1 files changed, 0 insertions, 382 deletions
diff --git a/src/lib/libcrypto/man/RSA_get_ex_new_index.3 b/src/lib/libcrypto/man/RSA_get_ex_new_index.3
deleted file mode 100644
index 5f1fb4335f..0000000000
--- a/src/lib/libcrypto/man/RSA_get_ex_new_index.3
+++ /dev/null
@@ -1,382 +0,0 @@
-.\" $OpenBSD: RSA_get_ex_new_index.3,v 1.13 2023/11/19 21:08:04 tb Exp $
-.\"
-.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: November 19 2023 $
-.Dt RSA_GET_EX_NEW_INDEX 3
-.Os
-.Sh NAME
-.Nm RSA_get_ex_new_index ,
-.Nm RSA_set_ex_data ,
-.Nm RSA_get_ex_data
-.Nd add application specific data to RSA objects
-.Sh SYNOPSIS
-.In openssl/rsa.h
-.Ft int
-.Fo RSA_get_ex_new_index
-.Fa "long argl"
-.Fa "void *argp"
-.Fa "CRYPTO_EX_new *new_func"
-.Fa "CRYPTO_EX_dup *dup_func"
-.Fa "CRYPTO_EX_free *free_func"
-.Fc
-.Ft int
-.Fo RSA_set_ex_data
-.Fa "RSA *rsa"
-.Fa "int idx"
-.Fa "void *data"
-.Fc
-.Ft void *
-.Fo RSA_get_ex_data
-.Fa "RSA *rsa"
-.Fa "int idx"
-.Fc
-.Sh DESCRIPTION
-The following parent objects can have application specific data called
-.Dq ex_data
-attached to them:
-.Vt BIO , DH , DSA , EC_KEY , RSA ,
-.Vt SSL , SSL_CTX , SSL_SESSION , UI , X509 , X509_STORE ,
-and
-.Vt X509_STORE_CTX .
-.\" CRYPTO_EX_INDEX_APP and CRYPTO_EX_INDEX_UI_METHOD are unused.
-The present manual page documents the related API functions taking the
-.Vt RSA
-object type as an example.
-The functions for the other object types work in exactly the same way:
-just replace the string
-.Qq RSA
-with the name of the respective object type
-throughout the rest of this manual page.
-.Pp
-By default, each individual
-.Vt RSA
-object can store one
-.Vt void *
-pointing to application specific data.
-That specific pointer is identified by an
-.Fa idx
-argument of 0.
-.Pp
-.Fn RSA_get_ex_new_index
-reserves the next consecutive
-.Fa idx
-argument, enabling storage of one additional
-.Vt void *
-per
-.Vt RSA
-object.
-It is typically called at program startup.
-It can be called more than once if some
-.Vt RSA
-objects need to store more than two application specific pointers.
-Reserving an additional index for one parent object type, for example for
-.Vt RSA ,
-does not change the numbers of indices that can be used
-with any other parent object type.
-.Pp
-It is strongly recommended to always pass three
-.Dv NULL
-pointers for the arguments
-.Fa new_func ,
-.Fa dup_func ,
-and
-.Fa free_func .
-When following this recommendation, the arguments
-.Fa argl
-and
-.Fa argp
-are ignored; conventionally, passing 0 and
-.Dv NULL
-is recommended.
-Because using them is discouraged, the three function callback types
-are only documented in the low-level
-.Xr CRYPTO_EX_new 3
-manual page.
-.Pp
-.Fn RSA_set_ex_data
-stores the
-.Fa data
-pointer as application specific data at the given
-.Fa idx
-in the given
-.Fa rsa
-object.
-The meaning of the data pointed to is up to the application.
-The caller retains ownership of the
-.Fa data
-and is responsible for freeing it when neither the caller nor the
-.Fa rsa
-object need it any longer.
-Any other pointer that was previously stored at the same
-.Fa idx
-in the same
-.Fa rsa
-object is silently overwritten.
-Passing a
-.Dv NULL
-pointer for the
-.Fa data
-argument is valid and indicates that no application specific data
-currently needs to be stored at the given
-.Fa idx .
