Make the necessary changes to work with the recent "ex_data" overhaul.
authorGeoff Thorpe <geoff@openssl.org>
Sat, 1 Sep 2001 20:02:13 +0000 (20:02 +0000)
committerGeoff Thorpe <geoff@openssl.org>
Sat, 1 Sep 2001 20:02:13 +0000 (20:02 +0000)
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.

30 files changed:
apps/Makefile.ssl
apps/apps.h
apps/crl.c
apps/pkcs12.c
apps/verify.c
apps/x509.c
crypto/asn1/x_x509.c
crypto/bio/bio_lib.c
crypto/dh/dh_lib.c
crypto/dsa/dsa_lib.c
crypto/dsa/dsatest.c
crypto/ec/ectest.c
crypto/engine/engine_list.c
crypto/ocsp/ocsp_vfy.c
crypto/pkcs7/pk7_doit.c
crypto/pkcs7/pk7_smime.c
crypto/rsa/rsa_lib.c
crypto/rsa/rsa_test.c
crypto/ui/ui_lib.c
crypto/x509/x509.h
crypto/x509/x509_err.c
crypto/x509/x509_lu.c
crypto/x509/x509_vfy.c
crypto/x509/x509_vfy.h
ssl/s3_both.c
ssl/ssl_cert.c
ssl/ssl_lib.c
ssl/ssl_sess.c
ssl/ssltest.c
util/libeay.num

index bce72a9..a2c23a3 100644 (file)
@@ -772,8 +772,8 @@ speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
 speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 speed.o: ../include/openssl/types.h ../include/openssl/ui.h
-speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
-speed.o: ./testrsa.h apps.h speed.c
+speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h speed.c
+speed.o: testdsa.h testrsa.h
 spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
index de136f4..869b13d 100644 (file)
@@ -140,7 +140,7 @@ extern BIO *bio_err;
                ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
 #  endif
 #  define apps_shutdown() \
-               destroy_ui_method()
+               do { destroy_ui_method(); CRYPTO_cleanup_all_ex_data(); } while(0)
 #endif
 
 typedef struct args_st
index 82ef8ce..5ea59d0 100644 (file)
@@ -235,7 +235,11 @@ bad:
                        X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
                ERR_clear_error();
 
-               X509_STORE_CTX_init(&ctx, store, NULL, NULL);
+               if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
+                       BIO_printf(bio_err,
+                               "Error initialising X509 store\n");
+                       goto end;
+               }
 
                i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, 
                                        X509_CRL_get_issuer(x), &xobj);
index b507491..d90cf59 100644 (file)
@@ -810,6 +810,9 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
        STACK_OF(X509) *chn;
        int i;
 
+       /* FIXME: Should really check the return status of X509_STORE_CTX_init
+        * for an error, but how that fits into the return value of this
+        * function is less obvious. */
        X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
        if (X509_verify_cert(&store_ctx) <= 0) {
                i = X509_STORE_CTX_get_error (&store_ctx);
index 60da5c5..b1a4dac 100644 (file)
@@ -249,7 +249,11 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X
                goto end;
                }
        X509_STORE_set_flags(ctx, vflags);
-       X509_STORE_CTX_init(csc,ctx,x,uchain);
+       if(!X509_STORE_CTX_init(csc,ctx,x,uchain))
+               {
+               ERR_print_errors(bio_err);
+               goto end;
+               }
        if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
        if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
        i=X509_verify_cert(csc);
index f18aaf5..65b072c 100644 (file)
@@ -1128,7 +1128,11 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
        EVP_PKEY_copy_parameters(upkey,pkey);
        EVP_PKEY_free(upkey);
 
-       X509_STORE_CTX_init(&xsc,ctx,x,NULL);
+       if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL))
+               {
+               BIO_printf(bio_err,"Error initialising X509 store\n");
+               goto end;
+               }
        if (sno) bs = sno;
        else if (!(bs = load_serial(CAfile, serialfile, create)))
                goto end;
index b0d859d..b50167c 100644 (file)
@@ -63,9 +63,6 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-static int x509_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL;
-
 ASN1_SEQUENCE(X509_CINF) = {
        ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
        ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
@@ -96,7 +93,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
                ret->skid = NULL;
                ret->akid = NULL;
                ret->aux = NULL;
-               CRYPTO_new_ex_data(x509_meth, ret, &ret->ex_data);
+               CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
                break;
 
