EVP_PKEY * X509_PUBKEY_get0(X509_PUBKEY *key) { EVP_PKEY *ret = NULL; if (key == NULL) goto error; if (key->pkey != NULL) return key->pkey; if (key->public_key == NULL) goto error; if ((ret = EVP_PKEY_new()) == NULL) { X509error(ERR_R_MALLOC_FAILURE); goto error; } if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) { X509error(X509_R_UNSUPPORTED_ALGORITHM); goto error; } if (ret->ameth->pub_decode) { if (!ret->ameth->pub_decode(ret, key)) { X509error(X509_R_PUBLIC_KEY_DECODE_ERROR); goto error; } } else { X509error(X509_R_METHOD_NOT_SUPPORTED); goto error; } /* Check to see if another thread set key->pkey first */ CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); if (key->pkey) { CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); EVP_PKEY_free(ret); ret = key->pkey; } else { key->pkey = ret; CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); } return ret; error: EVP_PKEY_free(ret); return (NULL); }
/* Internal functions to open, handle and close a channel to the console. */ static int open_console(UI *ui) { CRYPTO_w_lock(CRYPTO_LOCK_UI); is_a_tty = 1; #if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS) tty_in = stdin; tty_out = stderr; #else # ifdef OPENSSL_SYS_MSDOS # define DEV_TTY "con" # else # define DEV_TTY "/dev/tty" # endif if ((tty_in = fopen(DEV_TTY, "r")) == NULL) tty_in = stdin; if ((tty_out = fopen(DEV_TTY, "w")) == NULL) tty_out = stderr; #endif #if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) if (TTY_get(fileno(tty_in), &tty_orig) == -1) { # ifdef ENOTTY if (errno == ENOTTY) is_a_tty = 0; else # endif # ifdef EINVAL /* * Ariel Glenn [email protected] reports that solaris can return * EINVAL instead. This should be ok */ if (errno == EINVAL) is_a_tty = 0; else # endif return 0; } #endif #ifdef OPENSSL_SYS_VMS status = sys$assign(&terminal, &channel, 0, 0); if (status != SS$_NORMAL) return 0; status = sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12, 0, 0, 0, 0); if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) return 0; #endif return 1; }
void *EC_KEY_insert_key_method_data (EC_KEY * key, void *data, void *(*dup_func) (void *), void (*free_func) (void *), void (*clear_free_func) (void *)) { EC_EXTRA_DATA *ex_data; CRYPTO_w_lock (CRYPTO_LOCK_EC); ex_data = EC_EX_DATA_get_data (key->method_data, dup_func, free_func, clear_free_func); if (ex_data == NULL) EC_EX_DATA_set_data (&key->method_data, data, dup_func, free_func, clear_free_func); CRYPTO_w_unlock (CRYPTO_LOCK_EC); return ex_data; }
int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int ctrl_exists, ref_exists; if (e == NULL) { ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER); return 0; } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ref_exists = ((e->struct_ref > 0) ? 1 : 0); CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ctrl_exists = ((e->ctrl == NULL) ? 0 : 1); if (!ref_exists) { ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE); return 0; } /* Intercept any "root-level" commands before trying to hand them on to * ctrl() handlers. */ switch (cmd) { case ENGINE_CTRL_HAS_CTRL_FUNCTION: return ctrl_exists; case ENGINE_CTRL_GET_FIRST_CMD_TYPE: case ENGINE_CTRL_GET_NEXT_CMD_TYPE: case ENGINE_CTRL_GET_CMD_FROM_NAME: case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: case ENGINE_CTRL_GET_NAME_FROM_CMD: case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: case ENGINE_CTRL_GET_DESC_FROM_CMD: case ENGINE_CTRL_GET_CMD_FLAGS: if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL)) return int_ctrl_helper(e, cmd, i, p, f); if (!ctrl_exists) { ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION); /* For these cmd-related functions, failure is indicated * by a -1 return value (because 0 is used as a valid * return in some places). */ return -1; } default: break; } /* Anything else requires a ctrl() handler to exist. */ if (!ctrl_exists) { ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION); return 0; } return e->ctrl(e, cmd, i, p, f); }