-.Pp
-.Fn RSA_get_ex_data
-retrieves the last pointer that was stored using
-.Fn RSA_set_ex_data
-at the given
-.Fa idx
-in the given
-.Fa rsa
-object.
-.Sh RETURN VALUES
-.Fn RSA_get_ex_new_index
-returns a new index equal to or greater than 1
-or \-1 if memory allocation fails.
-.Pp
-.Fn RSA_set_ex_data
-returns 1 on success or 0 if memory allocation fails.
-.Pp
-.Fn RSA_get_ex_data
-returns the application specific data or
-.Dv NULL
-if
-.Fa rsa
-does not contain application specific data at the given
-.Fa idx .
-.Sh ERRORS
-After failure of
-.Fn RSA_get_ex_new_index
-or
-.Fn RSA_set_ex_data ,
-the following diagnostic can be retrieved with
-.Xr ERR_get_error 3 ,
-.Xr ERR_GET_REASON 3 ,
-and
-.Xr ERR_reason_error_string 3 :
-.Bl -tag -width Ds
-.It Dv ERR_R_MALLOC_FAILURE Qq "malloc failure"
-Memory allocation failed.
-.El
-.Pp
-In a few unusual failure cases,
-.Xr ERR_get_error 3
-may report different errors caused by
-.Xr OPENSSL_init_crypto 3
-or even none at all.
-.Pp
-.Fn RSA_get_ex_data
-does not distinguish success from failure.
-Consequently, after
-.Fn RSA_get_ex_data
-returns
-.Dv NULL ,
-.Xr ERR_get_error 3
-returns 0 unless there is still an earlier error in the queue.
-.Sh SEE ALSO
-.Xr BIO_set_ex_data 3 ,
-.Xr CRYPTO_set_ex_data 3 ,
-.Xr DH_set_ex_data 3 ,
-.Xr DSA_set_ex_data 3 ,
-.Xr RSA_new 3 ,
-.Xr SSL_CTX_set_ex_data 3 ,
-.Xr SSL_SESSION_set_ex_data 3 ,
-.Xr SSL_set_ex_data 3 ,
-.Xr X509_STORE_CTX_set_ex_data 3 ,
-.Xr X509_STORE_set_ex_data 3
-.Sh HISTORY
-These functions first appeared in SSLeay 0.9.0
-and have been available since
-.Ox 2.4 .
-.Sh CAVEATS
-A relatively small minority of application programs
-attempt to change the API contract such that
-.Fn RSA_set_ex_data
-transfers ownership of the
-.Fa data
-to the
-.Fa rsa
-object.
-They do this by providing a
-.Fa free_func
-that calls
-.Xr free 3
-or higher-level
-.Fn *_free
-functions on the
-.Fa data
-and sometimes also attempt additional cleanup work as a side effect.
-.Pp
-This practice is discouraged for several reasons:
-.Bl -enum
-.It
-Due to a massive design mistake in the low-level API function
-.Xr CRYPTO_free_ex_data 3 ,
-this practice creates a possibility that
-.Xr RSA_free 3
-may fail due to memory allocation failure, consequently leaking the
-memory containing the application specific data and silently skipping
-any additional cleanup work the
-.Fa free_func
-was supposed to do, leaving the application in an undetectably
-inconsistent state.
-Arguably, leaking additional memory while trying to free some
-is most unfortunate especially when the program
-is already starved for memory.
-.It
-This practice introduces a risk of use-after-free and double-free
-bugs in case the
-.Fa rsa
-object gets destructed while a caller of
-.Fn RSA_set_ex_data
-or
-.Fn RSA_get_ex_data
-still holds a
-.Fa data
-pointer.
-No such risk exists when no
-.Fa free_func
-is installed.
-.It
-Attempting additional cleanup work in
-.Fa free_func
-is an even worse idea because
-.Fa free_func
-is unable to report any issues it might detect while doing that work.
-Instead, if any additional cleanup work is needed, it is recommended
-that the calling code takes care of that before calling
-.Xr RSA_free 3 .
-.El
-.Pp
-Even fewer application programs install a
-.Fa new_func
-that allocates memory and stores a pointer to it in the
-.Fa rsa
-object by calling
-.Xr CRYPTO_set_ex_data 3 .