                case ASN1_OP_D2I_POST:
@@ -105,7 +102,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
                break;
 
                case ASN1_OP_FREE_POST:
-               CRYPTO_free_ex_data(x509_meth,ret,&ret->ex_data);
+               CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
                X509_CERT_AUX_free(ret->aux);
                ASN1_OCTET_STRING_free(ret->skid);
                AUTHORITY_KEYID_free(ret->akid);
@@ -142,10 +139,8 @@ ASN1_METHOD *X509_asn1_meth(void)
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
-       if(CRYPTO_get_ex_new_index(x509_meth_num, &x509_meth, argl, argp,
-                               new_func, dup_func, free_func) < 0)
-               return -1;
-       return (x509_meth_num++);
+       return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
+                               new_func, dup_func, free_func);
         }
 
 int X509_set_ex_data(X509 *r, int idx, void *arg)
index dcf0338..50df223 100644 (file)
@@ -63,9 +63,6 @@
 #include <openssl/bio.h>
 #include <openssl/stack.h>
 
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL;
-static int bio_meth_num=0;
-
 BIO *BIO_new(BIO_METHOD *method)
        {
        BIO *ret=NULL;
@@ -100,10 +97,14 @@ int BIO_set(BIO *bio, BIO_METHOD *method)
        bio->references=1;
        bio->num_read=0L;
        bio->num_write=0L;
-       CRYPTO_new_ex_data(bio_meth,bio,&bio->ex_data);
+       CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
        if (method->create != NULL)
                if (!method->create(bio))
+                       {
+                       CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio,
+                                       &bio->ex_data);
                        return(0);
+                       }
        return(1);
        }
 
@@ -129,7 +130,7 @@ int BIO_free(BIO *a)
                ((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0))
                        return(i);
 
-       CRYPTO_free_ex_data(bio_meth,a,&a->ex_data);
+       CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
 
        if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
        ret=a->method->destroy(a);
@@ -482,7 +483,8 @@ BIO *BIO_dup_chain(BIO *in)
                        }
 
                /* copy app data */
-               if (!CRYPTO_dup_ex_data(bio_meth,&new->ex_data,&bio->ex_data))
+               if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,
+                                       &bio->ex_data))
                        goto err;
 
                if (ret == NULL)
@@ -512,10 +514,8 @@ void BIO_copy_next_retry(BIO *b)
 int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
        {
-       if(CRYPTO_get_ex_new_index(bio_meth_num, &bio_meth, argl, argp,
-                               new_func, dup_func, free_func) < 0)
-               return -1;
-       return (bio_meth_num++);
+       return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,
+                               new_func, dup_func, free_func);
        }
 
 int BIO_set_ex_data(BIO *bio, int idx, void *data)
index f96b454..7c30461 100644 (file)
@@ -65,8 +65,6 @@
 const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
 static const DH_METHOD *default_DH_method = NULL;
-static int dh_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
 
 void DH_set_default_openssl_method(const DH_METHOD *meth)
 {
@@ -174,10 +172,10 @@ DH *DH_new_method(ENGINE *engine)
        ret->method_mont_p=NULL;
        ret->references = 1;
        ret->flags=meth->flags;
-       CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
+       CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
        if ((meth->init != NULL) && !meth->init(ret))
                {
-               CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data);
+               CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
                OPENSSL_free(ret);
                ret=NULL;
                }
@@ -206,7 +204,7 @@ void DH_free(DH *r)
        if(meth->finish) meth->finish(r);
        ENGINE_finish(r->engine);
 
-       CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
+       CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
 
        if (r->p != NULL) BN_clear_free(r->p);
        if (r->g != NULL) BN_clear_free(r->g);
@@ -238,10 +236,8 @@ int DH_up(DH *r)
 int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
-       if(CRYPTO_get_ex_new_index(dh_meth_num, &dh_meth, argl, argp,
-                               new_func, dup_func, free_func) < 0)
-               return -1;
-       return (dh_meth_num++);
+       return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
+                               new_func, dup_func, free_func);
         }
 
 int DH_set_ex_data(DH *d, int idx, void *arg)
index 98878df..bae39c2 100644 (file)
@@ -68,8 +68,6 @@
 const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
 
 static const DSA_METHOD *default_DSA_method = NULL;
-static int dsa_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
 
