Make ex_data implementations internal

To state the obvious: library suffers from way too much extensibility. In
theory, applications can implement their own ex_data implementation. In
practice, none did. A glance at ex_data.c might give an idea as to why.
Make this internal so this particular turd can be replaced with something
slightly saner.

Also sync up the CRYPTO_EX_INDEX_* defines with OpenSSL - at least
the parts we support.

ok jsing

6 files changed, 41 insertions, 114 deletions

diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list
index 2f081c1a4ca..8129d9f182c 100644
--- a/lib/libcrypto/Symbols.list
+++ b/lib/libcrypto/Symbols.list
@@ -691,7 +691,6 @@ CRYPTO_dbg_realloc
 CRYPTO_dbg_set_options
 CRYPTO_destroy_dynlockid
 CRYPTO_dup_ex_data
-CRYPTO_ex_data_new_class
 CRYPTO_free
 CRYPTO_free_ex_data
 CRYPTO_free_locked
@@ -712,7 +711,6 @@ CRYPTO_get_dynlock_destroy_callback
 CRYPTO_get_dynlock_lock_callback
 CRYPTO_get_dynlock_value
 CRYPTO_get_ex_data
-CRYPTO_get_ex_data_implementation
 CRYPTO_get_ex_new_index
 CRYPTO_get_id_callback
 CRYPTO_get_lock_name
@@ -752,7 +750,6 @@ CRYPTO_set_dynlock_create_callback
 CRYPTO_set_dynlock_destroy_callback
 CRYPTO_set_dynlock_lock_callback
 CRYPTO_set_ex_data
-CRYPTO_set_ex_data_implementation
 CRYPTO_set_id_callback
 CRYPTO_set_locked_mem_ex_functions
 CRYPTO_set_locked_mem_functions
diff --git a/lib/libcrypto/Symbols.namespace b/lib/libcrypto/Symbols.namespace
index 07a1b86ad1e..dcf70a63e6a 100644
--- a/lib/libcrypto/Symbols.namespace
+++ b/lib/libcrypto/Symbols.namespace
@@ -1945,9 +1945,6 @@ _libre_OpenSSL_version
 _libre_OpenSSL_version_num
 _libre_SSLeay_version
 _libre_SSLeay
-_libre_CRYPTO_get_ex_data_implementation
-_libre_CRYPTO_set_ex_data_implementation
-_libre_CRYPTO_ex_data_new_class
 _libre_CRYPTO_get_ex_new_index
 _libre_CRYPTO_new_ex_data
 _libre_CRYPTO_dup_ex_data
diff --git a/lib/libcrypto/crypto.h b/lib/libcrypto/crypto.h
index f91374f4962..07a55ec1f60 100644
--- a/lib/libcrypto/crypto.h
+++ b/lib/libcrypto/crypto.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.h,v 1.62 2023/07/05 13:06:06 bcook Exp $ */
+/* $OpenBSD: crypto.h,v 1.63 2023/07/28 10:19:20 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -244,44 +244,22 @@ struct crypto_ex_data_st {
 };
 DECLARE_STACK_OF(void)
 
