int RSA_up_ref(RSA *r) { int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); #ifdef REF_PRINT REF_PRINT("RSA",r); #endif #if 0//def REF_CHECK if (i < 2) { abort(); } #endif return ((i > 1) ? 1 : 0); }
int EC_KEY_up_ref(EC_KEY *r) { int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC); #ifdef REF_PRINT REF_PRINT("EC_KEY", r); #endif #ifdef REF_CHECK if (i < 2) { fprintf(stderr, "EC_KEY_up, bad reference count\n"); abort(); } #endif return ((i > 1) ? 1 : 0); }
int DSA_up_ref(DSA *r) { int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA); #ifdef REF_PRINT REF_PRINT("DSA", r); #endif #ifdef REF_CHECK if (i < 2) { fprintf(stderr, "DSA_up_ref, bad reference count\n"); abort(); } #endif return ((i > 1) ? 1 : 0); }
int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) { int ret; EVP_PKEY *pkey = NULL; if (!ASN1_INTEGER_set(p7i->version, 0)) return 0; if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, X509_get_issuer_name(x509))) return 0; M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); if (!(p7i->issuer_and_serial->serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) return 0; pkey = X509_get_pubkey(x509); if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) { PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); goto err; } ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 0, p7i); if (ret == -2) { PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); goto err; } if (ret <= 0) { PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, PKCS7_R_ENCRYPTION_CTRL_FAILURE); goto err; } EVP_PKEY_free(pkey); CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); p7i->cert = x509; return 1; err: if (pkey) EVP_PKEY_free(pkey); return 0; }
void ssl_cert_free(CERT *c) { int i; if(c == NULL) return; i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT); #ifdef REF_PRINT REF_PRINT("CERT",c); #endif if (i > 0) return; #ifdef REF_CHECK if (i < 0) { fprintf(stderr,"ssl_cert_free, bad reference count\n"); abort(); /* ok */ } #endif #ifndef OPENSSL_NO_RSA if (c->rsa_tmp) RSA_free(c->rsa_tmp); #endif #ifndef OPENSSL_NO_DH if (c->dh_tmp) DH_free(c->dh_tmp); #endif #ifndef OPENSSL_NO_ECDH if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); #endif ssl_cert_clear_certs(c); if (c->peer_sigalgs) OPENSSL_free(c->peer_sigalgs); if (c->conf_sigalgs) OPENSSL_free(c->conf_sigalgs); if (c->client_sigalgs) OPENSSL_free(c->client_sigalgs); if (c->shared_sigalgs) OPENSSL_free(c->shared_sigalgs); if (c->ctypes) OPENSSL_free(c->ctypes); if (c->verify_store) X509_STORE_free(c->verify_store); if (c->chain_store) X509_STORE_free(c->chain_store); if (c->ciphers_raw) OPENSSL_free(c->ciphers_raw); OPENSSL_free(c); }
X509 *original_SSL_get_peer_certificate(const SSL *ssl) { X509 *r; if ((ssl == NULL) || (ssl->session == NULL)) r=NULL; else r=ssl->session->peer; if (r == NULL) return(r); CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509); return(r); }
int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) { OCSP_SIGNATURE *sig; if (!req->optionalSignature) req->optionalSignature = OCSP_SIGNATURE_new(); sig = req->optionalSignature; if (!sig) return 0; if (!cert) return 1; if (!sig->certs && !(sig->certs = sk_X509_new_null())) return 0; if(!sk_X509_push(sig->certs, cert)) return 0; CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); return 1; }
static LUA_FUNCTION(openssl_bio_pop) { BIO* bio = CHECK_OBJECT(1, BIO, "openssl.bio"); BIO* end = BIO_pop(bio); if (end) { lua_pushnil(L); } else { CRYPTO_add(&end->references, 1, CRYPTO_LOCK_BIO); PUSH_OBJECT(end, "openssl.bio"); } return 1; }
int DH_up_ref(DH *r) { int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); #ifdef REF_PRINT REF_PRINT("DH",r); #endif #ifdef REF_CHECK if (i < 2) { TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR, "DH_up, bad reference count\n"); TINYCLR_SSL_ABORT(); } #endif return ((i > 1) ? 1 : 0); }
void EVP_PKEY_free(EVP_PKEY *x) { int i; if (x == NULL) return; i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY); REF_PRINT_COUNT("EVP_PKEY", x); if (i > 0) return; REF_ASSERT_ISNT(i < 0); EVP_PKEY_free_it(x); sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); OPENSSL_free(x); }
