On Tue, May 23, 2023 at 12:40:40PM -0400, Marc Aldorasi wrote:
> The man page for CRYPTO_get_ex_new_index says that "the value 0 is
> reserved for the legacy "app_data" APIs", but the function can still
> return 0, which can cause issues for programs that use both APIs. The
> attached patch causes the returned indices to start at 1 instead.
>
> See also the corresponding OpenSSL bug report:
> https://marc.info/?l=openssl-dev&m=142421750627504&w=2
Thanks for the diff. This makes some sense, but I need to look closer to
understand the full ramifications. Unfortunately, OpenSSL's rt is now
lost to the Internet Dark Ages, so information is a bit lacking.
What made you write this patch? Is there a real-world issue you ran
into? If so, could you point me at it?
Thanks.
> diff --git a/src/lib/libcrypto/ex_data.c b/src/lib/libcrypto/ex_data.c
> index b1e391366..d9c39b2c4 100644
> --- a/src/lib/libcrypto/ex_data.c
> +++ b/src/lib/libcrypto/ex_data.c
> @@ -320,7 +320,7 @@ def_get_class(int class_index)
> gen = malloc(sizeof(EX_CLASS_ITEM));
> if (gen) {
> gen->class_index = class_index;
> - gen->meth_num = 0;
> + gen->meth_num = 1;
> gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
> if (!gen->meth)
> free(gen);