-/* This stuff is basically class callback functions
- * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */
-
-typedef struct crypto_ex_data_func_st {
-	long argl;	/* Arbitrary long */
-	void *argp;	/* Arbitrary void * */
-	CRYPTO_EX_new *new_func;
-	CRYPTO_EX_free *free_func;
-	CRYPTO_EX_dup *dup_func;
-} CRYPTO_EX_DATA_FUNCS;
-
-DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
-
-/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
- * entry.
- */
-
-#define CRYPTO_EX_INDEX_BIO		0
-#define CRYPTO_EX_INDEX_SSL		1
-#define CRYPTO_EX_INDEX_SSL_CTX		2
-#define CRYPTO_EX_INDEX_SSL_SESSION	3
-#define CRYPTO_EX_INDEX_X509_STORE	4
-#define CRYPTO_EX_INDEX_X509_STORE_CTX	5
-#define CRYPTO_EX_INDEX_RSA		6
-#define CRYPTO_EX_INDEX_DSA		7
-#define CRYPTO_EX_INDEX_DH		8
-#define CRYPTO_EX_INDEX_ENGINE		9
-#define CRYPTO_EX_INDEX_X509		10
-#define CRYPTO_EX_INDEX_UI		11
-#define CRYPTO_EX_INDEX_ECDSA		12
-#define CRYPTO_EX_INDEX_ECDH		13
-#define CRYPTO_EX_INDEX_COMP		14
-#define CRYPTO_EX_INDEX_STORE		15
-#define CRYPTO_EX_INDEX_EC_KEY		16
-
-/* Dynamically assigned indexes start from this value (don't use directly, use
- * via CRYPTO_ex_data_new_class). */
-#define CRYPTO_EX_INDEX_USER		100
+#define CRYPTO_EX_INDEX_SSL              0
+#define CRYPTO_EX_INDEX_SSL_CTX          1
+#define CRYPTO_EX_INDEX_SSL_SESSION      2
+#define CRYPTO_EX_INDEX_APP              3
+#define CRYPTO_EX_INDEX_BIO              4
+#define CRYPTO_EX_INDEX_DH               5
+#define CRYPTO_EX_INDEX_DSA              6
+#define CRYPTO_EX_INDEX_EC_KEY           7
+#define CRYPTO_EX_INDEX_ENGINE           8
+#define CRYPTO_EX_INDEX_RSA              9
+#define CRYPTO_EX_INDEX_UI               10
+#define CRYPTO_EX_INDEX_UI_METHOD        11
+#define CRYPTO_EX_INDEX_X509             12
+#define CRYPTO_EX_INDEX_X509_STORE       13
+#define CRYPTO_EX_INDEX_X509_STORE_CTX   14
+#define CRYPTO_EX_INDEX__COUNT           15
 
 #ifndef LIBRESSL_INTERNAL
 #define CRYPTO_malloc_init()		(0)
@@ -328,14 +306,6 @@ unsigned long OpenSSL_version_num(void);
 const char *SSLeay_version(int type);
 unsigned long SSLeay(void);
 
-/* An opaque type representing an implementation of "ex_data" support */
-typedef struct st_CRYPTO_EX_DATA_IMPL	CRYPTO_EX_DATA_IMPL;
-/* Return an opaque pointer to the current "ex_data" implementation */
-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
-/* Sets the "ex_data" implementation to be used (if it's not too late) */
-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
-/* Get a new "ex_data" class, and return the corresponding "class_index" */
-int CRYPTO_ex_data_new_class(void);
 /* Within a given class, get/register a new index */
 int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
     CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
diff --git a/lib/libcrypto/ex_data.c b/lib/libcrypto/ex_data.c
index 71b2fc397b9..17db16e58d6 100644
--- a/lib/libcrypto/ex_data.c
+++ b/lib/libcrypto/ex_data.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ex_data.c,v 1.22 2023/07/08 08:28:23 beck Exp $ */
+/* $OpenBSD: ex_data.c,v 1.23 2023/07/28 10:19:20 tb Exp $ */
 
 /*
  * Overhaul notes;
@@ -141,6 +141,26 @@
 #include <openssl/err.h>
 #include <openssl/lhash.h>
 
+typedef struct crypto_ex_data_func_st {
+	long argl;	/* Arbitrary long */
+	void *argp;	/* Arbitrary void * */
+	CRYPTO_EX_new *new_func;
+	CRYPTO_EX_free *free_func;
+	CRYPTO_EX_dup *dup_func;
+} CRYPTO_EX_DATA_FUNCS;
+
+DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
+
+#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)
+#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i))
+#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val))
+#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val))
+#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func))
+
+/* An opaque type representing an implementation of "ex_data" support */
+typedef struct st_CRYPTO_EX_DATA_IMPL	CRYPTO_EX_DATA_IMPL;
+
 /* What an "implementation of ex_data functionality" looks like */
 struct st_CRYPTO_EX_DATA_IMPL {
 	/*********************/
@@ -210,29 +230,6 @@ impl_check(void)
  * invoking the function (which checks again inside a lock). */
 #define IMPL_CHECK if(!impl) impl_check();
 