static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f, BIGNUM *r, BN_CTX *ctx) { if (local) return BN_BLINDING_invert_ex(f, NULL, b, ctx); else { int ret; CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); ret = BN_BLINDING_invert_ex(f, r, b, ctx); CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); return ret; } }
/* err_fns_check is an internal function that checks whether "err_fns" is set * and if not, sets it to the default. */ static void err_fns_check(void) { /* In practice, this is not a race problem because loading the error strings * at init time will cause this pointer to be set before the process goes * multithreaded. */ if (err_fns) { return; } CRYPTO_w_lock(CRYPTO_LOCK_ERR); if (!err_fns) { err_fns = &openssl_err_default_impl; } CRYPTO_w_unlock(CRYPTO_LOCK_ERR); }
ENGINE *ENGINE_get_last(void) { ENGINE *ret; CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = engine_list_tail; if(ret) { ret->struct_ref++; engine_ref_debug(ret, 0, 1) } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return ret; }
static void build_SYS_str_reasons(void) { /* OPENSSL_malloc cannot be used here, use static storage instead */ static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; int i; static int init = 1; CRYPTO_r_lock(CRYPTO_LOCK_ERR); if (!init) { CRYPTO_r_unlock(CRYPTO_LOCK_ERR); return; } CRYPTO_r_unlock(CRYPTO_LOCK_ERR); CRYPTO_w_lock(CRYPTO_LOCK_ERR); if (!init) { CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return; } for (i = 1; i <= NUM_SYS_STR_REASONS; i++) { ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; str->error = (unsigned long)i; if (str->string == NULL) { char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); char *src = strerror(i); if (src != NULL) { strncpy(*dest, src, sizeof *dest); (*dest)[sizeof *dest - 1] = '\0'; str->string = *dest; } } if (str->string == NULL) str->string = "unknown"; } /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, * as required by ERR_load_strings. */ init = 0; CRYPTO_w_unlock(CRYPTO_LOCK_ERR); }
int fips_set_owning_thread(void) { int ret = 0; if (fips_started) { CRYPTO_w_lock(CRYPTO_LOCK_FIPS2); if (!fips_thread_set) { CRYPTO_THREADID_current(&fips_thread); ret = 1; fips_thread_set = 1; } CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2); } return ret; }
int ERR_set_implementation(const ERR_FNS *fns) { int ret = 0; CRYPTO_w_lock(CRYPTO_LOCK_ERR); /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting * an error is there?! */ if (!err_fns) { err_fns = fns; ret = 1; } CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return ret; }
static BN_BLINDING *rsa_get_blinding(RSA *rsa, BIGNUM **r, int *local, BN_CTX *ctx) { BN_BLINDING *ret; if (rsa->blinding == NULL) { if (rsa->blinding == NULL) { CRYPTO_w_lock(CRYPTO_LOCK_RSA); if (rsa->blinding == NULL) rsa->blinding = RSA_setup_blinding(rsa, ctx); CRYPTO_w_unlock(CRYPTO_LOCK_RSA); } } ret = rsa->blinding; if (ret == NULL) return NULL; if (BN_BLINDING_get_thread_id(ret) != CRYPTO_thread_id()) { *local = 0; if (rsa->mt_blinding == NULL) { CRYPTO_w_lock(CRYPTO_LOCK_RSA); if (rsa->mt_blinding == NULL) rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); CRYPTO_w_unlock(CRYPTO_LOCK_RSA); } ret = rsa->mt_blinding; } else *local = 1; return ret; }
/* As much as I'd like to make X509_check_purpose use a "const" X509* * I really can't because it does recalculate hashes and do other non-const * things. */ int X509_check_purpose(X509 *x, int id, int ca) { int idx; const X509_PURPOSE *pt; if(!(x->ex_flags & EXFLAG_SET)) { CRYPTO_w_lock(CRYPTO_LOCK_X509); x509v3_cache_extensions(x); CRYPTO_w_unlock(CRYPTO_LOCK_X509); } if(id == -1) return 1; idx = X509_PURPOSE_get_by_id(id); if(idx == -1) return -1; pt = X509_PURPOSE_get0(idx); return pt->check_purpose(pt, x, ca); }
void ERR_remove_state(unsigned long pid) { ERR_STATE *p,tmp; if (thread_hash == NULL) return; if (pid == 0) pid=(unsigned long)CRYPTO_thread_id(); tmp.pid=pid; CRYPTO_w_lock(CRYPTO_LOCK_ERR); p=(ERR_STATE *)lh_delete(thread_hash,&tmp); CRYPTO_w_unlock(CRYPTO_LOCK_ERR); if (p != NULL) ERR_STATE_free(p); }
