int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) { int ctrl_exists, ref_exists; if (e == NULL) { ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER); return 0; } CRYPTO_THREAD_write_lock(global_engine_lock); ref_exists = ((e->struct_ref > 0) ? 1 : 0); CRYPTO_THREAD_unlock(global_engine_lock); ctrl_exists = ((e->ctrl == NULL) ? 0 : 1); if (!ref_exists) { ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE); return 0; } /* * Intercept any "root-level" commands before trying to hand them on to * ctrl() handlers. */ switch (cmd) { case ENGINE_CTRL_HAS_CTRL_FUNCTION: return ctrl_exists; case ENGINE_CTRL_GET_FIRST_CMD_TYPE: case ENGINE_CTRL_GET_NEXT_CMD_TYPE: case ENGINE_CTRL_GET_CMD_FROM_NAME: case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: case ENGINE_CTRL_GET_NAME_FROM_CMD: case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: case ENGINE_CTRL_GET_DESC_FROM_CMD: case ENGINE_CTRL_GET_CMD_FLAGS: if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL)) return int_ctrl_helper(e, cmd, i, p, f); if (!ctrl_exists) { ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION); /* * For these cmd-related functions, failure is indicated by a -1 * return value (because 0 is used as a valid return in some * places). */ return -1; } default: break; } /* Anything else requires a ctrl() handler to exist. */ if (!ctrl_exists) { ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION); return 0; } return e->ctrl(e, cmd, i, p, f); }
int RAND_set_rand_method(const RAND_METHOD *meth) { if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) return 0; CRYPTO_THREAD_write_lock(rand_meth_lock); #ifndef OPENSSL_NO_ENGINE ENGINE_finish(funct_ref); funct_ref = NULL; #endif default_RAND_meth = meth; CRYPTO_THREAD_unlock(rand_meth_lock); return 1; }
BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, const BIGNUM *mod, BN_CTX *ctx) { BN_MONT_CTX *ret; CRYPTO_THREAD_read_lock(lock); ret = *pmont; CRYPTO_THREAD_unlock(lock); if (ret) return ret; /* * We don't want to serialise globally while doing our lazy-init math in * BN_MONT_CTX_set. That punishes threads that are doing independent * things. Instead, punish the case where more than one thread tries to * lazy-init the same 'pmont', by having each do the lazy-init math work * independently and only use the one from the thread that wins the race * (the losers throw away the work they've done). */ ret = BN_MONT_CTX_new(); if (ret == NULL) return NULL; if (!BN_MONT_CTX_set(ret, mod, ctx)) { BN_MONT_CTX_free(ret); return NULL; } /* The locked compare-and-set, after the local work is done. */ CRYPTO_THREAD_write_lock(lock); if (*pmont) { BN_MONT_CTX_free(ret); ret = *pmont; } else *pmont = ret; CRYPTO_THREAD_unlock(lock); return ret; }
/* * DRBG has two sets of callbacks; we only discuss the "entropy" one * here. When the DRBG needs additional randomness bits (called entropy * in the NIST document), it calls the get_entropy callback which fills in * a pointer and returns the number of bytes. When the DRBG is finished with * the buffer, it calls the cleanup_entropy callback, with the value of * the buffer that the get_entropy callback filled in. * * Get entropy from the system, via RAND_poll if needed. The |entropy| * is the bits of randomness required, and is expected to fit into a buffer * of |min_len|..