diff options
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asn1/x_x509.c | 13 | ||||
-rw-r--r-- | crypto/bio/bio_lib.c | 20 | ||||
-rw-r--r-- | crypto/dh/dh_lib.c | 14 | ||||
-rw-r--r-- | crypto/dsa/dsa_lib.c | 14 | ||||
-rw-r--r-- | crypto/dsa/dsatest.c | 1 | ||||
-rw-r--r-- | crypto/ec/ectest.c | 1 | ||||
-rw-r--r-- | crypto/engine/engine_list.c | 56 | ||||
-rw-r--r-- | crypto/ocsp/ocsp_vfy.c | 21 | ||||
-rw-r--r-- | crypto/pkcs7/pk7_doit.c | 6 | ||||
-rw-r--r-- | crypto/pkcs7/pk7_smime.c | 15 | ||||
-rw-r--r-- | crypto/rsa/rsa_lib.c | 14 | ||||
-rw-r--r-- | crypto/rsa/rsa_test.c | 1 | ||||
-rw-r--r-- | crypto/ui/ui_lib.c | 11 | ||||
-rw-r--r-- | crypto/x509/x509.h | 2 | ||||
-rw-r--r-- | crypto/x509/x509_err.c | 2 | ||||
-rw-r--r-- | crypto/x509/x509_lu.c | 6 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.c | 38 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.h | 2 |
18 files changed, 114 insertions, 123 deletions
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index b0d859d..b50167c 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -63,9 +63,6 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> -static int x509_meth_num = 0; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL; - ASN1_SEQUENCE(X509_CINF) = { ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), @@ -96,7 +93,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) ret->skid = NULL; ret->akid = NULL; ret->aux = NULL; - CRYPTO_new_ex_data(x509_meth, ret, &ret->ex_data); + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); break; case ASN1_OP_D2I_POST: @@ -105,7 +102,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) break; case ASN1_OP_FREE_POST: - CRYPTO_free_ex_data(x509_meth,ret,&ret->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); X509_CERT_AUX_free(ret->aux); ASN1_OCTET_STRING_free(ret->skid); AUTHORITY_KEYID_free(ret->akid); @@ -142,10 +139,8 @@ ASN1_METHOD *X509_asn1_meth(void) int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - if(CRYPTO_get_ex_new_index(x509_meth_num, &x509_meth, argl, argp, - new_func, dup_func, free_func) < 0) - return -1; - return (x509_meth_num++); + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp, + new_func, dup_func, free_func); } int X509_set_ex_data(X509 *r, int idx, void *arg) diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index dcf0338..50df223 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -63,9 +63,6 @@ #include <openssl/bio.h> #include <openssl/stack.h> -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL; -static int bio_meth_num=0; - BIO *BIO_new(BIO_METHOD *method) { BIO *ret=NULL; @@ -100,10 +97,14 @@ int BIO_set(BIO *bio, BIO_METHOD *method) bio->references=1; bio->num_read=0L; bio->num_write=0L; - CRYPTO_new_ex_data(bio_meth,bio,&bio->ex_data); + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); if (method->create != NULL) if (!method->create(bio)) + { + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, + &bio->ex_data); return(0); + } return(1); } @@ -129,7 +130,7 @@ int BIO_free(BIO *a) ((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0)) return(i); - CRYPTO_free_ex_data(bio_meth,a,&a->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); ret=a->method->destroy(a); @@ -482,7 +483,8 @@ BIO *BIO_dup_chain(BIO *in) } /* copy app data */ - if (!CRYPTO_dup_ex_data(bio_meth,&new->ex_data,&bio->ex_data)) + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data, + &bio->ex_data)) goto err; if (ret == NULL) @@ -512,10 +514,8 @@ void BIO_copy_next_retry(BIO *b) int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - if(CRYPTO_get_ex_new_index(bio_meth_num, &bio_meth, argl, argp, - new_func, dup_func, free_func) < 0) - return -1; - return (bio_meth_num++); + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp, + new_func, dup_func, free_func); } int BIO_set_ex_data(BIO *bio, int idx, void *data) diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index f96b454..7c30461 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -65,8 +65,6 @@ const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; static const DH_METHOD *default_DH_method = NULL; -static int dh_meth_num = 0; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL; void DH_set_default_openssl_method(const DH_METHOD *meth) { @@ -174,10 +172,10 @@ DH *DH_new_method(ENGINE *engine) ret->method_mont_p=NULL; ret->references = 1; ret->flags=meth->flags; - CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data); + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); if ((meth->init != NULL) && !meth->init(ret)) { - CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; } @@ -206,7 +204,7 @@ void DH_free(DH *r) if(meth->finish) meth->finish(r); ENGINE_finish(r->engine); - CRYPTO_free_ex_data(dh_meth, r, &r->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); if (r->p != NULL) BN_clear_free(r->p); if (r->g != NULL) BN_clear_free(r->g); @@ -238,10 +236,8 @@ int DH_up(DH *r) int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - if(CRYPTO_get_ex_new_index(dh_meth_num, &dh_meth, argl, argp, - new_func, dup_func, free_func) < 0) - return -1; - return (dh_meth_num++); + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, + new_func, dup_func, free_func); } int DH_set_ex_data(DH *d, int idx, void *arg) diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 98878df..bae39c2 