From 4709d76a602d3c850069b9d1bb033af705bccbf1 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 28 Jul 2023 10:19:20 +0000 Subject: [PATCH] Make ex_data implementations internal To state the obvious: library suffers from way too much extensibility. In theory, applications can implement their own ex_data implementation. In practice, none did. A glance at ex_data.c might give an idea as to why. Make this internal so this particular turd can be replaced with something slightly saner. Also sync up the CRYPTO_EX_INDEX_* defines with OpenSSL - at least the parts we support. ok jsing --- lib/libcrypto/Symbols.list | 3 -- lib/libcrypto/Symbols.namespace | 3 -- lib/libcrypto/crypto.h | 64 +++++++-------------------- lib/libcrypto/ex_data.c | 56 +++++++++-------------- lib/libcrypto/hidden/openssl/crypto.h | 5 +-- lib/libcrypto/stack/safestack.h | 24 +--------- 6 files changed, 41 insertions(+), 114 deletions(-) diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list index 2f081c1a4ca..8129d9f182c 100644 --- a/lib/libcrypto/Symbols.list +++ b/lib/libcrypto/Symbols.list @@ -691,7 +691,6 @@ CRYPTO_dbg_realloc CRYPTO_dbg_set_options CRYPTO_destroy_dynlockid CRYPTO_dup_ex_data -CRYPTO_ex_data_new_class CRYPTO_free CRYPTO_free_ex_data CRYPTO_free_locked @@ -712,7 +711,6 @@ CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_value CRYPTO_get_ex_data -CRYPTO_get_ex_data_implementation CRYPTO_get_ex_new_index CRYPTO_get_id_callback CRYPTO_get_lock_name @@ -752,7 +750,6 @@ CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_lock_callback CRYPTO_set_ex_data -CRYPTO_set_ex_data_implementation CRYPTO_set_id_callback CRYPTO_set_locked_mem_ex_functions CRYPTO_set_locked_mem_functions diff --git a/lib/libcrypto/Symbols.namespace b/lib/libcrypto/Symbols.namespace index 07a1b86ad1e..dcf70a63e6a 100644 --- a/lib/libcrypto/Symbols.namespace +++ b/lib/libcrypto/Symbols.namespace @@ -1945,9 +1945,6 @@ _libre_OpenSSL_version _libre_OpenSSL_version_num _libre_SSLeay_version _libre_SSLeay -_libre_CRYPTO_get_ex_data_implementation -_libre_CRYPTO_set_ex_data_implementation -_libre_CRYPTO_ex_data_new_class _libre_CRYPTO_get_ex_new_index _libre_CRYPTO_new_ex_data _libre_CRYPTO_dup_ex_data diff --git a/lib/libcrypto/crypto.h b/lib/libcrypto/crypto.h index f91374f4962..07a55ec1f60 100644 --- a/lib/libcrypto/crypto.h +++ b/lib/libcrypto/crypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.h,v 1.62 2023/07/05 13:06:06 bcook Exp $ */ +/* $OpenBSD: crypto.h,v 1.63 2023/07/28 10:19:20 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * @@ -244,44 +244,22 @@ struct crypto_ex_data_st { }; DECLARE_STACK_OF(void) -/* This stuff is basically class callback functions - * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */ - -typedef struct crypto_ex_data_func_st { - long argl; /* Arbitrary long */ - void *argp; /* Arbitrary void * */ - CRYPTO_EX_new *new_func; - CRYPTO_EX_free *free_func; - CRYPTO_EX_dup *dup_func; -} CRYPTO_EX_DATA_FUNCS; - -DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) - -/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA - * entry. - */ - -#define CRYPTO_EX_INDEX_BIO 0 -#define CRYPTO_EX_INDEX_SSL 1 -#define CRYPTO_EX_INDEX_SSL_CTX 2 -#define CRYPTO_EX_INDEX_SSL_SESSION 3 -#define CRYPTO_EX_INDEX_X509_STORE 4 -#define CRYPTO_EX_INDEX_X509_STORE_CTX 5 -#define CRYPTO_EX_INDEX_RSA 6 -#define CRYPTO_EX_INDEX_DSA 7 -#define CRYPTO_EX_INDEX_DH 8 -#define CRYPTO_EX_INDEX_ENGINE 9 -#define CRYPTO_EX_INDEX_X509 10 -#define CRYPTO_EX_INDEX_UI 11 -#define CRYPTO_EX_INDEX_ECDSA 12 -#define CRYPTO_EX_INDEX_ECDH 13 -#define CRYPTO_EX_INDEX_COMP 14 -#define CRYPTO_EX_INDEX_STORE 15 -#define CRYPTO_EX_INDEX_EC_KEY 16 - -/* Dynamically assigned indexes start from this value (don't use directly, use - * via CRYPTO_ex_data_new_class). */ -#define CRYPTO_EX_INDEX_USER 100 +#define CRYPTO_EX_INDEX_SSL 0 +#define CRYPTO_EX_INDEX_SSL_CTX 1 +#define CRYPTO_EX_INDEX_SSL_SESSION 2 +#define CRYPTO_EX_INDEX_APP 3 +#define CRYPTO_EX_INDEX_BIO 4 +#define CRYPTO_EX_INDEX_DH 5 +#define CRYPTO_EX_INDEX_DSA 6 +#define CRYPTO_EX_INDEX_EC_KEY 7 +#define CRYPTO_EX_INDEX_ENGINE 8 +#define CRYPTO_EX_INDEX_RSA 9 +#define CRYPTO_EX_INDEX_UI 10 +#define CRYPTO_EX_INDEX_UI_METHOD 11 +#define CRYPTO_EX_INDEX_X509 12 +#define CRYPTO_EX_INDEX_X509_STORE 13 +#define CRYPTO_EX_INDEX_X509_STORE_CTX 14 +#define CRYPTO_EX_INDEX__COUNT 15 #ifndef LIBRESSL_INTERNAL #define CRYPTO_malloc_init() (0) @@ -328,14 +306,6 @@ unsigned long OpenSSL_version_num(void); const char *SSLeay_version(int type); unsigned long SSLeay(void); -/* An opaque type representing an implementation of "ex_data" support */ -typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; -/* Return an opaque pointer to the current "ex_data" implementation */ -const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void); -/* Sets the "ex_data" implementation to be used (if it's not too late) */ -int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i); -/* Get a new "ex_data" class, and return the corresponding "class_index" */ -int CRYPTO_ex_data_new_class(void); /* Within a given class, get/register a new index */ int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, diff --git a/lib/libcrypto/ex_data.c b/lib/libcrypto/ex_data.c index 71b2fc397b9..17db16e58d6 100644 --- a/lib/libcrypto/ex_data.c +++ b/lib/libcrypto/ex_data.