diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 19 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_cert.c | 30 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 41 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 3 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_rsa.c | 26 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 8 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 6 |
8 files changed, 18 insertions, 121 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 6ca08774b0..356f43a356 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.174 2018/11/07 01:53:36 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.175 2018/11/08 20:55:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1728,11 +1728,6 @@ _SSL_set_tmp_dh(SSL *s, DH *dh) | |||
| 1728 | { | 1728 | { |
| 1729 | DH *dh_tmp; | 1729 | DH *dh_tmp; |
| 1730 | 1730 | ||
| 1731 | if (!ssl_cert_inst(&s->cert)) { | ||
| 1732 | SSLerror(s, ERR_R_MALLOC_FAILURE); | ||
| 1733 | return 0; | ||
| 1734 | } | ||
| 1735 | |||
| 1736 | if (dh == NULL) { | 1731 | if (dh == NULL) { |
| 1737 | SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); | 1732 | SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); |
| 1738 | return 0; | 1733 | return 0; |
| @@ -1762,11 +1757,6 @@ _SSL_set_tmp_ecdh(SSL *s, EC_KEY *ecdh) | |||
| 1762 | const EC_GROUP *group; | 1757 | const EC_GROUP *group; |
| 1763 | int nid; | 1758 | int nid; |
| 1764 | 1759 | ||
| 1765 | if (!ssl_cert_inst(&s->cert)) { | ||
| 1766 | SSLerror(s, ERR_R_MALLOC_FAILURE); | ||
| 1767 | return 0; | ||
| 1768 | } | ||
| 1769 | |||
| 1770 | if (ecdh == NULL) | 1760 | if (ecdh == NULL) |
| 1771 | return 0; | 1761 | return 0; |
| 1772 | if ((group = EC_KEY_get0_group(ecdh)) == NULL) | 1762 | if ((group = EC_KEY_get0_group(ecdh)) == NULL) |
| @@ -1994,13 +1984,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 1994 | long | 1984 | long |
| 1995 | ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) | 1985 | ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) |
| 1996 | { | 1986 | { |
| 1997 | if (cmd == SSL_CTRL_SET_TMP_DH_CB || cmd == SSL_CTRL_SET_TMP_ECDH_CB) { | ||
| 1998 | if (!ssl_cert_inst(&s->cert)) { | ||
| 1999 | SSLerror(s, ERR_R_MALLOC_FAILURE); | ||
| 2000 | return 0; | ||
| 2001 | } | ||
| 2002 | } | ||
| 2003 | |||
| 2004 | switch (cmd) { | 1987 | switch (cmd) { |
| 2005 | case SSL_CTRL_SET_TMP_RSA_CB: | 1988 | case SSL_CTRL_SET_TMP_RSA_CB: |
| 2006 | SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 1989 | SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 567d8ea21f..bfd915d7df 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_cert.c,v 1.68 2018/11/05 03:49:44 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_cert.c,v 1.69 2018/11/08 20:55:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -321,34 +321,6 @@ ssl_cert_free(CERT *c) | |||
| 321 | free(c); | 321 | free(c); |
| 322 | } | 322 | } |
| 323 | 323 | ||
| 324 | int | ||
| 325 | ssl_cert_inst(CERT **o) | ||
| 326 | { | ||
| 327 | /* | ||
| 328 | * Create a CERT if there isn't already one | ||
| 329 | * (which cannot really happen, as it is initially created in | ||
| 330 | * SSL_CTX_new; but the earlier code usually allows for that one | ||
| 331 | * being non-existant, so we follow that behaviour, as it might | ||
| 332 | * turn out that there actually is a reason for it -- but I'm | ||
| 333 | * not sure that *all* of the existing code could cope with | ||
| 334 | * s->cert being NULL, otherwise we could do without the | ||
| 335 | * initialization in SSL_CTX_new). | ||
| 336 | */ | ||
| 337 | |||
| 338 | if (o == NULL) { | ||
| 339 | SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); | ||
| 340 | return (0); | ||
| 341 | } | ||
| 342 | if (*o == NULL) { | ||
| 343 | if ((*o = ssl_cert_new()) == NULL) { | ||
| 344 | SSLerrorx(ERR_R_MALLOC_FAILURE); | ||
| 345 | return (0); | ||