-That is useless because
-.Fa new_func
-does not have access to any useful information it could store in such memory
-and because the default return value of
-.Dv NULL
-from
-.Fn RSA_get_ex_data
-is sufficient to indicate
-that no application specific data has been stored yet.
-In addition, allocating memory in
-.Fa new_func
-is also inadvisable because it introduces an additional responsibility
-for callers of
-.Fn RSA_set_ex_data
-to always call
-.Fn RSA_get_ex_data
-first, even when it is the first time the application wants to set
-application specific data in a particular
-.Fa rsa
-object, and to either modify whatever
-.Fn RSA_get_ex_data
-returns or to free it before calling
-.Fn RSA_set_ex_data .
-If that is forgotten, a memory leak results.
-.Pp
-Consequently, allocating any required memory
-is better left to the application code that calls
-.Fn RSA_set_ex_data .
-.Pp
-Installing a
-.Fa dup_func
-is often seen in combination with installing a
-.Fa free_func ,
-for obvious reasons.
-It is rarely useful because for most parent object types
-that support ex_data, including for
-.Vt RSA ,
-the library does not provide a copying API function in the first place, and
-even where copying functions exist, they tend to be fragile and error-prone.
-When a new object is needed, it is usually advisable to construct it from
-scratch whenever possible, rather than attempting a copy operation.
-.Pp
-On top of that, if
-.Fa dup_func
-fails, for example because of a memory allocation failure, the
-failure is neither reported nor detectable in any way, leaving the
-new parent object with incomplete data and potentially in an
-inconsistent state.
-.Sh BUGS
-If
-.Fn RSA_set_ex_data
-fails, recovery is very difficult.
-In particular, calling
-.Xr RSA_free 3
-on the parent
-.Fa rsa
-object right afterwards is likely to also hit a memory allocation
-failure, leaking all memory internally allocated by all earlier calls of
-.Fn RSA_set_ex_data
-on
-.Fa rsa
-rather than freeing that memory.
-In order to recover, the application program
-would have to free a sufficient amount of
-.Em other
-memory before calling
-.Xr RSA_free 3 ,
-which will rarely be feasible.
-Consequently, after a failure of
-.Fn RSA_set_ex_data ,
-terminating the program is likely the only reasonable option.
-.Pp
-If
-.Fn RSA_set_ex_data
-is called with an
-.Fa idx
-argument greater than the last one previously returned from
-.Fn RSA_get_ex_new_index ,
-it may still succeed, and though that is not guaranteed by the API,
-retrieving the
-.Fa data
-from such a bogus
-.Fa idx
-may even be possible with
-.Fn RSA_get_ex_data ,
-hiding the bug in the application program that caused passing the bogus
-.Fa idx
-to
-.Fn RSA_set_ex_data
-in the first place.
-.Pp
-If the bogus
-.Fa idx
-argument is large,
-.Fn RSA_set_ex_data
-may uselessly allocate a large amount of memory.
-Calling
-.Xr RSA_free 3
-on the parent
-.Fa rsa
-object is the only way to recover that memory.
-.Pp
-If the bogus
-.Fa idx
-argument is very large,
-.Fn RSA_set_ex_data
-is likely to cause a significant delay before eventually failing
-due to memory exhaustion.
-It is likely to return without releasing the memory already
-allocated, causing any subsequent attempt to allocate memory
-for other purposes to fail, too.
-In this situation, what was said above about failure of
-.Fn RSA_set_ex_data
-applies, so terminating the program is likely the only reasonable option.

diff --git a/src/lib/libcrypto/man/RSA_get_ex_new_index.3 b/src/lib/libcrypto/man/RSA_get_ex_new_index.3 deleted file mode 100644 index 5f1fb4335f..0000000000 --- a/src/lib/libcrypto/man/RSA_get_ex_new_index.3 +++ /dev/null
@@ -1,382 +0,0 @@
1	.\" $OpenBSD: RSA_get_ex_new_index.3,v 1.13 2023/11/19 21:08:04 tb Exp $
2	.\"
3	.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
4	.\"
5	.\" Permission to use, copy, modify, and distribute this software for any
6	.\" purpose with or without fee is hereby granted, provided that the above
7	.\" copyright notice and this permission notice appear in all copies.
