SSL_SESSION *SSL_SESSION_new(void) { SSL_SESSION *ss; if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) return NULL; ss = OPENSSL_zalloc(sizeof(*ss)); if (ss == NULL) { SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); return NULL; } ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ ss->references = 1; ss->timeout = 60 * 5 + 4; /* 5 minute timeout by default */ ss->time = (unsigned long)time(NULL); ss->lock = CRYPTO_THREAD_lock_new(); if (ss->lock == NULL) { SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); OPENSSL_free(ss); return NULL; } if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) { CRYPTO_THREAD_lock_free(ss->lock); OPENSSL_free(ss); return NULL; } return ss; }
int BIO_set(BIO *bio, const BIO_METHOD *method) { bio->method = method; bio->callback = NULL; bio->cb_arg = NULL; bio->init = 0; bio->shutdown = 1; bio->flags = 0; bio->retry_reason = 0; bio->num = 0; bio->ptr = NULL; bio->prev_bio = NULL; bio->next_bio = NULL; bio->references = 1; bio->num_read = 0L; bio->num_write = 0L; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); bio->lock = CRYPTO_THREAD_lock_new(); if (bio->lock == NULL) { CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); return 0; } if (method->create != NULL) { if (!method->create(bio)) { CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); CRYPTO_THREAD_lock_free(bio->lock); return 0; } } return 1; }
/* * Enables locking for the given drbg * * Locking can only be enabled if the random generator * is in the uninitialized state. * * Returns 1 on success, 0 on failure. */ int rand_drbg_enable_locking(RAND_DRBG *drbg) { if (drbg->state != DRBG_UNINITIALISED) { RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING, RAND_R_DRBG_ALREADY_INITIALIZED); return 0; } if (drbg->lock == NULL) { if (drbg->parent != NULL && drbg->parent->lock == NULL) { RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING, RAND_R_PARENT_LOCKING_NOT_ENABLED); return 0; } drbg->lock = CRYPTO_THREAD_lock_new(); if (drbg->lock == NULL) { RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING, RAND_R_FAILED_TO_CREATE_LOCK); return 0; } } return 1; }
X509_STORE *X509_STORE_new(void) { X509_STORE *ret; if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) return NULL; if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) goto err; ret->cache = 1; if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) goto err; if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) goto err; if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) goto err; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) goto err; ret->references = 1; return ret; err: X509_VERIFY_PARAM_free(ret->param); sk_X509_OBJECT_free(ret->objs); sk_X509_LOOKUP_free(ret->get_cert_methods); OPENSSL_free(ret); return NULL; }
ENGINE_CTX *pkcs11_new() { ENGINE_CTX *ctx; char *mod; ctx = OPENSSL_malloc(sizeof(ENGINE_CTX)); if (ctx == NULL) return NULL; memset(ctx, 0, sizeof(ENGINE_CTX)); mod = getenv("PKCS11_MODULE_PATH"); if (mod) { ctx->module = OPENSSL_strdup(mod); } else { #ifdef DEFAULT_PKCS11_MODULE ctx->module = OPENSSL_strdup(DEFAULT_PKCS11_MODULE); #else ctx->module = NULL; #endif } #if OPENSSL_VERSION_NUMBER >= 0x10100004L ctx->rwlock = CRYPTO_THREAD_lock_new(); #else ctx->rwlock = CRYPTO_get_dynlock_create_callback() ? CRYPTO_get_new_dynlockid() : 0; #endif return ctx; }
/* * Create a new context */ PKCS11_CTX *pkcs11_CTX_new(void) { PKCS11_CTX_private *cpriv = NULL; PKCS11_CTX *ctx = NULL; /* Load error strings */ ERR_load_PKCS11_strings(); cpriv = OPENSSL_malloc(sizeof(PKCS11_CTX_private)); if (cpriv == NULL) goto fail; memset(cpriv, 0, sizeof(PKCS11_CTX_private)); ctx = OPENSSL_malloc(sizeof(PKCS11_CTX)); if (ctx == NULL) goto fail; memset(ctx, 0, sizeof(PKCS11_CTX)); ctx->_private = cpriv; cpriv->forkid = _P11_get_forkid(); cpriv->rwlock = CRYPTO_THREAD_lock_new(); return ctx; fail: OPENSSL_free(cpriv); OPENSSL_free(ctx); return NULL; }
