See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
speed.o: ../include/openssl/types.h ../include/openssl/ui.h
-speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
-speed.o: ./testrsa.h apps.h speed.c
+speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h speed.c
+speed.o: testdsa.h testrsa.h
spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h
spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
# endif
# define apps_shutdown() \
- destroy_ui_method()
+ do { destroy_ui_method(); CRYPTO_cleanup_all_ex_data(); } while(0)
#endif
typedef struct args_st
X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
ERR_clear_error();
- X509_STORE_CTX_init(&ctx, store, NULL, NULL);
+ if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
+ BIO_printf(bio_err,
+ "Error initialising X509 store\n");
+ goto end;
+ }
i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
X509_CRL_get_issuer(x), &xobj);
STACK_OF(X509) *chn;
int i;
+ /* FIXME: Should really check the return status of X509_STORE_CTX_init
+ * for an error, but how that fits into the return value of this
+ * function is less obvious. */
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
if (X509_verify_cert(&store_ctx) <= 0) {
i = X509_STORE_CTX_get_error (&store_ctx);
goto end;
}
X509_STORE_set_flags(ctx, vflags);
- X509_STORE_CTX_init(csc,ctx,x,uchain);
+ if(!X509_STORE_CTX_init(csc,ctx,x,uchain))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
i=X509_verify_cert(csc);
EVP_PKEY_copy_parameters(upkey,pkey);
EVP_PKEY_free(upkey);
- X509_STORE_CTX_init(&xsc,ctx,x,NULL);
+ if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL))
+ {
+ BIO_printf(bio_err,"Error initialising X509 store\n");
+ goto end;
+ }
if (sno) bs = sno;
else if (!(bs = load_serial(CAfile, serialfile, create)))
goto end;
#include <openssl/x509.h>
#include <openssl/x509v3.h>
-static int x509_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL;
-
ASN1_SEQUENCE(X509_CINF) = {
ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
ret->skid = NULL;
ret->akid = NULL;
ret->aux = NULL;
- CRYPTO_new_ex_data(x509_meth, ret, &ret->ex_data);
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
break;
case ASN1_OP_D2I_POST:
break;
case ASN1_OP_FREE_POST:
- CRYPTO_free_ex_data(x509_meth,ret,&ret->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
X509_CERT_AUX_free(ret->aux);
ASN1_OCTET_STRING_free(ret->skid);
AUTHORITY_KEYID_free(ret->akid);
int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
- if(CRYPTO_get_ex_new_index(x509_meth_num, &x509_meth, argl, argp,
- new_func, dup_func, free_func) < 0)
- return -1;
- return (x509_meth_num++);
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
+ new_func, dup_func, free_func);
}
int X509_set_ex_data(X509 *r, int idx, void *arg)
#include <openssl/bio.h>
#include <openssl/stack.h>
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL;
-static int bio_meth_num=0;
-
BIO *BIO_new(BIO_METHOD *method)
{
BIO *ret=NULL;
bio->references=1;
bio->num_read=0L;
bio->num_write=0L;
- CRYPTO_new_ex_data(bio_meth,bio,&bio->ex_data);
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
if (method->create != NULL)
if (!method->create(bio))
+ {
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio,
+ &bio->ex_data);
return(0);
+ }
return(1);
}
((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0))
return(i);
- CRYPTO_free_ex_data(bio_meth,a,&a->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
ret=a->method->destroy(a);
}
/* copy app data */
- if (!CRYPTO_dup_ex_data(bio_meth,&new->ex_data,&bio->ex_data))
+ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,
+ &bio->ex_data))
goto err;
if (ret == NULL)
int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
- if(CRYPTO_get_ex_new_index(bio_meth_num, &bio_meth, argl, argp,
- new_func, dup_func, free_func) < 0)
- return -1;
- return (bio_meth_num++);
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,
+ new_func, dup_func, free_func);
}
int BIO_set_ex_data(BIO *bio, int idx, void *data)
const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
static const DH_METHOD *default_DH_method = NULL;
-static int dh_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
void DH_set_default_openssl_method(const DH_METHOD *meth)
{
ret->method_mont_p=NULL;
ret->references = 1;
ret->flags=meth->flags;
- CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
if ((meth->init != NULL) && !meth->init(ret))
{
- CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
}
if(meth->finish) meth->finish(r);
ENGINE_finish(r->engine);
- CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
if (r->p != NULL) BN_clear_free(r->p);
if (r->g != NULL) BN_clear_free(r->g);
int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
- if(CRYPTO_get_ex_new_index(dh_meth_num, &dh_meth, argl, argp,
- new_func, dup_func, free_func) < 0)
- return -1;
- return (dh_meth_num++);
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
+ new_func, dup_func, free_func);
}
int DH_set_ex_data(DH *d, int idx, void *arg)
const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
static const DSA_METHOD *default_DSA_method = NULL;
-static int dsa_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
void DSA_set_default_openssl_method(const DSA_METHOD *meth)
{
ret->references=1;
ret->flags=meth->flags;
- CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data);
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
if ((meth->init != NULL) && !meth->init(ret))
{
- CRYPTO_free_ex_data(dsa_meth,ret,&ret->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
