Google Git
Sign in
boringssl/boringssl/1bd6e92b2a454009cc3243f5eb54f09c1929810c^!/.
commit
1bd6e92b2a454009cc3243f5eb54f09c1929810c
[log]
author
David Benjamin <davidben@google.com>
Mon Feb 12 18:09:37 2024 -0500
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Thu Feb 22 05:37:05 2024 +0000
tree
d2b5c2ad2bd347b4b2e58c033c431a5afcfb561b
parent
fbf10f0d968beb56622eb4927bace53a0e931189 [diff]
Remove some indirection in SSL_certs_clear

If we move SSL_certs_clear to ssl_cert.cc, ssl_cert_clear_certs does not
need to be in the header. Moreover, its only other caller, ~CERT(), does
not need to call it. Now that everything outside of SSL_X509_METHOD is
managed with scopers, the destructor does it automatically. And
cert_free on SSL_X509_METHOD already automatically calls cert_clear, so
it's a no-op to do it again.

Change-Id: Ief9c704cc45440288783564ac4db4a27fbec1bfc
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66370
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

diff --git a/ssl/internal.h b/ssl/internal.h
index dcc546b..35233af 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -3197,7 +3197,6 @@
 static const size_t kMaxEarlyDataAccepted = 14336;
 
 UniquePtr<CERT> ssl_cert_dup(CERT *cert);
-void ssl_cert_clear_certs(CERT *cert);
 bool ssl_set_cert(CERT *cert, UniquePtr<CRYPTO_BUFFER> buffer);
 bool ssl_is_key_type_supported(int key_type);
 // ssl_compare_public_and_private_key returns true if |pubkey| is the public

diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
index 9c40329..80426d8 100644
--- a/ssl/ssl_cert.cc
+++ b/ssl/ssl_cert.cc

@@ -137,10 +137,7 @@
 CERT::CERT(const SSL_X509_METHOD *x509_method_arg)
     : x509_method(x509_method_arg) {}
 
-CERT::~CERT() {
-  ssl_cert_clear_certs(this);
-  x509_method->cert_free(this);
-}
+CERT::~CERT() { x509_method->cert_free(this); }
 
 static CRYPTO_BUFFER *buffer_up_ref(const CRYPTO_BUFFER *buffer) {
   CRYPTO_BUFFER_up_ref(const_cast<CRYPTO_BUFFER *>(buffer));
@@ -192,23 +189,6 @@
   return ret;
 }
 
-// Free up and clear all certificates and chains
-void ssl_cert_clear_certs(CERT *cert) {
-  if (cert == NULL) {
-    return;
-  }
-
-  cert->x509_method->cert_clear(cert);
-
-  cert->chain.reset();
-  cert->privatekey.reset();
-  cert->key_method = nullptr;
-
-  cert->dc.reset();
-  cert->dc_privatekey.reset();
-  cert->dc_key_method = nullptr;
-}
-
 static void ssl_cert_set_cert_cb(CERT *cert, int (*cb)(SSL *ssl, void *arg),
                                  void *arg) {
   cert->cert_cb = cb;
@@ -890,6 +870,23 @@
                                 privkey_method);
 }
 
+void SSL_certs_clear(SSL *ssl) {
+  if (!ssl->config) {
+    return;
+  }
+
+  CERT *cert = ssl->config->cert.get();
+  cert->x509_method->cert_clear(cert);
+
+  cert->chain.reset();
+  cert->privatekey.reset();
+  cert->key_method = nullptr;
+
+  cert->dc.reset();
+  cert->dc_privatekey.reset();
+  cert->dc_key_method = nullptr;
+}
+
 const STACK_OF(CRYPTO_BUFFER) *SSL_CTX_get0_chain(const SSL_CTX *ctx) {
   return ctx->cert->chain.get();
 }

diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 91741fd..23fdccb 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc

@@ -1566,13 +1566,6 @@
   return ssl->config->cert->sid_ctx;
 }
 
-void SSL_certs_clear(SSL *ssl) {
-  if (!ssl->config) {
-    return;
-  }
-  ssl_cert_clear_certs(ssl->config->cert.get());
-}
-
 int SSL_get_fd(const SSL *ssl) { return SSL_get_rfd(ssl); }
 
 int SSL_get_rfd(const SSL *ssl) {