 void DSA_set_default_openssl_method(const DSA_METHOD *meth)
 {
@@ -181,10 +179,10 @@ DSA *DSA_new_method(ENGINE *engine)
 
        ret->references=1;
        ret->flags=meth->flags;
-       CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data);
+       CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
        if ((meth->init != NULL) && !meth->init(ret))
                {
-               CRYPTO_free_ex_data(dsa_meth,ret,&ret->ex_data);
+               CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
                OPENSSL_free(ret);
                ret=NULL;
                }
@@ -216,7 +214,7 @@ void DSA_free(DSA *r)
        if(meth->finish) meth->finish(r);
        ENGINE_finish(r->engine);
 
-       CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
+       CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
 
        if (r->p != NULL) BN_clear_free(r->p);
        if (r->q != NULL) BN_clear_free(r->q);
@@ -266,10 +264,8 @@ int DSA_size(const DSA *r)
 int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
-       if(CRYPTO_get_ex_new_index(dsa_meth_num, &dsa_meth, argl, argp,
-                               new_func, dup_func, free_func) < 0)
-               return -1;
-       return (dsa_meth_num++);
+       return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
+                               new_func, dup_func, free_func);
         }
 
 int DSA_set_ex_data(DSA *d, int idx, void *arg)
index 9eea866..5f24b59 100644 (file)
@@ -202,6 +202,7 @@ end:
        if (!ret)
                ERR_print_errors(bio_err);
        if (dsa != NULL) DSA_free(dsa);
+       CRYPTO_cleanup_all_ex_data();
        ERR_remove_state(0);
        CRYPTO_mem_leaks(bio_err);
        if (bio_err != NULL)
index c1f0b44..1d0b337 100644 (file)
@@ -619,6 +619,7 @@ int main(int argc, char *argv[])
        if (P_521) EC_GROUP_free(P_521);
 
        ENGINE_cleanup();
+       CRYPTO_cleanup_all_ex_data();
        ERR_free_strings();
        ERR_remove_state(0);
        CRYPTO_mem_leaks_fp(stderr);
index 53eadbb..926ff5a 100644 (file)
 #include "engine_int.h"
 #include <openssl/engine.h>
 
-/* Weird "ex_data" handling. Some have suggested there's some problems with the
- * CRYPTO_EX_DATA code (or model), but for now I'm implementing it exactly as
- * it's done in crypto/rsa/. That way the usage and documentation of that can be
- * used to assist here, and any changes or fixes made there should similarly map
- * over here quite straightforwardly. */
-static int engine_ex_data_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *engine_ex_data_stack = NULL;
-
 /* The linked-list of pointers to engine types. engine_list_head
  * incorporates an implicit structural reference but engine_list_tail
  * does not - the latter is a computational niceity and only points
@@ -85,7 +77,7 @@ static ENGINE *engine_list_tail = NULL;
  * is needed because the engine list may genuinely become empty during
  * use (so we can't use engine_list_head as an indicator for example. */
 static int engine_list_flag = 0;
-static int ENGINE_free_nolock(ENGINE *e);
+static int ENGINE_free_util(ENGINE *e, int locked);
 
 /* These static functions starting with a lower case "engine_" always
  * take place when CRYPTO_LOCK_ENGINE has been locked up. */
@@ -177,7 +169,7 @@ static int engine_list_remove(ENGINE *e)
                engine_list_head = e->next;
        if(engine_list_tail == e)
                engine_list_tail = e->prev;
-       ENGINE_free_nolock(e);
+       ENGINE_free_util(e, 0);
        return 1;
        }
 
@@ -199,7 +191,7 @@ static int engine_internal_check(void)
                toret = 0;
        else
                engine_list_flag = 1;
-       ENGINE_free_nolock(def_engine);
+       ENGINE_free_util(def_engine, 0);
        return 1;
        }
 
@@ -393,11 +385,11 @@ ENGINE *ENGINE_new(void)
        memset(ret, 0, sizeof(ENGINE));
        ret->struct_ref = 1;
        engine_ref_debug(ret, 0, 1)
-       CRYPTO_new_ex_data(engine_ex_data_stack, ret, &ret->ex_data);
+       CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
        return ret;
        }
 
-int ENGINE_free(ENGINE *e)
+static int ENGINE_free_util(ENGINE *e, int locked)
        {
        int i;
 