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) { int i; i = ssl_cert_type(NULL, pkey); if (i < 0) { SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); return (0); } if (c->pkeys[i].x509 != NULL) { EVP_PKEY *pktmp; pktmp = X509_get_pubkey(c->pkeys[i].x509); if (pktmp == NULL) { SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE); EVP_PKEY_free(pktmp); return 0; } /* * The return code from EVP_PKEY_copy_parameters is deliberately * ignored. Some EVP_PKEY types cannot do this. */ EVP_PKEY_copy_parameters(pktmp, pkey); EVP_PKEY_free(pktmp); ERR_clear_error(); #ifndef OPENSSL_NO_RSA /* * Don't check the public/private key, this is mostly for smart * cards. */ if ((pkey->type == EVP_PKEY_RSA) && (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) ; else #endif if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { X509_free(c->pkeys[i].x509); c->pkeys[i].x509 = NULL; return 0; } } EVP_PKEY_free(c->pkeys[i].privatekey); CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); c->pkeys[i].privatekey = pkey; c->key = &(c->pkeys[i]); return (1); }
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, EVP_MD *dgst) { char is_dsa; if (pkey->type == EVP_PKEY_DSA) is_dsa = 1; else is_dsa = 0; /* We now need to add another PKCS7_SIGNER_INFO entry */ ASN1_INTEGER_set(p7i->version,1); X509_NAME_set(&p7i->issuer_and_serial->issuer, X509_get_issuer_name(x509)); /* because ASN1_INTEGER_set is used to set a 'long' we will do * things the ugly way. */ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); p7i->issuer_and_serial->serial= M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); /* lets keep the pkey around for a while */ CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); p7i->pkey=pkey; /* Set the algorithms */ if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1); else p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); if (p7i->digest_alg->parameter != NULL) ASN1_TYPE_free(p7i->digest_alg->parameter); if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL) goto err; p7i->digest_alg->parameter->type=V_ASN1_NULL; p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type)); if (p7i->digest_enc_alg->parameter != NULL) ASN1_TYPE_free(p7i->digest_enc_alg->parameter); if(is_dsa) p7i->digest_enc_alg->parameter = NULL; else { if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) goto err; p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; } return(1); err: return(0); }
void DH_free (DH * r) { int i; if (r == NULL) return; i = CRYPTO_add (&r->references, -1, CRYPTO_LOCK_DH); #ifdef REF_PRINT REF_PRINT ("DH", r); #endif if (i > 0) return; #ifdef REF_CHECK if (i < 0) { fprintf (stderr, "DH_free, bad reference count\n"); abort (); } #endif if (r->meth->finish) r->meth->finish (r); #ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish (r->engine); #endif CRYPTO_free_ex_data (CRYPTO_EX_INDEX_DH, r, &r->ex_data); if (r->p != NULL) BN_clear_free (r->p); if (r->g != NULL) BN_clear_free (r->g); if (r->q != NULL) BN_clear_free (r->q); if (r->j != NULL) BN_clear_free (r->j); if (r->seed) OPENSSL_free (r->seed); if (r->counter != NULL) BN_clear_free (r->counter); if (r->pub_key != NULL) BN_clear_free (r->pub_key); if (r->priv_key != NULL) BN_clear_free (r->priv_key); OPENSSL_free (r); }
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst) { int ret; /* We now need to add another PKCS7_SIGNER_INFO entry */ if (!ASN1_INTEGER_set(p7i->version,1)) goto err; if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, X509_get_issuer_name(x509))) goto err; /* because ASN1_INTEGER_set is used to set a 'long' we will do * things the ugly way. */ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); if (!(p7i->issuer_and_serial->serial= M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) goto err; /* lets keep the pkey around for a while */ CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); p7i->pkey=pkey; /* Set the algorithms */ X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)), V_ASN1_NULL, NULL); if (pkey->ameth && pkey->ameth->pkey_ctrl) { ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 0, p7i); if (ret > 0) return 1; if (ret != -2) { PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, PKCS7_R_SIGNING_CTRL_FAILURE); return 0; } } PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); err: return 0; }
