[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Tue Mar 8 16:11:46 UTC 2016
The branch master has been updated
via 638b3c88372857b4b8df9347683d46b0a12b9219 (commit)
via c001ce33137993a0c4ff15060ed1639826bfca0b (commit)
via 41cfbccc99f3ca3c9f656d8c71e2db5bcfcf6817 (commit)
via 9b398ef297dd1b74527dd0afee9f59cd3f5bc33d (commit)
via 03273d61e742b02485831ce739e4a6c9b197e3f3 (commit)
via fb46be034816e5fe9f04fd39da960d34dbf2f52d (commit)
from c9aad4ff4f9f37a2d8685db4b1ce310452f41e89 (commit)
- Log -----------------------------------------------------------------
commit 638b3c88372857b4b8df9347683d46b0a12b9219
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date: Sat Mar 5 20:53:32 2016 +0000
make update
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit c001ce33137993a0c4ff15060ed1639826bfca0b
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date: Tue Mar 1 18:06:15 2016 +0000
Convert CRYPTO_LOCK_X509_* to new multi-threading API
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 41cfbccc99f3ca3c9f656d8c71e2db5bcfcf6817
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date: Mon Feb 29 17:12:25 2016 +0000
Convert CRYPTO_LOCK_UI to new multi-threading API
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 9b398ef297dd1b74527dd0afee9f59cd3f5bc33d
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date: Mon Feb 29 16:57:11 2016 +0000
Convert CRYPTO_LOCK_EC_* to new multi-threading API
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 03273d61e742b02485831ce739e4a6c9b197e3f3
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date: Fri Feb 26 12:21:15 2016 +0000
Convert CRYPTO_LOCK_EVP_PKEY to new multi-threading API
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit fb46be034816e5fe9f04fd39da960d34dbf2f52d
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date: Fri Feb 26 11:51:31 2016 +0000
Convert CRYPTO_LOCK_BIO to new multi-threading API
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/tasn_utl.c | 9 +++++-
crypto/asn1/x_info.c | 15 ++++++++--
crypto/asn1/x_pkey.c | 8 +++++-
crypto/asn1/x_pubkey.c | 13 +++++++--
crypto/bio/bio_lib.c | 44 ++++++++++++++++++++++++------
crypto/cms/cms_env.c | 3 +-
crypto/cms/cms_sd.c | 2 +-
crypto/ec/ec_key.c | 9 ++++--
crypto/ec/ec_kmeth.c | 15 +++++++++-
crypto/ec/ec_lcl.h | 1 +
crypto/ec/ec_mult.c | 25 +++++++++++++++--
crypto/ec/ecp_nistp224.c | 25 +++++++++++++++--
crypto/ec/ecp_nistp256.c | 24 ++++++++++++++--
crypto/ec/ecp_nistp521.c | 25 +++++++++++++++--
crypto/ec/ecp_nistz256.c | 24 ++++++++++++++--
crypto/evp/p_lib.c | 16 ++++++++---
crypto/evp/pmeth_fn.c | 2 +-
crypto/evp/pmeth_lib.c | 6 ++--
crypto/include/internal/evp_int.h | 1 +
crypto/include/internal/x509_int.h | 3 ++
crypto/ui/ui_lib.c | 9 ++++++
crypto/ui/ui_locl.h | 2 ++
crypto/ui/ui_openssl.c | 4 +--
crypto/x509/x509_lu.c | 56 +++++++++++++++++++++++++-------------
crypto/x509/x509_set.c | 3 +-
crypto/x509/x509_vfy.c | 3 +-
crypto/x509/x509cset.c | 3 +-
crypto/x509/x_crl.c | 6 ++--
crypto/x509/x_req.c | 2 +-
crypto/x509/x_x509.c | 2 +-
crypto/x509v3/pcy_cache.c | 4 +--
crypto/x509v3/v3_purp.c | 8 +++---
doc/crypto/BIO_new.pod | 7 +++--
doc/crypto/X509_STORE_new.pod | 36 ++++++++++++++++++++++++
include/openssl/asn1t.h | 4 +--
include/openssl/bio.h | 2 ++
include/openssl/crypto.h | 10 -------
include/openssl/x509.h | 3 ++
include/openssl/x509_vfy.h | 2 ++
ssl/bio_ssl.c | 6 ++--
ssl/ssl_cert.c | 7 ++---
util/libcrypto.num | 2 ++
42 files changed, 351 insertions(+), 100 deletions(-)
create mode 100644 doc/crypto/X509_STORE_new.pod
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
index c840047..41f2fc2 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -105,6 +105,7 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
{
const ASN1_AUX *aux;
int *lck, ret;
+ CRYPTO_RWLOCK **lock;
if ((it->itype != ASN1_ITYPE_SEQUENCE)
&& (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))
return 0;
@@ -112,15 +113,21 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT))
return 0;
lck = offset2ptr(*pval, aux->ref_offset);
+ lock = offset2ptr(*pval, aux->ref_lock);
if (op == 0) {
*lck = 1;
+ *lock = CRYPTO_THREAD_lock_new();
+ if (*lock == NULL)
+ return 0;
return 1;
}
- ret = CRYPTO_add(lck, op, aux->ref_lock);
+ CRYPTO_atomic_add(lck, op, &ret, *lock);
#ifdef REF_PRINT
fprintf(stderr, "%p:%4d:%s\n", it, *lck, it->sname);
#endif
REF_ASSERT_ISNT(ret < 0);
+ if (ret == 0)
+ CRYPTO_THREAD_lock_free(*lock);
return ret;
}
diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c
index adee224..4b3b7de 100644
--- a/crypto/asn1/x_info.c
+++ b/crypto/asn1/x_info.c
@@ -68,10 +68,18 @@ X509_INFO *X509_INFO_new(void)
ret = OPENSSL_zalloc(sizeof(*ret));
if (ret == NULL) {
ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
+
ret->references = 1;
- return (ret);
+
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
+ X509_INFO_free(ret);
+ return NULL;
+ }
+
+ return ret;
}
void X509_INFO_free(X509_INFO *x)
@@ -81,7 +89,7 @@ void X509_INFO_free(X509_INFO *x)
if (x == NULL)
return;
