自学教程：C++ CRYPTO_add函数代码示例

int RSA_up_ref(RSA *r)	{	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);#ifdef REF_PRINT	REF_PRINT("RSA",r);#endif#if 0//def REF_CHECK	if (i < 2)		{		abort();		}#endif	return ((i > 1) ? 1 : 0);	}

int EC_KEY_up_ref(EC_KEY *r){    int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);#ifdef REF_PRINT    REF_PRINT("EC_KEY", r);#endif#ifdef REF_CHECK    if (i < 2) {        fprintf(stderr, "EC_KEY_up, bad reference count/n");        abort();    }#endif    return ((i > 1) ? 1 : 0);}

int DSA_up_ref(DSA *r){    int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);#ifdef REF_PRINT    REF_PRINT("DSA", r);#endif#ifdef REF_CHECK    if (i < 2) {        fprintf(stderr, "DSA_up_ref, bad reference count/n");        abort();    }#endif    return ((i > 1) ? 1 : 0);}

intPKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509){	int ret;	EVP_PKEY *pkey = NULL;	if (!ASN1_INTEGER_set(p7i->version, 0))		return 0;	if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,	    X509_get_issuer_name(x509)))		return 0;	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);	if (!(p7i->issuer_and_serial->serial =	    M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))		return 0;	pkey = X509_get_pubkey(x509);	if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,		    PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);		goto err;	}	ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,	    0, p7i);	if (ret == -2) {		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,		    PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);		goto err;	}	if (ret <= 0) {		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,		    PKCS7_R_ENCRYPTION_CTRL_FAILURE);		goto err;	}	EVP_PKEY_free(pkey);	CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);	p7i->cert = x509;	return 1;err:	if (pkey)		EVP_PKEY_free(pkey);	return 0;}

void ssl_cert_free(CERT *c)	{	int i;	if(c == NULL)	    return;	i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);#ifdef REF_PRINT	REF_PRINT("CERT",c);#endif	if (i > 0) return;#ifdef REF_CHECK	if (i < 0)		{		fprintf(stderr,"ssl_cert_free, bad reference count/n");		abort(); /* ok */		}#endif#ifndef OPENSSL_NO_RSA	if (c->rsa_tmp) RSA_free(c->rsa_tmp);#endif#ifndef OPENSSL_NO_DH	if (c->dh_tmp) DH_free(c->dh_tmp);#endif#ifndef OPENSSL_NO_ECDH	if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);#endif	ssl_cert_clear_certs(c);	if (c->peer_sigalgs)		OPENSSL_free(c->peer_sigalgs);	if (c->conf_sigalgs)		OPENSSL_free(c->conf_sigalgs);	if (c->client_sigalgs)		OPENSSL_free(c->client_sigalgs);	if (c->shared_sigalgs)		OPENSSL_free(c->shared_sigalgs);	if (c->ctypes)		OPENSSL_free(c->ctypes);	if (c->verify_store)		X509_STORE_free(c->verify_store);	if (c->chain_store)		X509_STORE_free(c->chain_store);	if (c->ciphers_raw)		OPENSSL_free(c->ciphers_raw);	OPENSSL_free(c);	}

X509 *original_SSL_get_peer_certificate(const SSL *ssl){    X509 *r;    if ((ssl == NULL) || (ssl->session == NULL))        r=NULL;    else        r=ssl->session->peer;    if (r == NULL) return(r);    CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);    return(r);}

int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)	{	OCSP_SIGNATURE *sig;	if (!req->optionalSignature)		req->optionalSignature = OCSP_SIGNATURE_new();	sig = req->optionalSignature;	if (!sig) return 0;	if (!cert) return 1;	if (!sig->certs && !(sig->certs = sk_X509_new_null()))		return 0;	if(!sk_X509_push(sig->certs, cert)) return 0;	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);	return 1;	}

static LUA_FUNCTION(openssl_bio_pop){  BIO* bio = CHECK_OBJECT(1, BIO, "openssl.bio");  BIO* end = BIO_pop(bio);  if (end)  {    lua_pushnil(L);  }  else  {    CRYPTO_add(&end->references, 1, CRYPTO_LOCK_BIO);    PUSH_OBJECT(end, "openssl.bio");  }  return 1;}

