int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
{
int ctrl_exists, ref_exists;
if (e == NULL) {
ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_THREAD_write_lock(global_engine_lock);
ref_exists = ((e->struct_ref > 0) ? 1 : 0);
CRYPTO_THREAD_unlock(global_engine_lock);
ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
if (!ref_exists) {
ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE);
return 0;
}
/*
* Intercept any "root-level" commands before trying to hand them on to
* ctrl() handlers.
*/
switch (cmd) {
case ENGINE_CTRL_HAS_CTRL_FUNCTION:
return ctrl_exists;
case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
case ENGINE_CTRL_GET_CMD_FROM_NAME:
case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
case ENGINE_CTRL_GET_NAME_FROM_CMD:
case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
case ENGINE_CTRL_GET_DESC_FROM_CMD:
case ENGINE_CTRL_GET_CMD_FLAGS:
if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
return int_ctrl_helper(e, cmd, i, p, f);
if (!ctrl_exists) {
ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
/*
* For these cmd-related functions, failure is indicated by a -1
* return value (because 0 is used as a valid return in some
* places).
*/
return -1;
}
default:
break;
}
/* Anything else requires a ctrl() handler to exist. */
if (!ctrl_exists) {
ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
return 0;
}
return e->ctrl(e, cmd, i, p, f);
}
int RAND_set_rand_method(const RAND_METHOD *meth)
{
if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
return 0;
CRYPTO_THREAD_write_lock(rand_meth_lock);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(funct_ref);
funct_ref = NULL;
#endif
default_RAND_meth = meth;
CRYPTO_THREAD_unlock(rand_meth_lock);
return 1;
}
BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock,
const BIGNUM *mod, BN_CTX *ctx)
{
BN_MONT_CTX *ret;
CRYPTO_THREAD_read_lock(lock);
ret = *pmont;
CRYPTO_THREAD_unlock(lock);
if (ret)
return ret;
/*
* We don't want to serialise globally while doing our lazy-init math in
* BN_MONT_CTX_set. That punishes threads that are doing independent
* things. Instead, punish the case where more than one thread tries to
* lazy-init the same 'pmont', by having each do the lazy-init math work
* independently and only use the one from the thread that wins the race
* (the losers throw away the work they've done).
*/
ret = BN_MONT_CTX_new();
if (ret == NULL)
return NULL;
if (!BN_MONT_CTX_set(ret, mod, ctx)) {
BN_MONT_CTX_free(ret);
return NULL;
}
/* The locked compare-and-set, after the local work is done. */
CRYPTO_THREAD_write_lock(lock);
if (*pmont) {
BN_MONT_CTX_free(ret);
ret = *pmont;
} else
*pmont = ret;
CRYPTO_THREAD_unlock(lock);
return ret;
}
/*
* DRBG has two sets of callbacks; we only discuss the "entropy" one
* here. When the DRBG needs additional randomness bits (called entropy
* in the NIST document), it calls the get_entropy callback which fills in
* a pointer and returns the number of bytes. When the DRBG is finished with
* the buffer, it calls the cleanup_entropy callback, with the value of
* the buffer that the get_entropy callback filled in.
*
* Get entropy from the system, via RAND_poll if needed. The |entropy|
* is the bits of randomness required, and is expected to fit into a buffer
* of |min_len|..|max__len| size. We assume we're getting high-quality
* randomness from the system, and that |min_len| bytes will do.
