From 5dd48e3216ebd186930a8396b9eb2adbdf4db616 Mon Sep 17 00:00:00 2001
From: Kornel <kornel@cloudflare.com>
Date: Tue, 20 Jan 2026 01:40:35 +0000
Subject: [PATCH 1/4] Use existing macro for ForeignType

---
 boring/src/ssl/mod.rs | 45 +++++--------------------------------------
 1 file changed, 5 insertions(+), 40 deletions(-)

diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs
index 283594149..57390b463 100644
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@@ -4470,36 +4470,12 @@ impl<S> SslStreamBuilder<S> {
     }
 }
 
-/// A credential.
-pub struct SslCredential(NonNull<ffi::SSL_CREDENTIAL>);
-
-unsafe impl ForeignType for SslCredential {
+foreign_type_and_impl_send_sync! {
     type CType = ffi::SSL_CREDENTIAL;
-    type Ref = SslCredentialRef;
-
-    #[inline]
-    unsafe fn from_ptr(ptr: *mut ffi::SSL_CREDENTIAL) -> Self {
-        Self(NonNull::new_unchecked(ptr))
-    }
-
-    #[inline]
-    fn as_ptr(&self) -> *mut ffi::SSL_CREDENTIAL {
-        self.0.as_ptr()
-    }
-}
-
-impl Drop for SslCredential {
-    fn drop(&mut self) {
-        unsafe { ffi::SSL_CREDENTIAL_free(self.as_ptr()) }
-    }
-}
+    fn drop = ffi::SSL_CREDENTIAL_free;
 
-impl Deref for SslCredential {
-    type Target = SslCredentialRef;
-
-    fn deref(&self) -> &SslCredentialRef {
-        unsafe { SslCredentialRef::from_ptr(self.as_ptr()) }
-    }
+    /// A credential.
+    pub struct SslCredential;
 }
 
 impl SslCredential {
@@ -4546,11 +4522,6 @@ impl SslCredential {
     }
 }
 
-/// Reference to an [`SslCredential`].
-///
-/// [`SslCredential`]: struct.SslCredential.html
-pub struct SslCredentialRef(Opaque);
-
 impl SslCredentialRef {
     /// Returns a reference to the extra data at the specified index.
     #[corresponds(SSL_CREDENTIAL_get_ex_data)]
@@ -4602,13 +4573,7 @@ impl SslCredentialRef {
     }
 }
 
-unsafe impl Send for SslCredentialRef {}
-unsafe impl Sync for SslCredentialRef {}
-
-unsafe impl ForeignTypeRef for SslCredentialRef {
-    type CType = ffi::SSL_CREDENTIAL;
-}
-
+/// A builder for [`SslCredential`]
 pub struct SslCredentialBuilder(SslCredential);
 
 impl SslCredentialBuilder {

From a395f89a7cec037fce1936a72a97d4b0a4b5beca Mon Sep 17 00:00:00 2001
From: Kornel <kornel@cloudflare.com>
Date: Tue, 20 Jan 2026 01:43:15 +0000
Subject: [PATCH 2/4] Fix spki leak

---
 boring/src/ssl/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs
index 57390b463..1ec57dde6 100644
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@@ -4659,7 +4659,7 @@ impl SslCredentialBuilder {
 
             let ret = cvt_0i(ffi::SSL_CREDENTIAL_set1_spki(self.0.as_ptr(), spki));
 
-            if spki.is_null() {
+            if !spki.is_null() {
                 ffi::CRYPTO_BUFFER_free(spki);
             }
 

From c3cc1efab8a3fd3880d3001a55a0a9dbe0267874 Mon Sep 17 00:00:00 2001
From: Kornel <kornel@cloudflare.com>
Date: Tue, 20 Jan 2026 01:47:20 +0000
Subject: [PATCH 3/4] Don't readd leaky set_ex_data

---
 boring/src/ssl/mod.rs | 29 ++++-------------------------
 1 file changed, 4 insertions(+), 25 deletions(-)

diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs
index 1ec57dde6..80c7f71ac 100644
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@@ -4549,16 +4549,6 @@ impl SslCredentialRef {
         }
     }
 
