int RSA_up_ref(RSA *r)
	{
	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
#ifdef REF_PRINT
	REF_PRINT("RSA",r);
#endif
#if 0//def REF_CHECK
	if (i < 2)
		{
		abort();
		}
#endif
	return ((i > 1) ? 1 : 0);
	}
Exemple #2
0
int EC_KEY_up_ref(EC_KEY *r)
{
    int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);
#ifdef REF_PRINT
    REF_PRINT("EC_KEY", r);
#endif
#ifdef REF_CHECK
    if (i < 2) {
        fprintf(stderr, "EC_KEY_up, bad reference count\n");
        abort();
    }
#endif
    return ((i > 1) ? 1 : 0);
}
Exemple #3
0
int DSA_up_ref(DSA *r)
{
    int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
#ifdef REF_PRINT
    REF_PRINT("DSA", r);
#endif
#ifdef REF_CHECK
    if (i < 2) {
        fprintf(stderr, "DSA_up_ref, bad reference count\n");
        abort();
    }
#endif
    return ((i > 1) ? 1 : 0);
}
int
PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
{
	int ret;
	EVP_PKEY *pkey = NULL;
	if (!ASN1_INTEGER_set(p7i->version, 0))
		return 0;
	if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
	    X509_get_issuer_name(x509)))
		return 0;

	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
	if (!(p7i->issuer_and_serial->serial =
	    M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
		return 0;

	pkey = X509_get_pubkey(x509);

	if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {
		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
		    PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
		goto err;
	}

	ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,
	    0, p7i);
	if (ret == -2) {
		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
		    PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
		goto err;
	}
	if (ret <= 0) {
		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
		    PKCS7_R_ENCRYPTION_CTRL_FAILURE);
		goto err;
	}

	EVP_PKEY_free(pkey);

	CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
	p7i->cert = x509;

	return 1;

err:
	if (pkey)
		EVP_PKEY_free(pkey);
	return 0;
}
Exemple #5
0
void ssl_cert_free(CERT *c)
	{
	int i;

	if(c == NULL)
	    return;

	i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
#ifdef REF_PRINT
	REF_PRINT("CERT",c);
#endif
	if (i > 0) return;
#ifdef REF_CHECK
	if (i < 0)
		{
		fprintf(stderr,"ssl_cert_free, bad reference count\n");
		abort(); /* ok */
		}
#endif

#ifndef OPENSSL_NO_RSA
	if (c->rsa_tmp) RSA_free(c->rsa_tmp);
#endif
#ifndef OPENSSL_NO_DH
	if (c->dh_tmp) DH_free(c->dh_tmp);
#endif
#ifndef OPENSSL_NO_ECDH
	if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
#endif

	ssl_cert_clear_certs(c);
	if (c->peer_sigalgs)
		OPENSSL_free(c->peer_sigalgs);
	if (c->conf_sigalgs)
		OPENSSL_free(c->conf_sigalgs);
	if (c->client_sigalgs)
		OPENSSL_free(c->client_sigalgs);
	if (c->shared_sigalgs)
		OPENSSL_free(c->shared_sigalgs);
	if (c->ctypes)
		OPENSSL_free(c->ctypes);
	if (c->verify_store)
		X509_STORE_free(c->verify_store);
	if (c->chain_store)
		X509_STORE_free(c->chain_store);
	if (c->ciphers_raw)
		OPENSSL_free(c->ciphers_raw);
	OPENSSL_free(c);
	}
Exemple #6
0
X509 *original_SSL_get_peer_certificate(const SSL *ssl)
{
    X509 *r;

    if ((ssl == NULL) || (ssl->session == NULL))
        r=NULL;
    else
        r=ssl->session->peer;

    if (r == NULL) return(r);

    CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);

    return(r);
}
Exemple #7
0
int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
	{
	OCSP_SIGNATURE *sig;
	if (!req->optionalSignature)
		req->optionalSignature = OCSP_SIGNATURE_new();
	sig = req->optionalSignature;
	if (!sig) return 0;
	if (!cert) return 1;
	if (!sig->certs && !(sig->certs = sk_X509_new_null()))
		return 0;

	if(!sk_X509_push(sig->certs, cert)) return 0;
	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
	return 1;
	}
Exemple #8
0
static LUA_FUNCTION(openssl_bio_pop)
{
  BIO* bio = CHECK_OBJECT(1, BIO, "openssl.bio");
  BIO* end = BIO_pop(bio);
  if (end)
  {
    lua_pushnil(L);
  }
  else
  {
    CRYPTO_add(&end->references, 1, CRYPTO_LOCK_BIO);
    PUSH_OBJECT(end, "openssl.bio");
  }
  return 1;
}
int DH_up_ref(DH *r)
	{
	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
#ifdef REF_PRINT
	REF_PRINT("DH",r);
#endif
#ifdef REF_CHECK
	if (i < 2)
		{
		TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR, "DH_up, bad reference count\n");
		TINYCLR_SSL_ABORT();
		}
#endif
	return ((i > 1) ? 1 : 0);
	}
Exemple #10
0
void EVP_PKEY_free(EVP_PKEY *x)
{
    int i;

    if (x == NULL)
        return;

    i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY);
    REF_PRINT_COUNT("EVP_PKEY", x);
    if (i > 0)
        return;
    REF_ASSERT_ISNT(i < 0);
    EVP_PKEY_free_it(x);
    sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
    OPENSSL_free(x);
}
Exemple #11
0
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
    int i;
    i = ssl_cert_type(NULL, pkey);
    if (i < 0) {
        SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
        return (0);
    }

    if (c->pkeys[i].x509 != NULL) {
        EVP_PKEY *pktmp;
        pktmp = X509_get_pubkey(c->pkeys[i].x509);
        if (pktmp == NULL) {
            SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE);
            EVP_PKEY_free(pktmp);
            return 0;
        }
        /*
         * The return code from EVP_PKEY_copy_parameters is deliberately
         * ignored. Some EVP_PKEY types cannot do this.
         */
        EVP_PKEY_copy_parameters(pktmp, pkey);
        EVP_PKEY_free(pktmp);
        ERR_clear_error();

#ifndef OPENSSL_NO_RSA
        /*
         * Don't check the public/private key, this is mostly for smart
         * cards.
         */
        if ((pkey->type == EVP_PKEY_RSA) &&
            (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) ;
        else
#endif
        if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
            X509_free(c->pkeys[i].x509);
            c->pkeys[i].x509 = NULL;
            return 0;
        }
    }

    EVP_PKEY_free(c->pkeys[i].privatekey);
    CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
    c->pkeys[i].privatekey = pkey;
    c->key = &(c->pkeys[i]);
    return (1);
}
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
	     EVP_MD *dgst)
	{
	char is_dsa;
	if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
	else is_dsa = 0;
	/* We now need to add another PKCS7_SIGNER_INFO entry */
	ASN1_INTEGER_set(p7i->version,1);
	X509_NAME_set(&p7i->issuer_and_serial->issuer,
		X509_get_issuer_name(x509));

	/* because ASN1_INTEGER_set is used to set a 'long' we will do
	 * things the ugly way. */
	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
	p7i->issuer_and_serial->serial=
		M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));

	/* lets keep the pkey around for a while */
	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
	p7i->pkey=pkey;

	/* Set the algorithms */
	if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
	else	
		p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));

	if (p7i->digest_alg->parameter != NULL)
		ASN1_TYPE_free(p7i->digest_alg->parameter);
	if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
		goto err;
	p7i->digest_alg->parameter->type=V_ASN1_NULL;

	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));

	if (p7i->digest_enc_alg->parameter != NULL)
		ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
	if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
	else {
		if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
			goto err;
		p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
	}

	return(1);
err:
	return(0);
	}
Exemple #13
0
void DH_free (DH * r)
{
    int i;

    if (r == NULL)
        return;
    i = CRYPTO_add (&r->references, -1, CRYPTO_LOCK_DH);
#ifdef REF_PRINT
    REF_PRINT ("DH", r);
#endif
    if (i > 0)
        return;
#ifdef REF_CHECK
    if (i < 0)
    {
        fprintf (stderr, "DH_free, bad reference count\n");
        abort ();
    }
#endif

    if (r->meth->finish)
        r->meth->finish (r);
#ifndef OPENSSL_NO_ENGINE
    if (r->engine)
        ENGINE_finish (r->engine);
#endif