*/
size_t drbg_entropy_from_system(RAND_DRBG *drbg,
unsigned char **pout,
int entropy, size_t min_len, size_t max_len)
{
int i;
unsigned char *randomness;
if (min_len > (size_t)drbg->size) {
/* Should not happen. See comment near RANDOMNESS_NEEDED. */
min_len = drbg->size;
}
randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size)
: OPENSSL_malloc(drbg->size);
/* If we don't have enough, try to get more. */
CRYPTO_THREAD_write_lock(rand_bytes.lock);
for (i = RAND_POLL_RETRIES; rand_bytes.curr < min_len && --i >= 0; ) {
CRYPTO_THREAD_unlock(rand_bytes.lock);
RAND_poll();
CRYPTO_THREAD_write_lock(rand_bytes.lock);
}
/* Get desired amount, but no more than we have. */
if (min_len > rand_bytes.curr)
min_len = rand_bytes.curr;
if (min_len != 0) {
memcpy(randomness, rand_bytes.buff, min_len);
/* Update amount left and shift it down. */
rand_bytes.curr -= min_len;
if (rand_bytes.curr != 0)
memmove(rand_bytes.buff, &rand_bytes.buff[min_len], rand_bytes.curr);
}
CRYPTO_THREAD_unlock(rand_bytes.lock);
*pout = randomness;
return min_len;
}
int CRYPTO_secure_allocated(const void *ptr)
{
#ifdef IMPLEMENTED
int ret;
if (!secure_mem_initialized)
return 0;
CRYPTO_THREAD_write_lock(sec_malloc_lock);
ret = sh_allocated(ptr);
CRYPTO_THREAD_unlock(sec_malloc_lock);
return ret;
#else
return 0;
#endif /* IMPLEMENTED */
}
static void build_SYS_str_reasons(void)
{
/* OPENSSL_malloc cannot be used here, use static storage instead */
static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
static int init = 1;
int i;
CRYPTO_THREAD_write_lock(err_string_lock);
if (!init) {
CRYPTO_THREAD_unlock(err_string_lock);
return;
}
for (i = 1; i <= NUM_SYS_STR_REASONS; i++) {
ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
str->error = ERR_PACK(ERR_LIB_SYS, 0, i);
if (str->string == NULL) {
char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
if (openssl_strerror_r(i, *dest, sizeof(*dest)))
str->string = *dest;
}
if (str->string == NULL)
str->string = "unknown";
}
/*
* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, as
* required by ERR_load_strings.
*/
init = 0;
CRYPTO_THREAD_unlock(err_string_lock);
err_load_strings(SYS_str_reasons);
}
/* The API (locked) version of "finish" */
int ENGINE_finish(ENGINE *e)
{
int to_return = 1;
if (e == NULL)
return 1;
CRYPTO_THREAD_write_lock(global_engine_lock);
to_return = engine_unlocked_finish(e, 1);
CRYPTO_THREAD_unlock(global_engine_lock);
if (!to_return) {
ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED);
return 0;
}
return to_return;
}
static void err_load_strings(int lib, ERR_STRING_DATA *str)
{
CRYPTO_THREAD_write_lock(err_string_lock);
if (int_error_hash == NULL)
int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash,
err_string_data_cmp);
if (int_error_hash != NULL) {
for (; str->error; str++) {
if (lib)
str->error |= ERR_PACK(lib, 0, 0);
(void)lh_ERR_STRING_DATA_insert(int_error_hash, str);
}
}
CRYPTO_THREAD_unlock(err_string_lock);
}
static void err_load_strings(int lib, ERR_STRING_DATA *str)
{
LHASH_OF(ERR_STRING_DATA) *hash;
CRYPTO_THREAD_write_lock(err_string_lock);
hash = get_hash(1, 0);
if (hash) {
for (; str->error; str++) {
if (lib)
str->error |= ERR_PACK(lib, 0, 0);
(void)lh_ERR_STRING_DATA_insert(hash, str);
}
}
CRYPTO_THREAD_unlock(err_string_lock);
}
int CRYPTO_secure_allocated(const void *ptr)
{
#ifdef OPENSSL_SECURE_MEMORY
int ret;
if (!secure_mem_initialized)
return 0;
CRYPTO_THREAD_write_lock(sec_malloc_lock);
ret = sh_allocated(ptr);
CRYPTO_THREAD_unlock(sec_malloc_lock);
return ret;
#else
return 0;
#endif /* OPENSSL_SECURE_MEMORY */
}
SSL_SESSION *SSL_get1_session(SSL *ssl)
/* variant of SSL_get_session: caller really gets something */
{
SSL_SESSION *sess;
/*
* Need to lock this all up rather than just use CRYPTO_add so that
* somebody doesn't free ssl->session between when we check it's non-null
* and when we up the reference count.