| 346 | } | ||
| 347 | } | ||
| 348 | return (1); | ||
| 349 | } | ||
| 350 | |||
| 351 | |||
| 352 | SESS_CERT * | 324 | SESS_CERT * |
| 353 | ssl_sess_cert_new(void) | 325 | ssl_sess_cert_new(void) |
| 354 | { | 326 | { |
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 8c3ec80060..22e41da953 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.35 2018/11/08 20:26:45 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.36 2018/11/08 20:55:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2527,8 +2527,8 @@ ssl3_send_client_certificate(SSL *s) | |||
| 2527 | memset(&cbb, 0, sizeof(cbb)); | 2527 | memset(&cbb, 0, sizeof(cbb)); |
| 2528 | 2528 | ||
| 2529 | if (S3I(s)->hs.state == SSL3_ST_CW_CERT_A) { | 2529 | if (S3I(s)->hs.state == SSL3_ST_CW_CERT_A) { |
| 2530 | if ((s->cert == NULL) || (s->cert->key->x509 == NULL) || | 2530 | if (s->cert->key->x509 == NULL || |
| 2531 | (s->cert->key->privatekey == NULL)) | 2531 | s->cert->key->privatekey == NULL) |
| 2532 | S3I(s)->hs.state = SSL3_ST_CW_CERT_B; | 2532 | S3I(s)->hs.state = SSL3_ST_CW_CERT_B; |
| 2533 | else | 2533 | else |
| 2534 | S3I(s)->hs.state = SSL3_ST_CW_CERT_C; | 2534 | S3I(s)->hs.state = SSL3_ST_CW_CERT_C; |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 3c4d116919..6b4c7e72a1 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.190 2018/11/07 01:53:36 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.191 2018/11/08 20:55:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -261,23 +261,8 @@ SSL_new(SSL_CTX *ctx) | |||
| 261 | s->internal->mode = ctx->internal->mode; | 261 | s->internal->mode = ctx->internal->mode; |
| 262 | s->internal->max_cert_list = ctx->internal->max_cert_list; | 262 | s->internal->max_cert_list = ctx->internal->max_cert_list; |
| 263 | 263 | ||
| 264 | if (ctx->internal->cert != NULL) { | 264 | if ((s->cert = ssl_cert_dup(ctx->internal->cert)) == NULL) |
| 265 | /* | 265 | goto err; |
| 266 | * Earlier library versions used to copy the pointer to | ||
| 267 | * the CERT, not its contents; only when setting new | ||
| 268 | * parameters for the per-SSL copy, ssl_cert_new would be | ||
| 269 | * called (and the direct reference to the per-SSL_CTX | ||
| 270 | * settings would be lost, but those still were indirectly | ||
| 271 | * accessed for various purposes, and for that reason they | ||
| 272 | * used to be known as s->ctx->default_cert). | ||
| 273 | * Now we don't look at the SSL_CTX's CERT after having | ||
| 274 | * duplicated it once. | ||
| 275 | */ | ||
| 276 | s->cert = ssl_cert_dup(ctx->internal->cert); | ||
| 277 | if (s->cert == NULL) | ||
| 278 | goto err; | ||
| 279 | } else | ||
| 280 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ | ||
| 281 | 266 | ||
| 282 | s->internal->read_ahead = ctx->internal->read_ahead; | 267 | s->internal->read_ahead = ctx->internal->read_ahead; |
| 283 | s->internal->msg_callback = ctx->internal->msg_callback; | 268 | s->internal->msg_callback = ctx->internal->msg_callback; |
| @@ -1855,6 +1840,7 @@ SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1855 | ret->verify_mode = SSL_VERIFY_NONE; | 1840 | ret->verify_mode = SSL_VERIFY_NONE; |
| 1856 | ret->sid_ctx_length = 0; | 1841 | ret->sid_ctx_length = 0; |
| 1857 | ret->internal->default_verify_callback = NULL; | 1842 | ret->internal->default_verify_callback = NULL; |
| 1843 | |||
| 1858 | if ((ret->internal->cert = ssl_cert_new()) == NULL) | 1844 | if ((ret->internal->cert = ssl_cert_new()) == NULL) |
| 1859 | goto err; | 1845 | goto err; |
| 1860 | 1846 | ||
| @@ -2519,12 +2505,9 @@ SSL_dup(SSL *s) | |||
| 2519 | ret->method = s->method; | 2505 | ret->method = s->method; |
| 2520 | ret->method->internal->ssl_new(ret); | 2506 | ret->method->internal->ssl_new(ret); |
| 2521 | 2507 | ||
| 2522 | if (s->cert != NULL) { | 2508 | ssl_cert_free(ret->cert); |
| 2523 | ssl_cert_free(ret->cert); | 2509 | if ((ret->cert = ssl_cert_dup(s->cert)) == NULL) |