|max__len| size. We assume we're getting high-quality * randomness from the system, and that |min_len| bytes will do. */ size_t drbg_entropy_from_system(RAND_DRBG *drbg, unsigned char **pout, int entropy, size_t min_len, size_t max_len) { int i; unsigned char *randomness; if (min_len > (size_t)drbg->size) { /* Should not happen. See comment near RANDOMNESS_NEEDED. */ min_len = drbg->size; } randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size) : OPENSSL_malloc(drbg->size); /* If we don't have enough, try to get more. */ CRYPTO_THREAD_write_lock(rand_bytes.lock); for (i = RAND_POLL_RETRIES; rand_bytes.curr < min_len && --i >= 0; ) { CRYPTO_THREAD_unlock(rand_bytes.lock); RAND_poll(); CRYPTO_THREAD_write_lock(rand_bytes.lock); } /* Get desired amount, but no more than we have. */ if (min_len > rand_bytes.curr) min_len = rand_bytes.curr; if (min_len != 0) { memcpy(randomness, rand_bytes.buff, min_len); /* Update amount left and shift it down. */ rand_bytes.curr -= min_len; if (rand_bytes.curr != 0) memmove(rand_bytes.buff, &rand_bytes.buff[min_len], rand_bytes.curr); } CRYPTO_THREAD_unlock(rand_bytes.lock); *pout = randomness; return min_len; }
int CRYPTO_secure_allocated(const void *ptr) { #ifdef IMPLEMENTED int ret; if (!secure_mem_initialized) return 0; CRYPTO_THREAD_write_lock(sec_malloc_lock); ret = sh_allocated(ptr); CRYPTO_THREAD_unlock(sec_malloc_lock); return ret; #else return 0; #endif /* IMPLEMENTED */ }
static void build_SYS_str_reasons(void) { /* OPENSSL_malloc cannot be used here, use static storage instead */ static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; static int init = 1; int i; CRYPTO_THREAD_write_lock(err_string_lock); if (!init) { CRYPTO_THREAD_unlock(err_string_lock); return; } for (i = 1; i <= NUM_SYS_STR_REASONS; i++) { ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; str->error = ERR_PACK(ERR_LIB_SYS, 0, i); if (str->string == NULL) { char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); if (openssl_strerror_r(i, *dest, sizeof(*dest))) str->string = *dest; } if (str->string == NULL) str->string = "unknown"; } /* * Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, as * required by ERR_load_strings. */ init = 0; CRYPTO_THREAD_unlock(err_string_lock); err_load_strings(SYS_str_reasons); }
/* The API (locked) version of "finish" */ int ENGINE_finish(ENGINE *e) { int to_return = 1; if (e == NULL) return 1; CRYPTO_THREAD_write_lock(global_engine_lock); to_return = engine_unlocked_finish(e, 1); CRYPTO_THREAD_unlock(global_engine_lock); if (!to_return) { ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED); return 0; } return to_return; }
static void err_load_strings(int lib, ERR_STRING_DATA *str) { CRYPTO_THREAD_write_lock(err_string_lock); if (int_error_hash == NULL) int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash, err_string_data_cmp); if (int_error_hash != NULL) { for (; str->error; str++) { if (lib) str->error |= ERR_PACK(lib, 0, 0); (void)lh_ERR_STRING_DATA_insert(int_error_hash, str); } } CRYPTO_THREAD_unlock(err_string_lock); }