}
if(meth->finish) meth->finish(r);
ENGINE_finish(r->engine);
- CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
if (r->p != NULL) BN_clear_free(r->p);
if (r->q != NULL) BN_clear_free(r->q);
int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
- if(CRYPTO_get_ex_new_index(dsa_meth_num, &dsa_meth, argl, argp,
- new_func, dup_func, free_func) < 0)
- return -1;
- return (dsa_meth_num++);
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
+ new_func, dup_func, free_func);
}
int DSA_set_ex_data(DSA *d, int idx, void *arg)
if (!ret)
ERR_print_errors(bio_err);
if (dsa != NULL) DSA_free(dsa);
+ CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0);
CRYPTO_mem_leaks(bio_err);
if (bio_err != NULL)
if (P_521) EC_GROUP_free(P_521);
ENGINE_cleanup();
+ CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
ERR_remove_state(0);
CRYPTO_mem_leaks_fp(stderr);
#include "engine_int.h"
#include <openssl/engine.h>
-/* Weird "ex_data" handling. Some have suggested there's some problems with the
- * CRYPTO_EX_DATA code (or model), but for now I'm implementing it exactly as
- * it's done in crypto/rsa/. That way the usage and documentation of that can be
- * used to assist here, and any changes or fixes made there should similarly map
- * over here quite straightforwardly. */
-static int engine_ex_data_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *engine_ex_data_stack = NULL;
-
/* The linked-list of pointers to engine types. engine_list_head
* incorporates an implicit structural reference but engine_list_tail
* does not - the latter is a computational niceity and only points
* is needed because the engine list may genuinely become empty during
* use (so we can't use engine_list_head as an indicator for example. */
static int engine_list_flag = 0;
-static int ENGINE_free_nolock(ENGINE *e);
+static int ENGINE_free_util(ENGINE *e, int locked);
/* These static functions starting with a lower case "engine_" always
* take place when CRYPTO_LOCK_ENGINE has been locked up. */
engine_list_head = e->next;
if(engine_list_tail == e)
engine_list_tail = e->prev;
- ENGINE_free_nolock(e);
+ ENGINE_free_util(e, 0);
return 1;
}
toret = 0;
else
engine_list_flag = 1;
- ENGINE_free_nolock(def_engine);
+ ENGINE_free_util(def_engine, 0);
return 1;
}
memset(ret, 0, sizeof(ENGINE));
ret->struct_ref = 1;
engine_ref_debug(ret, 0, 1)
- CRYPTO_new_ex_data(engine_ex_data_stack, ret, &ret->ex_data);
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
return ret;
}
-int ENGINE_free(ENGINE *e)
+static int ENGINE_free_util(ENGINE *e, int locked)
{
int i;
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
+ if(locked)
+ i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
+ else
+ i = --e->struct_ref;
engine_ref_debug(e, 0, -1)
if (i > 0) return 1;
#ifdef REF_CHECK
}
#endif
sk_ENGINE_EVP_CIPHER_pop_free(e->ciphers,ENGINE_free_engine_cipher);
- CRYPTO_free_ex_data(engine_ex_data_stack, e, &e->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
OPENSSL_free(e);
return 1;
}
-static int ENGINE_free_nolock(ENGINE *e)
+int ENGINE_free(ENGINE *e)
{
- int i;
-
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_FREE,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-
- i=--e->struct_ref;
- engine_ref_debug(e, 0, -1)
- if (i > 0) return 1;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"ENGINE_free, bad structural reference count\n");
- abort();
- }
-#endif
- CRYPTO_free_ex_data(engine_ex_data_stack, e, &e->ex_data);
- OPENSSL_free(e);
- return 1;
+ return ENGINE_free_util(e, 1);
}
int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
- if(CRYPTO_get_ex_new_index(engine_ex_data_num, &engine_ex_data_stack,
- argl, argp, new_func, dup_func, free_func) < 0)
- return -1;
- return (engine_ex_data_num++);
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
+ new_func, dup_func, free_func);
}
int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
}
if (!(flags & OCSP_NOVERIFY))
{
+ int init_res;
if(flags & OCSP_NOCHAIN)
- X509_STORE_CTX_init(&ctx, st, signer, NULL);
+ init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
else
- X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+ init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+ if(!init_res)
+ {
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
+ goto end;
+ }
X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
ret = X509_verify_cert(&ctx);
}
if (!(flags & OCSP_NOVERIFY))
{
+ int init_res;
if(flags & OCSP_NOCHAIN)
- X509_STORE_CTX_init(&ctx, store, signer, NULL);
+ init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
else
- X509_STORE_CTX_init(&ctx, store, signer, req->optionalSignature->certs);
+ init_res = X509_STORE_CTX_init(&ctx, store, signer,
+ req->optionalSignature->certs);
+ if(!init_res)
+ {
+ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB);
+ return 0;
+ }
X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
}
/* Lets verify */
- X509_STORE_CTX_init(ctx,cert_store,x509,cert);
+ if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert))
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
+ goto err;
+ }
X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
i=X509_verify_cert(ctx);
if (i <= 0)
if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
signer = sk_X509_value (signers, k);
if (!(flags & PKCS7_NOCHAIN)) {
- X509_STORE_CTX_init(&cert_ctx, store, signer,
- p7->d.sign->cert);
+ if(!X509_STORE_CTX_init(&cert_ctx, store, signer,
+ p7->d.sign->cert))
+ {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
