From 79aa04ef27f69a1149d4d0e72d2d2953b6241ef0 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sat, 1 Sep 2001 20:02:13 +0000 Subject: Make the necessary changes to work with the recent "ex_data" overhaul. See the commit log message for that for more information. NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented (initialisation by "memset" won't/can't/doesn't work). This fixes that but requires that X509_STORE_CTX_init() be able to handle errors - so its prototype has been changed to return 'int' rather than 'void'. All uses of that function throughout the source code have been tracked down and adjusted. --- ssl/s3_both.c | 6 +++++- ssl/ssl_cert.c | 6 +++++- ssl/ssl_lib.c | 27 +++++++++------------------ ssl/ssl_sess.c | 12 ++++-------- ssl/ssltest.c | 1 + 5 files changed, 24 insertions(+), 28 deletions(-) (limited to 'ssl') diff --git a/ssl/s3_both.c b/ssl/s3_both.c index b4d1b8445d..68ddb143da 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -272,7 +272,11 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) } if (x != NULL) { - X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL); + if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) + { + SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); + return(0); + } for (;;) { diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index ab2e00969a..fcd6ff90b6 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -455,7 +455,11 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) return(0); x=sk_X509_value(sk,0); - X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk); + if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk)) + { + SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); + return(0); + } if (SSL_get_verify_depth(s) >= 0) X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index df085e6a02..8aec403c5a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -71,11 +71,6 @@ const char *SSL_version_str=OPENSSL_VERSION_TEXT; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL; -static int ssl_meth_num=0; -static int ssl_ctx_meth_num=0; - OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={ /* evil casts, but these functions are only called if there's a library bug */ (int (*)(SSL *,int))ssl_undefined_function, @@ -242,7 +237,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->read_ahead=ctx->read_ahead; /* used to happen in SSL_clear */ SSL_clear(s); - CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data); + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); return(s); err: @@ -372,7 +367,7 @@ void SSL_free(SSL *s) } #endif - CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); if (s->bbio != NULL) { @@ -1272,7 +1267,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) goto err; - CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data); + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); ret->extra_certs=NULL; ret->comp_methods=SSL_COMP_get_compression_methods(); @@ -1308,7 +1303,7 @@ void SSL_CTX_free(SSL_CTX *a) abort(); /* ok */ } #endif - CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); if (a->sessions != NULL) { @@ -1806,7 +1801,7 @@ SSL *SSL_dup(SSL *s) ret->options=s->options; /* copy app data, a little dangerous perhaps */ - if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data)) + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) goto err; /* setup rbio, and wbio */ @@ -2051,10 +2046,8 @@ long SSL_get_verify_result(SSL *ssl) int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) { - if(CRYPTO_get_ex_new_index(ssl_meth_num, &ssl_meth, argl, argp, - new_func, dup_func, free_func) < 0) - return -1; - return (ssl_meth_num++); + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, + new_func, dup_func, free_func); } int SSL_set_ex_data(SSL *s,int idx,void *arg) @@ -2070,10 +2063,8 @@ void *SSL_get_ex_data(SSL *s,int idx) int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) { - if(CRYPTO_get_ex_new_index(ssl_ctx_meth_num, &ssl_ctx_meth, argl, argp, - new_func, dup_func, free_func) < 0) - return -1; - return (ssl_ctx_meth_num++); + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, + new_func, dup_func, free_func); } int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 5821792b76..9078d759f5 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -64,8 +64,6 @@ static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); -static int ssl_session_num=0; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_session_meth=NULL; SSL_SESSION *SSL_get_session(SSL *ssl) /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ @@ -91,10 +89,8 @@ SSL_SESSION *SSL_get1_session(SSL *ssl) int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - if(CRYPTO_get_ex_new_index(ssl_session_num, &ssl_session_meth, argl, - argp, new_func, dup_func, free_func) < 0) - return -1; - return (ssl_session_num++); + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, + new_func, dup_func, free_func); } int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) @@ -126,7 +122,7 @@ SSL_SESSION *SSL_SESSION_new(void) ss->prev=NULL; ss->next=NULL; ss->compress_meth=0; - CRYPTO_new_ex_data(ssl_session_meth,ss,&ss->ex_data); + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); return(ss); } @@ -520,7 +516,7 @@ void SSL_SESSION_free(SSL_SESSION *ss) } #endif - CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH); memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 7d1249fd5c..9ba560701c 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -714,6 +714,7 @@ end: free_tmp_rsa(); #endif ENGINE_cleanup(); + CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); EVP_cleanup(); -- cgit v1.2.3