| 2524 | ret->cert = ssl_cert_dup(s->cert); | 2510 | goto err; |
| 2525 | if (ret->cert == NULL) | ||
| 2526 | goto err; | ||
| 2527 | } | ||
| 2528 | 2511 | ||
| 2529 | if (!SSL_set_session_id_context(ret, s->sid_ctx, | 2512 | if (!SSL_set_session_id_context(ret, s->sid_ctx, |
| 2530 | s->sid_ctx_length)) | 2513 | s->sid_ctx_length)) |
| @@ -2658,20 +2641,14 @@ ssl_clear_cipher_write_state(SSL *s) | |||
| 2658 | X509 * | 2641 | X509 * |
| 2659 | SSL_get_certificate(const SSL *s) | 2642 | SSL_get_certificate(const SSL *s) |
| 2660 | { | 2643 | { |
| 2661 | if (s->cert != NULL) | 2644 | return (s->cert->key->x509); |
| 2662 | return (s->cert->key->x509); | ||
| 2663 | else | ||
| 2664 | return (NULL); | ||
| 2665 | } | 2645 | } |
| 2666 | 2646 | ||
| 2667 | /* Fix this function so that it takes an optional type parameter */ | 2647 | /* Fix this function so that it takes an optional type parameter */ |
| 2668 | EVP_PKEY * | 2648 | EVP_PKEY * |
| 2669 | SSL_get_privatekey(const SSL *s) | 2649 | SSL_get_privatekey(const SSL *s) |
| 2670 | { | 2650 | { |
| 2671 | if (s->cert != NULL) | 2651 | return (s->cert->key->privatekey); |
| 2672 | return (s->cert->key->privatekey); | ||
| 2673 | else | ||
| 2674 | return (NULL); | ||
| 2675 | } | 2652 | } |
| 2676 | 2653 | ||
| 2677 | const SSL_CIPHER * | 2654 | const SSL_CIPHER * |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 8aa29e7e59..32766de1cf 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.220 2018/11/07 01:53:36 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.221 2018/11/08 20:55:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1048,7 +1048,6 @@ void ssl_clear_cipher_write_state(SSL *s); | |||
| 1048 | int ssl_clear_bad_session(SSL *s); | 1048 | int ssl_clear_bad_session(SSL *s); |
| 1049 | CERT *ssl_cert_new(void); | 1049 | CERT *ssl_cert_new(void); |
| 1050 | CERT *ssl_cert_dup(CERT *cert); | 1050 | CERT *ssl_cert_dup(CERT *cert); |
| 1051 | int ssl_cert_inst(CERT **o); | ||
| 1052 | void ssl_cert_free(CERT *c); | 1051 | void ssl_cert_free(CERT *c); |
| 1053 | SESS_CERT *ssl_sess_cert_new(void); | 1052 | SESS_CERT *ssl_sess_cert_new(void); |
| 1054 | void ssl_sess_cert_free(SESS_CERT *sc); | 1053 | void ssl_sess_cert_free(SESS_CERT *sc); |
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index 631aaa5077..4d2b1c9fb3 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_rsa.c,v 1.29 2018/04/25 07:10:39 tb Exp $ */ | 1 | /* $OpenBSD: ssl_rsa.c,v 1.30 2018/11/08 20:55:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -77,10 +77,6 @@ SSL_use_certificate(SSL *ssl, X509 *x) | |||
| 77 | SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); | 77 | SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); |
| 78 | return (0); | 78 | return (0); |
| 79 | } | 79 | } |
| 80 | if (!ssl_cert_inst(&ssl->cert)) { | ||
| 81 | SSLerror(ssl, ERR_R_MALLOC_FAILURE); | ||
| 82 | return (0); | ||
| 83 | } | ||
| 84 | return (ssl_set_cert(ssl->cert, x)); | 80 | return (ssl_set_cert(ssl->cert, x)); |
| 85 | } | 81 | } |
| 86 | 82 | ||
| @@ -154,10 +150,6 @@ SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) | |||
| 154 | SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); | 150 | SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); |
| 155 | return (0); | 151 | return (0); |
| 156 | } | 152 | } |
| 157 | if (!ssl_cert_inst(&ssl->cert)) { | ||
| 158 | SSLerror(ssl, ERR_R_MALLOC_FAILURE); | ||
| 159 | return (0); | ||
| 160 | } | ||
| 161 | if ((pkey = EVP_PKEY_new()) == NULL) { | 153 | if ((pkey = EVP_PKEY_new()) == NULL) { |
| 162 | SSLerror(ssl, ERR_R_EVP_LIB); | 154 | SSLerror(ssl, ERR_R_EVP_LIB); |
| 163 | return (0); | 155 | return (0); |
| @@ -278,10 +270,6 @@ SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) | |||
| 278 | SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); | 270 | SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); |
