Don't store an HMAC key for longer than we need

[openssl.git] / crypto / ex_data.c

diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index 9f08606d2ff9de4641e1c612cc170cecb7f9a7d2..3cffef897b84ed673bcee9f7795e5ddfcec40129 100644 (file)
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -38,13 +38,8 @@ static EX_CALLBACKS *get_and_lock(OPENSSL_CTX *ctx, int class_index)
     global = openssl_ctx_get_ex_data_global(ctx);
     if (global == NULL || global->ex_data_lock == NULL) {
         /*
-         * This can happen in normal operation when using CRYPTO_mem_leaks().
-         * The CRYPTO_mem_leaks() function calls OPENSSL_cleanup() which cleans
-         * up the locks. Subsequently the BIO that CRYPTO_mem_leaks() uses gets
-         * freed, which also attempts to free the ex_data. However
-         * CRYPTO_mem_leaks() ensures that the ex_data is freed early (i.e.
-         * before OPENSSL_cleanup() is called), so if we get here we can safely
-         * ignore this operation. We just treat it as an error.
+         * If we get here, someone (who?) cleaned up the lock, so just
+         * treat it as an error.
          */
          return NULL;
     }
@@ -108,7 +103,7 @@ static int dummy_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
 
 int crypto_free_ex_index_ex(OPENSSL_CTX *ctx, int class_index, int idx)
 {
-    EX_CALLBACKS *ip = get_and_lock(ctx, class_index);
+    EX_CALLBACKS *ip;
     EX_CALLBACK *a;
     int toret = 0;
     OSSL_EX_DATA_GLOBAL *global = openssl_ctx_get_ex_data_global(ctx);