UI *UI_new_method(const UI_METHOD *method) { UI *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE); return NULL; } ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE); OPENSSL_free(ret); return NULL; } if (method == NULL) method = UI_get_default_method(); if (method == NULL) method = UI_null(); ret->meth = method; if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data)) { OPENSSL_free(ret); return NULL; } return ret; }
int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) { const ASN1_AUX *aux; int *lck, ret; CRYPTO_RWLOCK **lock; if ((it->itype != ASN1_ITYPE_SEQUENCE) && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE)) return 0; aux = it->funcs; if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) return 0; lck = offset2ptr(*pval, aux->ref_offset); lock = offset2ptr(*pval, aux->ref_lock); if (op == 0) { *lck = 1; *lock = CRYPTO_THREAD_lock_new(); if (*lock == NULL) return 0; return 1; } CRYPTO_atomic_add(lck, op, &ret, *lock); #ifdef REF_PRINT fprintf(stderr, "%p:%4d:%s\n", it, *lck, it->sname); #endif REF_ASSERT_ISNT(ret < 0); if (ret == 0) CRYPTO_THREAD_lock_free(*lock); return ret; }
EC_KEY *EC_KEY_new_method(ENGINE *engine) { EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE); return NULL; } if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) { OPENSSL_free(ret); return NULL; } ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data); OPENSSL_free(ret); return NULL; } ret->meth = EC_KEY_get_default_method(); #ifndef OPENSSL_NO_ENGINE if (engine != NULL) { if (!ENGINE_init(engine)) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data); CRYPTO_THREAD_lock_free(ret->lock); OPENSSL_free(ret); return NULL; } ret->engine = engine; } else ret->engine = ENGINE_get_default_EC(); if (ret->engine != NULL) { ret->meth = ENGINE_get_EC(ret->engine); if (ret->meth == NULL) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data); CRYPTO_THREAD_lock_free(ret->lock); OPENSSL_free(ret); return NULL; } } #endif ret->version = 1; ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; ret->references = 1; if (ret->meth->init != NULL && ret->meth->init(ret) == 0) { EC_KEY_free(ret); return NULL; } return ret; }
int do_ex_data_init(OPENSSL_CTX *ctx) { OSSL_EX_DATA_GLOBAL *global = openssl_ctx_get_ex_data_global(ctx); if (global == NULL) return 0; global->ex_data_lock = CRYPTO_THREAD_lock_new(); return global->ex_data_lock != NULL; }
static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt, HWCryptoHook_CallerContext * cactx) { mt->lock = CRYPTO_THREAD_lock_new(); if (mt->lock == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_MUTEX_INIT, ERR_R_MALLOC_FAILURE); return 1; /* failure */ } return 0; /* success */ }
RSA *RSA_new_method(ENGINE *engine) { RSA *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); return NULL; } ret->references = 1; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); OPENSSL_free(ret); return NULL; } ret->meth = RSA_get_default_method(); #ifndef OPENSSL_NO_ENGINE ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; if (engine) { if (!ENGINE_init(engine)) { RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); goto err; } ret->engine = engine; } else { ret->engine = ENGINE_get_default_RSA(); } if (ret->engine) { ret->meth = ENGINE_get_RSA(ret->engine); if (ret->meth == NULL) { RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); goto err; } } #endif ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { goto err; } if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_INIT_FAIL); goto err; } return ret; err: RSA_free(ret); return NULL; }