| 279 | return (0); | 271 | return (0); |
| 280 | } | 272 | } |
| 281 | if (!ssl_cert_inst(&ssl->cert)) { | ||
| 282 | SSLerror(ssl, ERR_R_MALLOC_FAILURE); | ||
| 283 | return (0); | ||
| 284 | } | ||
| 285 | ret = ssl_set_pkey(ssl->cert, pkey); | 273 | ret = ssl_set_pkey(ssl->cert, pkey); |
| 286 | return (ret); | 274 | return (ret); |
| 287 | } | 275 | } |
| @@ -349,10 +337,6 @@ SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) | |||
| 349 | SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); | 337 | SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); |
| 350 | return (0); | 338 | return (0); |
| 351 | } | 339 | } |
| 352 | if (!ssl_cert_inst(&ctx->internal->cert)) { | ||
| 353 | SSLerrorx(ERR_R_MALLOC_FAILURE); | ||
| 354 | return (0); | ||
| 355 | } | ||
| 356 | return (ssl_set_cert(ctx->internal->cert, x)); | 340 | return (ssl_set_cert(ctx->internal->cert, x)); |
| 357 | } | 341 | } |
| 358 | 342 | ||
| @@ -482,10 +466,6 @@ SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) | |||
| 482 | SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); | 466 | SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); |
| 483 | return (0); | 467 | return (0); |
| 484 | } | 468 | } |
| 485 | if (!ssl_cert_inst(&ctx->internal->cert)) { | ||
| 486 | SSLerrorx(ERR_R_MALLOC_FAILURE); | ||
| 487 | return (0); | ||
| 488 | } | ||
| 489 | if ((pkey = EVP_PKEY_new()) == NULL) { | 469 | if ((pkey = EVP_PKEY_new()) == NULL) { |
| 490 | SSLerrorx(ERR_R_EVP_LIB); | 470 | SSLerrorx(ERR_R_EVP_LIB); |
| 491 | return (0); | 471 | return (0); |
| @@ -562,10 +542,6 @@ SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) | |||
| 562 | SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); | 542 | SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); |
| 563 | return (0); | 543 | return (0); |
| 564 | } | 544 | } |
| 565 | if (!ssl_cert_inst(&ctx->internal->cert)) { | ||
| 566 | SSLerrorx(ERR_R_MALLOC_FAILURE); | ||
| 567 | return (0); | ||
| 568 | } | ||
| 569 | return (ssl_set_pkey(ctx->internal->cert, pkey)); | 545 | return (ssl_set_pkey(ctx->internal->cert, pkey)); |
| 570 | } | 546 | } |
| 571 | 547 | ||
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index f077140b90..e7f1f5c9ec 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.49 2018/11/08 20:26:45 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.50 2018/11/08 20:55:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -196,12 +196,6 @@ ssl3_accept(SSL *s) | |||
| 196 | if (SSL_IS_DTLS(s)) | 196 | if (SSL_IS_DTLS(s)) |
| 197 | D1I(s)->listen = listen; | 197 | D1I(s)->listen = listen; |
| 198 | 198 | ||
| 199 | if (s->cert == NULL) { | ||
| 200 | SSLerror(s, SSL_R_NO_CERTIFICATE_SET); | ||
| 201 | ret = -1; | ||
| 202 | goto end; | ||
| 203 | } | ||
| 204 | |||
| 205 | for (;;) { | 199 | for (;;) { |
| 206 | state = S3I(s)->hs.state; | 200 | state = S3I(s)->hs.state; |
| 207 | 201 | ||
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 758f7b1e11..1cb0cfb453 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.147 2018/11/05 20:41:30 jsing Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.148 2018/11/08 20:55:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1150,10 +1150,6 @@ tls1_process_sigalgs(SSL *s, CBS *cbs) | |||
| 1150 | if (!SSL_USE_SIGALGS(s)) | 1150 | if (!SSL_USE_SIGALGS(s)) |
| 1151 | return 1; | 1151 | return 1; |
| 1152 | 1152 | ||
| 1153 | /* Should never happen */ | ||
| 1154 | if (c == NULL) | ||
| 1155 | return 0; | ||
| 1156 | |||
| 1157 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; | 1153 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; |
| 1158 | c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; | 1154 | c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; |
| 1159 | c->pkeys[SSL_PKEY_ECC].digest = NULL; | 1155 | c->pkeys[SSL_PKEY_ECC].digest = NULL; |