void EVP_PKEY_free(EVP_PKEY *x) { int i; if (x == NULL) return; i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY); if (i > 0) return; EVP_PKEY_free_it(x); if (x->attributes) sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); free(x); }
/** * Return the nth certificate of the peer's chain. */ static int meth_getpeercertificate(lua_State *L) { int n; X509 *cert; STACK_OF(X509) *certs; p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); if (ssl->state != LSEC_STATE_CONNECTED) { lua_pushnil(L); lua_pushstring(L, "closed"); return 2; } /* Default to the first cert */ n = luaL_optint(L, 2, 1); /* This function is 1-based, but OpenSSL is 0-based */ --n; if (n < 0) { lua_pushnil(L); lua_pushliteral(L, "invalid certificate index"); return 2; } if (n == 0) { cert = SSL_get_peer_certificate(ssl->ssl); if (cert) lsec_pushx509(L, cert); else lua_pushnil(L); return 1; } /* In a server-context, the stack doesn't contain the peer cert, * so adjust accordingly. */ if (ssl->ssl->server) --n; certs = SSL_get_peer_cert_chain(ssl->ssl); if (n >= sk_X509_num(certs)) { lua_pushnil(L); return 1; } cert = sk_X509_value(certs, n); /* Increment the reference counting of the object. */ /* See SSL_get_peer_certificate() source code. */ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); lsec_pushx509(L, cert); return 1; }
static PyObject * z_py_zorp_certificate_new(X509 *cert) { ZorpCertificate *self; if (cert) { self = PyObject_New(ZorpCertificate, &z_py_zorp_certificate_type); self->cert = cert; CRYPTO_add(&cert->references,1,CRYPTO_LOCK_X509); return (PyObject *) self; } else { return z_policy_none_ref(); } }
static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, EVP_PKEY *pk, unsigned int flags) { CMS_KeyTransRecipientInfo *ktri; int idtype; ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo); if (!ri->d.ktri) return 0; ri->type = CMS_RECIPINFO_TRANS; ktri = ri->d.ktri; if (flags & CMS_USE_KEYID) { ktri->version = 2; idtype = CMS_RECIPINFO_KEYIDENTIFIER; } else { ktri->version = 0; idtype = CMS_RECIPINFO_ISSUER_SERIAL; } /* * Not a typo: RecipientIdentifier and SignerIdentifier are the same * structure. */ if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype)) return 0; X509_up_ref(recip); CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY); ktri->pkey = pk; ktri->recip = recip; if (flags & CMS_KEY_PARAM) { ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); if (!ktri->pctx) return 0; if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0) return 0; } else if (!cms_env_asn1_ctrl(ri, 0)) return 0; return 1; }
void ssl_cert_free(CERT *c) { int i; if (c == NULL) return; i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT); #ifdef REF_PRINT REF_PRINT("CERT", c); #endif if (i > 0) return; #ifdef REF_CHECK if (i < 0) { fprintf(stderr, "ssl_cert_free, bad reference count\n"); abort(); /* ok */ } #endif #ifndef OPENSSL_NO_RSA RSA_free(c->rsa_tmp); #endif #ifndef OPENSSL_NO_DH DH_free(c->dh_tmp); #endif #ifndef OPENSSL_NO_EC EC_KEY_free(c->ecdh_tmp); #endif ssl_cert_clear_certs(c); OPENSSL_free(c->conf_sigalgs); OPENSSL_free(c->client_sigalgs); OPENSSL_free(c->shared_sigalgs); OPENSSL_free(c->ctypes); X509_STORE_free(c->verify_store); X509_STORE_free(c->chain_store); custom_exts_free(&c->cli_ext); custom_exts_free(&c->srv_ext); #ifndef OPENSSL_NO_PSK OPENSSL_free(c->psk_identity_hint); #endif OPENSSL_free(c); }
int DSO_free(DSO *dso) { int i; if(dso == NULL) { DSOerr(DSO_F_DSO_FREE,ERR_R_PASSED_NULL_PARAMETER); return(0); } i=CRYPTO_add(&dso->references,-1,CRYPTO_LOCK_DSO); #ifdef REF_PRINT REF_PRINT("DSO",dso); #endif if(i > 0) return(1); #ifdef REF_CHECK if(i < 0) { fprintf(stderr,"DSO_free, bad reference count\n"); abort(); } #endif if((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) { DSOerr(DSO_F_DSO_FREE,DSO_R_UNLOAD_FAILED); return(0); } if((dso->meth->finish != NULL) && !dso->meth->finish(dso)) { DSOerr(DSO_F_DSO_FREE,DSO_R_FINISH_FAILED); return(0); } sk_void_free(dso->meth_data); if(dso->filename != NULL) OPENSSL_free(dso->filename); if(dso->loaded_filename != NULL) OPENSSL_free(dso->loaded_filename); OPENSSL_free(dso); return(1); }