-/* API functions to get/set the "ex_data" implementation */
-const CRYPTO_EX_DATA_IMPL *
-CRYPTO_get_ex_data_implementation(void)
-{
-	IMPL_CHECK
-	return impl;
-}
-LCRYPTO_ALIAS(CRYPTO_get_ex_data_implementation);
-
-int
-CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i)
-{
-	int toret = 0;
-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-	if (!impl) {
-		impl = i;
-		toret = 1;
-	}
-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-	return toret;
-}
-LCRYPTO_ALIAS(CRYPTO_set_ex_data_implementation);
-
 /****************************************************************************/
 /* Interal (default) implementation of "ex_data" support. API functions are
  * further down. */
@@ -247,6 +244,7 @@ typedef struct st_ex_class_item {
 } EX_CLASS_ITEM;
 
 /* When assigning new class indexes, this is our counter */
+#define CRYPTO_EX_INDEX_USER		100
 static int ex_class = CRYPTO_EX_INDEX_USER;
 
 /* The global hash table of EX_CLASS_ITEM items */
@@ -541,16 +539,6 @@ skip:
 /* API functions that defer all "state" operations to the "ex_data"
  * implementation we have set. */
 
-/* Obtain an index for a new class (not the same as getting a new index within
- * an existing class - this is actually getting a new *class*) */
-int
-CRYPTO_ex_data_new_class(void)
-{
-	IMPL_CHECK
-	return EX_IMPL(new_class)();
-}
-LCRYPTO_ALIAS(CRYPTO_ex_data_new_class);
-
 /* Release all "ex_data" state to prevent memory leaks. This can't be made
  * thread-safe without overhauling a lot of stuff, and shouldn't really be
  * called under potential race-conditions anyway (it's for program shutdown
diff --git a/lib/libcrypto/hidden/openssl/crypto.h b/lib/libcrypto/hidden/openssl/crypto.h
index 69ffa9480b9..dc0b7a02b16 100644
--- a/lib/libcrypto/hidden/openssl/crypto.h
+++ b/lib/libcrypto/hidden/openssl/crypto.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.h,v 1.1 2023/07/08 08:28:23 beck Exp $ */
+/* $OpenBSD: crypto.h,v 1.2 2023/07/28 10:19:20 tb Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -29,9 +29,6 @@ LCRYPTO_USED(OpenSSL_version);
 LCRYPTO_USED(OpenSSL_version_num);
 LCRYPTO_USED(SSLeay_version);
 LCRYPTO_USED(SSLeay);
-LCRYPTO_USED(CRYPTO_get_ex_data_implementation);
-LCRYPTO_USED(CRYPTO_set_ex_data_implementation);
-LCRYPTO_USED(CRYPTO_ex_data_new_class);
 LCRYPTO_USED(CRYPTO_get_ex_new_index);
 LCRYPTO_USED(CRYPTO_new_ex_data);
 LCRYPTO_USED(CRYPTO_dup_ex_data);
diff --git a/lib/libcrypto/stack/safestack.h b/lib/libcrypto/stack/safestack.h
index c58ebea4490..5b8ffed6a12 100644
--- a/lib/libcrypto/stack/safestack.h
+++ b/lib/libcrypto/stack/safestack.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: safestack.h,v 1.26 2023/04/25 18:53:42 tb Exp $ */
+/* $OpenBSD: safestack.h,v 1.27 2023/07/28 10:19:20 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
@@ -619,28 +619,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))
 #define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st))
 
-#define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp))
-#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)
-#define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i))
-#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i))
-#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr))
-#define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i))
-#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp))
-#define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st)
-#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func))
-#define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st))
-
 #define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp))
 #define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)
 #define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))