*/
CRYPTO_THREAD_read_lock(ssl->lock);
sess = ssl->session;
if (sess)
SSL_SESSION_up_ref(sess);
CRYPTO_THREAD_unlock(ssl->lock);
return sess;
}
int ERR_unload_strings(int lib, ERR_STRING_DATA *str)
{
if (!RUN_ONCE(&err_string_init, do_err_strings_init))
return 0;
CRYPTO_THREAD_write_lock(err_string_lock);
/*
* We don't need to ERR_PACK the lib, since that was done (to
* the table) when it was loaded.
*/
for (; str->error; str++)
(void)lh_ERR_STRING_DATA_delete(int_error_hash, str);
CRYPTO_THREAD_unlock(err_string_lock);
return 1;
}
/* The API (locked) version of "init" */
int ENGINE_init(ENGINE *e)
{
int ret;
if (e == NULL) {
ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_MALLOC_FAILURE);
return 0;
}
CRYPTO_THREAD_write_lock(global_engine_lock);
ret = engine_unlocked_init(e);
CRYPTO_THREAD_unlock(global_engine_lock);
return ret;
}
/*
* Initialise a new CRYPTO_EX_DATA for use in a particular class - including
* calling new() callbacks for each index in the class used by this variable
* Thread-safe by copying a class's array of "EX_CALLBACK" entries
* in the lock, then using them outside the lock. Note this only applies
* to the global "ex_data" state (ie. class definitions), not 'ad' itself.
*/
int crypto_new_ex_data_ex(OPENSSL_CTX *ctx, int class_index, void *obj,
CRYPTO_EX_DATA *ad)
{
int mx, i;
void *ptr;
EX_CALLBACK **storage = NULL;
EX_CALLBACK *stack[10];
EX_CALLBACKS *ip;
OSSL_EX_DATA_GLOBAL *global = openssl_ctx_get_ex_data_global(ctx);
if (global == NULL)
return 0;
ip = get_and_lock(ctx, class_index);
if (ip == NULL)
return 0;
ad->ctx = ctx;
ad->sk = NULL;
mx = sk_EX_CALLBACK_num(ip->meth);
if (mx > 0) {
if (mx < (int)OSSL_NELEM(stack))
storage = stack;
else
storage = OPENSSL_malloc(sizeof(*storage) * mx);
if (storage != NULL)
for (i = 0; i < mx; i++)
storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
}
CRYPTO_THREAD_unlock(global->ex_data_lock);
if (mx > 0 && storage == NULL) {
CRYPTOerr(CRYPTO_F_CRYPTO_NEW_EX_DATA_EX, ERR_R_MALLOC_FAILURE);
return 0;
}
for (i = 0; i < mx; i++) {
if (storage[i] != NULL && storage[i]->new_func != NULL) {
ptr = CRYPTO_get_ex_data(ad, i);
storage[i]->new_func(obj, ptr, ad, i,
storage[i]->argl, storage[i]->argp);
}
}
if (storage != stack)
OPENSSL_free(storage);
return 1;
}
void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
{
unsigned long i;
TIMEOUT_PARAM tp;
tp.ctx = s;
tp.cache = s->sessions;
if (tp.cache == NULL)
return;
tp.time = t;
CRYPTO_THREAD_write_lock(s->lock);
i = lh_SSL_SESSION_get_down_load(s->sessions);
lh_SSL_SESSION_set_down_load(s->sessions, 0);
lh_SSL_SESSION_doall_TIMEOUT_PARAM(tp.cache, timeout_cb, &tp);
lh_SSL_SESSION_set_down_load(s->sessions, i);
CRYPTO_THREAD_unlock(s->lock);
}