int SSL_set_session(SSL *s, SSL_SESSION *session) { int ret = 0; const SSL_METHOD *meth; if (session != NULL) { meth = s->ctx->method->internal->get_ssl_method(session->ssl_version); if (meth == NULL) meth = s->method->internal->get_ssl_method(session->ssl_version); if (meth == NULL) { SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD); return (0); } if (meth != s->method) { if (!SSL_set_ssl_method(s, meth)) return (0); } /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); if (s->session != NULL) SSL_SESSION_free(s->session); s->session = session; s->verify_result = s->session->verify_result; /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ ret = 1; } else { if (s->session != NULL) { SSL_SESSION_free(s->session); s->session = NULL; } meth = s->ctx->method; if (meth != s->method) { if (!SSL_set_ssl_method(s, meth)) return (0); } ret = 1; } return (ret); }
int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; int i; check_store(s,STORE_F_STORE_STORE_PUBLIC_KEY, store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); object = STORE_OBJECT_new(); if (!object) { STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE); return 0; } object->data.key = EVP_PKEY_new(); if (!object->data.key) { STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE); return 0; } CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY); #ifdef REF_PRINT REF_PRINT("EVP_PKEY",data); #endif object->data.key = data; i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object, attributes, parameters); STORE_OBJECT_free(object); if (!i) { STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, STORE_R_FAILED_STORING_KEY); return 0; } return i; }
void RSA_free(RSA *rsa) { unsigned u; if (rsa == NULL) { return; } if (CRYPTO_add(&rsa->references, -1, CRYPTO_LOCK_RSA) > 0) { return; } if (rsa->meth->finish) { rsa->meth->finish(rsa); } METHOD_unref(rsa->meth); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, rsa, &rsa->ex_data); if (rsa->n != NULL) BN_clear_free(rsa->n); if (rsa->e != NULL) BN_clear_free(rsa->e); if (rsa->d != NULL) BN_clear_free(rsa->d); if (rsa->p != NULL) BN_clear_free(rsa->p); if (rsa->q != NULL) BN_clear_free(rsa->q); if (rsa->dmp1 != NULL) BN_clear_free(rsa->dmp1); if (rsa->dmq1 != NULL) BN_clear_free(rsa->dmq1); if (rsa->iqmp != NULL) BN_clear_free(rsa->iqmp); for (u = 0; u < rsa->num_blindings; u++) { BN_BLINDING_free(rsa->blindings[u]); } if (rsa->blindings != NULL) OPENSSL_free(rsa->blindings); if (rsa->blindings_inuse != NULL) OPENSSL_free(rsa->blindings_inuse); OPENSSL_free(rsa); }
void RSA_free(RSA *r) { int i; if (r == NULL) return; i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); #ifdef REF_PRINT REF_PRINT("RSA",r); #endif if (i > 0) return; #ifdef REF_CHECK if (i < 0) { fprintf(stderr,"RSA_free, bad reference count\n"); abort(); } #endif if (r->meth->finish) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); if (r->n != NULL) BN_clear_free(r->n); if (r->e != NULL) BN_clear_free(r->e); if (r->d != NULL) BN_clear_free(r->d); if (r->p != NULL) BN_clear_free(r->p); if (r->q != NULL) BN_clear_free(r->q); if (r->dmp1 != NULL) BN_clear_free(r->dmp1); if (r->dmq1 != NULL) BN_clear_free(r->dmq1); if (r->iqmp != NULL) BN_clear_free(r->iqmp); #ifndef OPERA_SMALL_VERSION if (r->blinding != NULL) BN_BLINDING_free(r->blinding); if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding); if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); #endif OPENSSL_free(r); }
/* Do reference counting. The value 'op' decides what to do. if it is +1 then * the count is incremented. If op is 0 count is set to 1. If op is -1 count is * decremented and the return value is the current refrence count or 0 if no * reference count exists. */ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) { const ASN1_AUX *aux; int *lck, ret; if (it->itype != ASN1_ITYPE_SEQUENCE && it->itype != ASN1_ITYPE_NDEF_SEQUENCE) { return 0; } aux = it->funcs; if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) { return 0; } lck = offset2ptr(*pval, aux->ref_offset); if (op == 0) { *lck = 1; return 1; } ret = CRYPTO_add(lck, op, aux->ref_lock); return ret; }