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ex_data.c,v 1.22 2023/07/08 08:28:23 beck Exp $ */ +/* $OpenBSD: ex_data.c,v 1.23 2023/07/28 10:19:20 tb Exp $ */ /* * Overhaul notes; @@ -141,6 +141,26 @@ #include #include +typedef struct crypto_ex_data_func_st { + long argl; /* Arbitrary long */ + void *argp; /* Arbitrary void * */ + CRYPTO_EX_new *new_func; + CRYPTO_EX_free *free_func; + CRYPTO_EX_dup *dup_func; +} CRYPTO_EX_DATA_FUNCS; + +DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) + +#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) +#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) +#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i)) +#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val)) +#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) +#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func)) + +/* An opaque type representing an implementation of "ex_data" support */ +typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; + /* What an "implementation of ex_data functionality" looks like */ struct st_CRYPTO_EX_DATA_IMPL { /*********************/ @@ -210,29 +230,6 @@ impl_check(void) * invoking the function (which checks again inside a lock). */ #define IMPL_CHECK if(!impl) impl_check(); -/* API functions to get/set the "ex_data" implementation */ -const CRYPTO_EX_DATA_IMPL * -CRYPTO_get_ex_data_implementation(void) -{ - IMPL_CHECK - return impl; -} -LCRYPTO_ALIAS(CRYPTO_get_ex_data_implementation); - -int -CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i) -{ - int toret = 0; - CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - if (!impl) { - impl = i; - toret = 1; - } - CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); - return toret; -} -LCRYPTO_ALIAS(CRYPTO_set_ex_data_implementation); - /****************************************************************************/ /* Interal (default) implementation of "ex_data" support. API functions are * further down. */ @@ -247,6 +244,7 @@ typedef struct st_ex_class_item { } EX_CLASS_ITEM; /* When assigning new class indexes, this is our counter */ +#define CRYPTO_EX_INDEX_USER 100 static int ex_class = CRYPTO_EX_INDEX_USER; /* The global hash table of EX_CLASS_ITEM items */ @@ -541,16 +539,6 @@ skip: /* API functions that defer all "state" operations to the "ex_data" * implementation we have set. */ -/* Obtain an index for a new class (not the same as getting a new index within - * an existing class - this is actually getting a new *class*) */ -int -CRYPTO_ex_data_new_class(void) -{ - IMPL_CHECK - return EX_IMPL(new_class)(); -} -LCRYPTO_ALIAS(CRYPTO_ex_data_new_class); - /* Release all "ex_data" state to prevent memory leaks. This can't be made * thread-safe without overhauling a lot of stuff, and shouldn't really be * called under potential race-conditions anyway (it's for program shutdown diff --git a/lib/libcrypto/hidden/openssl/crypto.h b/lib/libcrypto/hidden/openssl/crypto.h index 69ffa9480b9..dc0b7a02b16 100644 --- a/lib/libcrypto/hidden/openssl/crypto.h +++ b/lib/libcrypto/hidden/openssl/crypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.h,v 1.1 2023/07/08 08:28:23 beck Exp $ */ +/* $OpenBSD: crypto.h,v 1.2 2023/07/28 10:19:20 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -29,9 +29,6 @@ LCRYPTO_USED(OpenSSL_version); LCRYPTO_USED(OpenSSL_version_num); LCRYPTO_USED(SSLeay_version); LCRYPTO_USED(SSLeay); -LCRYPTO_USED(CRYPTO_get_ex_data_implementation); -LCRYPTO_USED(CRYPTO_set_ex_data_implementation); -LCRYPTO_USED(CRYPTO_ex_data_new_class); LCRYPTO_USED(CRYPTO_get_ex_new_index); LCRYPTO_USED(CRYPTO_new_ex_data); LCRYPTO_USED(CRYPTO_dup_ex_data); diff --git a/lib/libcrypto/stack/safestack.h b/lib/libcrypto/stack/safestack.h index c58ebea4490..5b8ffed6a12 100644 --- a/lib/libcrypto/stack/safestack.h +++ b/lib/libcrypto/stack/safestack.h @@ -1,4 +1,4 @@ -/* $OpenBSD: safestack.h,v 1.26 2023/04/25 18:53:42 tb Exp $ */ +/* $OpenBSD: safestack.h,v 1.27 2023/07/28 10:19:20 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -619,28 +619,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) #define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) -#define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp)) -#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) -#define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) -#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) -#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i)) -#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val)) -#define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st)) -#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) -#define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) -#define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) -#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) -#define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) -#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) -#define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) -#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp)) -#define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st) -#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func)) -#define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) -#define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) -#define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) -#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) - #define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp)) #define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) #define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) -- 2.20.1