void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
{
LHASH_OF(ERR_STRING_DATA) *hash;
CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
CRYPTO_THREAD_write_lock(err_string_lock);
hash = get_hash(0, 0);
if (hash) {
for (; str->error; str++) {
if (lib)
str->error |= ERR_PACK(lib, 0, 0);
(void)lh_ERR_STRING_DATA_delete(hash, str);
}
}
CRYPTO_THREAD_unlock(err_string_lock);
}
static LHASH_OF(ERR_STRING_DATA) *get_hash(int create, int lockit)
{
LHASH_OF(ERR_STRING_DATA) *ret = NULL;
if (lockit)
CRYPTO_THREAD_write_lock(err_string_lock);
if (!int_error_hash && create) {
int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash,
err_string_data_cmp);
}
if (int_error_hash != NULL)
ret = int_error_hash;
if (lockit)
CRYPTO_THREAD_unlock(err_string_lock);
return ret;
}
int ERR_unload_strings(int lib, ERR_STRING_DATA *str)
{
if (!RUN_ONCE(&err_string_init, do_err_strings_init))
return 0;
CRYPTO_THREAD_write_lock(err_string_lock);
if (int_error_hash != NULL) {
for (; str->error; str++) {
if (lib)
str->error |= ERR_PACK(lib, 0, 0);
(void)lh_ERR_STRING_DATA_delete(int_error_hash, str);
}
}
CRYPTO_THREAD_unlock(err_string_lock);
return 1;
}
/* OpenSSL assumes that the output buffer is always big enough */
int pkcs11_private_encrypt(int flen,
const unsigned char *from, unsigned char *to,
PKCS11_KEY *key, int padding)
{
PKCS11_SLOT *slot = KEY2SLOT(key);
PKCS11_CTX *ctx = KEY2CTX(key);
PKCS11_KEY_private *kpriv = PRIVKEY(key);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
CK_MECHANISM mechanism;
CK_ULONG size;
int rv;
size = pkcs11_get_key_size(key);
if (pkcs11_mechanism(&mechanism, padding) < 0)
return -1;
CRYPTO_THREAD_write_lock(PRIVSLOT(slot)->rwlock);
/* Try signing first, as applications are more likely to use it */
rv = CRYPTOKI_call(ctx,
C_SignInit(spriv->session, &mechanism, kpriv->object));
if (rv == CKR_USER_NOT_LOGGED_IN)
rv = pkcs11_authenticate(key);
if (!rv)
rv = CRYPTOKI_call(ctx,
C_Sign(spriv->session, (CK_BYTE *)from, flen, to, &size));
if (rv == CKR_KEY_FUNCTION_NOT_PERMITTED) {
/* OpenSSL may use it for encryption rather than signing */
rv = CRYPTOKI_call(ctx,
C_EncryptInit(spriv->session, &mechanism, kpriv->object));
if (rv == CKR_USER_NOT_LOGGED_IN)
rv = pkcs11_authenticate(key);
if (!rv)
rv = CRYPTOKI_call(ctx,
C_Encrypt(spriv->session, (CK_BYTE *)from, flen, to, &size));
}
CRYPTO_THREAD_unlock(PRIVSLOT(slot)->rwlock);
if (rv) {
PKCS11err(PKCS11_F_PKCS11_RSA_ENCRYPT, pkcs11_map_err(rv));
return -1;
}
return size;
}
/*
* RAND_poll() reseeds the default RNG using random input
*
* The random input is obtained from polling various entropy
* sources which depend on the operating system and are
* configurable via the --with-rand-seed configure option.