static void err_load_strings(int lib, ERR_STRING_DATA *str) { LHASH_OF(ERR_STRING_DATA) *hash; CRYPTO_THREAD_write_lock(err_string_lock); hash = get_hash(1, 0); if (hash) { for (; str->error; str++) { if (lib) str->error |= ERR_PACK(lib, 0, 0); (void)lh_ERR_STRING_DATA_insert(hash, str); } } CRYPTO_THREAD_unlock(err_string_lock); }
int CRYPTO_secure_allocated(const void *ptr) { #ifdef OPENSSL_SECURE_MEMORY int ret; if (!secure_mem_initialized) return 0; CRYPTO_THREAD_write_lock(sec_malloc_lock); ret = sh_allocated(ptr); CRYPTO_THREAD_unlock(sec_malloc_lock); return ret; #else return 0; #endif /* OPENSSL_SECURE_MEMORY */ }
SSL_SESSION *SSL_get1_session(SSL *ssl) /* variant of SSL_get_session: caller really gets something */ { SSL_SESSION *sess; /* * Need to lock this all up rather than just use CRYPTO_add so that * somebody doesn't free ssl->session between when we check it's non-null * and when we up the reference count. */ CRYPTO_THREAD_read_lock(ssl->lock); sess = ssl->session; if (sess) SSL_SESSION_up_ref(sess); CRYPTO_THREAD_unlock(ssl->lock); return sess; }
int ERR_unload_strings(int lib, ERR_STRING_DATA *str) { if (!RUN_ONCE(&err_string_init, do_err_strings_init)) return 0; CRYPTO_THREAD_write_lock(err_string_lock); /* * We don't need to ERR_PACK the lib, since that was done (to * the table) when it was loaded. */ for (; str->error; str++) (void)lh_ERR_STRING_DATA_delete(int_error_hash, str); CRYPTO_THREAD_unlock(err_string_lock); return 1; }
/* The API (locked) version of "init" */ int ENGINE_init(ENGINE *e) { int ret; if (e == NULL) { ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) { ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_MALLOC_FAILURE); return 0; } CRYPTO_THREAD_write_lock(global_engine_lock); ret = engine_unlocked_init(e); CRYPTO_THREAD_unlock(global_engine_lock); return ret; }
/* * Initialise a new CRYPTO_EX_DATA for use in a particular class - including * calling new() callbacks for each index in the class used by this variable * Thread-safe by copying a class's array of "EX_CALLBACK" entries * in the lock, then using them outside the lock. Note this only applies * to the global "ex_data" state (ie. class definitions), not 'ad' itself. */ int crypto_new_ex_data_ex(OPENSSL_CTX *ctx, int class_index, void *obj, CRYPTO_EX_DATA *ad) { int mx, i; void *ptr; EX_CALLBACK **storage = NULL; EX_CALLBACK *stack[10]; EX_CALLBACKS *ip; OSSL_EX_DATA_GLOBAL *global = openssl_ctx_get_ex_data_global(ctx); if (global == NULL) return 0; ip = get_and_lock(ctx, class_index); if (ip == NULL) return 0; ad->ctx = ctx; ad->sk = NULL; mx = sk_EX_CALLBACK_num(ip->meth); if (mx > 0) { if (mx < (int)OSSL_NELEM(stack)) storage = stack; else storage = OPENSSL_malloc(sizeof(*storage) * mx); if (storage != NULL) for (i = 0; i < mx; i++) storage[i] = sk_EX_CALLBACK_value(ip->meth, i); } CRYPTO_THREAD_unlock(global->ex_data_lock); if (mx > 0 && storage == NULL) { CRYPTOerr(CRYPTO_F_CRYPTO_NEW_EX_DATA_EX, ERR_R_MALLOC_FAILURE); return 0; } for (i = 0; i < mx; i++) { if (storage[i] != NULL && storage[i]->new_func != NULL) { ptr = CRYPTO_get_ex_data(ad, i); storage[i]->new_func(obj, ptr, ad, i, storage[i]->argl, storage[i]->argp); } } if (storage != stack) OPENSSL_free(storage); return 1; }