- i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_INFO);
+ CRYPTO_atomic_add(&x->references, -1, &i, x->lock);
REF_PRINT_COUNT("X509_INFO", x);
if (i > 0)
return;
@@ -91,5 +99,6 @@ void X509_INFO_free(X509_INFO *x)
X509_CRL_free(x->crl);
X509_PKEY_free(x->x_pkey);
OPENSSL_free(x->enc_data);
+ CRYPTO_THREAD_lock_free(x->lock);
OPENSSL_free(x);
}
diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c
index 6e09d29..d8960d1 100644
--- a/crypto/asn1/x_pkey.c
+++ b/crypto/asn1/x_pkey.c
@@ -70,6 +70,11 @@ X509_PKEY *X509_PKEY_new(void)
goto err;
ret->references = 1;
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
+ OPENSSL_free(ret);
+ return NULL;
+ }
ret->enc_algor = X509_ALGOR_new();
ret->enc_pkey = ASN1_OCTET_STRING_new();
if (ret->enc_algor == NULL || ret->enc_pkey == NULL)
@@ -89,7 +94,7 @@ void X509_PKEY_free(X509_PKEY *x)
if (x == NULL)
return;
- i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY);
+ CRYPTO_atomic_add(&x->references, -1, &i, x->lock);
REF_PRINT_COUNT("X509_PKEY", x);
if (i > 0)
return;
@@ -100,5 +105,6 @@ void X509_PKEY_free(X509_PKEY *x)
EVP_PKEY_free(x->dec_pkey);
if (x->key_free)
OPENSSL_free(x->key_data);
+ CRYPTO_THREAD_lock_free(x->lock);
OPENSSL_free(x);
}
diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index 1d65b20..7c88291 100644
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -72,8 +72,15 @@
static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
void *exarg)
{
+ if (operation == ASN1_OP_NEW_POST) {
+ X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+ pubkey->lock = CRYPTO_THREAD_lock_new();
+ if (pubkey->lock == NULL)
+ return 0;
+ }
if (operation == ASN1_OP_FREE_POST) {
X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+ CRYPTO_THREAD_lock_free(pubkey->lock);
EVP_PKEY_free(pubkey->pkey);
}
return 1;
@@ -155,14 +162,14 @@ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key)
}
/* Check to see if another thread set key->pkey first */
- CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+ CRYPTO_THREAD_write_lock(key->lock);
if (key->pkey) {
- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+ CRYPTO_THREAD_unlock(key->lock);
EVP_PKEY_free(ret);
ret = key->pkey;
} else {
key->pkey = ret;
- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+ CRYPTO_THREAD_unlock(key->lock);
}
return ret;
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index ee8d622..522525b 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -94,12 +94,22 @@ int BIO_set(BIO *bio, BIO_METHOD *method)
bio->num_read = 0L;
bio->num_write = 0L;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
- if (method->create != NULL)
+
+ bio->lock = CRYPTO_THREAD_lock_new();
+ if (bio->lock == NULL) {
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+ return 0;
+ }
+
+ if (method->create != NULL) {
if (!method->create(bio)) {
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
- return (0);
+ CRYPTO_THREAD_lock_free(bio->lock);
+ return 0;
}
- return (1);
+ }
+
+ return 1;
}
int BIO_free(BIO *a)
@@ -107,23 +117,29 @@ int BIO_free(BIO *a)
int i;
if (a == NULL)
- return (0);
+ return 0;
+
+ if (CRYPTO_atomic_add(&a->references, -1, &i, a->lock) <= 0)
+ return 0;
- i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO);
REF_PRINT_COUNT("BIO", a);
if (i > 0)
- return (1);
+ return 1;
REF_ASSERT_ISNT(i < 0);
if ((a->callback != NULL) &&
((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0))
- return (i);
+ return i;
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
+ CRYPTO_THREAD_lock_free(a->lock);
+
if ((a->method != NULL) && (a->method->destroy != NULL))
a->method->destroy(a);
+
OPENSSL_free(a);
- return (1);
+
+ return 1;
}
void BIO_vfree(BIO *a)
@@ -131,6 +147,18 @@ void BIO_vfree(BIO *a)
BIO_free(a);
}
+int BIO_up_ref(BIO *a)
+{
+ int i;
+
+ if (CRYPTO_atomic_add(&a->references, 1, &i, a->lock) <= 0)
+ return 0;
+
+ REF_PRINT_COUNT("BIO", a);
+ REF_ASSERT_ISNT(i < 2);
+ return ((i > 1) ? 1 : 0);
+}
+
void BIO_clear_flags(BIO *b, int flags)
{
b->flags &= ~flags;
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 3b065ae..c54667f 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -200,7 +200,8 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
return 0;
X509_up_ref(recip);
- CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_up_ref(pk);
+
ktri->pkey = pk;
ktri->recip = recip;
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 2757aa9..151f40f 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -283,8 +283,8 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
/* Call for side-effect of computing hash and caching extensions */
X509_check_purpose(signer, -1, -1);
- CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
X509_up_ref(signer);
+ EVP_PKEY_up_ref(pk);
si->pkey = pk;
si->signer = signer;
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 3b02eca..0d7370e 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -98,7 +98,7 @@ void EC_KEY_free(EC_KEY *r)
if (r == NULL)
return;
- i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC);
+ CRYPTO_atomic_add(&r->references, -1, &i, r->lock);