8	.\"
9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"
17	.Dd $Mdocdate: November 19 2023 $
18	.Dt RSA_GET_EX_NEW_INDEX 3
19	.Os
20	.Sh NAME
21	.Nm RSA_get_ex_new_index ,
22	.Nm RSA_set_ex_data ,
23	.Nm RSA_get_ex_data
24	.Nd add application specific data to RSA objects
25	.Sh SYNOPSIS
26	.In openssl/rsa.h
27	.Ft int
28	.Fo RSA_get_ex_new_index
29	.Fa "long argl"
30	.Fa "void *argp"
31	.Fa "CRYPTO_EX_new *new_func"
32	.Fa "CRYPTO_EX_dup *dup_func"
33	.Fa "CRYPTO_EX_free *free_func"
34	.Fc
35	.Ft int
36	.Fo RSA_set_ex_data
37	.Fa "RSA *rsa"
38	.Fa "int idx"
39	.Fa "void *data"
40	.Fc
41	.Ft void *
42	.Fo RSA_get_ex_data
43	.Fa "RSA *rsa"
44	.Fa "int idx"
45	.Fc
46	.Sh DESCRIPTION
47	The following parent objects can have application specific data called
48	.Dq ex_data
49	attached to them:
50	.Vt BIO , DH , DSA , EC_KEY , RSA ,
51	.Vt SSL , SSL_CTX , SSL_SESSION , UI , X509 , X509_STORE ,
52	and
53	.Vt X509_STORE_CTX .
54	.\" CRYPTO_EX_INDEX_APP and CRYPTO_EX_INDEX_UI_METHOD are unused.
55	The present manual page documents the related API functions taking the
56	.Vt RSA
57	object type as an example.
58	The functions for the other object types work in exactly the same way:
59	just replace the string
60	.Qq RSA
61	with the name of the respective object type
62	throughout the rest of this manual page.
63	.Pp
64	By default, each individual
65	.Vt RSA
66	object can store one
67	.Vt void *
68	pointing to application specific data.
69	That specific pointer is identified by an
70	.Fa idx
71	argument of 0.
72	.Pp
73	.Fn RSA_get_ex_new_index
74	reserves the next consecutive
75	.Fa idx
76	argument, enabling storage of one additional
77	.Vt void *
78	per
79	.Vt RSA
80	object.
81	It is typically called at program startup.
82	It can be called more than once if some
83	.Vt RSA
84	objects need to store more than two application specific pointers.
85	Reserving an additional index for one parent object type, for example for
86	.Vt RSA ,
87	does not change the numbers of indices that can be used
88	with any other parent object type.
89	.Pp
90	It is strongly recommended to always pass three
91	.Dv NULL
92	pointers for the arguments
93	.Fa new_func ,
94	.Fa dup_func ,
95	and
96	.Fa free_func .
97	When following this recommendation, the arguments
98	.Fa argl
99	and
100	.Fa argp
101	are ignored; conventionally, passing 0 and
102	.Dv NULL
103	is recommended.
104	Because using them is discouraged, the three function callback types
105	are only documented in the low-level
106	.Xr CRYPTO_EX_new 3
107	manual page.
108	.Pp
109	.Fn RSA_set_ex_data
110	stores the
111	.Fa data
112	pointer as application specific data at the given
113	.Fa idx
114	in the given
115	.Fa rsa
116	object.
117	The meaning of the data pointed to is up to the application.
118	The caller retains ownership of the
119	.Fa data
120	and is responsible for freeing it when neither the caller nor the
121	.Fa rsa
122	object need it any longer.
123	Any other pointer that was previously stored at the same
124	.Fa idx
125	in the same
126	.Fa rsa
127	object is silently overwritten.
128	Passing a
129	.Dv NULL
130	pointer for the
131	.Fa data
132	argument is valid and indicates that no application specific data
133	currently needs to be stored at the given
134	.Fa idx .
