Rewrite crypto/ex_data

Removed ability to set ex_data impl at runtime.  This removed these
three functions:
    const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
    int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
    int CRYPTO_ex_data_new_class(void);
It is no longer possible to change the ex_data implementation at
runtime.  (Luckily those functions were never documented :)

Also removed the ability to add new exdata "classes."  We don't believe
this received much (if any) use, since you can't add it to OpenSSL objects,
and there are probably better (native) methods for developers to add
their own extensible data, if they really need that.

Replaced the internal hash table (of per-"class" stacks) with a simple
indexed array.  Reserved an index for "app" application.

Each API used to take the lock twice; now it only locks once.

Use local stack storage for function pointers, rather than malloc,
if possible (i.e., number of ex_data items is under a dozen).

Make CRYPTO_EX_DATA_FUNCS opaque/internal.

Also fixes RT3710; index zero is reserved.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

crypto/cpt_err.c

 /* crypto/cpt_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -70,9 +70,12 @@
 # define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)
 
 static ERR_STRING_DATA CRYPTO_str_functs[] = {
+    {ERR_FUNC(CRYPTO_F_CRYPTO_DUP_EX_DATA), "CRYPTO_dup_ex_data"},
+    {ERR_FUNC(CRYPTO_F_CRYPTO_FREE_EX_DATA), "CRYPTO_free_ex_data"},
     {ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"},
     {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"},
     {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"},
+    {ERR_FUNC(CRYPTO_F_CRYPTO_NEW_EX_DATA), "CRYPTO_new_ex_data"},
     {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"},
     {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"},
     {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"},

crypto/engine/eng_dyn.c

@@ -512,7 +512,6 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
      * would also increase opaqueness.
      */
     fns.static_state = ENGINE_get_static_state();
-    fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
     CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
                              &fns.mem_fns.realloc_cb, &fns.mem_fns.free_cb);
     fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();

include/openssl/crypto.h

@@ -283,26 +283,10 @@ struct crypto_ex_data_st {
 };
 DECLARE_STACK_OF(void)
 
-/*
- * This stuff is basically class callback functions The current classes are
- * SSL_CTX, SSL, SSL_SESSION, and a few more
- */
-
-typedef struct crypto_ex_data_func_st {
-    long argl;                  /* Arbitary long */
-    void *argp;                 /* Arbitary void * */
-    CRYPTO_EX_new *new_func;
-    CRYPTO_EX_free *free_func;
-    CRYPTO_EX_dup *dup_func;
-} CRYPTO_EX_DATA_FUNCS;
-
-DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
-
 /*
  * Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
  * entry.
  */
-
 # define CRYPTO_EX_INDEX_BIO             0
 # define CRYPTO_EX_INDEX_SSL             1
 # define CRYPTO_EX_INDEX_SSL_CTX         2
@@ -319,12 +303,8 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
 # define CRYPTO_EX_INDEX_ECDH            13
 # define CRYPTO_EX_INDEX_COMP            14
 # define CRYPTO_EX_INDEX_STORE           15
-
-/*
- * Dynamically assigned indexes start from this value (don't use directly,
- * use via CRYPTO_ex_data_new_class).
- */
-# define CRYPTO_EX_INDEX_USER            100
+# define CRYPTO_EX_INDEX_APP             16
+# define CRYPTO_EX_INDEX__COUNT          17
 
 /*
  * This is the default callbacks, but we can have others as well: this is
@@ -386,14 +366,6 @@ unsigned long SSLeay(void);
 
 int OPENSSL_issetugid(void);
 
-/* An opaque type representing an implementation of "ex_data" support */
-typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL;
-/* Return an opaque pointer to the current "ex_data" implementation */
-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
-/* Sets the "ex_data" implementation to be used (if it's not too late) */
-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
-/* Get a new "ex_data" class, and return the corresponding "class_index" */
-int CRYPTO_ex_data_new_class(void);
 /* Within a given class, get/register a new index */
 int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
                             CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
@@ -611,6 +583,11 @@ int FIPS_mode_set(int r);
 
 void OPENSSL_init(void);
 
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
+int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
+int OPENSSL_gmtime_diff(int *pday, int *psec,
+                        const struct tm *from, const struct tm *to);
+
 /*
  * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal.
  * It takes an amount of time dependent on |len|, but independent of the
@@ -627,17 +604,15 @@ int CRYPTO_memcmp(const void *a, const void *b, size_t len);
  */
 void ERR_load_CRYPTO_strings(void);
 
-struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
-int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
-int OPENSSL_gmtime_diff(int *pday, int *psec,
-                        const struct tm *from, const struct tm *to);
-
 /* Error codes for the CRYPTO functions. */
 
