Make the necessary changes to work with the recent "ex_data" overhaul.

See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.

5 files changed, 24 insertions, 28 deletions

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index b4d1b8445d..68ddb143da 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -272,7 +272,11 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
 		}
 	if (x != NULL)
 		{
-		X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL);
+		if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+			{
+			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+			return(0);
+			}
 
 		for (;;)
 			{
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index ab2e00969a..fcd6ff90b6 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -455,7 +455,11 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 		return(0);
 
 	x=sk_X509_value(sk,0);
-	X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
+	if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))
+		{
+		SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
+		return(0);
+		}
 	if (SSL_get_verify_depth(s) >= 0)
 		X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
 	X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index df085e6a02..8aec403c5a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -71,11 +71,6 @@
 
 const char *SSL_version_str=OPENSSL_VERSION_TEXT;
 
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
-static int ssl_meth_num=0;
-static int ssl_ctx_meth_num=0;
-
 OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
 	/* evil casts, but these functions are only called if there's a library bug */
 	(int (*)(SSL *,int))ssl_undefined_function,
@@ -242,7 +237,7 @@ SSL *SSL_new(SSL_CTX *ctx)
 	s->read_ahead=ctx->read_ahead; /* used to happen in SSL_clear */
 	SSL_clear(s);
 
-	CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data);
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
 
 	return(s);
 err:
@@ -372,7 +367,7 @@ void SSL_free(SSL *s)
 		}
 #endif
 
-	CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
 
 	if (s->bbio != NULL)
 		{
@@ -1272,7 +1267,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 	if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
 		goto err;
 
-	CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
 
 	ret->extra_certs=NULL;
 	ret->comp_methods=SSL_COMP_get_compression_methods();
@@ -1308,7 +1303,7 @@ void SSL_CTX_free(SSL_CTX *a)
 		abort(); /* ok */
 		}
 #endif
-	CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
 
 	if (a->sessions != NULL)
 		{
@@ -1806,7 +1801,7 @@ SSL *SSL_dup(SSL *s)
 	ret->options=s->options;
 
 	/* copy app data, a little dangerous perhaps */
-	if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data))
+	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
 		goto err;
 
 	/* setup rbio, and wbio */
@@ -2051,10 +2046,8 @@ long SSL_get_verify_result(SSL *ssl)
 int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
 			 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
 	{
-	if(CRYPTO_get_ex_new_index(ssl_meth_num, &ssl_meth, argl, argp,
-				new_func, dup_func, free_func) < 0)
-		return -1;
-	return (ssl_meth_num++);
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
+				new_func, dup_func, free_func);
 	}
 
 int SSL_set_ex_data(SSL *s,int idx,void *arg)
@@ -2070,10 +2063,8 @@ void *SSL_get_ex_data(SSL *s,int idx)
 int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
 			     CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
 	{
-	if(CRYPTO_get_ex_new_index(ssl_ctx_meth_num, &ssl_ctx_meth, argl, argp,
-				new_func, dup_func, free_func) < 0)
-		return -1;
-	return (ssl_ctx_meth_num++);
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
+				new_func, dup_func, free_func);
 	}
 
 int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 5821792b76..9078d759f5 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -64,8 +64,6 @@
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
 static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
-static int ssl_session_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_session_meth=NULL;
 
 SSL_SESSION *SSL_get_session(SSL *ssl)
 /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
@@ -91,10 +89,8 @@ SSL_SESSION *SSL_get1_session(SSL *ssl)
 int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
 	{
-	if(CRYPTO_get_ex_new_index(ssl_session_num, &ssl_session_meth, argl,
-				argp, new_func, dup_func, free_func) < 0)
-		return -1;
-	return (ssl_session_num++);
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
+			new_func, dup_func, free_func);
 	}
 
 int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
@@ -126,7 +122,7 @@ SSL_SESSION *SSL_SESSION_new(void)
 	ss->prev=NULL;
 	ss->next=NULL;
 	ss->compress_meth=0;
-	CRYPTO_new_ex_data(ssl_session_meth,ss,&ss->ex_data);
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
 	return(ss);
 	}
 
@@ -520,7 +516,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
 		}
 #endif
 
-	CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
 
 	memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
 	memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 7d1249fd5c..9ba560701c 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -714,6 +714,7 @@ end:
 	free_tmp_rsa();
 #endif
 	ENGINE_cleanup();
+	CRYPTO_cleanup_all_ex_data();
 	ERR_free_strings();
 	ERR_remove_state(0);
 	EVP_cleanup();