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -68,8 +68,6 @@ const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; static const DSA_METHOD *default_DSA_method = NULL; -static int dsa_meth_num = 0; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL; void DSA_set_default_openssl_method(const DSA_METHOD *meth) { @@ -181,10 +179,10 @@ DSA *DSA_new_method(ENGINE *engine) ret->references=1; ret->flags=meth->flags; - CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data); + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); if ((meth->init != NULL) && !meth->init(ret)) { - CRYPTO_free_ex_data(dsa_meth,ret,&ret->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; } @@ -216,7 +214,7 @@ void DSA_free(DSA *r) if(meth->finish) meth->finish(r); ENGINE_finish(r->engine); - CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); if (r->p != NULL) BN_clear_free(r->p); if (r->q != NULL) BN_clear_free(r->q); @@ -266,10 +264,8 @@ int DSA_size(const DSA *r) int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - if(CRYPTO_get_ex_new_index(dsa_meth_num, &dsa_meth, argl, argp, - new_func, dup_func, free_func) < 0) - return -1; - return (dsa_meth_num++); + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp, + new_func, dup_func, free_func); } int DSA_set_ex_data(DSA *d, int idx, void *arg) diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 9eea866..5f24b59 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -202,6 +202,7 @@ end: if (!ret) ERR_print_errors(bio_err); if (dsa != NULL) DSA_free(dsa); + CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); CRYPTO_mem_leaks(bio_err); if (bio_err != NULL) diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index c1f0b44..1d0b337 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -619,6 +619,7 @@ int main(int argc, char *argv[]) if (P_521) EC_GROUP_free(P_521); ENGINE_cleanup(); + CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); CRYPTO_mem_leaks_fp(stderr); diff --git a/crypto/engine/engine_list.c b/crypto/engine/engine_list.c index 53eadbb..926ff5a 100644 --- a/crypto/engine/engine_list.c +++ b/crypto/engine/engine_list.c @@ -61,14 +61,6 @@ #include "engine_int.h" #include <openssl/engine.h> -/* Weird "ex_data" handling. Some have suggested there's some problems with the - * CRYPTO_EX_DATA code (or model), but for now I'm implementing it exactly as - * it's done in crypto/rsa/. That way the usage and documentation of that can be - * used to assist here, and any changes or fixes made there should similarly map - * over here quite straightforwardly. */ -static int engine_ex_data_num = 0; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *engine_ex_data_stack = NULL; - /* The linked-list of pointers to engine types. engine_list_head * incorporates an implicit structural reference but engine_list_tail * does not - the latter is a computational niceity and only points @@ -85,7 +77,7 @@ static ENGINE *engine_list_tail = NULL; * is needed because the engine list may genuinely become empty during * use (so we can't use engine_list_head as an indicator for example. */ static int engine_list_flag = 0; -static int ENGINE_free_nolock(ENGINE *e); +static int ENGINE_free_util(ENGINE *e, int locked); /* These static functions starting with a lower case "engine_" always * take place when CRYPTO_LOCK_ENGINE has been locked up. */ @@ -177,7 +169,7 @@ static int engine_list_remove(ENGINE *e) engine_list_head = e->next; if(engine_list_tail == e) engine_list_tail = e->prev; - ENGINE_free_nolock(e); + ENGINE_free_util(e, 0); return 1; } @@ -199,7 +191,7 @@ static int engine_internal_check(void) toret = 0; else engine_list_flag = 1; - ENGINE_free_nolock(def_engine); + ENGINE_free_util(def_engine, 0); return 1; } @@ -393,11 +385,11 @@ ENGINE *ENGINE_new(void) memset(ret, 0, sizeof(ENGINE)); ret->struct_ref = 1; engine_ref_debug(ret, 0, 1) - CRYPTO_new_ex_data(engine_ex_data_stack, ret, &ret->ex_data); + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data); return ret; } -int ENGINE_free(ENGINE *e) +static int ENGINE_free_util(ENGINE *e, int locked) { int i; @@ -407,7 +399,10 @@ int ENGINE_free(ENGINE *e) ERR_R_PASSED_NULL_PARAMETER); return 0; } - i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE); + if(locked) + i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE); + else + i = --e->struct_ref; engine_ref_debug(e, 0, -1) if (i > 0) return 1; #ifdef REF_CHECK @@ -418,44 +413,21 @@ int ENGINE_free(ENGINE *e) } #endif sk_ENGINE_EVP_CIPHER_pop_free(e->ciphers,ENGINE_free_engine_cipher); - CRYPTO_free_ex_data(engine_ex_data_stack, e, &e->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); OPENSSL_free(e); return 1; } -static int ENGINE_free_nolock(ENGINE *e) +int ENGINE_free(ENGINE *e) { - int i; - - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_FREE, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - i=--e->struct_ref; - engine_ref_debug(e, 0, -1) - if (i > 0) return 1; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"ENGINE_free, bad structural reference count\n"); - abort(); - } -#endif - CRYPTO_free_ex_data(engine_ex_data_stack, e, &e->ex_data); - OPENSSL_free(e); - return 1; + return ENGINE_free_util(e, 1); } int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - if(CRYPTO_get_ex_new_index(engine_ex_data_num, &engine_ex_data_stack, - argl, argp, new_func, dup_func, free_func) < 0) - return -1; - return (engine_ex_data_num++); + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp, + new_func, dup_func, free_func); } int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg) diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 43b62a8..1f5fda7 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -101,10 +101,16 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, } if (!