Comment correction.

[openssl.git] / crypto / ex_data.c

diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index 1ee88da2a83b5d415187ab735c0f8c71ad544a64..ff32ad5be6b35ed724b4ada6bff2c9e8b555d883 100644 (file)
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -1,4 +1,19 @@
 /* crypto/ex_data.c */
+
+/*
+ * This is not thread-safe, nor can it be changed to become thread-safe
+ * without changing various function prototypes and using a lot of locking.
+ * Luckily, it's not really used anywhere except in ssl_verify_cert_chain
+ * via SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c),
+ * where new_func, dup_func, and free_func all are 0, and in
+ * hwcrhk_init (crypto/engine/hw_ncipher.c), which is hopefully only
+ * ever used during program initialization.
+ *
+ * Any multi-threaded application crazy enough to use ex_data for its own
+ * purposes had better make sure that SSL_get_ex_data_X509_STORE_CTX_idx
+ * is called once before multiple threads are created.
+ */
+
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -101,7 +116,7 @@ int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long
        ret=idx;
 err:
        MemCheck_on();
-       return(idx);
+       return(ret);
        }
 
 int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
@@ -131,7 +146,7 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
        return(1);
        }
 
-void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad, int idx)
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
        {
        if (ad->sk == NULL)
                return(0);