[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Use SSL_*_ex_data instead of SSL_*_app_data



commit fe1137be6f0fc01d7dfda568134590ecb5627eb4
Author: Robert Ransom <rransom.8774@xxxxxxxxx>
Date:   Thu Mar 3 15:34:53 2011 -0800

    Use SSL_*_ex_data instead of SSL_*_app_data
    
    SSL_*_app_data uses ex_data index 0, which will be the first one allocated
    by SSL_get_ex_new_index. Thus, if we ever started using the ex_data feature
    for some other purpose, or a library linked to Tor ever started using
    OpenSSL's ex_data feature, Tor would break in spectacular and mysterious
    ways. Using the SSL_*_ex_data functions directly now may save us from
    that particular form of breakage in the future.
    
    But I would not be surprised if using OpenSSL's ex_data functions at all
    (directly or not) comes back to bite us on our backends quite hard. The
    specified behaviour of dup_func in the man page is stupid, and
    crypto/ex_data.c is a horrific mess.
---
 src/common/tortls.c |   21 +++++++++++++++++++--
 1 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 61cc4ba..905ecbb 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -151,12 +151,27 @@ static SSL_CIPHER *CLIENT_CIPHER_DUMMIES = NULL;
 static STACK_OF(SSL_CIPHER) *CLIENT_CIPHER_STACK = NULL;
 #endif
 
+/** The ex_data index in which we store a pointer to an SSL object's
+ * corresponding tor_tls_t object. */
+static int tor_tls_object_ex_data_index = -1;
+
+/** Helper: Allocate tor_tls_object_ex_data_index. */
+static void
+tor_tls_allocate_tor_tls_object_ex_data_index()
+{
+  if (tor_tls_object_ex_data_index == -1) {
+    tor_tls_object_ex_data_index =
+      SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
+    tor_assert(tor_tls_object_ex_data_index != -1);
+  }
+}
+
 /** Helper: given a SSL* pointer, return the tor_tls_t object using that
  * pointer. */
 static INLINE tor_tls_t *
 tor_tls_get_by_ssl(const SSL *ssl)
 {
-  return SSL_get_app_data(ssl);
+  return SSL_get_ex_data(ssl, tor_tls_object_ex_data_index);
 }
 
 static void tor_tls_context_decref(tor_tls_context_t *ctx);
@@ -415,6 +430,8 @@ tor_tls_init(void)
                SSLeay_version(SSLEAY_VERSION), version);
     }
 
+    tor_tls_allocate_tor_tls_object_ex_data_index();
+
     tls_library_is_initialized = 1;
   }
 }
@@ -1048,7 +1065,7 @@ tor_tls_new(int sock, int isServer)
     tor_free(result);
     return NULL;
   }
-  SSL_set_app_data(result->ssl, result);
+  SSL_set_ex_data(result->ssl, tor_tls_object_ex_data_index, result);
   SSL_set_bio(result->ssl, bio, bio);
   tor_tls_context_incref(context);
   result->context = context;



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits