
+
         if ((ret->internal->cert = ssl_cert_new()) == NULL)
                 goto err;
 
@@ -2519,12 +2505,9 @@ SSL_dup(SSL *s)
                 ret->method = s->method;
                 ret->method->internal->ssl_new(ret);
 
-                if (s->cert != NULL) {
-                        ssl_cert_free(ret->cert);
-                        ret->cert = ssl_cert_dup(s->cert);
-                        if (ret->cert == NULL)
-                                goto err;
-                }
+                ssl_cert_free(ret->cert);
+                if ((ret->cert = ssl_cert_dup(s->cert)) == NULL)
+                        goto err;
 
                 if (!SSL_set_session_id_context(ret, s->sid_ctx,
                     s->sid_ctx_length))
@@ -2658,20 +2641,14 @@ ssl_clear_cipher_write_state(SSL *s)
 X509 *
 SSL_get_certificate(const SSL *s)
 {
-        if (s->cert != NULL)
-                return (s->cert->key->x509);
-        else
-                return (NULL);
+        return (s->cert->key->x509);
 }
 
 /* Fix this function so that it takes an optional type parameter */
 EVP_PKEY *
 SSL_get_privatekey(const SSL *s)
 {
-        if (s->cert != NULL)
-                return (s->cert->key->privatekey);
-        else
-                return (NULL);
+        return (s->cert->key->privatekey);
 }
 
 const SSL_CIPHER *
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 8aa29e7e59..32766de1cf 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.220 2018/11/07 01:53:36 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.221 2018/11/08 20:55:18 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1048,7 +1048,6 @@ void ssl_clear_cipher_write_state(SSL *s);
 int ssl_clear_bad_session(SSL *s);
 CERT *ssl_cert_new(void);
 CERT *ssl_cert_dup(CERT *cert);
-int ssl_cert_inst(CERT **o);
 void ssl_cert_free(CERT *c);
 SESS_CERT *ssl_sess_cert_new(void);
 void ssl_sess_cert_free(SESS_CERT *sc);
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index 631aaa5077..4d2b1c9fb3 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_rsa.c,v 1.29 2018/04/25 07:10:39 tb Exp $ */
+/* $OpenBSD: ssl_rsa.c,v 1.30 2018/11/08 20:55:18 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -77,10 +77,6 @@ SSL_use_certificate(SSL *ssl, X509 *x)
                 SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
                 return (0);
         }
-        if (!ssl_cert_inst(&ssl->cert)) {
-                SSLerror(ssl, ERR_R_MALLOC_FAILURE);
-                return (0);
-        }
         return (ssl_set_cert(ssl->cert, x));
 }
 
@@ -154,10 +150,6 @@ SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
                 SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
                 return (0);
         }
-        if (!ssl_cert_inst(&ssl->cert)) {
-                SSLerror(ssl, ERR_R_MALLOC_FAILURE);
-                return (0);
-        }
         if ((pkey = EVP_PKEY_new()) == NULL) {
                 SSLerror(ssl, ERR_R_EVP_LIB);
                 return (0);
@@ -278,10 +270,6 @@ SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
                 SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
                 return (0);
         }
-        if (!ssl_cert_inst(&ssl->cert)) {
-                SSLerror(ssl, ERR_R_MALLOC_FAILURE);
-                return (0);
-        }
         ret = ssl_set_pkey(ssl->cert, pkey);
         return (ret);
 }
@@ -349,10 +337,6 @@ SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
                 SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
                 return (0);
         }
-        if (!ssl_cert_inst(&ctx->internal->cert)) {
-                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                return (0);
-        }
         return (ssl_set_cert(ctx->internal->cert, x));
 }
 
@@ -482,10 +466,6 @@ SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
                 SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
                 return (0);
         }
-        if (!ssl_cert_inst(&ctx->internal->cert)) {
-                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                return (0);
-        }
         if ((pkey = EVP_PKEY_new()) == NULL) {
                 SSLerrorx(ERR_R_EVP_LIB);
                 return (0);
@@ -562,10 +542,6 @@ SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
                 SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
                 return (0);
         }
-        if (!ssl_cert_inst(&ctx->internal->cert)) {
-                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                return (0);
-        }
         return (ssl_set_pkey(ctx->internal->cert, pkey));
 }
 
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index f077140b90..e7f1f5c9ec 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.49 2018/11/08 20:26:45 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.50 2018/11/08 20:55:18 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -196,12 +196,6 @@ ssl3_accept(SSL *s)
         if (SSL_IS_DTLS(s))
                 D1I(s)->listen = listen;
 
-        if (s->cert == NULL) {
-                SSLerror(s, SSL_R_NO_CERTIFICATE_SET);
-                ret = -1;
-                goto end;
-        }
-
         for (;;) {
                 state = S3I(s)->hs.state;
 
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 758f7b1e11..1cb0cfb453 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.147 2018/11/05 20:41:30 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.148 2018/11/08 20:55:18 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1150,10 +1150,6 @@ tls1_process_sigalgs(SSL *s, CBS *cbs)
         if (!SSL_USE_SIGALGS(s))
                 return 1;
 
-        /* Should never happen */
-        if (c == NULL)
-                return 0;
-
         c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
         c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
         c->pkeys[SSL_PKEY_ECC].digest = NULL;