[tor-commits] [tor/master] Use SSL_*_ex_data instead of SSL_*_app_data
nickm at torproject.org
nickm at torproject.org
Fri Mar 4 05:24:32 UTC 2011
commit fe1137be6f0fc01d7dfda568134590ecb5627eb4
Author: Robert Ransom <rransom.8774 at gmail.com>
Date: Thu Mar 3 15:34:53 2011 -0800
Use SSL_*_ex_data instead of SSL_*_app_data
SSL_*_app_data uses ex_data index 0, which will be the first one allocated
by SSL_get_ex_new_index. Thus, if we ever started using the ex_data feature
for some other purpose, or a library linked to Tor ever started using
OpenSSL's ex_data feature, Tor would break in spectacular and mysterious
ways. Using the SSL_*_ex_data functions directly now may save us from
that particular form of breakage in the future.
But I would not be surprised if using OpenSSL's ex_data functions at all
(directly or not) comes back to bite us on our backends quite hard. The
specified behaviour of dup_func in the man page is stupid, and
crypto/ex_data.c is a horrific mess.
---
src/common/tortls.c | 21 +++++++++++++++++++--
1 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 61cc4ba..905ecbb 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -151,12 +151,27 @@ static SSL_CIPHER *CLIENT_CIPHER_DUMMIES = NULL;
static STACK_OF(SSL_CIPHER) *CLIENT_CIPHER_STACK = NULL;
#endif
+/** The ex_data index in which we store a pointer to an SSL object's
+ * corresponding tor_tls_t object. */
+static int tor_tls_object_ex_data_index = -1;
+
+/** Helper: Allocate tor_tls_object_ex_data_index. */
+static void
+tor_tls_allocate_tor_tls_object_ex_data_index()
+{
+ if (tor_tls_object_ex_data_index == -1) {
+ tor_tls_object_ex_data_index =
+ SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
+ tor_assert(tor_tls_object_ex_data_index != -1);
+ }
+}
+
/** Helper: given a SSL* pointer, return the tor_tls_t object using that
* pointer. */
static INLINE tor_tls_t *
tor_tls_get_by_ssl(const SSL *ssl)
{
- return SSL_get_app_data(ssl);
+ return SSL_get_ex_data(ssl, tor_tls_object_ex_data_index);
}
static void tor_tls_context_decref(tor_tls_context_t *ctx);
@@ -415,6 +430,8 @@ tor_tls_init(void)
SSLeay_version(SSLEAY_VERSION), version);
}
+ tor_tls_allocate_tor_tls_object_ex_data_index();
+
tls_library_is_initialized = 1;
}
}
@@ -1048,7 +1065,7 @@ tor_tls_new(int sock, int isServer)
tor_free(result);
return NULL;
}
- SSL_set_app_data(result->ssl, result);
+ SSL_set_ex_data(result->ssl, tor_tls_object_ex_data_index, result);
SSL_set_bio(result->ssl, bio, bio);
tor_tls_context_incref(context);
result->context = context;
More information about the tor-commits
mailing list