X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_cert.c;h=d6401b43d2476c2c3e5c57588c0a3417c6759f68;hp=1178d43fa095d8b932155c6dd8a96fcae626b216;hb=3e47caff4830d2a117eda15b57a5feab89b846ae;hpb=c660ec63a83090051f3e110b00bd5753f21bce51

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 1178d43fa0..d6401b43d2 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -175,7 +175,7 @@ void ssl_cert_set_default_md(CERT *cert)
     cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
     cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
     cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
 }
@@ -261,7 +261,7 @@ CERT *ssl_cert_dup(CERT *cert)
     ret->dh_tmp_auto = cert->dh_tmp_auto;
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (cert->ecdh_tmp) {
         ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
         if (ret->ecdh_tmp == NULL) {
@@ -402,10 +402,8 @@ void ssl_cert_clear_certs(CERT *c)
             X509_free(cpk->x509);
             cpk->x509 = NULL;
         }
-        if (cpk->privatekey) {
-            EVP_PKEY_free(cpk->privatekey);
-            cpk->privatekey = NULL;
-        }
+        EVP_PKEY_free(cpk->privatekey);
+        cpk->privatekey = NULL;
         if (cpk->chain) {
             sk_X509_pop_free(cpk->chain, X509_free);
             cpk->chain = NULL;
@@ -443,16 +441,13 @@ void ssl_cert_free(CERT *c)
 #endif
 
 #ifndef OPENSSL_NO_RSA
-    if (c->rsa_tmp)
-        RSA_free(c->rsa_tmp);
+    RSA_free(c->rsa_tmp);
 #endif
 #ifndef OPENSSL_NO_DH
-    if (c->dh_tmp)
-        DH_free(c->dh_tmp);
+    DH_free(c->dh_tmp);
 #endif
-#ifndef OPENSSL_NO_ECDH
-    if (c->ecdh_tmp)
-        EC_KEY_free(c->ecdh_tmp);
+#ifndef OPENSSL_NO_EC
+    EC_KEY_free(c->ecdh_tmp);
 #endif
 
     ssl_cert_clear_certs(c);
@@ -484,31 +479,6 @@ void ssl_cert_free(CERT *c)
     OPENSSL_free(c);
 }
 
-int ssl_cert_inst(CERT **o)
-{
-    /*
-     * Create a CERT if there isn't already one (which cannot really happen,
-     * as it is initially created in SSL_CTX_new; but the earlier code
-     * usually allows for that one being non-existant, so we follow that
-     * behaviour, as it might turn out that there actually is a reason for it
-     * -- but I'm not sure that *all* of the existing code could cope with
-     * s->cert being NULL, otherwise we could do without the initialization
-     * in SSL_CTX_new).
-     */
-
-    if (o == NULL) {
-        SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (*o == NULL) {
-        if ((*o = ssl_cert_new()) == NULL) {
-            SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
-            return (0);
-        }
-    }
-    return (1);
-}
-
 int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
 {
     int i, r;
@@ -664,26 +634,25 @@ void ssl_sess_cert_free(SESS_CERT *sc)
     for (i = 0; i < SSL_PKEY_NUM; i++) {
         if (sc->peer_pkeys[i].x509 != NULL)
             X509_free(sc->peer_pkeys[i].x509);
-#if 0                           /* We don't have the peer's private key.
-                                 * These lines are just * here as a reminder
-                                 * that we're still using a
-                                 * not-quite-appropriate * data structure. */
+#if 0
+        /*
+         * We don't have the peer's private key. These lines are just
+         * here as a reminder that we're still using a not-quite-appropriate
+         *  data structure.
+         */
         if (sc->peer_pkeys[i].privatekey != NULL)
             EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
 #endif
     }
 
 #ifndef OPENSSL_NO_RSA
-    if (sc->peer_rsa_tmp != NULL)
-        RSA_free(sc->peer_rsa_tmp);
+    RSA_free(sc->peer_rsa_tmp);
 #endif
 #ifndef OPENSSL_NO_DH
-    if (sc->peer_dh_tmp != NULL)
-        DH_free(sc->peer_dh_tmp);
+    DH_free(sc->peer_dh_tmp);
 #endif
-#ifndef OPENSSL_NO_ECDH
-    if (sc->peer_ecdh_tmp != NULL)
-        EC_KEY_free(sc->peer_ecdh_tmp);
+#ifndef OPENSSL_NO_EC
+    EC_KEY_free(sc->peer_ecdh_tmp);
 #endif
 
     OPENSSL_free(sc);
@@ -717,10 +686,6 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
     }
     /* Set suite B flags if needed */
     X509_STORE_CTX_set_flags(&ctx, tls1_suiteb(s));
-#if 0
-    if (SSL_get_verify_depth(s) >= 0)
-        X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
-#endif
     X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s);
 
     /*
@@ -739,11 +704,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
         X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
 
     if (s->ctx->app_verify_callback != NULL)
-#if 1                           /* new with OpenSSL 0.9.7 */
         i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
-#else
-        i = s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
-#endif
     else {
         i = X509_verify_cert(&ctx);
 # if 0
@@ -912,8 +873,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
     }
     if (sk != NULL)
         sk_X509_NAME_free(sk);
-    if (in != NULL)
-        BIO_free(in);
+    BIO_free(in);
     if (x != NULL)
         X509_free(x);
     if (ret != NULL)
@@ -973,8 +933,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
  err:
         ret = 0;
     }
-    if (in != NULL)
-        BIO_free(in);
+    BIO_free(in);
     if (x != NULL)
         X509_free(x);