Remove X509_STORE_CTX_zero

This was never used externally. It's a remnant of when we supported stack-allocated X509_STOREs, but now its opaque. Change-Id: Idb997237ca81f4c35795cfc8c9d2ee222629e1ce Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64128 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: Bob Beck <bbe@google.com>
google · Nov 22, 2023 · 698aa89 · 698aa89
1 parent 439ce28
commit 698aa89
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 13 deletions.
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
@@ -1635,17 +1635,7 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 }
 
 X509_STORE_CTX *X509_STORE_CTX_new(void) {
-  X509_STORE_CTX *ctx;
-  ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
-  if (!ctx) {
-    return NULL;
-  }
-  X509_STORE_CTX_zero(ctx);
-  return ctx;
-}
-
-void X509_STORE_CTX_zero(X509_STORE_CTX *ctx) {
-  OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
+  return OPENSSL_zalloc(sizeof(X509_STORE_CTX));
 }
 
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx) {
@@ -1658,7 +1648,13 @@ void X509_STORE_CTX_free(X509_STORE_CTX *ctx) {
 
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
                         STACK_OF(X509) *chain) {
-  X509_STORE_CTX_zero(ctx);
+  // TODO(davidben): This is a remnant of when |X509_STORE_CTX| was a
+  // stack-allocatable function. Now that it is heap-allocated, we don't need to
+  // worry about uninitialized memory in |ctx|. Move the memset to
+  // |X509_STORE_CTX_cleanup| and call |X509_STORE_CTX_cleanup| here so callers
+  // don't leak memory when re-initializing a previously initialized
+  // |X509_STORE_CTX|.
+  OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
   ctx->ctx = store;
   ctx->cert = x509;
   ctx->untrusted = chain;

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
@@ -2982,7 +2982,6 @@ OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void);
 OPENSSL_EXPORT int X509_STORE_CTX_get1_issuer(X509 **issuer,
                                               X509_STORE_CTX *ctx, X509 *x);
 
-OPENSSL_EXPORT void X509_STORE_CTX_zero(X509_STORE_CTX *ctx);
 OPENSSL_EXPORT void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
                                        X509 *x509, STACK_OF(X509) *chain);