int DH_up_ref(DH *r)	{	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);#ifdef REF_PRINT	REF_PRINT("DH",r);#endif#ifdef REF_CHECK	if (i < 2)		{		TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR, "DH_up, bad reference count/n");		TINYCLR_SSL_ABORT();		}#endif	return ((i > 1) ? 1 : 0);	}

void EVP_PKEY_free(EVP_PKEY *x){    int i;    if (x == NULL)        return;    i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY);    REF_PRINT_COUNT("EVP_PKEY", x);    if (i > 0)        return;    REF_ASSERT_ISNT(i < 0);    EVP_PKEY_free_it(x);    sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);    OPENSSL_free(x);}

static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey){    int i;    i = ssl_cert_type(NULL, pkey);    if (i < 0) {        SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);        return (0);    }    if (c->pkeys[i].x509 != NULL) {        EVP_PKEY *pktmp;        pktmp = X509_get_pubkey(c->pkeys[i].x509);        if (pktmp == NULL) {            SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE);            EVP_PKEY_free(pktmp);            return 0;        }        /*         * The return code from EVP_PKEY_copy_parameters is deliberately         * ignored. Some EVP_PKEY types cannot do this.         */        EVP_PKEY_copy_parameters(pktmp, pkey);        EVP_PKEY_free(pktmp);        ERR_clear_error();#ifndef OPENSSL_NO_RSA        /*         * Don't check the public/private key, this is mostly for smart         * cards.         */        if ((pkey->type == EVP_PKEY_RSA) &&            (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) ;        else#endif        if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {            X509_free(c->pkeys[i].x509);            c->pkeys[i].x509 = NULL;            return 0;        }    }    EVP_PKEY_free(c->pkeys[i].privatekey);    CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);    c->pkeys[i].privatekey = pkey;    c->key = &(c->pkeys[i]);    return (1);}

int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,	     EVP_MD *dgst)	{	char is_dsa;	if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;	else is_dsa = 0;	/* We now need to add another PKCS7_SIGNER_INFO entry */	ASN1_INTEGER_set(p7i->version,1);	X509_NAME_set(&p7i->issuer_and_serial->issuer,		X509_get_issuer_name(x509));	/* because ASN1_INTEGER_set is used to set a 'long' we will do	 * things the ugly way. */	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);	p7i->issuer_and_serial->serial=		M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));	/* lets keep the pkey around for a while */	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);	p7i->pkey=pkey;	/* Set the algorithms */	if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);	else			p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));	if (p7i->digest_alg->parameter != NULL)		ASN1_TYPE_free(p7i->digest_alg->parameter);	if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)		goto err;	p7i->digest_alg->parameter->type=V_ASN1_NULL;	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));	if (p7i->digest_enc_alg->parameter != NULL)		ASN1_TYPE_free(p7i->digest_enc_alg->parameter);	if(is_dsa) p7i->digest_enc_alg->parameter = NULL;	else {		if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))			goto err;		p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;	}	return(1);err:	return(0);	}

void DH_free (DH * r){    int i;    if (r == NULL)        return;    i = CRYPTO_add (&r->references, -1, CRYPTO_LOCK_DH);#ifdef REF_PRINT    REF_PRINT ("DH", r);#endif    if (i > 0)        return;#ifdef REF_CHECK    if (i < 0)    {        fprintf (stderr, "DH_free, bad reference count/n");        abort ();    }#endif    if (r->meth->finish)        r->meth->finish (r);#ifndef OPENSSL_NO_ENGINE    if (r->engine)        ENGINE_finish (r->engine);#endif    CRYPTO_free_ex_data (CRYPTO_EX_INDEX_DH, r, &r->ex_data);    if (r->p != NULL)        BN_clear_free (r->p);    if (r->g != NULL)        BN_clear_free (r->g);    if (r->q != NULL)        BN_clear_free (r->q);    if (r->j != NULL)        BN_clear_free (r->j);    if (r->seed)        OPENSSL_free (r->seed);    if (r->counter != NULL)        BN_clear_free (r->counter);    if (r->pub_key != NULL)        BN_clear_free (r->pub_key);    if (r->priv_key != NULL)        BN_clear_free (r->priv_key);    OPENSSL_free (r);}

