Use SSL_*_ex_data instead of SSL_*_app_data

SSL_*_app_data uses ex_data index 0, which will be the first one allocated by SSL_get_ex_new_index. Thus, if we ever started using the ex_data feature for some other purpose, or a library linked to Tor ever started using OpenSSL's ex_data feature, Tor would break in spectacular and mysterious ways. Using the SSL_*_ex_data functions directly now may save us from that particular form of breakage in the future. But I would not be surprised if using OpenSSL's ex_data functions at all (directly or not) comes back to bite us on our backends quite hard. The specified behaviour of dup_func in the man page is stupid, and crypto/ex_data.c is a horrific mess.
2024-11-11 05:33:47 +01:00 · 2011-03-03 15:34:53 -08:00 · 2011-03-03 15:34:53 -08:00 · fe1137be6f
commit fe1137be6f
parent 13ee803469
1 changed files with 19 additions and 2 deletions
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@ -151,12 +151,27 @@ static SSL_CIPHER *CLIENT_CIPHER_DUMMIES = NULL;
 static STACK_OF(SSL_CIPHER) *CLIENT_CIPHER_STACK = NULL;
 #endif

+/** The ex_data index in which we store a pointer to an SSL object's
+ * corresponding tor_tls_t object. */
+static int tor_tls_object_ex_data_index = -1;
+
+/** Helper: Allocate tor_tls_object_ex_data_index. */
+static void
+tor_tls_allocate_tor_tls_object_ex_data_index()
+{
+  if (tor_tls_object_ex_data_index == -1) {
+    tor_tls_object_ex_data_index =
+      SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
+    tor_assert(tor_tls_object_ex_data_index != -1);
+  }
+}
+
 /** Helper: given a SSL* pointer, return the tor_tls_t object using that
 * pointer. */
 static INLINE tor_tls_t *
 tor_tls_get_by_ssl(const SSL *ssl)
 {
-  return SSL_get_app_data(ssl);
+  return SSL_get_ex_data(ssl, tor_tls_object_ex_data_index);
 }

 static void tor_tls_context_decref(tor_tls_context_t *ctx);
@ -415,6 +430,8 @@ tor_tls_init(void)
               SSLeay_version(SSLEAY_VERSION), version);
    }

+    tor_tls_allocate_tor_tls_object_ex_data_index();
+
    tls_library_is_initialized = 1;
  }
 }
@ -1048,7 +1065,7 @@ tor_tls_new(int sock, int isServer)
    tor_free(result);
    return NULL;
  }
-  SSL_set_app_data(result->ssl, result);
+  SSL_set_ex_data(result->ssl, tor_tls_object_ex_data_index, result);
  SSL_set_bio(result->ssl, bio, bio);
  tor_tls_context_incref(context);
  result->context = context;