Google Git
Sign in
boringssl / boringssl / 698aa894c96412d4df20e2bb031d9eb9c9d5919a^! / .
commit698aa894c96412d4df20e2bb031d9eb9c9d5919a[log] [tgz]
authorDavid Benjamin <davidben@google.com>Sat Nov 18 17:57:01 2023 -0500
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Nov 22 00:35:38 2023 +0000
tree1764fa90838adebedeee828949dc97e2c7e35cd3
parent439ce287f11c258153b85ebf45bacb6c5eac4911 [diff]
Remove X509_STORE_CTX_zero

This was never used externally. It's a remnant of when we supported
stack-allocated X509_STOREs, but now its opaque.

Change-Id: Idb997237ca81f4c35795cfc8c9d2ee222629e1ce
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64128
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index acf2d2c..c78faf4 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c

@@ -1635,17 +1635,7 @@
 }
 
 X509_STORE_CTX *X509_STORE_CTX_new(void) {
-  X509_STORE_CTX *ctx;
-  ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
-  if (!ctx) {
-    return NULL;
-  }
-  X509_STORE_CTX_zero(ctx);
-  return ctx;
-}
-
-void X509_STORE_CTX_zero(X509_STORE_CTX *ctx) {
-  OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
+  return OPENSSL_zalloc(sizeof(X509_STORE_CTX));
 }
 
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx) {
@@ -1658,7 +1648,13 @@
 
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
                         STACK_OF(X509) *chain) {
-  X509_STORE_CTX_zero(ctx);
+  // TODO(davidben): This is a remnant of when |X509_STORE_CTX| was a
+  // stack-allocatable function. Now that it is heap-allocated, we don't need to
+  // worry about uninitialized memory in |ctx|. Move the memset to
+  // |X509_STORE_CTX_cleanup| and call |X509_STORE_CTX_cleanup| here so callers
+  // don't leak memory when re-initializing a previously initialized
+  // |X509_STORE_CTX|.
+  OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
   ctx->ctx = store;
   ctx->cert = x509;
   ctx->untrusted = chain;

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index aefd5f6..df3dd58 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h

@@ -2982,7 +2982,6 @@
 OPENSSL_EXPORT int X509_STORE_CTX_get1_issuer(X509 **issuer,
                                               X509_STORE_CTX *ctx, X509 *x);
 
-OPENSSL_EXPORT void X509_STORE_CTX_zero(X509_STORE_CTX *ctx);
 OPENSSL_EXPORT void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
                                        X509 *x509, STACK_OF(X509) *chain);