DSA *DSA_new_method(ENGINE *engine) { DSA *ret; ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); return NULL; } ret->meth = DSA_get_default_method(); #ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) { DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); OPENSSL_free(ret); return NULL; } ret->engine = engine; } else ret->engine = ENGINE_get_default_DSA(); if (ret->engine) { ret->meth = ENGINE_get_DSA(ret->engine); if (ret->meth == NULL) { DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); OPENSSL_free(ret); return NULL; } } #endif ret->references = 1; ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { #ifndef OPENSSL_NO_ENGINE ENGINE_finish(ret->engine); #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); OPENSSL_free(ret); return NULL; } if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { DSA_free(ret); ret = NULL; } return ret; }
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) { BN_BLINDING *ret = NULL; bn_check_top(mod); if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); return NULL; } ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); OPENSSL_free(ret); return NULL; } BN_BLINDING_set_current_thread(ret); if (A != NULL) { if ((ret->A = BN_dup(A)) == NULL) goto err; } if (Ai != NULL) { if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; } /* save a copy of mod in the BN_BLINDING structure */ if ((ret->mod = BN_dup(mod)) == NULL) goto err; if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) BN_set_flags(ret->mod, BN_FLG_CONSTTIME); /* * Set the counter to the special value -1 to indicate that this is * never-used fresh blinding that does not need updating before first * use. */ ret->counter = -1; return ret; err: BN_BLINDING_free(ret); return NULL; }
/* * Set up a global DRBG. */ static int setup_drbg(RAND_DRBG *drbg) { int ret = 1; drbg->lock = CRYPTO_THREAD_lock_new(); ret &= drbg->lock != NULL; drbg->size = RANDOMNESS_NEEDED; drbg->secure = CRYPTO_secure_malloc_initialized(); drbg->randomness = NULL; /* If you change these parameters, see RANDOMNESS_NEEDED */ ret &= RAND_DRBG_set(drbg, NID_aes_128_ctr, RAND_DRBG_FLAG_CTR_USE_DF) == 1; ret &= RAND_DRBG_set_callbacks(drbg, drbg_entropy_from_system, drbg_release_entropy, NULL, NULL) == 1; return ret; }
static void ossl_init_base(void) { #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n"); #endif /* * We use a dummy thread local key here. We use the destructor to detect * when the thread is going to stop (where that feature is available) */ CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap); #ifndef OPENSSL_SYS_UEFI atexit(OPENSSL_cleanup); #endif init_lock = CRYPTO_THREAD_lock_new(); OPENSSL_cpuid_setup(); base_inited = 1; }
int CRYPTO_secure_malloc_init(size_t size, int minsize) { #ifdef IMPLEMENTED int ret = 0; if (!secure_mem_initialized) { sec_malloc_lock = CRYPTO_THREAD_lock_new(); if (sec_malloc_lock == NULL) return 0; ret = sh_init(size, minsize); secure_mem_initialized = 1; } return ret; #else return 0; #endif /* IMPLEMENTED */ }
static OSSL_PROVIDER *provider_new(const char *name, OSSL_provider_init_fn *init_function) { OSSL_PROVIDER *prov = NULL; if ((prov = OPENSSL_zalloc(sizeof(*prov))) == NULL #ifndef HAVE_ATOMICS || (prov->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL #endif || !ossl_provider_upref(prov) /* +1 One reference to be returned */ || (prov->name = OPENSSL_strdup(name)) == NULL) { ossl_provider_free(prov); CRYPTOerr(CRYPTO_F_PROVIDER_NEW, ERR_R_MALLOC_FAILURE); return NULL; } prov->init_function = init_function; return prov; }
EVP_PKEY *EVP_PKEY_new(void) { EVP_PKEY *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); return NULL; } ret->type = EVP_PKEY_NONE; ret->save_type = EVP_PKEY_NONE; ret->references = 1; ret->save_parameters = 1; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); OPENSSL_free(ret); return NULL; } return ret; }