int mosquitto_opts_set(struct mosquitto *mosq, enum mosq_opt_t option, void *value) { int ival; if(!mosq || !value) return MOSQ_ERR_INVAL; switch(option){ case MOSQ_OPT_PROTOCOL_VERSION: ival = *((int *)value); if(ival == MQTT_PROTOCOL_V31){ mosq->protocol = mosq_p_mqtt31; }else if(ival == MQTT_PROTOCOL_V311){ mosq->protocol = mosq_p_mqtt311; }else{ return MOSQ_ERR_INVAL; } break; case MOSQ_OPT_SSL_CTX: #ifdef WITH_TLS mosq->ssl_ctx = (SSL_CTX *)value; if(mosq->ssl_ctx){ #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) SSL_CTX_up_ref(mosq->ssl_ctx); #else CRYPTO_add(&(mosq->ssl_ctx)->references, 1, CRYPTO_LOCK_SSL_CTX); #endif } break; #else return MOSQ_ERR_NOT_SUPPORTED; #endif case MOSQ_OPT_SSL_CTX_WITH_DEFAULTS: #if defined(WITH_TLS) && OPENSSL_VERSION_NUMBER >= 0x10100000L mosq->ssl_ctx_defaults = true; break; #else return MOSQ_ERR_NOT_SUPPORTED; #endif default: return MOSQ_ERR_INVAL; } return MOSQ_ERR_SUCCESS; }
static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int to_return = 1; switch(cmd) { case ENGINE_CTRL_SET_LOGSTREAM: { BIO *bio = (BIO *)p; CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if (logstream) { BIO_free(logstream); logstream = NULL; } if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1) logstream = bio; else SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED); } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); break; /* This will prevent the initialisation function from "installing" * the mutex-handling callbacks, even if they are available from * within the library (or were provided to the library from the * calling application). This is to remove any baggage for * applications not using multithreading. */ case ENGINE_CTRL_CHIL_NO_LOCKING: CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); threadsafe = 0; CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); break; /* The command isn't understood by this engine */ default: SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); to_return = 0; break; } return to_return; }
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) { int i; i = ssl_cert_type(NULL, pkey); if (i < 0) { SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); return (0); } if (c->pkeys[i].x509 != NULL) { EVP_PKEY *pktmp; pktmp = X509_get_pubkey(c->pkeys[i].x509); EVP_PKEY_copy_parameters(pktmp, pkey); EVP_PKEY_free(pktmp); ERR_clear_error(); /* * Don't check the public/private key, this is mostly * for smart cards. */ if ((pkey->type == EVP_PKEY_RSA) && (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) ; else if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { X509_free(c->pkeys[i].x509); c->pkeys[i].x509 = NULL; return 0; } } if (c->pkeys[i].privatekey != NULL) EVP_PKEY_free(c->pkeys[i].privatekey); CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); c->pkeys[i].privatekey = pkey; c->key = &(c->pkeys[i]); c->valid = 0; return (1); }
static int hwskf_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) { int to_return = 1; switch (cmd) { case HWSKF_CMD_SO_PATH: if (hwskf_dso) { //HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_ALREADY_LOADED); return 0; } if (p == NULL) { //HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, ERR_R_PASSED_NULL_PARAMETER); return 0; } return set_HWSKF_LIBNAME((const char *)p); case ENGINE_CTRL_SET_LOGSTREAM: { BIO *bio = (BIO *)p; CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if (logstream) { BIO_free(logstream); logstream = NULL; } if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1) logstream = bio; //else //HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED); } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); break; /* The command isn't understood by this engine */ default: //HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, // HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED); to_return = 0; break; } return to_return; }
X509_CRL * STORE_list_crl_next(STORE *s, void *handle) { STORE_OBJECT *object; X509_CRL *crl; check_store(s, STORE_F_STORE_LIST_CRL_NEXT, list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); object = s->meth->list_object_next(s, handle); if (!object || !object->data.crl) { STOREerr(STORE_F_STORE_LIST_CRL_NEXT, STORE_R_FAILED_LISTING_KEYS); return 0; } CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); crl = object->data.crl; STORE_OBJECT_free(object); return crl; }