@@ -407,7 +399,10 @@ int ENGINE_free(ENGINE *e)
                        ERR_R_PASSED_NULL_PARAMETER);
                return 0;
                }
-       i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
+       if(locked)
+               i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
+       else
+               i = --e->struct_ref;
        engine_ref_debug(e, 0, -1)
        if (i > 0) return 1;
 #ifdef REF_CHECK
@@ -418,44 +413,21 @@ int ENGINE_free(ENGINE *e)
                }
 #endif
        sk_ENGINE_EVP_CIPHER_pop_free(e->ciphers,ENGINE_free_engine_cipher);
-       CRYPTO_free_ex_data(engine_ex_data_stack, e, &e->ex_data);
+       CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
        OPENSSL_free(e);
        return 1;
        }
 
-static int ENGINE_free_nolock(ENGINE *e)
+int ENGINE_free(ENGINE *e)
        {
-       int i;
-
-       if(e == NULL)
-               {
-               ENGINEerr(ENGINE_F_ENGINE_FREE,
-                       ERR_R_PASSED_NULL_PARAMETER);
-               return 0;
-               }
-       
-       i=--e->struct_ref;
-       engine_ref_debug(e, 0, -1)
-       if (i > 0) return 1;
-#ifdef REF_CHECK
-       if (i < 0)
-               {
-               fprintf(stderr,"ENGINE_free, bad structural reference count\n");
-               abort();
-               }
-#endif
-       CRYPTO_free_ex_data(engine_ex_data_stack, e, &e->ex_data);
-       OPENSSL_free(e);
-       return 1;
+       return ENGINE_free_util(e, 1);
        }
 
 int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
                CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
        {
-       if(CRYPTO_get_ex_new_index(engine_ex_data_num, &engine_ex_data_stack,
-                       argl, argp, new_func, dup_func, free_func) < 0)
-               return -1;
-       return (engine_ex_data_num++);
+       return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
+                       new_func, dup_func, free_func);
        }
 
 int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
index 43b62a8..1f5fda7 100644 (file)
@@ -101,10 +101,16 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                }
        if (!(flags & OCSP_NOVERIFY))
                {
+               int init_res;
                if(flags & OCSP_NOCHAIN)
-                       X509_STORE_CTX_init(&ctx, st, signer, NULL);
+                       init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
                else
-                       X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+                       init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+               if(!init_res)
+                       {
+                       OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
+                       goto end;
+                       }
 
                X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
                ret = X509_verify_cert(&ctx);
@@ -389,10 +395,17 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *st
                }
        if (!(flags & OCSP_NOVERIFY))
                {
+               int init_res;
                if(flags & OCSP_NOCHAIN)
-                       X509_STORE_CTX_init(&ctx, store, signer, NULL);
+                       init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
                else
-                       X509_STORE_CTX_init(&ctx, store, signer, req->optionalSignature->certs);
+                       init_res = X509_STORE_CTX_init(&ctx, store, signer,
+                                       req->optionalSignature->certs);
+               if(!init_res)
+                       {
+                       OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB);
+                       return 0;
+                       }
 
                X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
                X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
index e2c82a2..4ff021e 100644 (file)
@@ -663,7 +663,11 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
                }
 
        /* Lets verify */
-       X509_STORE_CTX_init(ctx,cert_store,x509,cert);
+       if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert))
+               {
+               PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
+               goto err;
+               }
        X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
        i=X509_verify_cert(ctx);
        if (i <= 0) 
index 348ec1d..f0d071e 100644 (file)
@@ -201,11 +201,20 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
        if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
                signer = sk_X509_value (signers, k);
                if (!(flags & PKCS7_NOCHAIN)) {
-                       X509_STORE_CTX_init(&cert_ctx, store, signer,
-                                                       p7->d.sign->cert);
+                       if(!X509_STORE_CTX_init(&cert_ctx, store, signer,
+                                                       p7->d.sign->cert))
+                               {
+                               PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
+                               sk_X509_free(signers);
+                               return 0;
+                               }
                        X509_STORE_CTX_set_purpose(&cert_ctx,
                                                X509_PURPOSE_SMIME_SIGN);
-               } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL);
+               } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
+                       PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
+                       sk_X509_free(signers);
+                       return 0;
+               }
                i = X509_verify_cert(&cert_ctx);
                if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
                X509_STORE_CTX_cleanup(&cert_ctx);
index 3accf01..e3368c1 100644 (file)
@@ -67,8 +67,6 @@
 const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
 
 static const RSA_METHOD *default_RSA_meth=NULL;
-static int rsa_meth_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;
 
