diff options
| author | David Benjamin <davidben@chromium.org> | 2015-12-05 07:14:35 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2015-12-16 00:29:46 +0300 |
| commit | 8a58933db02f5059202709807562bae0d6633fdb (patch) | |
| tree | 0f442b4aed457b2dfc41fe41075e4303237f61ef /crypto/x509 | |
| parent | 0abd6f2eb6eeb1a780f9f37bcdc4ebf5298d8cb8 (diff) | |
Remove the CRYPTO_EX_new callback.
This callback is never used. The one caller I've ever seen is in Android
code which isn't built with BoringSSL and it was a no-op.
It also doesn't actually make much sense. A callback cannot reasonably
assume that it sees every, say, SSL_CTX created because the index may be
registered after the first SSL_CTX is created. Nor is there any point in
an EX_DATA consumer in one file knowing about an SSL_CTX created in
completely unrelated code.
Replace all the pointers with a typedef to int*. This will ensure code
which passes NULL or 0 continues to compile while breaking code which
passes an actual function.
This simplifies some object creation functions which now needn't worry
about CRYPTO_new_ex_data failing. (Also avoids bouncing on the lock, but
it's taking a read lock, so this doesn't really matter.)
BUG=391192
Change-Id: I02893883c6fa8693682075b7b130aa538a0a1437
Reviewed-on: https://boringssl-review.googlesource.com/6625
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto/x509')
| -rw-r--r-- | crypto/x509/x509_vfy.c | 17 | ||||
| -rw-r--r-- | crypto/x509/x_x509.c | 6 |
2 files changed, 7 insertions, 16 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index b15ebfed..ba5885c5 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2092,14 +2092,14 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, return NULL; } -int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { /* This function is (usually) called only once, by * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ int index; if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, - new_func, dup_func, free_func)) + dup_func, free_func)) { return -1; } @@ -2266,19 +2266,13 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain) { int ret = 1; - int ex_data_allocated = 0; memset(ctx, 0, sizeof(X509_STORE_CTX)); ctx->ctx=store; ctx->cert=x509; ctx->untrusted=chain; - if(!CRYPTO_new_ex_data(&g_ex_data_class, ctx, - &ctx->ex_data)) - { - goto err; - } - ex_data_allocated = 1; + CRYPTO_new_ex_data(&ctx->ex_data); ctx->param = X509_VERIFY_PARAM_new(); if (!ctx->param) @@ -2362,10 +2356,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, return 1; err: - if (ex_data_allocated) - { - CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data); - } + CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data); if (ctx->param != NULL) { X509_VERIFY_PARAM_free(ctx->param); diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index b8f318a0..7bbe4f36 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -104,7 +104,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ret->akid = NULL; ret->aux = NULL; ret->crldp = NULL; - CRYPTO_new_ex_data(&g_ex_data_class, ret, &ret->ex_data); + CRYPTO_new_ex_data(&ret->ex_data); break; case ASN1_OP_D2I_POST: @@ -146,12 +146,12 @@ X509 *X509_up_ref(X509 *x) return x; } -int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { int index; if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, - new_func, dup_func, free_func)) + dup_func, free_func)) { return -1; } |