void SSL_CTX_flush_sessions(SSL_CTX *s, long t) { unsigned long i; TIMEOUT_PARAM tp; tp.ctx = s; tp.cache = s->sessions; if (tp.cache == NULL) return; tp.time = t; CRYPTO_THREAD_write_lock(s->lock); i = lh_SSL_SESSION_get_down_load(s->sessions); lh_SSL_SESSION_set_down_load(s->sessions, 0); lh_SSL_SESSION_doall_TIMEOUT_PARAM(tp.cache, timeout_cb, &tp); lh_SSL_SESSION_set_down_load(s->sessions, i); CRYPTO_THREAD_unlock(s->lock); }
void ERR_unload_strings(int lib, ERR_STRING_DATA *str) { LHASH_OF(ERR_STRING_DATA) *hash; CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init); CRYPTO_THREAD_write_lock(err_string_lock); hash = get_hash(0, 0); if (hash) { for (; str->error; str++) { if (lib) str->error |= ERR_PACK(lib, 0, 0); (void)lh_ERR_STRING_DATA_delete(hash, str); } } CRYPTO_THREAD_unlock(err_string_lock); }
static LHASH_OF(ERR_STRING_DATA) *get_hash(int create, int lockit) { LHASH_OF(ERR_STRING_DATA) *ret = NULL; if (lockit) CRYPTO_THREAD_write_lock(err_string_lock); if (!int_error_hash && create) { int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash, err_string_data_cmp); } if (int_error_hash != NULL) ret = int_error_hash; if (lockit) CRYPTO_THREAD_unlock(err_string_lock); return ret; }
int ERR_unload_strings(int lib, ERR_STRING_DATA *str) { if (!RUN_ONCE(&err_string_init, do_err_strings_init)) return 0; CRYPTO_THREAD_write_lock(err_string_lock); if (int_error_hash != NULL) { for (; str->error; str++) { if (lib) str->error |= ERR_PACK(lib, 0, 0); (void)lh_ERR_STRING_DATA_delete(int_error_hash, str); } } CRYPTO_THREAD_unlock(err_string_lock); return 1; }
/* OpenSSL assumes that the output buffer is always big enough */ int pkcs11_private_encrypt(int flen, const unsigned char *from, unsigned char *to, PKCS11_KEY *key, int padding) { PKCS11_SLOT *slot = KEY2SLOT(key); PKCS11_CTX *ctx = KEY2CTX(key); PKCS11_KEY_private *kpriv = PRIVKEY(key); PKCS11_SLOT_private *spriv = PRIVSLOT(slot); CK_MECHANISM mechanism; CK_ULONG size; int rv; size = pkcs11_get_key_size(key); if (pkcs11_mechanism(&mechanism, padding) < 0) return -1; CRYPTO_THREAD_write_lock(PRIVSLOT(slot)->rwlock); /* Try signing first, as applications are more likely to use it */ rv = CRYPTOKI_call(ctx, C_SignInit(spriv->session, &mechanism, kpriv->object)); if (rv == CKR_USER_NOT_LOGGED_IN) rv = pkcs11_authenticate(key); if (!rv) rv = CRYPTOKI_call(ctx, C_Sign(spriv->session, (CK_BYTE *)from, flen, to, &size)); if (rv == CKR_KEY_FUNCTION_NOT_PERMITTED) { /* OpenSSL may use it for encryption rather than signing */ rv = CRYPTOKI_call(ctx, C_EncryptInit(spriv->session, &mechanism, kpriv->object)); if (rv == CKR_USER_NOT_LOGGED_IN) rv = pkcs11_authenticate(key); if (!rv) rv = CRYPTOKI_call(ctx, C_Encrypt(spriv->session, (CK_BYTE *)from, flen, to, &size)); } CRYPTO_THREAD_unlock(PRIVSLOT(slot)->rwlock); if (rv) { PKCS11err(PKCS11_F_PKCS11_RSA_ENCRYPT, pkcs11_map_err(rv)); return -1; } return size; }
/* * RAND_poll() reseeds the default RNG using random input * * The random input is obtained from polling various entropy * sources which depend on the operating system and are * configurable via the --with-rand-seed configure option. */ int RAND_poll(void) { int ret = 0; RAND_POOL *pool = NULL; const RAND_METHOD *meth = RAND_get_rand_method(); if (meth == RAND_OpenSSL()) { /* fill random pool and seed the master DRBG */ RAND_DRBG *drbg = RAND_DRBG_get0_master(); if (drbg == NULL) return 0; CRYPTO_THREAD_write_lock(drbg->lock); ret = rand_drbg_restart(drbg, NULL, 0, 0); CRYPTO_THREAD_unlock(drbg->lock); return ret; } else { /* fill random pool and seed the current legacy RNG */ pool = RAND_POOL_new(RAND_DRBG_STRENGTH, RAND_DRBG_STRENGTH / 8, DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8)); if (pool == NULL) return 0; if (RAND_POOL_acquire_entropy(pool) == 0) goto err; if (meth->add == NULL || meth->add(RAND_POOL_buffer(pool), RAND_POOL_length(pool), (RAND_POOL_entropy(pool) / 8.0)) == 0) goto err; ret = 1; } err: RAND_POOL_free(pool); return ret; }
/* * As much as I'd like to make X509_check_purpose use a "const" X509* I * really can't because it does recalculate hashes and do other non-const * things. */ int X509_check_purpose(X509 *x, int id, int ca) { int idx; const X509_PURPOSE *pt; if (!(x->ex_flags & EXFLAG_SET)) { CRYPTO_THREAD_write_lock(x->lock); x509v3_cache_extensions(x); CRYPTO_THREAD_unlock(x->lock); } /* Return if side-effect only call */ if (id == -1) return 1; idx = X509_PURPOSE_get_by_id(id); if (idx == -1) return -1; pt = X509_PURPOSE_get0(idx); return pt->check_purpose(pt, x, ca); }
static int pkcs11_init_libp11(ENGINE_CTX *ctx) { #if OPENSSL_VERSION_NUMBER >= 0x10100004L CRYPTO_THREAD_write_lock(ctx->rwlock); #else if (ctx->rwlock) CRYPTO_w_lock(ctx->rwlock); #endif if (ctx->pkcs11_ctx == NULL || ctx->slot_list == NULL) pkcs11_init_libp11_unlocked(ctx); #if OPENSSL_VERSION_NUMBER >= 0x10100004L CRYPTO_THREAD_unlock(ctx->rwlock); #else if (ctx->rwlock) CRYPTO_w_unlock(ctx->rwlock); #endif return ctx->pkcs11_ctx && ctx->slot_list ? 0 : -1; }
OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name, OSSL_provider_init_fn *init_function) { struct provider_store_st *store = NULL; OSSL_PROVIDER *prov = NULL; if ((store = get_provider_store(libctx)) == NULL) return NULL; if ((prov = ossl_provider_find(libctx, name)) != NULL) { /* refcount +1 */ ossl_provider_free(prov); /* refcount -1 */ CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_NEW, CRYPTO_R_PROVIDER_ALREADY_EXISTS); ERR_add_error_data(2, "name=", name); return NULL; } /* provider_new() generates an error, so no need here */ if ((prov = provider_new(name, init_function)) == NULL) return NULL; CRYPTO_THREAD_write_lock(store->lock); if (!ossl_provider_upref(prov)) { /* +1 One reference for the store */ ossl_provider_free(prov); /* -1 Reference that was to be returned */ prov = NULL; } else if (sk_OSSL_PROVIDER_push(store->providers, prov) == 0) { ossl_provider_free(prov); /* -1 Store reference */ ossl_provider_free(prov); /* -1 Reference that was to be returned */ prov = NULL; } else { prov->store = store; } CRYPTO_THREAD_unlock(store->lock); if (prov == NULL) CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_NEW, ERR_R_MALLOC_FAILURE); /* * At this point, the provider is only partially "loaded". To be * fully "loaded", ossl_provider_activate() must also be called. */ return prov; }
int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) { # if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) if (__atomic_is_lock_free(sizeof(*val), val)) { *ret = __atomic_add_fetch(val, amount, __ATOMIC_ACQ_REL); return 1; } # endif if (!CRYPTO_THREAD_write_lock(lock)) return 0; *val += amount; *ret = *val; if (!CRYPTO_THREAD_unlock(lock)) return 0; return 1; }