/* Remove an existing "ENGINE" type from the array. */ int ENGINE_remove(ENGINE *e) { int to_return = 1; if (e == NULL) { ENGINEerr(ENGINE_F_ENGINE_REMOVE, ERR_R_PASSED_NULL_PARAMETER); return 0; } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if (!engine_list_remove(e)) { ENGINEerr(ENGINE_F_ENGINE_REMOVE, ENGINE_R_INTERNAL_LIST_ERROR); to_return = 0; } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return to_return; }
/* RAND_cleanup frees all buffers, closes any cached file descriptor * and resets the global state. */ void RAND_cleanup(void) { struct rand_buffer *cur; CRYPTO_w_lock(CRYPTO_LOCK_RAND); while ((cur = list_head)) { list_head = cur->next; OPENSSL_free(cur); } if (urandom_fd >= 0) { close(urandom_fd); } urandom_fd = -2; list_head = NULL; CRYPTO_w_unlock(CRYPTO_LOCK_RAND); }
ENGINE * ENGINE_by_id(const char *id) { ENGINE *iterator; ENGINE *tmp; tmp = engine_list_head; while (tmp) { printf("my engine iterator, id%s\n", tmp->id); tmp = tmp->next; } printf("my engine, file:%s line:%d\n", __FILE__, __LINE__); if (id == NULL) { ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_PASSED_NULL_PARAMETER); return NULL; } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); printf("my engine, file:%s line:%d\n", __FILE__, __LINE__); iterator = engine_list_head; while (iterator && (strcmp(id, iterator->id) != 0) && printf("my engine iterator, id%s\n", iterator->id)) iterator = iterator->next; if (iterator) { /* We need to return a structural reference. If this is an * ENGINE type that returns copies, make a duplicate - otherwise * increment the existing ENGINE's reference count. */ if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) { ENGINE *cp = ENGINE_new(); if (!cp) iterator = NULL; else { engine_cpy(cp, iterator); iterator = cp; } } else { iterator->struct_ref++; engine_ref_debug(iterator, 0, 1) } } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); printf("my engine, file:%s line:%d\n", __FILE__, __LINE__); if (iterator == NULL) { ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE); ERR_asprintf_error_data("id=%s", id); } return iterator; }
static LHASH_OF(ERR_STRING_DATA) *get_hash(int create, int lockit) { LHASH_OF(ERR_STRING_DATA) *ret = NULL; if (lockit) CRYPTO_w_lock(CRYPTO_LOCK_ERR); if (!int_error_hash && create) { int_error_hash = lh_ERR_STRING_DATA_new(); } if (int_error_hash != NULL) ret = int_error_hash; if (lockit) CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return ret; }
static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d) { ERR_STRING_DATA *p; LHASH *hash; err_fns_check(); hash = ERRFN(err_get)(0); if (!hash) return NULL; CRYPTO_w_lock(CRYPTO_LOCK_ERR); p = (ERR_STRING_DATA *)lh_delete(hash, d); CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return p; }
int fips_clear_owning_thread(void) { int ret = 0; if (fips_is_started()) { CRYPTO_w_lock(CRYPTO_LOCK_FIPS2); if (fips_thread == CRYPTO_thread_id()) { fips_thread = 0; ret = 1; } CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2); } return ret; }
static int get_proxy_auth_ex_data_cred() { static volatile int idx = -1; if (idx < 0) { CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); if (idx < 0) { idx = X509_STORE_CTX_get_ex_new_index(0, "credentials", NULL, NULL, NULL); } CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); } return idx; }
int fips_clear_owning_thread(void) { int ret = 0; if (fips_started) { CRYPTO_w_lock(CRYPTO_LOCK_FIPS2); if (fips_thread_set) { CRYPTO_THREADID cur; CRYPTO_THREADID_current(&cur); if (!CRYPTO_THREADID_cmp(&cur, &fips_thread)) fips_thread_set = 0; } CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2); } return ret; }
static LHASH *int_err_get(int create) { LHASH *ret = NULL; CRYPTO_w_lock(CRYPTO_LOCK_ERR); if (!int_error_hash && create) { CRYPTO_push_info("int_err_get (err.c)"); int_error_hash = lh_new(err_hash, err_cmp); CRYPTO_pop_info(); } if (int_error_hash) ret = int_error_hash; CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return ret; }