REF_PRINT_COUNT("EC_KEY", r);
if (i > 0)
return;
@@ -115,6 +115,7 @@ void EC_KEY_free(EC_KEY *r)
r->group->meth->keyfinish(r);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data);
+ CRYPTO_THREAD_lock_free(r->lock);
EC_GROUP_free(r->group);
EC_POINT_free(r->pub_key);
BN_clear_free(r->priv_key);
@@ -204,6 +205,7 @@ EC_KEY *EC_KEY_dup(EC_KEY *ec_key)
if (ret == NULL)
return NULL;
+
if (EC_KEY_copy(ret, ec_key) == NULL) {
EC_KEY_free(ret);
return NULL;
@@ -213,7 +215,10 @@ EC_KEY *EC_KEY_dup(EC_KEY *ec_key)
int EC_KEY_up_ref(EC_KEY *r)
{
- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);
+ int i;
+
+ if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0)
+ return 0;
REF_PRINT_COUNT("EC_KEY", r);
REF_ASSERT_ISNT(i < 2);
diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
index fad74bf..dc097ce 100644
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -122,18 +122,28 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
if (ret == NULL) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) {
OPENSSL_free(ret);
return NULL;
}
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
+ ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+
ret->meth = EC_KEY_get_default_method();
#ifndef OPENSSL_NO_ENGINE
if (engine != NULL) {
if (!ENGINE_init(engine)) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);
+ CRYPTO_THREAD_lock_free(ret->lock);
OPENSSL_free(ret);
return NULL;
}
@@ -145,6 +155,8 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
if (ret->meth == NULL) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
ENGINE_finish(ret->engine);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);
+ CRYPTO_THREAD_lock_free(ret->lock);
OPENSSL_free(ret);
return NULL;
}
@@ -154,6 +166,7 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
ret->version = 1;
ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
ret->references = 1;
+
if (ret->meth->init != NULL && ret->meth->init(ret) == 0) {
EC_KEY_free(ret);
return NULL;
diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h
index e085f76..e6a4914 100644
--- a/crypto/ec/ec_lcl.h
+++ b/crypto/ec/ec_lcl.h
@@ -310,6 +310,7 @@ struct ec_key_st {
int references;
int flags;
CRYPTO_EX_DATA ex_data;
+ CRYPTO_RWLOCK *lock;
} /* EC_KEY */ ;
struct ec_point_st {
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index 70c9791..3c283e5 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -63,6 +63,7 @@
#include <string.h>
#include <openssl/err.h>
+#include "internal/cryptlib.h"
#include "internal/bn_int.h"
#include "ec_lcl.h"
@@ -85,6 +86,7 @@ struct ec_pre_comp_st {
* objects followed by a NULL */
size_t num; /* numblocks * 2^(w-1) */
int references;
+ CRYPTO_RWLOCK *lock;
};
static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group)
@@ -99,25 +101,41 @@ static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group)
ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
return ret;
}
+
ret->group = group;
ret->blocksize = 8; /* default */
ret->w = 4; /* default */
ret->references = 1;
+
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
+ ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(ret);
+ return NULL;
+ }
return ret;
}
EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *pre)
{
+ int i;
if (pre != NULL)
- CRYPTO_add(&pre->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
+ CRYPTO_atomic_add(&pre->references, 1, &i, pre->lock);
return pre;
}
void EC_ec_pre_comp_free(EC_PRE_COMP *pre)
{
- if (pre == NULL
- || CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP) > 0)
+ int i;
+
+ if (pre == NULL)
+ return;
+
+ CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock);
+ REF_PRINT_COUNT("EC_ec", pre);
+ if (i > 0)
return;
+ REF_ASSERT_ISNT(i < 0);
if (pre->points != NULL) {
EC_POINT **pts;
@@ -126,6 +144,7 @@ void EC_ec_pre_comp_free(EC_PRE_COMP *pre)
EC_POINT_free(*pts);
OPENSSL_free(pre->points);
}
+ CRYPTO_THREAD_lock_free(pre->lock);
OPENSSL_free(pre);
}
diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c
index 0eea2e0..78bdc35 100644
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@@ -231,6 +231,7 @@ static const felem gmul[2][16][3] = {
struct nistp224_pre_comp_st {
felem g_pre_comp[2][16][3];
int references;
+ CRYPTO_RWLOCK *lock;
};
const EC_METHOD *EC_GFp_nistp224_method(void)
@@ -1216,22 +1217,40 @@ static NISTP224_PRE_COMP *nistp224_pre_comp_new()
ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
return ret;
}
+
ret->references = 1;
+
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
+ ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(ret);
+ return NULL;
+ }
return ret;
}
NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *p)
{
+ int i;
if (p != NULL)
- CRYPTO_add(&p->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
+ CRYPTO_atomic_add(&p->references, 1, &i, p->lock);
return p;
}
void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *p)
{
- if (p == NULL
- || CRYPTO_add(&p->references, -1, CRYPTO_LOCK_EC_PRE_COMP) > 0)
+ int i;
+
+ if (p == NULL)
+ return;
+
+ CRYPTO_atomic_add(&p->references, -1, &i, p->lock);