 RSA *RSA_new(void)
        {
@@ -198,10 +196,10 @@ RSA *RSA_new_method(ENGINE *engine)
        ret->blinding=NULL;
        ret->bignum_data=NULL;
        ret->flags=meth->flags;
-       CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data);
+       CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
        if ((meth->init != NULL) && !meth->init(ret))
                {
-               CRYPTO_free_ex_data(rsa_meth, ret, &ret->ex_data);
+               CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
                OPENSSL_free(ret);
                ret=NULL;
                }
@@ -233,7 +231,7 @@ void RSA_free(RSA *r)
                meth->finish(r);
        ENGINE_finish(r->engine);
 
-       CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
+       CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
 
        if (r->n != NULL) BN_clear_free(r->n);
        if (r->e != NULL) BN_clear_free(r->e);
@@ -267,10 +265,8 @@ int RSA_up(RSA *r)
 int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
-       if(CRYPTO_get_ex_new_index(rsa_meth_num, &rsa_meth, argl, argp,
-                               new_func, dup_func, free_func) < 0)
-               return -1;
-       return (rsa_meth_num++);
+       return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
+                               new_func, dup_func, free_func);
         }
 
 int RSA_set_ex_data(RSA *r, int idx, void *arg)
index 2c0a1d5..5dee24b 100644 (file)
@@ -307,6 +307,7 @@ int main(int argc, char *argv[])
        RSA_free(key);
        }
 
+    CRYPTO_cleanup_all_ex_data();
     ERR_remove_state(0);
 
     CRYPTO_mem_leaks_fp(stdout);
index c526426..16946ca 100644 (file)
@@ -66,8 +66,6 @@
 IMPLEMENT_STACK_OF(UI_STRING_ST)
 
 static const UI_METHOD *default_UI_meth=NULL;
-static int ui_meth_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ui_meth=NULL;
 
 UI *UI_new(void)
        {
@@ -91,7 +89,7 @@ UI *UI_new_method(const UI_METHOD *method)
 
        ret->strings=NULL;
        ret->user_data=NULL;
-       CRYPTO_new_ex_data(ui_meth,ret,&ret->ex_data);
+       CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
        return ret;
        }
 
@@ -119,6 +117,7 @@ void UI_free(UI *ui)
        if (ui == NULL)
                return;
        sk_UI_STRING_pop_free(ui->strings,free_string);
+       CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
        OPENSSL_free(ui);
        }
 
@@ -574,10 +573,8 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)())
 int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
-       if(CRYPTO_get_ex_new_index(ui_meth_num, &ui_meth, argl, argp,
-                               new_func, dup_func, free_func) < 0)
-               return -1;
-       return (ui_meth_num++);
+       return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp,
+                               new_func, dup_func, free_func);
         }
 
 int UI_set_ex_data(UI *r, int idx, void *arg)
index 2d0ecf2..f1040ac 100644 (file)
@@ -1221,6 +1221,8 @@ void ERR_load_X509_strings(void);
 #define X509_F_X509_REQ_TO_X509                                 123
 #define X509_F_X509_STORE_ADD_CERT                      124
 #define X509_F_X509_STORE_ADD_CRL                       125
+#define X509_F_X509_STORE_CTX_INIT                      143
+#define X509_F_X509_STORE_CTX_NEW                       142
 #define X509_F_X509_STORE_CTX_PURPOSE_INHERIT           134
 #define X509_F_X509_TO_X509_REQ                                 126
 #define X509_F_X509_TRUST_ADD                           133
index fa72c16..5bbf4ac 100644 (file)
@@ -100,6 +100,8 @@ static ERR_STRING_DATA X509_str_functs[]=
 {ERR_PACK(0,X509_F_X509_REQ_TO_X509,0),        "X509_REQ_to_X509"},
 {ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0),     "X509_STORE_add_cert"},
 {ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0),      "X509_STORE_add_crl"},
+{ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0),     "X509_STORE_CTX_init"},
+{ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0),      "X509_STORE_CTX_new"},
 {ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0),  "X509_STORE_CTX_purpose_inherit"},
 {ERR_PACK(0,X509_F_X509_TO_X509_REQ,0),        "X509_to_X509_REQ"},
 {ERR_PACK(0,X509_F_X509_TRUST_ADD,0),  "X509_TRUST_add"},
index a298343..b780dae 100644 (file)
@@ -62,8 +62,6 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_meth=NULL;
-
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
        {
        X509_LOOKUP *ret;
@@ -202,7 +200,7 @@ X509_STORE *X509_STORE_new(void)
        ret->cert_crl = 0;
        ret->cleanup = 0;
 