(flags & OCSP_NOVERIFY)) { + int init_res; if(flags & OCSP_NOCHAIN) - X509_STORE_CTX_init(&ctx, st, signer, NULL); + init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); else - X509_STORE_CTX_init(&ctx, st, signer, bs->certs); + init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); + if(!init_res) + { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); + goto end; + } X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); ret = X509_verify_cert(&ctx); @@ -389,10 +395,17 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *st } if (!(flags & OCSP_NOVERIFY)) { + int init_res; if(flags & OCSP_NOCHAIN) - X509_STORE_CTX_init(&ctx, store, signer, NULL); + init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL); else - X509_STORE_CTX_init(&ctx, store, signer, req->optionalSignature->certs); + init_res = X509_STORE_CTX_init(&ctx, store, signer, + req->optionalSignature->certs); + if(!init_res) + { + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB); + return 0; + } X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST); diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index e2c82a2..4ff021e 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -663,7 +663,11 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, } /* Lets verify */ - X509_STORE_CTX_init(ctx,cert_store,x509,cert); + if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert)) + { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); + goto err; + } X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); i=X509_verify_cert(ctx); if (i <= 0) diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index 348ec1d..f0d071e 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -201,11 +201,20 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) { signer = sk_X509_value (signers, k); if (!(flags & PKCS7_NOCHAIN)) { - X509_STORE_CTX_init(&cert_ctx, store, signer, - p7->d.sign->cert); + if(!X509_STORE_CTX_init(&cert_ctx, store, signer, + p7->d.sign->cert)) + { + PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); + sk_X509_free(signers); + return 0; + } X509_STORE_CTX_set_purpose(&cert_ctx, X509_PURPOSE_SMIME_SIGN); - } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL); + } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); + sk_X509_free(signers); + return 0; + } i = X509_verify_cert(&cert_ctx); if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); X509_STORE_CTX_cleanup(&cert_ctx); diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 3accf01..e3368c1 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -67,8 +67,6 @@ const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; static const RSA_METHOD *default_RSA_meth=NULL; -static int rsa_meth_num=0; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL; RSA *RSA_new(void) { @@ -198,10 +196,10 @@ RSA *RSA_new_method(ENGINE *engine) ret->blinding=NULL; ret->bignum_data=NULL; ret->flags=meth->flags; - CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data); + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); if ((meth->init != NULL) && !meth->init(ret)) { - CRYPTO_free_ex_data(rsa_meth, ret, &ret->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; } @@ -233,7 +231,7 @@ void RSA_free(RSA *r) meth->finish(r); ENGINE_finish(r->engine); - CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); if (r->n != NULL) BN_clear_free(r->n); if (r->e != NULL) BN_clear_free(r->e); @@ -267,10 +265,8 @@ int RSA_up(RSA *r) int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - if(CRYPTO_get_ex_new_index(rsa_meth_num, &rsa_meth, argl, argp, - new_func, dup_func, free_func) < 0) - return -1; - return (rsa_meth_num++); + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, + new_func, dup_func, free_func); } int RSA_set_ex_data(RSA *r, int idx, void *arg) diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c index 2c0a1d5..5dee24b 100644 --- a/crypto/rsa/rsa_test.c +++ b/crypto/rsa/rsa_test.c @@ -307,6 +307,7 @@ int main(int argc, char *argv[]) RSA_free(key); } + CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); CRYPTO_mem_leaks_fp(stdout); diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index c526426..16946ca 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -66,8 +66,6 @@ IMPLEMENT_STACK_OF(UI_STRING_ST) static const UI_METHOD *default_UI_meth=NULL; -static int ui_meth_num=0; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ui_meth=NULL; UI *UI_new(void) { @@ -91,7 +89,7 @@ UI *UI_new_method(const UI_METHOD *method) ret->strings=NULL; ret->user_data=NULL; - CRYPTO_new_ex_data(ui_meth,ret,&ret->ex_data); + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data); return ret; } @@ -119,6 +117,7 @@ void UI_free(UI *ui) if (ui == NULL) return; sk_UI_STRING_pop_free(ui->strings,free_string); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data); OPENSSL_free(ui); } @@ -574,10 +573,8 