void *CRYPTO_secure_malloc(size_t num, const char *file, int line) { #ifdef IMPLEMENTED void *ret; size_t actual_size; if (!secure_mem_initialized) { return CRYPTO_malloc(num, file, line); } CRYPTO_THREAD_write_lock(sec_malloc_lock); ret = sh_malloc(num); actual_size = ret ? sh_actual_size(ret) : 0; secure_mem_used += actual_size; CRYPTO_THREAD_unlock(sec_malloc_lock); return ret; #else return CRYPTO_malloc(num, file, line); #endif /* IMPLEMENTED */ }
/* * This function is not part of RAND_METHOD, so if we're not using * the default method, then just call RAND_bytes(). Otherwise make * sure we're instantiated and use the private DRBG. */ int RAND_priv_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); RAND_DRBG *drbg; int ret; if (meth != RAND_OpenSSL()) return RAND_bytes(buf, num); drbg = RAND_DRBG_get0_private(); if (drbg == NULL) return 0; /* We have to lock the DRBG before generating bits from it. */ CRYPTO_THREAD_write_lock(drbg->lock); ret = RAND_DRBG_generate(drbg, buf, num, 0, NULL, 0); CRYPTO_THREAD_unlock(drbg->lock); return ret; }
OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name) { struct provider_store_st *store = NULL; OSSL_PROVIDER *prov = NULL; if ((store = get_provider_store(libctx)) != NULL) { OSSL_PROVIDER tmpl = { 0, }; int i; tmpl.name = (char *)name; CRYPTO_THREAD_write_lock(store->lock); if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1 || (prov = sk_OSSL_PROVIDER_value(store->providers, i)) == NULL || !ossl_provider_upref(prov)) prov = NULL; CRYPTO_THREAD_unlock(store->lock); } return prov; }
void CRYPTO_secure_free(void *ptr, const char *file, int line) { #ifdef IMPLEMENTED size_t actual_size; if (ptr == NULL) return; if (!CRYPTO_secure_allocated(ptr)) { CRYPTO_free(ptr, file, line); return; } CRYPTO_THREAD_write_lock(sec_malloc_lock); actual_size = sh_actual_size(ptr); CLEAR(ptr, actual_size); secure_mem_used -= actual_size; sh_free(ptr); CRYPTO_THREAD_unlock(sec_malloc_lock); #else CRYPTO_free(ptr, file, line); #endif /* IMPLEMENTED */ }
static int close_console(UI *ui) { if (tty_in != stdin) fclose(tty_in); if (tty_out != stderr) fclose(tty_out); #ifdef OPENSSL_SYS_VMS status = sys$dassgn(channel); if (status != SS$_NORMAL) { char tmp_num[12]; BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%%X%08X", status); UIerr(UI_F_CLOSE_CONSOLE, UI_R_SYSDASSGN_ERROR); ERR_add_error_data(2, "status=", tmp_num); return 0; } #endif CRYPTO_THREAD_unlock(ui->lock); return 1; }
int X509_STORE_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, X509_NAME *name, X509_OBJECT *ret) { X509_STORE *ctx = vs->ctx; X509_LOOKUP *lu; X509_OBJECT stmp, *tmp; int i, j; CRYPTO_THREAD_write_lock(ctx->lock); tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); CRYPTO_THREAD_unlock(ctx->lock); if (tmp == NULL || type == X509_LU_CRL) { for (i = vs->current_method; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); j = X509_LOOKUP_by_subject(lu, type, name, &stmp); if (j < 0) { vs->current_method = j; return j; } else if (j) { tmp = &stmp; break; } } vs->current_method = 0; if (tmp == NULL) return 0; } /*- if (ret->data.ptr != NULL) X509_OBJECT_free_contents(ret); */ ret->type = tmp->type; ret->data.ptr = tmp->data.ptr; X509_OBJECT_up_ref_count(ret); return 1; }