+ REF_PRINT_COUNT("EC_nistp224", x);
+ if (i > 0)
return;
+ REF_ASSERT_ISNT(i < 0);
+
+ CRYPTO_THREAD_lock_free(p->lock);
OPENSSL_free(p);
}
diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c
index 1549b9c..2da266c 100644
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
@@ -1760,6 +1760,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
struct nistp256_pre_comp_st {
smallfelem g_pre_comp[2][16][3];
int references;
+ CRYPTO_RWLOCK *lock;
};
const EC_METHOD *EC_GFp_nistp256_method(void)
@@ -1834,21 +1835,38 @@ static NISTP256_PRE_COMP *nistp256_pre_comp_new()
}
ret->references = 1;
+
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
+ ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(ret);
+ return NULL;
+ }
return ret;
}
NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *p)
{
+ int i;
if (p != NULL)
- CRYPTO_add(&p->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
+ CRYPTO_atomic_add(&p->references, 1, &i, p->lock);
return p;
}
void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *pre)
{
- if (pre == NULL
- || CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP) > 0)
+ int i;
+
+ if (pre == NULL)
return;
+
+ CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock);
+ REF_PRINT_COUNT("EC_nistp256", x);
+ if (i > 0)
+ return;
+ REF_ASSERT_ISNT(i < 0);
+
+ CRYPTO_THREAD_lock_free(pre->lock);
OPENSSL_free(pre);
}
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
index 629bf5d..a9b4295 100644
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -1589,6 +1589,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
struct nistp521_pre_comp_st {
felem g_pre_comp[16][3];
int references;
+ CRYPTO_RWLOCK *lock;
};
const EC_METHOD *EC_GFp_nistp521_method(void)
@@ -1661,22 +1662,40 @@ static NISTP521_PRE_COMP *nistp521_pre_comp_new()
ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
return ret;
}
+
ret->references = 1;
+
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
+ ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(ret);
+ return NULL;
+ }
return ret;
}
NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *p)
{
+ int i;
if (p != NULL)
- CRYPTO_add(&p->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
+ CRYPTO_atomic_add(&p->references, 1, &i, p->lock);
return p;
}
void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *p)
{
- if (p == NULL
- || CRYPTO_add(&p->references, -1, CRYPTO_LOCK_EC_PRE_COMP) > 0)
+ int i;
+
+ if (p == NULL)
+ return;
+
+ CRYPTO_atomic_add(&p->references, -1, &i, p->lock);
+ REF_PRINT_COUNT("EC_nistp521", x);
+ if (i > 0)
return;
+ REF_ASSERT_ISNT(i < 0);
+
+ CRYPTO_THREAD_lock_free(p->lock);
OPENSSL_free(p);
}
diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
index 0f8bd85..f2ef9be 100644
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -76,6 +76,7 @@ struct nistz256_pre_comp_st {
PRECOMP256_ROW *precomp;
void *precomp_storage;
int references;
+ CRYPTO_RWLOCK *lock;
};
/* Functions implemented in assembly */
@@ -1396,22 +1397,39 @@ static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group)
ret->group = group;
ret->w = 6; /* default */
ret->references = 1;
+
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
+ ECerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(ret);
+ return NULL;
+ }
return ret;
}
NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *p)
{
+ int i;
if (p != NULL)
- CRYPTO_add(&p->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
+ CRYPTO_atomic_add(&p->references, 1, &i, p->lock);
return p;
}
void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *pre)
{
- if (pre == NULL
- || CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP) > 0)
+ int i;
+
+ if (pre == NULL)
return;
+
+ CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock);
+ REF_PRINT_COUNT("EC_nistz256", x);
+ if (i > 0)
+ return;
+ REF_ASSERT_ISNT(i < 0);
+
OPENSSL_free(pre->precomp_storage);
+ CRYPTO_THREAD_lock_free(pre->lock);
OPENSSL_free(pre);
}
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index b34a268..a7d6244 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -190,18 +190,25 @@ EVP_PKEY *EVP_PKEY_new(void)
if (ret == NULL) {
EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
ret->type = EVP_PKEY_NONE;
ret->save_type = EVP_PKEY_NONE;
ret->references = 1;
ret->save_parameters = 1;
- return (ret);
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
+ EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ return ret;
}
void EVP_PKEY_up_ref(EVP_PKEY *pkey)
{
- CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ int i;
+ CRYPTO_atomic_add(&pkey->references, 1, &i, pkey->lock);
}
/*
@@ -416,7 +423,7 @@ void EVP_PKEY_free(EVP_PKEY *x)
if (x == NULL)
return;
- i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY);
+ CRYPTO_atomic_add(&x->references, -1, &i, x->lock);
REF_PRINT_COUNT("EVP_PKEY", x);
if (i > 0)
return;
@@ -437,6 +444,7 @@ static void EVP_PKEY_free_it(EVP_PKEY *x)
ENGINE_finish(x->engine);
x->engine = NULL;
#endif
+ CRYPTO_THREAD_lock_free(x->lock);
}