135	.Pp
136	.Fn RSA_get_ex_data
137	retrieves the last pointer that was stored using
138	.Fn RSA_set_ex_data
139	at the given
140	.Fa idx
141	in the given
142	.Fa rsa
143	object.
144	.Sh RETURN VALUES
145	.Fn RSA_get_ex_new_index
146	returns a new index equal to or greater than 1
147	or \-1 if memory allocation fails.
148	.Pp
149	.Fn RSA_set_ex_data
150	returns 1 on success or 0 if memory allocation fails.
151	.Pp
152	.Fn RSA_get_ex_data
153	returns the application specific data or
154	.Dv NULL
155	if
156	.Fa rsa
157	does not contain application specific data at the given
158	.Fa idx .
159	.Sh ERRORS
160	After failure of
161	.Fn RSA_get_ex_new_index
162	or
163	.Fn RSA_set_ex_data ,
164	the following diagnostic can be retrieved with
165	.Xr ERR_get_error 3 ,
166	.Xr ERR_GET_REASON 3 ,
167	and
168	.Xr ERR_reason_error_string 3 :
169	.Bl -tag -width Ds
170	.It Dv ERR_R_MALLOC_FAILURE Qq "malloc failure"
171	Memory allocation failed.
172	.El
173	.Pp
174	In a few unusual failure cases,
175	.Xr ERR_get_error 3
176	may report different errors caused by
177	.Xr OPENSSL_init_crypto 3
178	or even none at all.
179	.Pp
180	.Fn RSA_get_ex_data
181	does not distinguish success from failure.
182	Consequently, after
183	.Fn RSA_get_ex_data
184	returns
185	.Dv NULL ,
186	.Xr ERR_get_error 3
187	returns 0 unless there is still an earlier error in the queue.
188	.Sh SEE ALSO
189	.Xr BIO_set_ex_data 3 ,
190	.Xr CRYPTO_set_ex_data 3 ,
191	.Xr DH_set_ex_data 3 ,
192	.Xr DSA_set_ex_data 3 ,
193	.Xr RSA_new 3 ,
194	.Xr SSL_CTX_set_ex_data 3 ,
195	.Xr SSL_SESSION_set_ex_data 3 ,
196	.Xr SSL_set_ex_data 3 ,
197	.Xr X509_STORE_CTX_set_ex_data 3 ,
198	.Xr X509_STORE_set_ex_data 3
199	.Sh HISTORY
200	These functions first appeared in SSLeay 0.9.0
201	and have been available since
202	.Ox 2.4 .
203	.Sh CAVEATS
204	A relatively small minority of application programs
205	attempt to change the API contract such that
206	.Fn RSA_set_ex_data
207	transfers ownership of the
208	.Fa data
209	to the
210	.Fa rsa
211	object.
212	They do this by providing a
213	.Fa free_func
214	that calls
215	.Xr free 3
216	or higher-level
217	.Fn *_free
218	functions on the
219	.Fa data
220	and sometimes also attempt additional cleanup work as a side effect.
221	.Pp
222	This practice is discouraged for several reasons:
223	.Bl -enum
224	.It
225	Due to a massive design mistake in the low-level API function
226	.Xr CRYPTO_free_ex_data 3 ,
227	this practice creates a possibility that
228	.Xr RSA_free 3
229	may fail due to memory allocation failure, consequently leaking the
230	memory containing the application specific data and silently skipping
231	any additional cleanup work the
232	.Fa free_func
233	was supposed to do, leaving the application in an undetectably
234	inconsistent state.
235	Arguably, leaking additional memory while trying to free some
236	is most unfortunate especially when the program
237	is already starved for memory.
238	.It
239	This practice introduces a risk of use-after-free and double-free
240	bugs in case the
241	.Fa rsa
242	object gets destructed while a caller of
243	.Fn RSA_set_ex_data
244	or
245	.Fn RSA_get_ex_data
246	still holds a
247	.Fa data
248	pointer.
249	No such risk exists when no
250	.Fa free_func
251	is installed.
252	.It
253	Attempting additional cleanup work in
254	.Fa free_func
255	is an even worse idea because
256	.Fa free_func
257	is unable to report any issues it might detect while doing that work.