static DSO *DSO_new_method(DSO_METHOD *meth) { DSO *ret; if (default_DSO_meth == NULL) { /* * We default to DSO_METH_openssl() which in turn defaults to * stealing the "best available" method. Will fallback to * DSO_METH_null() in the worst case. */ default_DSO_meth = DSO_METHOD_openssl(); } ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); return (NULL); } ret->meth_data = sk_void_new_null(); if (ret->meth_data == NULL) { /* sk_new doesn't generate any errors so we do */ DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); OPENSSL_free(ret); return (NULL); } ret->meth = default_DSO_meth; ret->references = 1; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); sk_void_free(ret->meth_data); OPENSSL_free(ret); return NULL; } if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { DSO_free(ret); ret = NULL; } return ret; }
int CRYPTO_secure_malloc_init(size_t size, int minsize) { #ifdef OPENSSL_SECURE_MEMORY int ret = 0; if (!secure_mem_initialized) { sec_malloc_lock = CRYPTO_THREAD_lock_new(); if (sec_malloc_lock == NULL) return 0; if ((ret = sh_init(size, minsize)) != 0) { secure_mem_initialized = 1; } else { CRYPTO_THREAD_lock_free(sec_malloc_lock); sec_malloc_lock = NULL; } } return ret; #else return 0; #endif /* OPENSSL_SECURE_MEMORY */ }
CERT *ssl_cert_new(void) { CERT *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); return NULL; } ret->key = &(ret->pkeys[SSL_PKEY_RSA]); ret->references = 1; ret->sec_cb = ssl_security_default_callback; ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL; ret->sec_ex = NULL; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); OPENSSL_free(ret); return NULL; } return ret; }
static void *provider_store_new(void) { struct provider_store_st *store = OPENSSL_zalloc(sizeof(*store)); const struct predefined_providers_st *p = NULL; if (store == NULL || (store->providers = sk_OSSL_PROVIDER_new(ossl_provider_cmp)) == NULL || (store->lock = CRYPTO_THREAD_lock_new()) == NULL) { provider_store_free(store); return NULL; } store->use_fallbacks = 1; for (p = predefined_providers; p->name != NULL; p++) { OSSL_PROVIDER *prov = NULL; /* * We use the internal constructor directly here, * otherwise we get a call loop */ prov = provider_new(p->name, p->init); if (prov == NULL || sk_OSSL_PROVIDER_push(store->providers, prov) == 0) { ossl_provider_free(prov); provider_store_free(store); CRYPTOerr(CRYPTO_F_PROVIDER_STORE_NEW, ERR_R_INTERNAL_ERROR); return NULL; } prov->store = store; if(p->is_fallback) ossl_provider_set_fallback(prov); } return store; }
BIO *BIO_new(const BIO_METHOD *method) { BIO *bio = OPENSSL_zalloc(sizeof(*bio)); if (bio == NULL) { BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } bio->method = method; bio->shutdown = 1; bio->references = 1; if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data)) goto err; bio->lock = CRYPTO_THREAD_lock_new(); if (bio->lock == NULL) { BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); goto err; } if (method->create != NULL && !method->create(bio)) { BIOerr(BIO_F_BIO_NEW, ERR_R_INIT_FAIL); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); CRYPTO_THREAD_lock_free(bio->lock); goto err; } return bio; err: OPENSSL_free(bio); return NULL; }