    CRYPTO_free_ex_data (CRYPTO_EX_INDEX_DH, r, &r->ex_data);

    if (r->p != NULL)
        BN_clear_free (r->p);
    if (r->g != NULL)
        BN_clear_free (r->g);
    if (r->q != NULL)
        BN_clear_free (r->q);
    if (r->j != NULL)
        BN_clear_free (r->j);
    if (r->seed)
        OPENSSL_free (r->seed);
    if (r->counter != NULL)
        BN_clear_free (r->counter);
    if (r->pub_key != NULL)
        BN_clear_free (r->pub_key);
    if (r->priv_key != NULL)
        BN_clear_free (r->priv_key);
    OPENSSL_free (r);
}
Exemple #14
0
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
	     const EVP_MD *dgst)
	{
	int ret;

	/* We now need to add another PKCS7_SIGNER_INFO entry */
	if (!ASN1_INTEGER_set(p7i->version,1))
		goto err;
	if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
			X509_get_issuer_name(x509)))
		goto err;

	/* because ASN1_INTEGER_set is used to set a 'long' we will do
	 * things the ugly way. */
	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
	if (!(p7i->issuer_and_serial->serial=
			M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
		goto err;

	/* lets keep the pkey around for a while */
	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
	p7i->pkey=pkey;

	/* Set the algorithms */

	X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
				V_ASN1_NULL, NULL);

	if (pkey->ameth && pkey->ameth->pkey_ctrl)
		{
		ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN,
						0, p7i);
		if (ret > 0)
			return 1;
		if (ret != -2)
			{
			PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
					PKCS7_R_SIGNING_CTRL_FAILURE);
			return 0;
			}
		}
	PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
			PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
err:
	return 0;
	}
Exemple #15
0
void
EVP_PKEY_free(EVP_PKEY *x)
{
	int i;

	if (x == NULL)
		return;

	i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY);
	if (i > 0)
		return;

	EVP_PKEY_free_it(x);
	if (x->attributes)
		sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
	free(x);
}
Exemple #16
0
/**
 * Return the nth certificate of the peer's chain.
 */
static int meth_getpeercertificate(lua_State *L)
{
  int n;
  X509 *cert;
  STACK_OF(X509) *certs;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if (ssl->state != LSEC_STATE_CONNECTED) {
    lua_pushnil(L);
    lua_pushstring(L, "closed");
    return 2;
  }
  /* Default to the first cert */ 
  n = luaL_optint(L, 2, 1);                           
  /* This function is 1-based, but OpenSSL is 0-based */
  --n;
  if (n < 0) {
    lua_pushnil(L);
    lua_pushliteral(L, "invalid certificate index");
    return 2;
  }
  if (n == 0) {
    cert = SSL_get_peer_certificate(ssl->ssl);
    if (cert)
      lsec_pushx509(L, cert);
    else
      lua_pushnil(L);
    return 1;
  }
  /* In a server-context, the stack doesn't contain the peer cert,
   * so adjust accordingly.
   */
  if (ssl->ssl->server)
    --n;
  certs = SSL_get_peer_cert_chain(ssl->ssl);
  if (n >= sk_X509_num(certs)) {
    lua_pushnil(L);
    return 1;
  }
  cert = sk_X509_value(certs, n);
  /* Increment the reference counting of the object. */
  /* See SSL_get_peer_certificate() source code.     */
  CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
  lsec_pushx509(L, cert);
  return 1;
}
Exemple #17
0
static PyObject *
z_py_zorp_certificate_new(X509 *cert)
{
  ZorpCertificate *self;

  if (cert)
    {

      self = PyObject_New(ZorpCertificate, &z_py_zorp_certificate_type);
      self->cert = cert;
      CRYPTO_add(&cert->references,1,CRYPTO_LOCK_X509);
      return (PyObject *) self;
    }
  else
    {
      return z_policy_none_ref();
    }
}
Exemple #18
0
static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
                                       EVP_PKEY *pk, unsigned int flags)
{
    CMS_KeyTransRecipientInfo *ktri;
    int idtype;

    ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
    if (!ri->d.ktri)
        return 0;
    ri->type = CMS_RECIPINFO_TRANS;

    ktri = ri->d.ktri;

    if (flags & CMS_USE_KEYID) {
        ktri->version = 2;
        idtype = CMS_RECIPINFO_KEYIDENTIFIER;
    } else {
        ktri->version = 0;
        idtype = CMS_RECIPINFO_ISSUER_SERIAL;
    }

    /*
     * Not a typo: RecipientIdentifier and SignerIdentifier are the same
     * structure.
     */

    if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype))
        return 0;