+ sk_X509_free(signers);
+ return 0;
+ }
X509_STORE_CTX_set_purpose(&cert_ctx,
X509_PURPOSE_SMIME_SIGN);
- } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL);
+ } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
+ sk_X509_free(signers);
+ return 0;
+ }
i = X509_verify_cert(&cert_ctx);
if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
X509_STORE_CTX_cleanup(&cert_ctx);
const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
static const RSA_METHOD *default_RSA_meth=NULL;
-static int rsa_meth_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;
RSA *RSA_new(void)
{
ret->blinding=NULL;
ret->bignum_data=NULL;
ret->flags=meth->flags;
- CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data);
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
if ((meth->init != NULL) && !meth->init(ret))
{
- CRYPTO_free_ex_data(rsa_meth, ret, &ret->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
}
meth->finish(r);
ENGINE_finish(r->engine);
- CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
if (r->n != NULL) BN_clear_free(r->n);
if (r->e != NULL) BN_clear_free(r->e);
int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
- if(CRYPTO_get_ex_new_index(rsa_meth_num, &rsa_meth, argl, argp,
- new_func, dup_func, free_func) < 0)
- return -1;
- return (rsa_meth_num++);
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
+ new_func, dup_func, free_func);
}
int RSA_set_ex_data(RSA *r, int idx, void *arg)
RSA_free(key);
}
+ CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0);
CRYPTO_mem_leaks_fp(stdout);
IMPLEMENT_STACK_OF(UI_STRING_ST)
static const UI_METHOD *default_UI_meth=NULL;
-static int ui_meth_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ui_meth=NULL;
UI *UI_new(void)
{
ret->strings=NULL;
ret->user_data=NULL;
- CRYPTO_new_ex_data(ui_meth,ret,&ret->ex_data);
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
return ret;
}
if (ui == NULL)
return;
sk_UI_STRING_pop_free(ui->strings,free_string);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
OPENSSL_free(ui);
}
int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
- if(CRYPTO_get_ex_new_index(ui_meth_num, &ui_meth, argl, argp,
- new_func, dup_func, free_func) < 0)
- return -1;
- return (ui_meth_num++);
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp,
+ new_func, dup_func, free_func);
}
int UI_set_ex_data(UI *r, int idx, void *arg)
#define X509_F_X509_REQ_TO_X509 123
#define X509_F_X509_STORE_ADD_CERT 124
#define X509_F_X509_STORE_ADD_CRL 125
+#define X509_F_X509_STORE_CTX_INIT 143
+#define X509_F_X509_STORE_CTX_NEW 142
#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
#define X509_F_X509_TO_X509_REQ 126
#define X509_F_X509_TRUST_ADD 133
{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"},
{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"},
{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"},
+{ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0), "X509_STORE_CTX_init"},
+{ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0), "X509_STORE_CTX_new"},
{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"},
{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
{ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"},
#include <openssl/x509.h>
#include <openssl/x509v3.h>
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_meth=NULL;
-
X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
{
X509_LOOKUP *ret;
ret->cert_crl = 0;
ret->cleanup = 0;
- memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
ret->references=1;
ret->depth=0;
return ret;
sk_X509_LOOKUP_free(sk);
sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
- CRYPTO_free_ex_data(x509_store_meth,vfy,&vfy->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
OPENSSL_free(vfy);
}
static int internal_verify(X509_STORE_CTX *ctx);
const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
-static int x509_store_ctx_num=0;
-
static int null_callback(int ok, X509_STORE_CTX *e)
{
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
/* This function is (usually) called only once, by
- * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
- * That function uses locking, so we don't (usually)
- * have to worry about locking here. For the whole cruel
- * truth, see crypto/ex_data.c */
- if(CRYPTO_get_ex_new_index(x509_store_ctx_num, &x509_store_ctx_method,
- argl, argp, new_func, dup_func, free_func) < 0)
- return -1;
- return (x509_store_ctx_num++);
+ * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
+ new_func, dup_func, free_func);
}
int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
{
X509_STORE_CTX *ctx;
ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
- if (ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
+ if (!ctx)
+ {
+ X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ memset(ctx, 0, sizeof(X509_STORE_CTX));
return ctx;
}
OPENSSL_free(ctx);
}
-void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
STACK_OF(X509) *chain)
{
ctx->ctx=store;
ctx->cleanup = store->cleanup;
- memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
+ /* This memset() can't make any sense anyway, so it's removed. As
+ * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
+ * corresponding "new" here and remove this bogus initialisation. */
+ /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
+ if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
+ &(ctx->ex_data)))
+ {
+ OPENSSL_free(ctx);
+ X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ return 1;
}
/* Set alternative lookup method: just a STACK of trusted certificates.