static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent,
diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
index 11c319d..872947a 100644
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -324,7 +324,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
return ret;
}
- CRYPTO_add(&peer->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_up_ref(peer);
return 1;
}
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 9ae61cf..26bec9a 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -175,7 +175,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
ret->operation = EVP_PKEY_OP_UNDEFINED;
ret->pkey = pkey;
if (pkey)
- CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_up_ref(pkey);
if (pmeth->init) {
if (pmeth->init(ret) <= 0) {
@@ -288,12 +288,12 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
#endif
if (pctx->pkey)
- CRYPTO_add(&pctx->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_up_ref(pctx->pkey);
rctx->pkey = pctx->pkey;
if (pctx->peerkey)
- CRYPTO_add(&pctx->peerkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_up_ref(pctx->peerkey);
rctx->peerkey = pctx->peerkey;
diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h
index cccc1e1..f5811c1 100644
--- a/crypto/include/internal/evp_int.h
+++ b/crypto/include/internal/evp_int.h
@@ -416,6 +416,7 @@ struct evp_pkey_st {
} pkey;
int save_parameters;
STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+ CRYPTO_RWLOCK *lock;
} /* EVP_PKEY */ ;
diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
index e6e7ed1..eec024c 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -104,6 +104,7 @@ struct X509_req_st {
X509_ALGOR sig_alg; /* signature algorithm */
ASN1_BIT_STRING *signature; /* signature */
int references;
+ CRYPTO_RWLOCK *lock;
};
struct X509_crl_info_st {
@@ -141,6 +142,7 @@ struct X509_crl_st {
/* alternative method to handle this CRL */
const X509_CRL_METHOD *meth;
void *meth_data;
+ CRYPTO_RWLOCK *lock;
};
struct x509_revoked_st {
@@ -212,6 +214,7 @@ struct x509_st {
# endif
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
X509_CERT_AUX *aux;
+ CRYPTO_RWLOCK *lock;
} /* X509 */ ;
/* PKCS#8 private key info structure */
diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
index 08e6c7b..7b08107 100644
--- a/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c
@@ -79,6 +79,14 @@ UI *UI_new_method(const UI_METHOD *method)
UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
return NULL;
}
+
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
+ UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+
if (method == NULL)
ret->meth = UI_get_default_method();
else
@@ -111,6 +119,7 @@ void UI_free(UI *ui)
return;
sk_UI_STRING_pop_free(ui->strings, free_string);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
+ CRYPTO_THREAD_lock_free(ui->lock);
OPENSSL_free(ui);
}
diff --git a/crypto/ui/ui_locl.h b/crypto/ui/ui_locl.h
index 5ed77fa..abbdd1c 100644
--- a/crypto/ui/ui_locl.h
+++ b/crypto/ui/ui_locl.h
@@ -139,6 +139,8 @@ struct ui_st {
# define UI_FLAG_REDOABLE 0x0001
# define UI_FLAG_PRINT_ERRORS 0x0100
int flags;
+
+ CRYPTO_RWLOCK *lock;
};
#endif
diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
index 9b4786b..9a48708 100644
--- a/crypto/ui/ui_openssl.c
+++ b/crypto/ui/ui_openssl.c
@@ -462,7 +462,7 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
/* Internal functions to open, handle and close a channel to the console. */
static int open_console(UI *ui)
{
- CRYPTO_w_lock(CRYPTO_LOCK_UI);
+ CRYPTO_THREAD_write_lock(ui->lock);
is_a_tty = 1;
#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)
@@ -569,7 +569,7 @@ static int close_console(UI *ui)
#ifdef OPENSSL_SYS_VMS
status = sys$dassgn(channel);
#endif
- CRYPTO_w_unlock(CRYPTO_LOCK_UI);
+ CRYPTO_THREAD_unlock(ui->lock);
return 1;
}
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index b53ec48..3b0daf1 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -194,8 +194,13 @@ X509_STORE *X509_STORE_new(void)
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
goto err;
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL)
+ goto err;
+
ret->references = 1;
return ret;
+
err:
X509_VERIFY_PARAM_free(ret->param);
sk_X509_OBJECT_free(ret->objs);
@@ -228,7 +233,7 @@ void X509_STORE_free(X509_STORE *vfy)
if (vfy == NULL)
return;
- i = CRYPTO_add(&vfy->references, -1, CRYPTO_LOCK_X509_STORE);
+ CRYPTO_atomic_add(&vfy->references, -1, &i, vfy->lock);
REF_PRINT_COUNT("X509_STORE", vfy);
if (i > 0)
return;
@@ -245,9 +250,22 @@ void X509_STORE_free(X509_STORE *vfy)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
X509_VERIFY_PARAM_free(vfy->param);
+ CRYPTO_THREAD_lock_free(vfy->lock);
OPENSSL_free(vfy);
}
+int X509_STORE_up_ref(X509_STORE *vfy)
+{
+ int i;
+
+ if (CRYPTO_atomic_add(&vfy->references, 1, &i, vfy->lock) <= 0)
+ return 0;
+
+ REF_PRINT_COUNT("X509_STORE", a);
+ REF_ASSERT_ISNT(i < 2);
+ return ((i > 1) ? 1 : 0);
+}
+
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
{
int i;
@@ -284,9 +302,9 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
X509_OBJECT stmp, *tmp;