    X509_up_ref(recip);
    CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
    ktri->pkey = pk;
    ktri->recip = recip;

    if (flags & CMS_KEY_PARAM) {
        ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
        if (!ktri->pctx)
            return 0;
        if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
            return 0;
    } else if (!cms_env_asn1_ctrl(ri, 0))
        return 0;
    return 1;
}
Exemple #19
0
void ssl_cert_free(CERT *c)
{
    int i;

    if (c == NULL)
        return;

    i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT);
#ifdef REF_PRINT
    REF_PRINT("CERT", c);
#endif
    if (i > 0)
        return;
#ifdef REF_CHECK
    if (i < 0) {
        fprintf(stderr, "ssl_cert_free, bad reference count\n");
        abort();                /* ok */
    }
#endif

#ifndef OPENSSL_NO_RSA
    RSA_free(c->rsa_tmp);
#endif
#ifndef OPENSSL_NO_DH
    DH_free(c->dh_tmp);
#endif
#ifndef OPENSSL_NO_EC
    EC_KEY_free(c->ecdh_tmp);
#endif

    ssl_cert_clear_certs(c);
    OPENSSL_free(c->conf_sigalgs);
    OPENSSL_free(c->client_sigalgs);
    OPENSSL_free(c->shared_sigalgs);
    OPENSSL_free(c->ctypes);
    X509_STORE_free(c->verify_store);
    X509_STORE_free(c->chain_store);
    custom_exts_free(&c->cli_ext);
    custom_exts_free(&c->srv_ext);
#ifndef OPENSSL_NO_PSK
    OPENSSL_free(c->psk_identity_hint);
#endif
    OPENSSL_free(c);
}
Exemple #20
0
int DSO_free(DSO *dso)
	{
        int i;
 
	if(dso == NULL)
		{
		DSOerr(DSO_F_DSO_FREE,ERR_R_PASSED_NULL_PARAMETER);
		return(0);
		}
 
	i=CRYPTO_add(&dso->references,-1,CRYPTO_LOCK_DSO);
#ifdef REF_PRINT
	REF_PRINT("DSO",dso);
#endif
	if(i > 0) return(1);
#ifdef REF_CHECK
	if(i < 0)
		{
		fprintf(stderr,"DSO_free, bad reference count\n");
		abort();
		}
#endif

	if((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso))
		{
		DSOerr(DSO_F_DSO_FREE,DSO_R_UNLOAD_FAILED);
		return(0);
		}
 
	if((dso->meth->finish != NULL) && !dso->meth->finish(dso))
		{
		DSOerr(DSO_F_DSO_FREE,DSO_R_FINISH_FAILED);
		return(0);
		}
	
	sk_void_free(dso->meth_data);
	if(dso->filename != NULL)
		OPENSSL_free(dso->filename);
	if(dso->loaded_filename != NULL)
		OPENSSL_free(dso->loaded_filename);
 
	OPENSSL_free(dso);
	return(1);
	}
Exemple #21
0
int
SSL_set_session(SSL *s, SSL_SESSION *session)
{
	int ret = 0;
	const SSL_METHOD *meth;

	if (session != NULL) {
		meth = s->ctx->method->internal->get_ssl_method(session->ssl_version);
		if (meth == NULL)
			meth = s->method->internal->get_ssl_method(session->ssl_version);
		if (meth == NULL) {
			SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
			return (0);
		}

		if (meth != s->method) {
			if (!SSL_set_ssl_method(s, meth))
				return (0);
		}

		/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
		CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);
		if (s->session != NULL)
			SSL_SESSION_free(s->session);
		s->session = session;
		s->verify_result = s->session->verify_result;
		/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
		ret = 1;
	} else {
		if (s->session != NULL) {
			SSL_SESSION_free(s->session);
			s->session = NULL;
		}

		meth = s->ctx->method;
		if (meth != s->method) {
			if (!SSL_set_ssl_method(s, meth))
				return (0);
		}
		ret = 1;
	}
	return (ret);
}
Exemple #22
0
int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],
	OPENSSL_ITEM parameters[])
	{
	STORE_OBJECT *object;
	int i;

	check_store(s,STORE_F_STORE_STORE_PUBLIC_KEY,
		store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);

	object = STORE_OBJECT_new();
	if (!object)
		{
		STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
			ERR_R_MALLOC_FAILURE);
		return 0;
		}
	object->data.key = EVP_PKEY_new();
	if (!object->data.key)
		{
		STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
			ERR_R_MALLOC_FAILURE);
		return 0;
		}
	
	CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);
#ifdef REF_PRINT
	REF_PRINT("EVP_PKEY",data);
#endif
	object->data.key = data;

	i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,
		attributes, parameters);

	STORE_OBJECT_free(object);

	if (!i)
		{
		STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
			STORE_R_FAILED_STORING_KEY);
		return 0;
		}
	return i;
	}
Exemple #23
0
void RSA_free(RSA *rsa) {
  unsigned u;

  if (rsa == NULL) {
    return;
  }

  if (CRYPTO_add(&rsa->references, -1, CRYPTO_LOCK_RSA) > 0) {
    return;
  }

  if (rsa->meth->finish) {
    rsa->meth->finish(rsa);
  }
  METHOD_unref(rsa->meth);

  CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, rsa, &rsa->ex_data);

  if (rsa->n != NULL)
    BN_clear_free(rsa->n);
  if (rsa->e != NULL)
    BN_clear_free(rsa->e);
  if (rsa->d != NULL)
    BN_clear_free(rsa->d);
  if (rsa->p != NULL)
    BN_clear_free(rsa->p);
  if (rsa->q != NULL)
    BN_clear_free(rsa->q);
  if (rsa->dmp1 != NULL)
    BN_clear_free(rsa->dmp1);
  if (rsa->dmq1 != NULL)
    BN_clear_free(rsa->dmq1);
  if (rsa->iqmp != NULL)
    BN_clear_free(rsa->iqmp);
  for (u = 0; u < rsa->num_blindings; u++) {
    BN_BLINDING_free(rsa->blindings[u]);
  }
  if (rsa->blindings != NULL)
    OPENSSL_free(rsa->blindings);
  if (rsa->blindings_inuse != NULL)
    OPENSSL_free(rsa->blindings_inuse);
  OPENSSL_free(rsa);
}
Exemple #24
0
void RSA_free(RSA *r)
	{
	int i;

	if (r == NULL) return;

	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
#ifdef REF_PRINT
	REF_PRINT("RSA",r);
#endif
	if (i > 0) return;
#ifdef REF_CHECK
	if (i < 0)
		{
		fprintf(stderr,"RSA_free, bad reference count\n");
		abort();
		}
#endif

	if (r->meth->finish)
		r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
	if (r->engine)
		ENGINE_finish(r->engine);
#endif

	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);

	if (r->n != NULL) BN_clear_free(r->n);
	if (r->e != NULL) BN_clear_free(r->e);
	if (r->d != NULL) BN_clear_free(r->d);
	if (r->p != NULL) BN_clear_free(r->p);
	if (r->q != NULL) BN_clear_free(r->q);
	if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
	if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
	if (r->iqmp != NULL) BN_clear_free(r->iqmp);
#ifndef OPERA_SMALL_VERSION
	if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
	if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
	if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
#endif
	OPENSSL_free(r);
	}
Exemple #25
0
/* Do reference counting. The value 'op' decides what to do. if it is +1 then
 * the count is incremented. If op is 0 count is set to 1. If op is -1 count is
 * decremented and the return value is the current refrence count or 0 if no
 * reference count exists. */
int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) {
  const ASN1_AUX *aux;
  int *lck, ret;
  if (it->itype != ASN1_ITYPE_SEQUENCE &&
      it->itype != ASN1_ITYPE_NDEF_SEQUENCE) {
    return 0;
  }
  aux = it->funcs;
  if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) {
    return 0;
  }
  lck = offset2ptr(*pval, aux->ref_offset);
  if (op == 0) {
    *lck = 1;
    return 1;
  }
  ret = CRYPTO_add(lck, op, aux->ref_lock);
  return ret;
}
Exemple #26
0
int mosquitto_opts_set(struct mosquitto *mosq, enum mosq_opt_t option, void *value)
{
	int ival;

	if(!mosq || !value) return MOSQ_ERR_INVAL;