CERT *ssl_cert_dup(CERT *cert) { CERT *ret = OPENSSL_zalloc(sizeof(*ret)); int i; if (ret == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); return NULL; } ret->references = 1; ret->key = &ret->pkeys[cert->key - cert->pkeys]; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); OPENSSL_free(ret); return NULL; } #ifndef OPENSSL_NO_DH if (cert->dh_tmp != NULL) { ret->dh_tmp = cert->dh_tmp; EVP_PKEY_up_ref(ret->dh_tmp); } ret->dh_tmp_cb = cert->dh_tmp_cb; ret->dh_tmp_auto = cert->dh_tmp_auto; #endif for (i = 0; i < SSL_PKEY_NUM; i++) { CERT_PKEY *cpk = cert->pkeys + i; CERT_PKEY *rpk = ret->pkeys + i; if (cpk->x509 != NULL) { rpk->x509 = cpk->x509; X509_up_ref(rpk->x509); } if (cpk->privatekey != NULL) { rpk->privatekey = cpk->privatekey; EVP_PKEY_up_ref(cpk->privatekey); } if (cpk->chain) { rpk->chain = X509_chain_up_ref(cpk->chain); if (!rpk->chain) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); goto err; } } if (cert->pkeys[i].serverinfo != NULL) { /* Just copy everything. */ ret->pkeys[i].serverinfo = OPENSSL_malloc(cert->pkeys[i].serverinfo_length); if (ret->pkeys[i].serverinfo == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); goto err; } ret->pkeys[i].serverinfo_length = cert->pkeys[i].serverinfo_length; memcpy(ret->pkeys[i].serverinfo, cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length); } } /* Configured sigalgs copied across */ if (cert->conf_sigalgs) { ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs)); if (ret->conf_sigalgs == NULL) goto err; memcpy(ret->conf_sigalgs, cert->conf_sigalgs, cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs)); ret->conf_sigalgslen = cert->conf_sigalgslen; } else ret->conf_sigalgs = NULL; if (cert->client_sigalgs) { ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen * sizeof(*cert->client_sigalgs)); if (ret->client_sigalgs == NULL) goto err; memcpy(ret->client_sigalgs, cert->client_sigalgs, cert->client_sigalgslen * sizeof(*cert->client_sigalgs)); ret->client_sigalgslen = cert->client_sigalgslen; } else ret->client_sigalgs = NULL; /* Shared sigalgs also NULL */ ret->shared_sigalgs = NULL; /* Copy any custom client certificate types */ if (cert->ctype) { ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len); if (ret->ctype == NULL) goto err; ret->ctype_len = cert->ctype_len; } ret->cert_flags = cert->cert_flags; ret->cert_cb = cert->cert_cb; ret->cert_cb_arg = cert->cert_cb_arg; if (cert->verify_store) { X509_STORE_up_ref(cert->verify_store); ret->verify_store = cert->verify_store; } if (cert->chain_store) { X509_STORE_up_ref(cert->chain_store); ret->chain_store = cert->chain_store; } ret->sec_cb = cert->sec_cb; ret->sec_level = cert->sec_level; ret->sec_ex = cert->sec_ex; if (!custom_exts_copy(&ret->custext, &cert->custext)) goto err; #ifndef OPENSSL_NO_PSK if (cert->psk_identity_hint) { ret->psk_identity_hint = OPENSSL_strdup(cert->psk_identity_hint); if (ret->psk_identity_hint == NULL) goto err; } #endif return ret; err: ssl_cert_free(ret); return NULL; }
static void do_bio_lookup_init(void) { bio_lookup_lock = CRYPTO_THREAD_lock_new(); }
static void do_err_strings_init(void) { CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); err_string_lock = CRYPTO_THREAD_lock_new(); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); }
void do_engine_lock_init(void) { global_engine_lock = CRYPTO_THREAD_lock_new(); }
/* * Create a new SSL_SESSION and duplicate the contents of |src| into it. If * ticket == 0 then no ticket information is duplicated, otherwise it is. */ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) { SSL_SESSION *dest; dest = OPENSSL_malloc(sizeof(*src)); if (dest == NULL) { goto err; } memcpy(dest, src, sizeof(*dest)); /* * Set the various pointers to NULL so that we can call SSL_SESSION_free in * the case of an error whilst halfway through constructing dest */ #ifndef OPENSSL_NO_PSK dest->psk_identity_hint = NULL; dest->psk_identity = NULL; #endif dest->ciphers = NULL; dest->ext.hostname = NULL; #ifndef OPENSSL_NO_EC dest->ext.ecpointformats = NULL; dest->ext.supportedgroups = NULL; #endif dest->ext.tick = NULL; #ifndef OPENSSL_NO_SRP dest->srp_username = NULL; #endif memset(&dest->ex_data, 0, sizeof(dest->ex_data)); /* We