-       memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
+       CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
        ret->references=1;
        ret->depth=0;
        return ret;
@@ -245,7 +243,7 @@ void X509_STORE_free(X509_STORE *vfy)
        sk_X509_LOOKUP_free(sk);
        sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
 
-       CRYPTO_free_ex_data(x509_store_meth,vfy,&vfy->ex_data);
+       CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
        OPENSSL_free(vfy);
        }
 
index 4c3aae7..892b784 100644 (file)
@@ -80,9 +80,6 @@ static int check_cert(X509_STORE_CTX *ctx);
 static int internal_verify(X509_STORE_CTX *ctx);
 const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
 
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
-static int x509_store_ctx_num=0;
-
 
 static int null_callback(int ok, X509_STORE_CTX *e)
        {
@@ -891,14 +888,9 @@ int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_fu
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
        {
        /* This function is (usually) called only once, by
-        * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
-        * That function uses locking, so we don't (usually)
-        * have to worry about locking here. For the whole cruel
-        * truth, see crypto/ex_data.c */
-       if(CRYPTO_get_ex_new_index(x509_store_ctx_num, &x509_store_ctx_method,
-                       argl, argp, new_func, dup_func, free_func) < 0)
-               return -1;
-       return (x509_store_ctx_num++);
+        * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
+       return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
+                       new_func, dup_func, free_func);
        }
 
 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
@@ -1032,7 +1024,12 @@ X509_STORE_CTX *X509_STORE_CTX_new(void)
 {
        X509_STORE_CTX *ctx;
        ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
-       if (ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
+       if (!ctx)
+               {
+               X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);
+               return NULL;
+               }
+       memset(ctx, 0, sizeof(X509_STORE_CTX));
        return ctx;
 }
 
@@ -1042,7 +1039,7 @@ void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
        OPENSSL_free(ctx);
 }
 
-void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
             STACK_OF(X509) *chain)
        {
        ctx->ctx=store;
@@ -1111,7 +1108,18 @@ void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
 
        ctx->cleanup = store->cleanup;
 
-       memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
+       /* This memset() can't make any sense anyway, so it's removed. As
+        * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
+        * corresponding "new" here and remove this bogus initialisation. */
+       /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
+       if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
+                               &(ctx->ex_data)))
+               {
+               OPENSSL_free(ctx);
+               X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
+               return 0;
+               }
+       return 1;
        }
 
 /* Set alternative lookup method: just a STACK of trusted certificates.
@@ -1132,7 +1140,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
                sk_X509_pop_free(ctx->chain,X509_free);
                ctx->chain=NULL;
                }
-       CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data));
+       CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
        memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
        }
 
index 043ed49..689062f 100644 (file)
@@ -332,7 +332,7 @@ X509_STORE_CTX *X509_STORE_CTX_new(void);
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
-void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
                         X509 *x509, STACK_OF(X509) *chain);
 void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
index b4d1b84..68ddb14 100644 (file)
@@ -272,7 +272,11 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                }
        if (x != NULL)
                {
-               X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL);
+               if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+                       {
+                       SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+                       return(0);
+                       }
 
                for (;;)
                        {
index ab2e009..fcd6ff9 100644 (file)
@@ -455,7 +455,11 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
                return(0);
 
        x=sk_X509_value(sk,0);
-       X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
+       if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))
+               {
+               SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
+               return(0);
+               }
        if (SSL_get_verify_depth(s) >= 0)
                X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
        X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
index df085e6..8aec403 100644 (file)
 
 const char *SSL_version_str=OPENSSL_VERSION_TEXT;
 
