diff options
author | Robert Ransom <rransom.8774@gmail.com> | 2011-03-03 15:34:53 -0800 |
---|---|---|
committer | Robert Ransom <rransom.8774@gmail.com> | 2011-03-03 15:34:53 -0800 |
commit | fe1137be6f0fc01d7dfda568134590ecb5627eb4 (patch) | |
tree | 6ac3fd7b9b5b3a6714e47f0ebe37872bdbe23ab5 /src/common/tortls.c | |
parent | 13ee80346927c155b2cecc7859e14865c05bb5f8 (diff) | |
download | tor-fe1137be6f0fc01d7dfda568134590ecb5627eb4.tar.gz tor-fe1137be6f0fc01d7dfda568134590ecb5627eb4.zip |
Use SSL_*_ex_data instead of SSL_*_app_data
SSL_*_app_data uses ex_data index 0, which will be the first one allocated
by SSL_get_ex_new_index. Thus, if we ever started using the ex_data feature
for some other purpose, or a library linked to Tor ever started using
OpenSSL's ex_data feature, Tor would break in spectacular and mysterious
ways. Using the SSL_*_ex_data functions directly now may save us from
that particular form of breakage in the future.
But I would not be surprised if using OpenSSL's ex_data functions at all
(directly or not) comes back to bite us on our backends quite hard. The
specified behaviour of dup_func in the man page is stupid, and
crypto/ex_data.c is a horrific mess.
Diffstat (limited to 'src/common/tortls.c')
-rw-r--r-- | src/common/tortls.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index 61cc4ba08d..905ecbb708 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -151,12 +151,27 @@ static SSL_CIPHER *CLIENT_CIPHER_DUMMIES = NULL; static STACK_OF(SSL_CIPHER) *CLIENT_CIPHER_STACK = NULL; #endif +/** The ex_data index in which we store a pointer to an SSL object's + * corresponding tor_tls_t object. */ +static int tor_tls_object_ex_data_index = -1; + +/** Helper: Allocate tor_tls_object_ex_data_index. */ +static void +tor_tls_allocate_tor_tls_object_ex_data_index() +{ + if (tor_tls_object_ex_data_index == -1) { + tor_tls_object_ex_data_index = + SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); + tor_assert(tor_tls_object_ex_data_index != -1); + } +} + /** Helper: given a SSL* pointer, return the tor_tls_t object using that * pointer. */ static INLINE tor_tls_t * tor_tls_get_by_ssl(const SSL *ssl) { - return SSL_get_app_data(ssl); + return SSL_get_ex_data(ssl, tor_tls_object_ex_data_index); } static void tor_tls_context_decref(tor_tls_context_t *ctx); @@ -415,6 +430,8 @@ tor_tls_init(void) SSLeay_version(SSLEAY_VERSION), version); } + tor_tls_allocate_tor_tls_object_ex_data_index(); + tls_library_is_initialized = 1; } } @@ -1048,7 +1065,7 @@ tor_tls_new(int sock, int isServer) tor_free(result); return NULL; } - SSL_set_app_data(result->ssl, result); + SSL_set_ex_data(result->ssl, tor_tls_object_ex_data_index, result); SSL_set_bio(result->ssl, bio, bio); tor_tls_context_incref(context); result->context = context; |