deliberately don't copy the prev and next pointers */ dest->prev = NULL; dest->next = NULL; dest->references = 1; dest->lock = CRYPTO_THREAD_lock_new(); if (dest->lock == NULL) goto err; if (src->peer != NULL) X509_up_ref(src->peer); if (src->peer_chain != NULL) { dest->peer_chain = X509_chain_up_ref(src->peer_chain); if (dest->peer_chain == NULL) goto err; } #ifndef OPENSSL_NO_PSK if (src->psk_identity_hint) { dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint); if (dest->psk_identity_hint == NULL) { goto err; } } if (src->psk_identity) { dest->psk_identity = OPENSSL_strdup(src->psk_identity); if (dest->psk_identity == NULL) { goto err; } } #endif if (src->ciphers != NULL) { dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); if (dest->ciphers == NULL) goto err; } if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, &dest->ex_data, &src->ex_data)) { goto err; } if (src->ext.hostname) { dest->ext.hostname = OPENSSL_strdup(src->ext.hostname); if (dest->ext.hostname == NULL) { goto err; } } #ifndef OPENSSL_NO_EC if (src->ext.ecpointformats) { dest->ext.ecpointformats = OPENSSL_memdup(src->ext.ecpointformats, src->ext.ecpointformats_len); if (dest->ext.ecpointformats == NULL) goto err; } if (src->ext.supportedgroups) { dest->ext.supportedgroups = OPENSSL_memdup(src->ext.supportedgroups, src->ext.supportedgroups_len); if (dest->ext.supportedgroups == NULL) goto err; } #endif if (ticket != 0) { dest->ext.tick = OPENSSL_memdup(src->ext.tick, src->ext.ticklen); if (dest->ext.tick == NULL) goto err; } else { dest->ext.tick_lifetime_hint = 0; dest->ext.ticklen = 0; } #ifndef OPENSSL_NO_SRP if (src->srp_username) { dest->srp_username = OPENSSL_strdup(src->srp_username); if (dest->srp_username == NULL) { goto err; } } #endif return dest; err: SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE); SSL_SESSION_free(dest); return NULL; }
/* * This internal function is used by ENGINE_chil() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE *e) { # ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; # endif # ifndef OPENSSL_NO_DH const DH_METHOD *meth2; # endif chil_lock = CRYPTO_THREAD_lock_new(); if (chil_lock == NULL) { HWCRHKerr(HWCRHK_F_BIND_HELPER, ERR_R_MALLOC_FAILURE); return 0; } if (!ENGINE_set_id(e, engine_hwcrhk_id) || !ENGINE_set_name(e, engine_hwcrhk_name) || # ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, &hwcrhk_rsa) || # endif # ifndef OPENSSL_NO_DH !ENGINE_set_DH(e, &hwcrhk_dh) || # endif !ENGINE_set_RAND(e, &hwcrhk_rand) || !ENGINE_set_destroy_function(e, hwcrhk_destroy) || !ENGINE_set_init_function(e, hwcrhk_init) || !ENGINE_set_finish_function(e, hwcrhk_finish) || !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) || !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) || !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) || !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns)) return 0; # ifndef OPENSSL_NO_RSA /* * We know that the "PKCS1_OpenSSL()" functions hook properly to the * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB: * We don't use ENGINE_openssl() or anything "more generic" because * something like the RSAref code may not hook properly, and if you own * one of these cards then you have the right to do RSA operations on it * anyway! */ meth1 = RSA_PKCS1_OpenSSL(); hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc; hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc; hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec; # endif # ifndef OPENSSL_NO_DH /* Much the same for Diffie-Hellman */ meth2 = DH_OpenSSL(); hwcrhk_dh.generate_key = meth2->generate_key; hwcrhk_dh.compute_key = meth2->compute_key; # endif /* Ensure the hwcrhk error handling is set up */ ERR_load_HWCRHK_strings(); return 1; }