-    // Unsafe because SSL contexts are not guaranteed to be unique, we call
-    // this only from SslCredentialBuilder.
-    #[corresponds(SSL_CREDENTIAL_set_ex_data)]
-    unsafe fn set_ex_data<T>(&mut self, index: Index<SslCredential, T>, data: T) {
-        unsafe {
-            let data = Box::into_raw(Box::new(data)) as *mut c_void;
-            ffi::SSL_CREDENTIAL_set_ex_data(self.as_ptr(), index.as_raw(), data);
-        }
-    }
-
     // Unsafe because SSL contexts are not guaranteed to be unique, we call
     // this only from SslCredentialBuilder.
     #[corresponds(SSL_CREDENTIAL_set_ex_data)]
@@ -4567,7 +4557,10 @@ impl SslCredentialRef {
             return Some(mem::replace(old, data));
         }
 
-        self.set_ex_data(index, data);
+        unsafe {
+            let data = Box::into_raw(Box::new(data)) as *mut c_void;
+            ffi::SSL_CREDENTIAL_set_ex_data(self.as_ptr(), index.as_raw(), data);
+        }
 
         None
     }
@@ -4577,20 +4570,6 @@ impl SslCredentialRef {
 pub struct SslCredentialBuilder(SslCredential);
 
 impl SslCredentialBuilder {
-    /// Sets the extra data at the specified index.
-    ///
-    /// This can be used to provide data to callbacks registered with the context. Use the
-    /// `SslCredential::new_ex_index` method to create an `Index`.
-    ///
-    /// Note that if this method is called multiple times with the same index, any previous
-    /// value stored in the `SslCredentialBuilder` will be leaked.
-    #[corresponds(SSL_CREDENTIAL_set_ex_data)]
-    pub fn set_ex_data<T>(&mut self, index: Index<SslCredential, T>, data: T) {
-        unsafe {
-            self.as_mut().set_ex_data(index, data);
-        }
-    }
-
     /// Sets or overwrites the extra data at the specified index.
     ///
     /// This can be used to provide data to callbacks registered with the context. Use the

From a02598c599996d1ff61a57b776e87d3a99499c75 Mon Sep 17 00:00:00 2001
From: Kornel <kornel@cloudflare.com>
Date: Tue, 20 Jan 2026 01:48:02 +0000
Subject: [PATCH 4/4] Remove unnecessary as_mut

---
 boring/src/ssl/mod.rs | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs
index 80c7f71ac..99a26fb1c 100644
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@@ -4578,7 +4578,7 @@ impl SslCredentialBuilder {
     /// Any previous value will be returned and replaced by the new one.
     #[corresponds(SSL_CREDENTIAL_set_ex_data)]
     pub fn replace_ex_data<T>(&mut self, index: Index<SslCredential, T>, data: T) -> Option<T> {
-        unsafe { self.as_mut().replace_ex_data(index, data) }
+        unsafe { self.0.replace_ex_data(index, data) }
     }
 
     // Sets the private key of the credential.
@@ -4602,12 +4602,10 @@ impl SslCredentialBuilder {
         M: PrivateKeyMethod,
     {
         unsafe {
-            let this = self.as_mut();
-
-            this.replace_ex_data(SslCredential::cached_ex_index::<M>(), method);
+            self.replace_ex_data(SslCredential::cached_ex_index::<M>(), method);
 
             cvt_0i(ffi::SSL_CREDENTIAL_set_private_key_method(
-                this.as_ptr(),
+                self.0.as_ptr(),
                 &ffi::SSL_PRIVATE_KEY_METHOD {
                     sign: Some(callbacks::raw_sign::<M>),
                     decrypt: Some(callbacks::raw_decrypt::<M>),
@@ -4636,22 +4634,16 @@ impl SslCredentialBuilder {
                 .transpose()?
                 .unwrap_or(ptr::null_mut());
 
-            let ret = cvt_0i(ffi::SSL_CREDENTIAL_set1_spki(self.0.as_ptr(), spki));
+            let ret = cvt_0i(ffi::SSL_CREDENTIAL_set1_spki(self.0.as_ptr(), spki)).map(|_| ());
 
             if !spki.is_null() {
                 ffi::CRYPTO_BUFFER_free(spki);
             }
 
-            ret?;
-
-            Ok(())
+            ret
         }
     }
 
-    unsafe fn as_mut(&mut self) -> &mut SslCredentialRef {
-        SslCredentialRef::from_ptr_mut(self.0.as_ptr())
-    }
-
     pub fn build(self) -> SslCredential {
         self.0
     }