static ERR_STATE *int_thread_set_item(ERR_STATE *d) { ERR_STATE *p; LHASH *hash; err_fns_check(); hash = ERRFN(thread_get)(1); if (!hash) return NULL; CRYPTO_w_lock(CRYPTO_LOCK_ERR); p = (ERR_STATE *)lh_insert(hash, d); CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ERRFN(thread_release)(&hash); return p; }
static LHASH_OF(ERR_STATE) *int_thread_get(int create, int lockit) { LHASH_OF(ERR_STATE) *ret = NULL; if (lockit) CRYPTO_w_lock(CRYPTO_LOCK_ERR); if (!int_thread_hash && create) { int_thread_hash = lh_ERR_STATE_new(); } if (int_thread_hash != NULL) { int_thread_hash_references++; ret = int_thread_hash; } if (lockit) CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return ret; }
/* * Construct the per-ENGINE context. We create it blindly and then use a lock * to check for a race - if so, all but one of the threads "racing" will have * wasted their time. The alternative involves creating everything inside the * lock which is far worse. */ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) { dynamic_data_ctx *c; c = OPENSSL_malloc(sizeof(dynamic_data_ctx)); if (!c) { ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); return 0; } memset(c, 0, sizeof(dynamic_data_ctx)); c->dynamic_dso = NULL; c->v_check = NULL; c->bind_engine = NULL; c->DYNAMIC_LIBNAME = NULL; c->no_vcheck = 0; c->engine_id = NULL; c->list_add_value = 0; c->DYNAMIC_F1 = "v_check"; c->DYNAMIC_F2 = "bind_engine"; c->dir_load = 1; c->dirs = sk_OPENSSL_STRING_new_null(); if (!c->dirs) { ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); OPENSSL_free(c); return 0; } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx)) == NULL) { /* Good, we're the first */ ENGINE_set_ex_data(e, dynamic_ex_data_idx, c); *ctx = c; c = NULL; } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* * If we lost the race to set the context, c is non-NULL and *ctx is the * context of the thread that won. */ if (c) { sk_OPENSSL_STRING_free(c->dirs); OPENSSL_free(c); } return 1; }
static int pkcs11_init_libp11(ENGINE_CTX *ctx) { #if OPENSSL_VERSION_NUMBER >= 0x10100004L CRYPTO_THREAD_write_lock(ctx->rwlock); #else if (ctx->rwlock) CRYPTO_w_lock(ctx->rwlock); #endif if (ctx->pkcs11_ctx == NULL || ctx->slot_list == NULL) pkcs11_init_libp11_unlocked(ctx); #if OPENSSL_VERSION_NUMBER >= 0x10100004L CRYPTO_THREAD_unlock(ctx->rwlock); #else if (ctx->rwlock) CRYPTO_w_unlock(ctx->rwlock); #endif return ctx->pkcs11_ctx && ctx->slot_list ? 0 : -1; }
BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, const BIGNUM *mod, BN_CTX *ctx) { if (*pmont) return *pmont; CRYPTO_w_lock(lock); if (!*pmont) { BN_MONT_CTX *mtmp; mtmp = BN_MONT_CTX_new(); if (mtmp && !BN_MONT_CTX_set(mtmp, mod, ctx)) BN_MONT_CTX_free(mtmp); else *pmont = mtmp; } CRYPTO_w_unlock(lock); return *pmont; }
BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, const BIGNUM *mod, BN_CTX *ctx) { if (*pmont) return *pmont; CRYPTO_w_lock(lock); if (!*pmont) { *pmont = BN_MONT_CTX_new(); if (*pmont && !BN_MONT_CTX_set(*pmont, mod, ctx)) { BN_MONT_CTX_free(*pmont); *pmont = NULL; } } CRYPTO_w_unlock(lock); return *pmont; }
/* Add another "ENGINE" type into the list. */ int ENGINE_add(ENGINE *e) { int to_return = 1; if (e == NULL) { ENGINEerr(ENGINE_F_ENGINE_ADD, ERR_R_PASSED_NULL_PARAMETER); return 0; } if ((e->id == NULL) || (e->name == NULL)) { ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING); } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if (!engine_list_add(e)) { ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_INTERNAL_LIST_ERROR); to_return = 0; } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return to_return; }
static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, BN_CTX *ctx) { if (unblind == NULL) /* Local blinding: store the unblinding factor * in BN_BLINDING. */ return BN_BLINDING_convert_ex(f, NULL, b, ctx); else { /* Shared blinding: store the unblinding factor * outside BN_BLINDING. */ int ret; CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); ret = BN_BLINDING_convert_ex(f, unblind, b, ctx); CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); return ret; } }