sk_X509_pop_free(ctx->chain,X509_free);
ctx->chain=NULL;
}
- CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data));
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
}
int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
-void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
X509 *x509, STACK_OF(X509) *chain);
void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
}
if (x != NULL)
{
- X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL);
+ if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+ {
+ SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+ return(0);
+ }
for (;;)
{
return(0);
x=sk_X509_value(sk,0);
- X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
+ if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))
+ {
+ SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
+ return(0);
+ }
if (SSL_get_verify_depth(s) >= 0)
X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
const char *SSL_version_str=OPENSSL_VERSION_TEXT;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
-static int ssl_meth_num=0;
-static int ssl_ctx_meth_num=0;
-
OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
/* evil casts, but these functions are only called if there's a library bug */
(int (*)(SSL *,int))ssl_undefined_function,
s->read_ahead=ctx->read_ahead; /* used to happen in SSL_clear */
SSL_clear(s);
- CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data);
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
return(s);
err:
}
#endif
- CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
if (s->bbio != NULL)
{
if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
goto err;
- CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
ret->extra_certs=NULL;
ret->comp_methods=SSL_COMP_get_compression_methods();
abort(); /* ok */
}
#endif
- CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
if (a->sessions != NULL)
{
ret->options=s->options;
/* copy app data, a little dangerous perhaps */
- if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data))
+ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
goto err;
/* setup rbio, and wbio */
int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
{
- if(CRYPTO_get_ex_new_index(ssl_meth_num, &ssl_meth, argl, argp,
- new_func, dup_func, free_func) < 0)
- return -1;
- return (ssl_meth_num++);
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
+ new_func, dup_func, free_func);
}
int SSL_set_ex_data(SSL *s,int idx,void *arg)
int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
{
- if(CRYPTO_get_ex_new_index(ssl_ctx_meth_num, &ssl_ctx_meth, argl, argp,
- new_func, dup_func, free_func) < 0)
- return -1;
- return (ssl_ctx_meth_num++);
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
+ new_func, dup_func, free_func);
}
int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
-static int ssl_session_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_session_meth=NULL;
SSL_SESSION *SSL_get_session(SSL *ssl)
/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
- if(CRYPTO_get_ex_new_index(ssl_session_num, &ssl_session_meth, argl,
- argp, new_func, dup_func, free_func) < 0)
- return -1;
- return (ssl_session_num++);
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
+ new_func, dup_func, free_func);
}
int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
ss->prev=NULL;
ss->next=NULL;
ss->compress_meth=0;
- CRYPTO_new_ex_data(ssl_session_meth,ss,&ss->ex_data);
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
return(ss);
}
}
#endif
- CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
free_tmp_rsa();
#endif
ENGINE_cleanup();
+ CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
ERR_remove_state(0);
EVP_cleanup();
DH_up 3102 EXIST::FUNCTION:DH
RSA_up 3103 EXIST::FUNCTION:RSA
EVP_DigestInit_dbg 3104 EXIST::FUNCTION:
+CRYPTO_cleanup_all_ex_data 3105 EXIST::FUNCTION:
+CRYPTO_set_ex_data_implementation 3106 EXIST::FUNCTION:
+CRYPTO_ex_data_new_class 3107 EXIST::FUNCTION:
+CRYPTO_get_ex_data_implementation 3108 EXIST::FUNCTION:
projects / oweals / openssl.git / commitdiff