Use SSL_*_ex_data instead of SSL_*_app_data

SSL_*_app_data uses ex_data index 0, which will be the first one allocated
by SSL_get_ex_new_index. Thus, if we ever started using the ex_data feature
for some other purpose, or a library linked to Tor ever started using
OpenSSL's ex_data feature, Tor would break in spectacular and mysterious
ways. Using the SSL_*_ex_data functions directly now may save us from
that particular form of breakage in the future.

But I would not be surprised if using OpenSSL's ex_data functions at all
(directly or not) comes back to bite us on our backends quite hard. The
specified behaviour of dup_func in the man page is stupid, and
crypto/ex_data.c is a horrific mess.
This commit is contained in:
Robert Ransom 2011-03-03 15:34:53 -08:00
parent 13ee803469
commit fe1137be6f

View File

@ -151,12 +151,27 @@ static SSL_CIPHER *CLIENT_CIPHER_DUMMIES = NULL;
static STACK_OF(SSL_CIPHER) *CLIENT_CIPHER_STACK = NULL; static STACK_OF(SSL_CIPHER) *CLIENT_CIPHER_STACK = NULL;
#endif #endif
/** The ex_data index in which we store a pointer to an SSL object's
* corresponding tor_tls_t object. */
static int tor_tls_object_ex_data_index = -1;
/** Helper: Allocate tor_tls_object_ex_data_index. */
static void
tor_tls_allocate_tor_tls_object_ex_data_index()
{
if (tor_tls_object_ex_data_index == -1) {
tor_tls_object_ex_data_index =
SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
tor_assert(tor_tls_object_ex_data_index != -1);
}
}
/** Helper: given a SSL* pointer, return the tor_tls_t object using that /** Helper: given a SSL* pointer, return the tor_tls_t object using that
* pointer. */ * pointer. */
static INLINE tor_tls_t * static INLINE tor_tls_t *
tor_tls_get_by_ssl(const SSL *ssl) tor_tls_get_by_ssl(const SSL *ssl)
{ {
return SSL_get_app_data(ssl); return SSL_get_ex_data(ssl, tor_tls_object_ex_data_index);
} }
static void tor_tls_context_decref(tor_tls_context_t *ctx); static void tor_tls_context_decref(tor_tls_context_t *ctx);
@ -415,6 +430,8 @@ tor_tls_init(void)
SSLeay_version(SSLEAY_VERSION), version); SSLeay_version(SSLEAY_VERSION), version);
} }
tor_tls_allocate_tor_tls_object_ex_data_index();
tls_library_is_initialized = 1; tls_library_is_initialized = 1;
} }
} }
@ -1048,7 +1065,7 @@ tor_tls_new(int sock, int isServer)
tor_free(result); tor_free(result);
return NULL; return NULL;
} }
SSL_set_app_data(result->ssl, result); SSL_set_ex_data(result->ssl, tor_tls_object_ex_data_index, result);
SSL_set_bio(result->ssl, bio, bio); SSL_set_bio(result->ssl, bio, bio);
tor_tls_context_incref(context); tor_tls_context_incref(context);
result->context = context; result->context = context;