*/
int RAND_poll(void)
{
int ret = 0;
RAND_POOL *pool = NULL;
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth == RAND_OpenSSL()) {
/* fill random pool and seed the master DRBG */
RAND_DRBG *drbg = RAND_DRBG_get0_master();
if (drbg == NULL)
return 0;
CRYPTO_THREAD_write_lock(drbg->lock);
ret = rand_drbg_restart(drbg, NULL, 0, 0);
CRYPTO_THREAD_unlock(drbg->lock);
return ret;
} else {
/* fill random pool and seed the current legacy RNG */
pool = RAND_POOL_new(RAND_DRBG_STRENGTH,
RAND_DRBG_STRENGTH / 8,
DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8));
if (pool == NULL)
return 0;
if (RAND_POOL_acquire_entropy(pool) == 0)
goto err;
if (meth->add == NULL
|| meth->add(RAND_POOL_buffer(pool),
RAND_POOL_length(pool),
(RAND_POOL_entropy(pool) / 8.0)) == 0)
goto err;
ret = 1;
}
err:
RAND_POOL_free(pool);
return ret;
}
/*
* As much as I'd like to make X509_check_purpose use a "const" X509* I
* really can't because it does recalculate hashes and do other non-const
* things.
*/
int X509_check_purpose(X509 *x, int id, int ca)
{
int idx;
const X509_PURPOSE *pt;
if (!(x->ex_flags & EXFLAG_SET)) {
CRYPTO_THREAD_write_lock(x->lock);
x509v3_cache_extensions(x);
CRYPTO_THREAD_unlock(x->lock);
}
/* Return if side-effect only call */
if (id == -1)
return 1;
idx = X509_PURPOSE_get_by_id(id);
if (idx == -1)
return -1;
pt = X509_PURPOSE_get0(idx);
return pt->check_purpose(pt, x, ca);
}
static int pkcs11_init_libp11(ENGINE_CTX *ctx)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100004L
CRYPTO_THREAD_write_lock(ctx->rwlock);
#else
if (ctx->rwlock)
CRYPTO_w_lock(ctx->rwlock);
#endif
if (ctx->pkcs11_ctx == NULL || ctx->slot_list == NULL)
pkcs11_init_libp11_unlocked(ctx);
#if OPENSSL_VERSION_NUMBER >= 0x10100004L
CRYPTO_THREAD_unlock(ctx->rwlock);
#else
if (ctx->rwlock)
CRYPTO_w_unlock(ctx->rwlock);
#endif
return ctx->pkcs11_ctx && ctx->slot_list ? 0 : -1;
}
OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
OSSL_provider_init_fn *init_function)
{
struct provider_store_st *store = NULL;
OSSL_PROVIDER *prov = NULL;
if ((store = get_provider_store(libctx)) == NULL)
return NULL;
if ((prov = ossl_provider_find(libctx, name)) != NULL) { /* refcount +1 */
ossl_provider_free(prov); /* refcount -1 */
CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_NEW,
CRYPTO_R_PROVIDER_ALREADY_EXISTS);
ERR_add_error_data(2, "name=", name);
return NULL;
}
/* provider_new() generates an error, so no need here */
if ((prov = provider_new(name, init_function)) == NULL)
return NULL;
CRYPTO_THREAD_write_lock(store->lock);
if (!ossl_provider_upref(prov)) { /* +1 One reference for the store */
ossl_provider_free(prov); /* -1 Reference that was to be returned */
prov = NULL;
} else if (sk_OSSL_PROVIDER_push(store->providers, prov) == 0) {
ossl_provider_free(prov); /* -1 Store reference */
ossl_provider_free(prov); /* -1 Reference that was to be returned */
prov = NULL;
} else {
prov->store = store;
}
CRYPTO_THREAD_unlock(store->lock);
if (prov == NULL)
CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_NEW, ERR_R_MALLOC_FAILURE);
/*
* At this point, the provider is only partially "loaded". To be
* fully "loaded", ossl_provider_activate() must also be called.