 /* Function codes. */
+# define CRYPTO_F_CRYPTO_DUP_EX_DATA                      110
+# define CRYPTO_F_CRYPTO_FREE_EX_DATA                     111
 # define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX                 100
 # define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID                103
 # define CRYPTO_F_CRYPTO_GET_NEW_LOCKID                   101
+# define CRYPTO_F_CRYPTO_NEW_EX_DATA                      112
 # define CRYPTO_F_CRYPTO_SET_EX_DATA                      102
 # define CRYPTO_F_DEF_ADD_INDEX                           104
 # define CRYPTO_F_DEF_GET_CLASS                           105

include/openssl/engine.h

@@ -776,7 +776,6 @@ typedef struct st_dynamic_LOCK_fns {
 /* The top-level structure */
 typedef struct st_dynamic_fns {
     void *static_state;
-    const CRYPTO_EX_DATA_IMPL *ex_data_fns;
     dynamic_MEM_fns mem_fns;
     dynamic_LOCK_fns lock_fns;
 } dynamic_fns;
@@ -834,8 +833,6 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
                 CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
                 CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
                 CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
-                if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
-                        return 0; \
         skip_cbs: \
                 if(!fn(e,id)) return 0; \
                 return 1; }

include/openssl/safestack.h

@@ -2251,24 +2251,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
   LHM_lh_stats_bio(ERR_STRING_DATA,lh,out)
 # define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh)
 
-# define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item)
-# define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst)
-# define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst)
-# define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst)
-# define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn)
-# define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg)
-# define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh)
-# define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh)
-# define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh)
-# define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out)
-# define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out)
-# define lh_EX_CLASS_ITEM_stats_bio(lh,out) \
-  LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out)
-# define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh)
-
 # define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function)
 # define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst)
 # define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst)

include/openssl/symhacks.h

@@ -71,12 +71,6 @@
  */
 # ifdef OPENSSL_SYS_VMS
 
-/* Hack a long name in crypto/ex_data.c */
-#  undef CRYPTO_get_ex_data_implementation
-#  define CRYPTO_get_ex_data_implementation       CRYPTO_get_ex_data_impl
-#  undef CRYPTO_set_ex_data_implementation
-#  define CRYPTO_set_ex_data_implementation       CRYPTO_set_ex_data_impl
-
 /* Hack a long name in crypto/asn1/a_mbstr.c */
 #  undef ASN1_STRING_set_default_mask_asc
 #  define ASN1_STRING_set_default_mask_asc        ASN1_STRING_set_def_mask_asc

util/libeay.num

@@ -2328,8 +2328,8 @@ X509_CRL_set_lastUpdate                 2837	EXIST::FUNCTION:
 OCSP_BASICRESP_free                     2838	EXIST::FUNCTION:
 OCSP_BASICRESP_add1_ext_i2d             2839	EXIST::FUNCTION:
 d2i_KRB5_AUTHENTBODY                    2840	NOEXIST::FUNCTION:
-CRYPTO_set_ex_data_implementation       2841	EXIST:!VMS:FUNCTION:
-CRYPTO_set_ex_data_impl                 2841	EXIST:VMS:FUNCTION:
+CRYPTO_set_ex_data_impl                 2841	NOEXIST::FUNCTION:
+CRYPTO_set_ex_data_implementation       2841	NOEXIST::FUNCTION:
 KRB5_ENCDATA_new                        2842	NOEXIST::FUNCTION:
 DSO_up_ref                              2843	EXIST::FUNCTION:
 OCSP_crl_reason_str                     2844	EXIST::FUNCTION:
@@ -2559,7 +2559,7 @@ AES_encrypt                             3033	EXIST::FUNCTION:AES
 OCSP_REQUEST_new                        3034	EXIST::FUNCTION:
 ASN1_ANY_it                             3035	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 ASN1_ANY_it                             3035	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-CRYPTO_ex_data_new_class                3036	EXIST::FUNCTION:
+CRYPTO_ex_data_new_class                3036	NOEXIST::FUNCTION:
 _ossl_old_des_ncbc_encrypt              3037	NOEXIST::FUNCTION:
 i2d_KRB5_TKTBODY                        3038	NOEXIST::FUNCTION:
 EC_POINT_clear_free                     3039	EXIST::FUNCTION:EC
@@ -2676,8 +2676,8 @@ USERNOTICE_it                           3132	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
 USERNOTICE_it                           3132	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 OCSP_REQINFO_new                        3133	EXIST::FUNCTION:
 OCSP_BASICRESP_get_ext                  3134	EXIST::FUNCTION:
-CRYPTO_get_ex_data_implementation       3135	EXIST:!VMS:FUNCTION:
-CRYPTO_get_ex_data_impl                 3135	EXIST:VMS:FUNCTION:
+CRYPTO_get_ex_data_impl                 3135	NOEXIST::FUNCTION:
+CRYPTO_get_ex_data_implementation       3135	NOEXIST::FUNCTION:
 ASN1_item_pack                          3136	EXIST::FUNCTION:
 i2d_KRB5_ENCDATA                        3137	NOEXIST::FUNCTION:
 X509_PURPOSE_set                        3138	EXIST::FUNCTION: