Remove SSL_copy_session_id.

This is the only codepath that allowed a cert_st to be shared between two
ssl_st's. Given that the cert_st currently contains some per-connection and
even per-handshake state, this probably doesn't work.

Remove the function altogether and don't ref-count cert_st.

Change-Id: I66d5346117cb59b6063e7b9b893d1c4b40cb6867
Reviewed-on: https://boringssl-review.googlesource.com/1110
Reviewed-by: Adam Langley <agl@google.com>

4 files changed, 0 insertions, 51 deletions

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 149c2aee..07de254e 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1994,7 +1994,6 @@ BIO_METHOD *BIO_f_ssl(void);
 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
 BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
 BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-int BIO_ssl_copy_session_id(BIO *to,BIO *from);
 void BIO_ssl_shutdown(BIO *ssl_bio);
 
 #endif
@@ -2080,7 +2079,6 @@ long	SSL_SESSION_get_time(const SSL_SESSION *s);
 long	SSL_SESSION_set_time(SSL_SESSION *s, long t);
 long	SSL_SESSION_get_timeout(const SSL_SESSION *s);
 long	SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-void	SSL_copy_session_id(SSL *to,const SSL *from);
 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
 int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
 			       unsigned int sid_ctx_len);
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 12ad094e..eab55962 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -181,7 +181,6 @@ CERT *ssl_cert_new(void)
 	memset(ret,0,sizeof(CERT));
 
 	ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
-	ret->references=1;
 	ssl_cert_set_default_md(ret);
 	return(ret);
 	}
@@ -322,7 +321,6 @@ CERT *ssl_cert_dup(CERT *cert)
 		rpk->valid_flags = 0;
 		}
 	
-	ret->references=1;
 	/* Set digests to defaults. NB: we don't copy existing values as they
 	 * will be set during handshake.
 	 */
@@ -439,24 +437,9 @@ void ssl_cert_clear_certs(CERT *c)
 
 void ssl_cert_free(CERT *c)
 	{
-	int i;
-
 	if(c == NULL)
 	    return;
 
-	i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
-#ifdef REF_PRINT
-	REF_PRINT("CERT",c);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"ssl_cert_free, bad reference count\n");
-		abort(); /* ok */
-		}
-#endif
-
 	if (c->rsa_tmp) RSA_free(c->rsa_tmp);
 #ifndef OPENSSL_NO_DH
 	if (c->dh_tmp) DH_free(c->dh_tmp);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5cf67457..28aba466 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -969,36 +969,6 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
 	return(r);
 	}
 
-/* Now in theory, since the calling process own 't' it should be safe to
- * modify.  We need to be able to read f without being hassled */
-void SSL_copy_session_id(SSL *t,const SSL *f)
-	{
-	CERT *tmp;
-
-	/* Do we need to to SSL locking? */
-	SSL_set_session(t,SSL_get_session(f));
-
-	/* what if we are setup as SSLv2 but want to talk SSLv3 or
-	 * vice-versa */
-	if (t->method != f->method)
-		{
-		t->method->ssl_free(t);	/* cleanup current */
-		t->method=f->method;	/* change method */
-		t->method->ssl_new(t);	/* setup new */
-		}
-
-	tmp=t->cert;
-	if (f->cert != NULL)
-		{
-		CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
-		t->cert=f->cert;
-		}
-	else
-		t->cert=NULL;
-	if (tmp != NULL) ssl_cert_free(tmp);
-	SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
-	}
-
 /* Fix this so it checks all the valid key/cert options */
 int SSL_CTX_check_private_key(const SSL_CTX *ctx)
 	{
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index a2ca802d..95ba123b 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -619,8 +619,6 @@ typedef struct cert_st
 	/* Raw values of the cipher list from a client */
 	unsigned char *ciphers_raw;
 	size_t ciphers_rawlen;
-
-	int references; /* >1 only if SSL_copy_session_id is used */
 	} CERT;