int i, j;
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_write_lock(ctx->lock);
tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->lock);
if (tmp == NULL || type == X509_LU_CRL) {
for (i = vs->current_method;
@@ -332,7 +350,7 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
obj->type = X509_LU_X509;
obj->data.x509 = x;
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_write_lock(ctx->lock);
X509_OBJECT_up_ref_count(obj);
@@ -345,7 +363,7 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
} else
sk_X509_OBJECT_push(ctx->objs, obj);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->lock);
return ret;
}
@@ -365,7 +383,7 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
obj->type = X509_LU_CRL;
obj->data.crl = x;
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_write_lock(ctx->lock);
X509_OBJECT_up_ref_count(obj);
@@ -377,7 +395,7 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
} else
sk_X509_OBJECT_push(ctx->objs, obj);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->lock);
return ret;
}
@@ -474,7 +492,7 @@ STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
X509 *x;
X509_OBJECT *obj;
sk = sk_X509_new_null();
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_write_lock(ctx->ctx->lock);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
if (idx < 0) {
/*
@@ -482,16 +500,16 @@ STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
* cache
*/
X509_OBJECT xobj;
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) {
sk_X509_free(sk);
return NULL;
}
X509_OBJECT_free_contents(&xobj);
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_write_lock(ctx->ctx->lock);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
if (idx < 0) {
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
sk_X509_free(sk);
return NULL;
}
@@ -501,13 +519,13 @@ STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
x = obj->data.x509;
X509_up_ref(x);
if (!sk_X509_push(sk, x)) {
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
X509_free(x);
sk_X509_pop_free(sk, X509_free);
return NULL;
}
}
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
return sk;
}
@@ -528,10 +546,10 @@ STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
return NULL;
}
X509_OBJECT_free_contents(&xobj);
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_write_lock(ctx->ctx->lock);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
if (idx < 0) {
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
sk_X509_CRL_free(sk);
return NULL;
}
@@ -541,13 +559,13 @@ STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
x = obj->data.crl;
X509_CRL_up_ref(x);
if (!sk_X509_CRL_push(sk, x)) {
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
X509_CRL_free(x);
sk_X509_CRL_pop_free(sk, X509_CRL_free);
return NULL;
}
}
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
return sk;
}
@@ -621,7 +639,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
/* Else find index of first cert accepted by 'check_issued' */
ret = 0;
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_write_lock(ctx->ctx->lock);
idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
if (idx != -1) { /* should be true as we've had at least one
* match */
@@ -648,7 +666,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
}
}
}
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
if (*issuer)
X509_up_ref(*issuer);
return ret;
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index 9330a54..360ead8 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -148,7 +148,8 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
void X509_up_ref(X509 *x)
{
- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+ int i;
+ CRYPTO_atomic_add(&x->references, 1, &i, x->lock);
}
long X509_get_version(X509 *x)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index ae07f37..e2b1b96 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2160,8 +2160,9 @@ X509_STORE_CTX *X509_STORE_CTX_new(void)
void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
{
- if (!ctx)
+ if (ctx == NULL)
return;
+
X509_STORE_CTX_cleanup(ctx);
OPENSSL_free(ctx);
}
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index bc14374..ab5f192 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -134,7 +134,8 @@ int X509_CRL_sort(X509_CRL *c)
void X509_CRL_up_ref(X509_CRL *crl)
{
- CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
+ int i;
+ CRYPTO_atomic_add(&crl->references, 1, &i, crl->lock);
}
long X509_CRL_get_version(X509_CRL *crl)
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index af49271..0be8405 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -329,7 +329,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
}
-ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = {
+ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = {
ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO),
ASN1_EMBED(X509_CRL, sig_alg, X509_ALGOR),
ASN1_EMBED(X509_CRL, signature, ASN1_BIT_STRING)
@@ -435,9 +435,9 @@ static int def_crl_lookup(X509_CRL *crl,
* under a lock to avoid race condition.