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
-static int ssl_meth_num=0;
-static int ssl_ctx_meth_num=0;
-
 OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
        /* evil casts, but these functions are only called if there's a library bug */
        (int (*)(SSL *,int))ssl_undefined_function,
@@ -242,7 +237,7 @@ SSL *SSL_new(SSL_CTX *ctx)
        s->read_ahead=ctx->read_ahead; /* used to happen in SSL_clear */
        SSL_clear(s);
 
-       CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data);
+       CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
 
        return(s);
 err:
@@ -372,7 +367,7 @@ void SSL_free(SSL *s)
                }
 #endif
 
-       CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data);
+       CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
 
        if (s->bbio != NULL)
                {
@@ -1272,7 +1267,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
        if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
                goto err;
 
-       CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
+       CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
 
        ret->extra_certs=NULL;
        ret->comp_methods=SSL_COMP_get_compression_methods();
@@ -1308,7 +1303,7 @@ void SSL_CTX_free(SSL_CTX *a)
                abort(); /* ok */
                }
 #endif
-       CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
+       CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
 
        if (a->sessions != NULL)
                {
@@ -1806,7 +1801,7 @@ SSL *SSL_dup(SSL *s)
        ret->options=s->options;
 
        /* copy app data, a little dangerous perhaps */
-       if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data))
+       if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
                goto err;
 
        /* setup rbio, and wbio */
@@ -2051,10 +2046,8 @@ long SSL_get_verify_result(SSL *ssl)
 int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
                         CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
        {
-       if(CRYPTO_get_ex_new_index(ssl_meth_num, &ssl_meth, argl, argp,
-                               new_func, dup_func, free_func) < 0)
-               return -1;
-       return (ssl_meth_num++);
+       return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
+                               new_func, dup_func, free_func);
        }
 
 int SSL_set_ex_data(SSL *s,int idx,void *arg)
@@ -2070,10 +2063,8 @@ void *SSL_get_ex_data(SSL *s,int idx)
 int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
                             CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
        {
-       if(CRYPTO_get_ex_new_index(ssl_ctx_meth_num, &ssl_ctx_meth, argl, argp,
-                               new_func, dup_func, free_func) < 0)
-               return -1;
-       return (ssl_ctx_meth_num++);
+       return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
+                               new_func, dup_func, free_func);
        }
 
 int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
index 5821792..9078d75 100644 (file)
@@ -64,8 +64,6 @@
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
 static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
-static int ssl_session_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_session_meth=NULL;
 
 SSL_SESSION *SSL_get_session(SSL *ssl)
 /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
@@ -91,10 +89,8 @@ SSL_SESSION *SSL_get1_session(SSL *ssl)
 int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
        {
-       if(CRYPTO_get_ex_new_index(ssl_session_num, &ssl_session_meth, argl,
-                               argp, new_func, dup_func, free_func) < 0)
-               return -1;
-       return (ssl_session_num++);
+       return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
+                       new_func, dup_func, free_func);
        }
 
 int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
@@ -126,7 +122,7 @@ SSL_SESSION *SSL_SESSION_new(void)
        ss->prev=NULL;
        ss->next=NULL;
        ss->compress_meth=0;
-       CRYPTO_new_ex_data(ssl_session_meth,ss,&ss->ex_data);
+       CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
        return(ss);
        }
 
@@ -520,7 +516,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
                }
 #endif
 
-       CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
+       CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
 
        memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
        memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
index 7d1249f..9ba5607 100644 (file)
@@ -714,6 +714,7 @@ end:
        free_tmp_rsa();
 #endif
        ENGINE_cleanup();
+       CRYPTO_cleanup_all_ex_data();
        ERR_free_strings();
        ERR_remove_state(0);
        EVP_cleanup();
index ee9d309..3e274c9 100755 (executable)
@@ -2653,3 +2653,7 @@ ENGINE_cipher_num                       3101      EXIST::FUNCTION:
 DH_up                                   3102   EXIST::FUNCTION:DH
 RSA_up                                  3103   EXIST::FUNCTION:RSA
 EVP_DigestInit_dbg                      3104   EXIST::FUNCTION:
+CRYPTO_cleanup_all_ex_data              3105   EXIST::FUNCTION:
+CRYPTO_set_ex_data_implementation       3106   EXIST::FUNCTION:
+CRYPTO_ex_data_new_class                3107   EXIST::FUNCTION:
+CRYPTO_get_ex_data_implementation       3108   EXIST::FUNCTION: