X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=crypto%2Fex_data.c;h=ff32ad5be6b35ed724b4ada6bff2c9e8b555d883;hb=e869d4bd32b896a01106b5195e1f54f1dbdb529e;hp=739e543d782c57b6c90d2614c60cb16833fb4215;hpb=0ded1638ba3501f5a75d9ce86568482188207864;p=openssl.git

diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index 739e543d78..ff32ad5be6 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -1,4 +1,19 @@
 /* crypto/ex_data.c */
+
+/*
+ * This is not thread-safe, nor can it be changed to become thread-safe
+ * without changing various function prototypes and using a lot of locking.
+ * Luckily, it's not really used anywhere except in ssl_verify_cert_chain
+ * via SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c),
+ * where new_func, dup_func, and free_func all are 0, and in
+ * hwcrhk_init (crypto/engine/hw_ncipher.c), which is hopefully only
+ * ever used during program initialization.
+ *
+ * Any multi-threaded application crazy enough to use ex_data for its own
+ * purposes had better make sure that SSL_get_ex_data_X509_STORE_CTX_idx
+ * is called once before multiple threads are created.
+ */
+
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -131,7 +146,7 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
 	return(1);
 	}
 
-void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad, int idx)
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
 	{
 	if (ad->sk == NULL)
 		return(0);