*/
return prov;
}
int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
{
# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL)
if (__atomic_is_lock_free(sizeof(*val), val)) {
*ret = __atomic_add_fetch(val, amount, __ATOMIC_ACQ_REL);
return 1;
}
# endif
if (!CRYPTO_THREAD_write_lock(lock))
return 0;
*val += amount;
*ret = *val;
if (!CRYPTO_THREAD_unlock(lock))
return 0;
return 1;
}
void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
{
#ifdef IMPLEMENTED
void *ret;
size_t actual_size;
if (!secure_mem_initialized) {
return CRYPTO_malloc(num, file, line);
}
CRYPTO_THREAD_write_lock(sec_malloc_lock);
ret = sh_malloc(num);
actual_size = ret ? sh_actual_size(ret) : 0;
secure_mem_used += actual_size;
CRYPTO_THREAD_unlock(sec_malloc_lock);
return ret;
#else
return CRYPTO_malloc(num, file, line);
#endif /* IMPLEMENTED */
}
/*
* This function is not part of RAND_METHOD, so if we're not using
* the default method, then just call RAND_bytes(). Otherwise make
* sure we're instantiated and use the private DRBG.
*/
int RAND_priv_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
RAND_DRBG *drbg;
int ret;
if (meth != RAND_OpenSSL())
return RAND_bytes(buf, num);
drbg = RAND_DRBG_get0_private();
if (drbg == NULL)
return 0;
/* We have to lock the DRBG before generating bits from it. */
CRYPTO_THREAD_write_lock(drbg->lock);
ret = RAND_DRBG_generate(drbg, buf, num, 0, NULL, 0);
CRYPTO_THREAD_unlock(drbg->lock);
return ret;
}
OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name)
{
struct provider_store_st *store = NULL;
OSSL_PROVIDER *prov = NULL;
if ((store = get_provider_store(libctx)) != NULL) {
OSSL_PROVIDER tmpl = { 0, };
int i;
tmpl.name = (char *)name;
CRYPTO_THREAD_write_lock(store->lock);
if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1
|| (prov = sk_OSSL_PROVIDER_value(store->providers, i)) == NULL
|| !ossl_provider_upref(prov))
prov = NULL;
CRYPTO_THREAD_unlock(store->lock);
}
return prov;
}
void CRYPTO_secure_free(void *ptr, const char *file, int line)
{
#ifdef IMPLEMENTED
size_t actual_size;
if (ptr == NULL)
return;
if (!CRYPTO_secure_allocated(ptr)) {
CRYPTO_free(ptr, file, line);
return;
}
CRYPTO_THREAD_write_lock(sec_malloc_lock);
actual_size = sh_actual_size(ptr);
CLEAR(ptr, actual_size);
secure_mem_used -= actual_size;
sh_free(ptr);
CRYPTO_THREAD_unlock(sec_malloc_lock);
#else
CRYPTO_free(ptr, file, line);
#endif /* IMPLEMENTED */
}
static int close_console(UI *ui)
{
if (tty_in != stdin)
fclose(tty_in);
if (tty_out != stderr)
fclose(tty_out);
#ifdef OPENSSL_SYS_VMS
status = sys$dassgn(channel);
if (status != SS$_NORMAL) {
char tmp_num[12];
BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%%X%08X", status);
UIerr(UI_F_CLOSE_CONSOLE, UI_R_SYSDASSGN_ERROR);
ERR_add_error_data(2, "status=", tmp_num);
return 0;
}
#endif
CRYPTO_THREAD_unlock(ui->lock);
return 1;
}
int X509_STORE_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
X509_NAME *name, X509_OBJECT *ret)
{
X509_STORE *ctx = vs->ctx;
X509_LOOKUP *lu;
X509_OBJECT stmp, *tmp;
int i, j;
CRYPTO_THREAD_write_lock(ctx->lock);
tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
CRYPTO_THREAD_unlock(ctx->lock);
if (tmp == NULL || type == X509_LU_CRL) {
for (i = vs->current_method;
i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
if (j < 0) {
vs->current_method = j;
return j;
} else if (j) {
tmp = &stmp;
break;
}
}
vs->current_method = 0;
if (tmp == NULL)
return 0;
}
/*- if (ret->data.ptr != NULL)
X509_OBJECT_free_contents(ret); */
ret->type = tmp->type;
ret->data.ptr = tmp->data.ptr;
X509_OBJECT_up_ref_count(ret);
return 1;
}