258	Instead, if any additional cleanup work is needed, it is recommended
259	that the calling code takes care of that before calling
260	.Xr RSA_free 3 .
261	.El
262	.Pp
263	Even fewer application programs install a
264	.Fa new_func
265	that allocates memory and stores a pointer to it in the
266	.Fa rsa
267	object by calling
268	.Xr CRYPTO_set_ex_data 3 .
269	That is useless because
270	.Fa new_func
271	does not have access to any useful information it could store in such memory
272	and because the default return value of
273	.Dv NULL
274	from
275	.Fn RSA_get_ex_data
276	is sufficient to indicate
277	that no application specific data has been stored yet.
278	In addition, allocating memory in
279	.Fa new_func
280	is also inadvisable because it introduces an additional responsibility
281	for callers of
282	.Fn RSA_set_ex_data
283	to always call
284	.Fn RSA_get_ex_data
285	first, even when it is the first time the application wants to set
286	application specific data in a particular
287	.Fa rsa
288	object, and to either modify whatever
289	.Fn RSA_get_ex_data
290	returns or to free it before calling
291	.Fn RSA_set_ex_data .
292	If that is forgotten, a memory leak results.
293	.Pp
294	Consequently, allocating any required memory
295	is better left to the application code that calls
296	.Fn RSA_set_ex_data .
297	.Pp
298	Installing a
299	.Fa dup_func
300	is often seen in combination with installing a
301	.Fa free_func ,
302	for obvious reasons.
303	It is rarely useful because for most parent object types
304	that support ex_data, including for
305	.Vt RSA ,
306	the library does not provide a copying API function in the first place, and
307	even where copying functions exist, they tend to be fragile and error-prone.
308	When a new object is needed, it is usually advisable to construct it from
309	scratch whenever possible, rather than attempting a copy operation.
310	.Pp
311	On top of that, if
312	.Fa dup_func
313	fails, for example because of a memory allocation failure, the
314	failure is neither reported nor detectable in any way, leaving the
315	new parent object with incomplete data and potentially in an
316	inconsistent state.
317	.Sh BUGS
318	If
319	.Fn RSA_set_ex_data
320	fails, recovery is very difficult.
321	In particular, calling
322	.Xr RSA_free 3
323	on the parent
324	.Fa rsa
325	object right afterwards is likely to also hit a memory allocation
326	failure, leaking all memory internally allocated by all earlier calls of
327	.Fn RSA_set_ex_data
328	on
329	.Fa rsa
330	rather than freeing that memory.
331	In order to recover, the application program
332	would have to free a sufficient amount of
333	.Em other
334	memory before calling
335	.Xr RSA_free 3 ,
336	which will rarely be feasible.
337	Consequently, after a failure of
338	.Fn RSA_set_ex_data ,
339	terminating the program is likely the only reasonable option.
340	.Pp
341	If
342	.Fn RSA_set_ex_data
343	is called with an
344	.Fa idx
345	argument greater than the last one previously returned from
346	.Fn RSA_get_ex_new_index ,
347	it may still succeed, and though that is not guaranteed by the API,
348	retrieving the
349	.Fa data
350	from such a bogus
351	.Fa idx
352	may even be possible with
353	.Fn RSA_get_ex_data ,
354	hiding the bug in the application program that caused passing the bogus
355	.Fa idx
356	to
357	.Fn RSA_set_ex_data
358	in the first place.
359	.Pp
360	If the bogus
361	.Fa idx
362	argument is large,
363	.Fn RSA_set_ex_data
364	may uselessly allocate a large amount of memory.
365	Calling
366	.Xr RSA_free 3
367	on the parent
368	.Fa rsa
369	object is the only way to recover that memory.
370	.Pp
371	If the bogus
372	.Fa idx
373	argument is very large,
374	.Fn RSA_set_ex_data
375	is likely to cause a significant delay before eventually failing
376	due to memory exhaustion.
377	It is likely to return without releasing the memory already
378	allocated, causing any subsequent attempt to allocate memory
379	for other purposes to fail, too.
380	In this situation, what was said above about failure of
381	.Fn RSA_set_ex_data
382	applies, so terminating the program is likely the only reasonable option.