Remove X509_STORE_CTX_zero

davidben · justsmth · commit f5072977c7e8 · 2024-03-21T14:23:26.000-04:00
This was never used externally. It's a remnant of when we supported stack-allocated X509_STOREs, but now its opaque. Change-Id: Idb997237ca81f4c35795cfc8c9d2ee222629e1ce Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64128 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: Bob Beck <bbe@google.com> (cherry picked from commit 698aa894c96412d4df20e2bb031d9eb9c9d5919a)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
@@ -1659,18 +1659,7 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 }
 
 X509_STORE_CTX *X509_STORE_CTX_new(void) {
-  X509_STORE_CTX *ctx;
-  ctx = (X509_STORE_CTX *)OPENSSL_zalloc(sizeof(X509_STORE_CTX));
-  if (!ctx) {
-    return NULL;
-  }
-  // NO-OP: struct already zeroed
-  //X509_STORE_CTX_zero(ctx);
-  return ctx;
-}
-
-void X509_STORE_CTX_zero(X509_STORE_CTX *ctx) {
-  OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
+  return OPENSSL_zalloc(sizeof(X509_STORE_CTX));
 }
 
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx) {
@@ -1683,7 +1672,13 @@ void X509_STORE_CTX_free(X509_STORE_CTX *ctx) {
 
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
                         STACK_OF(X509) *chain) {
-  X509_STORE_CTX_zero(ctx);
+  // TODO(davidben): This is a remnant of when |X509_STORE_CTX| was a
+  // stack-allocatable function. Now that it is heap-allocated, we don't need to
+  // worry about uninitialized memory in |ctx|. Move the memset to
+  // |X509_STORE_CTX_cleanup| and call |X509_STORE_CTX_cleanup| here so callers
+  // don't leak memory when re-initializing a previously initialized
+  // |X509_STORE_CTX|.
+  OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
   ctx->ctx = store;
   ctx->cert = x509;
   ctx->untrusted = chain;
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
@@ -3118,7 +3118,6 @@ OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void);
 OPENSSL_EXPORT int X509_STORE_CTX_get1_issuer(X509 **issuer,
                                               X509_STORE_CTX *ctx, X509 *x);
 
-OPENSSL_EXPORT void X509_STORE_CTX_zero(X509_STORE_CTX *ctx);
 OPENSSL_EXPORT void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
                                        X509 *x509, STACK_OF(X509) *chain);