*/
if (!sk_X509_REVOKED_is_sorted(crl->crl.revoked)) {
- CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
+ CRYPTO_THREAD_write_lock(crl->lock);
sk_X509_REVOKED_sort(crl->crl.revoked);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
+ CRYPTO_THREAD_unlock(crl->lock);
}
idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp);
if (idx < 0)
diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.c
index c1caf09..2fdf015 100644
--- a/crypto/x509/x_req.c
+++ b/crypto/x509/x_req.c
@@ -105,7 +105,7 @@ ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
-ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = {
+ASN1_SEQUENCE_ref(X509_REQ, 0) = {
ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO),
ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR),
ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 09004ef..3463955 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -123,7 +123,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
}
-ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
+ASN1_SEQUENCE_ref(X509, x509_cb) = {
ASN1_EMBED(X509, cert_info, X509_CINF),
ASN1_EMBED(X509, sig_alg, X509_ALGOR),
ASN1_EMBED(X509, signature, ASN1_BIT_STRING)
diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c
index 64fe3bc..bdce5a8 100644
--- a/crypto/x509v3/pcy_cache.c
+++ b/crypto/x509v3/pcy_cache.c
@@ -224,9 +224,9 @@ const X509_POLICY_CACHE *policy_cache_set(X509 *x)
{
if (x->policy_cache == NULL) {
- CRYPTO_w_lock(CRYPTO_LOCK_X509);
+ CRYPTO_THREAD_write_lock(x->lock);
policy_cache_new(x);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+ CRYPTO_THREAD_unlock(x->lock);
}
return x->policy_cache;
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index e5231b3..ae82fd1 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -128,9 +128,9 @@ int X509_check_purpose(X509 *x, int id, int ca)
int idx;
const X509_PURPOSE *pt;
if (!(x->ex_flags & EXFLAG_SET)) {
- CRYPTO_w_lock(CRYPTO_LOCK_X509);
+ CRYPTO_THREAD_write_lock(x->lock);
x509v3_cache_extensions(x);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+ CRYPTO_THREAD_unlock(x->lock);
}
/* Return if side-effect only call */
if (id == -1)
@@ -576,9 +576,9 @@ static int check_ca(const X509 *x)
int X509_check_ca(X509 *x)
{
if (!(x->ex_flags & EXFLAG_SET)) {
- CRYPTO_w_lock(CRYPTO_LOCK_X509);
+ CRYPTO_THREAD_write_lock(x->lock);
x509v3_cache_extensions(x);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+ CRYPTO_THREAD_unlock(x->lock);
}
return check_ca(x);
diff --git a/doc/crypto/BIO_new.pod b/doc/crypto/BIO_new.pod
index 76679f3..d6d87c3 100644
--- a/doc/crypto/BIO_new.pod
+++ b/doc/crypto/BIO_new.pod
@@ -2,7 +2,7 @@
=head1 NAME
-BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all - BIO allocation and freeing functions
+BIO_new, BIO_set, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all - BIO allocation and freeing functions
=head1 SYNOPSIS
@@ -10,6 +10,7 @@ BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all - BIO allocation and freeing
BIO * BIO_new(BIO_METHOD *type);
int BIO_set(BIO *a,BIO_METHOD *type);
+ int BIO_up_ref(BIO *a);
int BIO_free(BIO *a);
void BIO_vfree(BIO *a);
void BIO_free_all(BIO *a);
@@ -20,6 +21,8 @@ The BIO_new() function returns a new BIO using method B<type>.
BIO_set() sets the method of an already existing BIO.
+BIO_up_ref() increments the reference count associated with the BIO object.
+
BIO_free() frees up a single BIO, BIO_vfree() also frees up a single BIO
but it does not return a value.
If B<a> is NULL nothing is done.
@@ -36,7 +39,7 @@ If B<a> is NULL nothing is done.
BIO_new() returns a newly created BIO or NULL if the call fails.
-BIO_set(), BIO_free() return 1 for success and 0 for failure.
+BIO_set(), BIO_up_ref() and BIO_free() return 1 for success and 0 for failure.
BIO_free_all() and BIO_vfree() do not return values.
diff --git a/doc/crypto/X509_STORE_new.pod b/doc/crypto/X509_STORE_new.pod
new file mode 100644
index 0000000..37cabb5
--- /dev/null
+++ b/doc/crypto/X509_STORE_new.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+X509_STORE_new, X509_STORE_up_ref, X509_STORE_free - X509_STORE allocation and freeing functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509_vfy.h>
+
+ X509_STORE *X509_STORE_new(void);
+ void X509_STORE_free(X509_STORE *v);
+ int X509_STORE_up_ref(X509_STORE *v);
+
+=head1 DESCRIPTION
+
+The X509_STORE_new() function returns a new X509_STORE.
+
+X509_STORE_up_ref() increments the reference count associated with the
+X509_STORE object.
+
+X509_STORE_free() frees up a single X509_STORE object.
+
+=head1 RETURN VALUES
+
+X509_STORE_new() returns a newly created X509_STORE or NULL if the call fails.
+
+X509_STORE_up_ref() returns 1 for success and 0 for failure.
+
+X509_STORE_free() does not return values.