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()) int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - if(CRYPTO_get_ex_new_index(ui_meth_num, &ui_meth, argl, argp, - new_func, dup_func, free_func) < 0) - return -1; - return (ui_meth_num++); + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp, + new_func, dup_func, free_func); } int UI_set_ex_data(UI *r, int idx, void *arg) diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 2d0ecf2..f1040ac 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -1221,6 +1221,8 @@ void ERR_load_X509_strings(void); #define X509_F_X509_REQ_TO_X509 123 #define X509_F_X509_STORE_ADD_CERT 124 #define X509_F_X509_STORE_ADD_CRL 125 +#define X509_F_X509_STORE_CTX_INIT 143 +#define X509_F_X509_STORE_CTX_NEW 142 #define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 #define X509_F_X509_TO_X509_REQ 126 #define X509_F_X509_TRUST_ADD 133 diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index fa72c16..5bbf4ac 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -100,6 +100,8 @@ static ERR_STRING_DATA X509_str_functs[]= {ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"}, {ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"}, {ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"}, +{ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0), "X509_STORE_CTX_init"}, +{ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0), "X509_STORE_CTX_new"}, {ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"}, {ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"}, {ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"}, diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index a298343..b780dae 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -62,8 +62,6 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_meth=NULL; - X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { X509_LOOKUP *ret; @@ -202,7 +200,7 @@ X509_STORE *X509_STORE_new(void) ret->cert_crl = 0; ret->cleanup = 0; - memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA)); + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data); ret->references=1; ret->depth=0; return ret; @@ -245,7 +243,7 @@ void X509_STORE_free(X509_STORE *vfy) sk_X509_LOOKUP_free(sk); sk_X509_OBJECT_pop_free(vfy->objs, cleanup); - CRYPTO_free_ex_data(x509_store_meth,vfy,&vfy->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); OPENSSL_free(vfy); } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 4c3aae7..892b784 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -80,9 +80,6 @@ static int check_cert(X509_STORE_CTX *ctx); static int internal_verify(X509_STORE_CTX *ctx); const char *X509_version="X.509" OPENSSL_VERSION_PTEXT; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL; -static int x509_store_ctx_num=0; - static int null_callback(int ok, X509_STORE_CTX *e) { @@ -891,14 +888,9 @@ int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_fu CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { /* This function is (usually) called only once, by - * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). - * That function uses locking, so we don't (usually) - * have to worry about locking here. For the whole cruel - * truth, see crypto/ex_data.c */ - if(CRYPTO_get_ex_new_index(x509_store_ctx_num, &x509_store_ctx_method, - argl, argp, new_func, dup_func, free_func) < 0) - return -1; - return (x509_store_ctx_num++); + * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp, + new_func, dup_func, free_func); } int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) @@ -1032,7 +1024,12 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) { X509_STORE_CTX *ctx; ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); - if (ctx) memset(ctx, 0, sizeof(X509_STORE_CTX)); + if (!ctx) + { + X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE); + return NULL; + } + memset(ctx, 0, sizeof(X509_STORE_CTX)); return ctx; } @@ -1042,7 +1039,7 @@ void X509_STORE_CTX_free(X509_STORE_CTX *ctx) OPENSSL_free(ctx); } -void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain) { ctx->ctx=store; @@ -1111,7 +1108,18 @@ void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, ctx->cleanup = store->cleanup; - memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); + /* This memset() can't make any sense anyway, so it's removed. As + * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a + * corresponding "new" here and remove this bogus initialisation. */ + /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */ + if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, + &(ctx->ex_data))) + { + OPENSSL_free(ctx); + X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); + return 0; + } + return 1; } /* Set alternative lookup method: just a STACK of trusted certificates. @@ -1132,7 +1140,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) sk_X509_pop_free(ctx->chain,X509_free); ctx->chain=NULL; } - CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data)); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); } diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index 043ed49..689062f 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -332,7 +332,7 @@ X509_STORE_CTX *X509_STORE_CTX_new(void); int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); void X509_STORE_CTX_free(X509_STORE_CTX *ctx); -void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain); void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); |