	switch(option){
		case MOSQ_OPT_PROTOCOL_VERSION:
			ival = *((int *)value);
			if(ival == MQTT_PROTOCOL_V31){
				mosq->protocol = mosq_p_mqtt31;
			}else if(ival == MQTT_PROTOCOL_V311){
				mosq->protocol = mosq_p_mqtt311;
			}else{
				return MOSQ_ERR_INVAL;
			}
			break;
		case MOSQ_OPT_SSL_CTX:
#ifdef WITH_TLS
			mosq->ssl_ctx = (SSL_CTX *)value;
			if(mosq->ssl_ctx){
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
				SSL_CTX_up_ref(mosq->ssl_ctx);
#else
				CRYPTO_add(&(mosq->ssl_ctx)->references, 1, CRYPTO_LOCK_SSL_CTX);
#endif
			}
			break;
#else
			return MOSQ_ERR_NOT_SUPPORTED;
#endif
		case MOSQ_OPT_SSL_CTX_WITH_DEFAULTS:
#if defined(WITH_TLS) && OPENSSL_VERSION_NUMBER >= 0x10100000L
			mosq->ssl_ctx_defaults = true;
			break;
#else
			return MOSQ_ERR_NOT_SUPPORTED;
#endif
		default:
			return MOSQ_ERR_INVAL;
	}
	return MOSQ_ERR_SUCCESS;
}
static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
{
    int to_return = 1;

    switch(cmd)
    {
    case ENGINE_CTRL_SET_LOGSTREAM:
    {
        BIO *bio = (BIO *)p;
        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
        if (logstream)
        {
            BIO_free(logstream);
            logstream = NULL;
        }
        if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
            logstream = bio;
        else
            SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);
    }
    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
    break;
    /* This will prevent the initialisation function from "installing"
     * the mutex-handling callbacks, even if they are available from
     * within the library (or were provided to the library from the
     * calling application). This is to remove any baggage for
     * applications not using multithreading. */
    case ENGINE_CTRL_CHIL_NO_LOCKING:
        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
        threadsafe = 0;
        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
        break;

    /* The command isn't understood by this engine */
    default:
        SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
                    ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
        to_return = 0;
        break;
    }

    return to_return;
}
Exemple #28
0
static int
ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
	int i;

	i = ssl_cert_type(NULL, pkey);
	if (i < 0) {
		SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
		return (0);
	}

	if (c->pkeys[i].x509 != NULL) {
		EVP_PKEY *pktmp;
		pktmp = X509_get_pubkey(c->pkeys[i].x509);
		EVP_PKEY_copy_parameters(pktmp, pkey);
		EVP_PKEY_free(pktmp);
		ERR_clear_error();

		/*
		 * Don't check the public/private key, this is mostly
		 * for smart cards.
		 */
		if ((pkey->type == EVP_PKEY_RSA) &&
			(RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
;
		else
		if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
			X509_free(c->pkeys[i].x509);
			c->pkeys[i].x509 = NULL;
			return 0;
		}
	}

	if (c->pkeys[i].privatekey != NULL)
		EVP_PKEY_free(c->pkeys[i].privatekey);
	CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
	c->pkeys[i].privatekey = pkey;
	c->key = &(c->pkeys[i]);

	c->valid = 0;
	return (1);
}
Exemple #29
0
static int hwskf_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
{
    int to_return = 1;

    switch (cmd) {
    case HWSKF_CMD_SO_PATH:
        if (hwskf_dso) {
            //HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_ALREADY_LOADED);
            return 0;
        }
        if (p == NULL) {
            //HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, ERR_R_PASSED_NULL_PARAMETER);
            return 0;
        }
        return set_HWSKF_LIBNAME((const char *)p);
    case ENGINE_CTRL_SET_LOGSTREAM:
        {
            BIO *bio = (BIO *)p;

            CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
            if (logstream) {
                BIO_free(logstream);
                logstream = NULL;
            }
            if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)
                logstream = bio;
            //else
                //HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED);
        }
        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
        break;

        /* The command isn't understood by this engine */
    default:
        //HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
        //          HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
        to_return = 0;
        break;
    }

    return to_return;
}
Exemple #30
0
X509_CRL *
STORE_list_crl_next(STORE *s, void *handle)
{
	STORE_OBJECT *object;
	X509_CRL *crl;

	check_store(s, STORE_F_STORE_LIST_CRL_NEXT,
	    list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);

	object = s->meth->list_object_next(s, handle);
	if (!object || !object->data.crl) {
		STOREerr(STORE_F_STORE_LIST_CRL_NEXT,
		    STORE_R_FAILED_LISTING_KEYS);
		return 0;
	}
	CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
	crl = object->data.crl;
	STORE_OBJECT_free(object);
	return crl;
}