diff options
Diffstat (limited to 'src/crypto/x509')
| -rw-r--r-- | src/crypto/x509/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | src/crypto/x509/by_dir.c | 23 | ||||
| -rw-r--r-- | src/crypto/x509/x509_lu.c | 65 | ||||
| -rw-r--r-- | src/crypto/x509/x509_vfy.c | 6 | ||||
| -rw-r--r-- | src/crypto/x509/x_crl.c | 26 | ||||
| -rw-r--r-- | src/crypto/x509/x_info.c | 16 | ||||
| -rw-r--r-- | src/crypto/x509/x_pkey.c | 6 | ||||
| -rw-r--r-- | src/crypto/x509/x_pubkey.c | 16 | ||||
| -rw-r--r-- | src/crypto/x509/x_req.c | 2 | ||||
| -rw-r--r-- | src/crypto/x509/x_x509.c | 4 |
10 files changed, 85 insertions, 81 deletions
diff --git a/src/crypto/x509/CMakeLists.txt b/src/crypto/x509/CMakeLists.txt index 96cf35c..3bb5704 100644 --- a/src/crypto/x509/CMakeLists.txt +++ b/src/crypto/x509/CMakeLists.txt @@ -59,6 +59,8 @@ add_executable( pkcs7_test pkcs7_test.c + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(pkcs7_test crypto) diff --git a/src/crypto/x509/by_dir.c b/src/crypto/x509/by_dir.c index 098c1bd..34bb1e4 100644 --- a/src/crypto/x509/by_dir.c +++ b/src/crypto/x509/by_dir.c @@ -66,6 +66,8 @@ #include <openssl/thread.h> #include <openssl/x509.h> +#include "../internal.h" + typedef struct lookup_dir_hashes_st { @@ -262,6 +264,10 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) return 1; } +/* g_ent_hashes_lock protects the |hashes| member of all |BY_DIR_ENTRY| + * objects. */ +static struct CRYPTO_STATIC_MUTEX g_ent_hashes_lock = CRYPTO_STATIC_MUTEX_INIT; + static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, X509_OBJECT *ret) { @@ -337,7 +343,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, if (type == X509_LU_CRL && ent->hashes) { htmp.hash = h; - CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_STATIC_MUTEX_lock_read(&g_ent_hashes_lock); if (sk_BY_DIR_HASH_find(ent->hashes, &idx, &htmp)) { hent = sk_BY_DIR_HASH_value(ent->hashes, idx); @@ -348,7 +354,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, hent = NULL; k=0; } - CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_STATIC_MUTEX_unlock(&g_ent_hashes_lock); } else { @@ -418,19 +424,19 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, /* we have added it to the cache so now pull * it out again */ - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&xl->store_ctx->objs_lock); tmp = NULL; if (sk_X509_OBJECT_find(xl->store_ctx->objs, &idx, &stmp)) { tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,idx); } - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&xl->store_ctx->objs_lock); /* If a CRL, update the last file suffix added for this */ if (type == X509_LU_CRL) { - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_STATIC_MUTEX_lock_write(&g_ent_hashes_lock); /* Look for entry again in case another thread added * an entry first. */ @@ -445,7 +451,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, hent = OPENSSL_malloc(sizeof(BY_DIR_HASH)); if (hent == NULL) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_STATIC_MUTEX_unlock(&g_ent_hashes_lock); ok = 0; goto finish; } @@ -453,7 +459,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, hent->suffix = k; if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_STATIC_MUTEX_unlock(&g_ent_hashes_lock); OPENSSL_free(hent); ok = 0; goto finish; @@ -462,8 +468,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, else if (hent->suffix < k) hent->suffix = k; - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - + CRYPTO_STATIC_MUTEX_unlock(&g_ent_hashes_lock); } if (tmp != NULL) diff --git a/src/crypto/x509/x509_lu.c b/src/crypto/x509/x509_lu.c index 34ef26e..a662305 100644 --- a/src/crypto/x509/x509_lu.c +++ b/src/crypto/x509/x509_lu.c @@ -64,6 +64,8 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> +#include "../internal.h" + X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { @@ -186,6 +188,7 @@ X509_STORE *X509_STORE_new(void) return NULL; memset(ret, 0, sizeof(*ret)); ret->objs = sk_X509_OBJECT_new(x509_object_cmp); + CRYPTO_MUTEX_init(&ret->objs_lock); ret->cache = 1; ret->get_cert_methods = sk_X509_LOOKUP_new_null(); @@ -228,7 +231,6 @@ static void cleanup(X509_OBJECT *a) void X509_STORE_free(X509_STORE *vfy) { - int i; size_t j; STACK_OF(X509_LOOKUP) *sk; X509_LOOKUP *lu; @@ -236,18 +238,11 @@ void X509_STORE_free(X509_STORE *vfy) if (vfy == NULL) return; - i=CRYPTO_add(&vfy->references,-1,CRYPTO_LOCK_X509_STORE); -#ifdef REF_PRINT - REF_PRINT("X509_STORE",vfy); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"X509_STORE_free, bad reference count\n"); - abort(); /* ok */ - } -#endif + if (!CRYPTO_refcount_dec_and_test_zero(&vfy->references)) { + return; + } + + CRYPTO_MUTEX_cleanup(&vfy->objs_lock); sk=vfy->get_cert_methods; for (j=0; j<sk_X509_LOOKUP_num(sk); j++) @@ -304,9 +299,9 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, X509_OBJECT stmp,*tmp; int i,j; - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->objs_lock); tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->objs_lock); if (tmp == NULL || type == X509_LU_CRL) { @@ -356,7 +351,7 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) obj->type=X509_LU_X509; obj->data.x509=x; - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->objs_lock); X509_OBJECT_up_ref_count(obj); @@ -369,7 +364,7 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) } else sk_X509_OBJECT_push(ctx->objs, obj); - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->objs_lock); return ret; } @@ -389,7 +384,7 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) obj->type=X509_LU_CRL; obj->data.crl=x; - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->objs_lock); X509_OBJECT_up_ref_count(obj); @@ -402,7 +397,7 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) } else sk_X509_OBJECT_push(ctx->objs, obj); - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->objs_lock); return ret; } @@ -415,7 +410,7 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a) X509_up_ref(a->data.x509); break; case X509_LU_CRL: - CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL); + CRYPTO_refcount_inc(&a->data.crl->references); break; } } @@ -503,7 +498,7 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) X509 *x; X509_OBJECT *obj; sk = sk_X509_new_null(); - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock); idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); if (idx < 0) { @@ -511,18 +506,18 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) * objects to cache */ X509_OBJECT xobj; - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) { sk_X509_free(sk); return NULL; } X509_OBJECT_free_contents(&xobj); - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock); idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_X509,nm, &cnt); if (idx < 0) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); sk_X509_free(sk); return NULL; } @@ -533,13 +528,13 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) x = obj->data.x509; if (!sk_X509_push(sk, X509_up_ref(x))) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); X509_free(x); sk_X509_pop_free(sk, X509_free); return NULL; } } - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); return sk; } @@ -551,24 +546,24 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) X509_CRL *x; X509_OBJECT *obj, xobj; sk = sk_X509_CRL_new_null(); - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock); /* Check cache first */ idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); /* Always do lookup to possibly add new CRLs to cache */ - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) { sk_X509_CRL_free(sk); return NULL; } X509_OBJECT_free_contents(&xobj); - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock); idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_CRL, nm, &cnt); if (idx < 0) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); sk_X509_CRL_free(sk); return NULL; } @@ -577,16 +572,16 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) { obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); x = obj->data.crl; - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); + CRYPTO_refcount_inc(&x->references); if (!sk_X509_CRL_push(sk, x)) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); X509_CRL_free(x); sk_X509_CRL_pop_free(sk, X509_CRL_free); return NULL; } } - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); return sk; } @@ -667,7 +662,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) /* Else find index of first cert accepted by 'check_issued' */ ret = 0; - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock); idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); if (idx != -1) /* should be true as we've had at least one match */ { @@ -689,7 +684,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) } } } - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); return ret; } diff --git a/src/crypto/x509/x509_vfy.c b/src/crypto/x509/x509_vfy.c index a0cd9fc..2ba9c84 100644 --- a/src/crypto/x509/x509_vfy.c +++ b/src/crypto/x509/x509_vfy.c @@ -273,7 +273,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) OPENSSL_PUT_ERROR(X509, X509_verify_cert, ERR_R_MALLOC_FAILURE); goto end; } - CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); + CRYPTO_refcount_inc(&xtmp->references); (void)sk_X509_delete_ptr(sktmp,xtmp); ctx->last_untrusted++; x=xtmp; @@ -990,7 +990,7 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, *pissuer = best_crl_issuer; *pscore = best_score; *preasons = best_reasons; - CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); + CRYPTO_refcount_inc(&best_crl->references); if (*pdcrl) { X509_CRL_free(*pdcrl); @@ -1097,7 +1097,7 @@ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, { if (check_crl_time(ctx, delta, 0)) *pscore |= CRL_SCORE_TIME_DELTA; - CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL); + CRYPTO_refcount_inc(&delta->references); *dcrl = delta; return; } diff --git a/src/crypto/x509/x_crl.c b/src/crypto/x509/x_crl.c index aa92fa9..2f41bb1 100644 --- a/src/crypto/x509/x_crl.c +++ b/src/crypto/x509/x_crl.c @@ -65,6 +65,9 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> +#include "../internal.h" + + /* Method to handle CRL access. * In general a CRL could be very large (several Mb) and can consume large * amounts of resources if stored in memory by multiple processes. @@ -370,7 +373,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); } -ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = { +ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = { ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) @@ -463,6 +466,8 @@ static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, } +static struct CRYPTO_STATIC_MUTEX g_crl_sort_lock = CRYPTO_STATIC_MUTEX_INIT; + static int def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer) { @@ -471,13 +476,22 @@ static int def_crl_lookup(X509_CRL *crl, rtmp.serialNumber = serial; /* Sort revoked into serial number order if not already sorted. * Do this under a lock to avoid race condition. - */ - if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) + */ + + CRYPTO_STATIC_MUTEX_lock_read(&g_crl_sort_lock); + const int is_sorted = sk_X509_REVOKED_is_sorted(crl->crl->revoked); + CRYPTO_STATIC_MUTEX_unlock(&g_crl_sort_lock); + + if (!is_sorted) { - CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); - sk_X509_REVOKED_sort(crl->crl->revoked); - CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); + CRYPTO_STATIC_MUTEX_lock_write(&g_crl_sort_lock); + if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) + { + sk_X509_REVOKED_sort(crl->crl->revoked); + } + CRYPTO_STATIC_MUTEX_unlock(&g_crl_sort_lock); } + if (!sk_X509_REVOKED_find(crl->crl->revoked, &idx, &rtmp)) return 0; /* Need to look for matching name */ diff --git a/src/crypto/x509/x_info.c b/src/crypto/x509/x_info.c index 6807b24..f9e9ab8 100644 --- a/src/crypto/x509/x_info.c +++ b/src/crypto/x509/x_info.c @@ -77,7 +77,6 @@ X509_INFO *X509_INFO_new(void) ret->enc_len=0; ret->enc_data=NULL; - ret->references=1; ret->x509=NULL; ret->crl=NULL; ret->x_pkey=NULL; @@ -86,23 +85,8 @@ X509_INFO *X509_INFO_new(void) void X509_INFO_free(X509_INFO *x) { - int i; - if (x == NULL) return; - i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO); -#ifdef REF_PRINT - REF_PRINT("X509_INFO",x); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"X509_INFO_free, bad reference count\n"); - abort(); - } -#endif - if (x->x509 != NULL) X509_free(x->x509); if (x->crl != NULL) X509_CRL_free(x->crl); if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey); diff --git a/src/crypto/x509/x_pkey.c b/src/crypto/x509/x_pkey.c index 5acbe5b..5bc6415 100644 --- a/src/crypto/x509/x_pkey.c +++ b/src/crypto/x509/x_pkey.c @@ -73,7 +73,6 @@ X509_PKEY *X509_PKEY_new(void) goto err; } memset(ret, 0, sizeof(X509_PKEY)); - ret->references=1; ret->enc_algor = X509_ALGOR_new(); if (ret->enc_algor == NULL) @@ -91,13 +90,8 @@ err: void X509_PKEY_free(X509_PKEY *x) { - int i; - if (x == NULL) return; - i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY); - if (i > 0) return; - if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor); if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey); if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey); diff --git a/src/crypto/x509/x_pubkey.c b/src/crypto/x509/x_pubkey.c index d6512ae..c2e0863 100644 --- a/src/crypto/x509/x_pubkey.c +++ b/src/crypto/x509/x_pubkey.c @@ -64,6 +64,7 @@ #include <openssl/x509.h> #include "../evp/internal.h" +#include "../internal.h" /* Minor tweak to operation: free up EVP_PKEY */ @@ -126,16 +127,25 @@ error: return 0; } +/* g_pubkey_lock is used to protect the initialisation of the |pkey| member of + * |X509_PUBKEY| objects. Really |X509_PUBKEY| should have a |CRYPTO_once_t| + * inside it for this, but |CRYPTO_once_t| is private and |X509_PUBKEY| is + * not. */ +static struct CRYPTO_STATIC_MUTEX g_pubkey_lock = CRYPTO_STATIC_MUTEX_INIT; + EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) { EVP_PKEY *ret=NULL; if (key == NULL) goto error; + CRYPTO_STATIC_MUTEX_lock_read(&g_pubkey_lock); if (key->pkey != NULL) { + CRYPTO_STATIC_MUTEX_unlock(&g_pubkey_lock); return EVP_PKEY_up_ref(key->pkey); } + CRYPTO_STATIC_MUTEX_unlock(&g_pubkey_lock); if (key->public_key == NULL) goto error; @@ -166,17 +176,17 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) } /* Check to see if another thread set key->pkey first */ - CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); + CRYPTO_STATIC_MUTEX_lock_write(&g_pubkey_lock); if (key->pkey) { - CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + CRYPTO_STATIC_MUTEX_unlock(&g_pubkey_lock); EVP_PKEY_free(ret); ret = key->pkey; } else { key->pkey = ret; - CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + CRYPTO_STATIC_MUTEX_unlock(&g_pubkey_lock); } return EVP_PKEY_up_ref(ret); diff --git a/src/crypto/x509/x_req.c b/src/crypto/x509/x_req.c index 8bf4613..3d30129 100644 --- a/src/crypto/x509/x_req.c +++ b/src/crypto/x509/x_req.c @@ -102,7 +102,7 @@ ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) -ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = { +ASN1_SEQUENCE_ref(X509_REQ, 0) = { ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO), ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR), ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) diff --git a/src/crypto/x509/x_x509.c b/src/crypto/x509/x_x509.c index 234494d..c975dd3 100644 --- a/src/crypto/x509/x_x509.c +++ b/src/crypto/x509/x_x509.c @@ -131,7 +131,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, } -ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = { +ASN1_SEQUENCE_ref(X509, x509_cb) = { ASN1_SIMPLE(X509, cert_info, X509_CINF), ASN1_SIMPLE(X509, sig_alg, X509_ALGOR), ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING) @@ -142,7 +142,7 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509) X509 *X509_up_ref(X509 *x) { - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + CRYPTO_refcount_inc(&x->references); return x; } |