+
+=head1 SEE ALSO
+
+L<X509_STORE_set_verify_cb_func(3)>
+
+=cut
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h
index 1a17ee9..455efff 100644
--- a/include/openssl/asn1t.h
+++ b/include/openssl/asn1t.h
@@ -207,8 +207,8 @@ extern "C" {
static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
ASN1_SEQUENCE(tname)
-# define ASN1_SEQUENCE_ref(tname, cb, lck) \
- static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
+# define ASN1_SEQUENCE_ref(tname, cb) \
+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0}; \
ASN1_SEQUENCE(tname)
# define ASN1_SEQUENCE_enc(tname, enc, cb) \
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index a1b4ced..ae59948 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -326,6 +326,7 @@ struct bio_st {
uint64_t num_read;
uint64_t num_write;
CRYPTO_EX_DATA ex_data;
+ CRYPTO_RWLOCK *lock;
};
DEFINE_STACK_OF(BIO)
@@ -635,6 +636,7 @@ BIO *BIO_new(BIO_METHOD *type);
int BIO_set(BIO *a, BIO_METHOD *type);
int BIO_free(BIO *a);
void BIO_vfree(BIO *a);
+int BIO_up_ref(BIO *a);
int BIO_read(BIO *b, void *data, int len);
int BIO_gets(BIO *bp, char *buf, int size);
int BIO_write(BIO *b, const void *data, int len);
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 53c26b9..41eac25 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -165,12 +165,6 @@ extern "C" {
* names in cryptlib.c
*/
-# define CRYPTO_LOCK_X509 3
-# define CRYPTO_LOCK_X509_INFO 4
-# define CRYPTO_LOCK_X509_PKEY 5
-# define CRYPTO_LOCK_X509_CRL 6
-# define CRYPTO_LOCK_X509_REQ 7
-# define CRYPTO_LOCK_EVP_PKEY 10
# define CRYPTO_LOCK_X509_STORE 11
# define CRYPTO_LOCK_SSL_CTX 12
# define CRYPTO_LOCK_SSL_CERT 13
@@ -181,18 +175,14 @@ extern "C" {
# define CRYPTO_LOCK_RAND 18
# define CRYPTO_LOCK_RAND2 19
# define CRYPTO_LOCK_MALLOC 20
-# define CRYPTO_LOCK_BIO 21
# define CRYPTO_LOCK_READDIR 24
# define CRYPTO_LOCK_RSA_BLINDING 25
# define CRYPTO_LOCK_MALLOC2 27
# define CRYPTO_LOCK_DYNLOCK 29
# define CRYPTO_LOCK_ENGINE 30
-# define CRYPTO_LOCK_UI 31
# define CRYPTO_LOCK_ECDSA 32
-# define CRYPTO_LOCK_EC 33
# define CRYPTO_LOCK_ECDH 34
# define CRYPTO_LOCK_BN 35
-# define CRYPTO_LOCK_EC_PRE_COMP 36
# define CRYPTO_LOCK_STORE 37
# define CRYPTO_LOCK_COMP 38
# define CRYPTO_LOCK_FIPS 39
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index fc77886..fe60dc8 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -133,6 +133,7 @@ struct X509_pubkey_st {
X509_ALGOR *algor;
ASN1_BIT_STRING *public_key;
EVP_PKEY *pkey;
+ CRYPTO_RWLOCK *lock;
};
typedef struct X509_sig_st {
@@ -311,6 +312,7 @@ typedef struct private_key_st {
/* expanded version of 'enc_algor' */
EVP_CIPHER_INFO cipher;
int references;
+ CRYPTO_RWLOCK *lock;
} X509_PKEY;
typedef struct X509_info_st {
@@ -321,6 +323,7 @@ typedef struct X509_info_st {
int enc_len;
char *enc_data;
int references;
+ CRYPTO_RWLOCK *lock;
} X509_INFO;
DEFINE_STACK_OF(X509_INFO)
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index f2bd073..e883349 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -179,6 +179,7 @@ struct x509_store_st {
int (*cleanup) (X509_STORE_CTX *ctx);
CRYPTO_EX_DATA ex_data;
int references;
+ CRYPTO_RWLOCK *lock;
} /* X509_STORE */ ;
int X509_STORE_set_depth(X509_STORE *store, int depth);
@@ -430,6 +431,7 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a);
void X509_OBJECT_free_contents(X509_OBJECT *a);
X509_STORE *X509_STORE_new(void);
void X509_STORE_free(X509_STORE *v);
+int X509_STORE_up_ref(X509_STORE *v);
STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index 9eec022..c433cf5 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -338,7 +338,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
if (b->next_bio != NULL)
BIO_push(bio, b->next_bio);
b->next_bio = bio;
- CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
+ BIO_up_ref(bio);
}
b->init = 1;
break;
@@ -371,7 +371,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_PUSH:
if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) {
SSL_set_bio(ssl, b->next_bio, b->next_bio);
- CRYPTO_add(&b->next_bio->references, 1, CRYPTO_LOCK_BIO);
+ BIO_up_ref(b);
}
break;
case BIO_CTRL_POP:
@@ -384,7 +384,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
if (ssl->rbio != ssl->wbio)
BIO_free_all(ssl->wbio);
if (b->next_bio != NULL)
- CRYPTO_add(&b->next_bio->references, -1, CRYPTO_LOCK_BIO);
+ BIO_free(b->next_bio);
ssl->wbio = NULL;
ssl->rbio = NULL;
}
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index faa7a95..e804412 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -273,13 +273,12 @@ CERT *ssl_cert_dup(CERT *cert)
ret->cert_cb_arg = cert->cert_cb_arg;
if (cert->verify_store) {
- CRYPTO_add(&cert->verify_store->references, 1,
- CRYPTO_LOCK_X509_STORE);
+ X509_STORE_up_ref(cert->verify_store);
ret->verify_store = cert->verify_store;
}
if (cert->chain_store) {
- CRYPTO_add(&cert->chain_store->references, 1, CRYPTO_LOCK_X509_STORE);
+ X509_STORE_up_ref(cert->chain_store);
ret->chain_store = cert->chain_store;
}
@@ -1056,7 +1055,7 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
X509_STORE_free(*pstore);
*pstore = store;
if (ref && store)
- CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
+ X509_STORE_up_ref(store);
return 1;
}
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 3ae4500..96b87ce 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4043,3 +4043,5 @@ PKCS8_pkey_add1_attr_by_NID 3908 1_1_0 EXIST::FUNCTION:
ASYNC_is_capable 3909 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_set_cipher_data 3910 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_get_cipher_data 3911 1_1_0 EXIST::FUNCTION:
+BIO_up_ref 3912 1_1_0 EXIST::FUNCTION:
+X509_STORE_up_ref 3913 1_1_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list