int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,	     const EVP_MD *dgst)	{	int ret;	/* We now need to add another PKCS7_SIGNER_INFO entry */	if (!ASN1_INTEGER_set(p7i->version,1))		goto err;	if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,			X509_get_issuer_name(x509)))		goto err;	/* because ASN1_INTEGER_set is used to set a 'long' we will do	 * things the ugly way. */	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);	if (!(p7i->issuer_and_serial->serial=			M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))		goto err;	/* lets keep the pkey around for a while */	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);	p7i->pkey=pkey;	/* Set the algorithms */	X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),				V_ASN1_NULL, NULL);	if (pkey->ameth && pkey->ameth->pkey_ctrl)		{		ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN,						0, p7i);		if (ret > 0)			return 1;		if (ret != -2)			{			PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,					PKCS7_R_SIGNING_CTRL_FAILURE);			return 0;			}		}	PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,			PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);err:	return 0;	}

voidEVP_PKEY_free(EVP_PKEY *x){	int i;	if (x == NULL)		return;	i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY);	if (i > 0)		return;	EVP_PKEY_free_it(x);	if (x->attributes)		sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);	free(x);}

/** * Return the nth certificate of the peer's chain. */static int meth_getpeercertificate(lua_State *L){  int n;  X509 *cert;  STACK_OF(X509) *certs;  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");  if (ssl->state != LSEC_STATE_CONNECTED) {    lua_pushnil(L);    lua_pushstring(L, "closed");    return 2;  }  /* Default to the first cert */   n = luaL_optint(L, 2, 1);                             /* This function is 1-based, but OpenSSL is 0-based */  --n;  if (n < 0) {    lua_pushnil(L);    lua_pushliteral(L, "invalid certificate index");    return 2;  }  if (n == 0) {    cert = SSL_get_peer_certificate(ssl->ssl);    if (cert)      lsec_pushx509(L, cert);    else      lua_pushnil(L);    return 1;  }  /* In a server-context, the stack doesn't contain the peer cert,   * so adjust accordingly.   */  if (ssl->ssl->server)    --n;  certs = SSL_get_peer_cert_chain(ssl->ssl);  if (n >= sk_X509_num(certs)) {    lua_pushnil(L);    return 1;  }  cert = sk_X509_value(certs, n);  /* Increment the reference counting of the object. */  /* See SSL_get_peer_certificate() source code.     */  CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);  lsec_pushx509(L, cert);  return 1;}

static PyObject *z_py_zorp_certificate_new(X509 *cert){  ZorpCertificate *self;  if (cert)    {      self = PyObject_New(ZorpCertificate, &z_py_zorp_certificate_type);      self->cert = cert;      CRYPTO_add(&cert->references,1,CRYPTO_LOCK_X509);      return (PyObject *) self;    }  else    {      return z_policy_none_ref();    }}

static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,                                       EVP_PKEY *pk, unsigned int flags){    CMS_KeyTransRecipientInfo *ktri;    int idtype;    ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);    if (!ri->d.ktri)        return 0;    ri->type = CMS_RECIPINFO_TRANS;    ktri = ri->d.ktri;    if (flags & CMS_USE_KEYID) {        ktri->version = 2;        idtype = CMS_RECIPINFO_KEYIDENTIFIER;    } else {        ktri->version = 0;        idtype = CMS_RECIPINFO_ISSUER_SERIAL;    }    /*     * Not a typo: RecipientIdentifier and SignerIdentifier are the same     * structure.     */    if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype))        return 0;    X509_up_ref(recip);    CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);    ktri->pkey = pk;    ktri->recip = recip;    if (flags & CMS_KEY_PARAM) {        ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);        if (!ktri->pctx)            return 0;        if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)            return 0;    } else if (!cms_env_asn1_ctrl(ri, 0))        return 0;    return 1;}

void ssl_cert_free(CERT *c){    int i;    if (c == NULL)        return;    i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT);#ifdef REF_PRINT    REF_PRINT("CERT", c);#endif    if (i > 0)        return;#ifdef REF_CHECK    if (i < 0) {        fprintf(stderr, "ssl_cert_free, bad reference count/n");        abort();                /* ok */    }#endif#ifndef OPENSSL_NO_RSA    RSA_free(c->rsa_tmp);#endif#ifndef OPENSSL_NO_DH    DH_free(c->dh_tmp);#endif#ifndef OPENSSL_NO_EC    EC_KEY_free(c->ecdh_tmp);#endif    ssl_cert_clear_certs(c);    OPENSSL_free(c->conf_sigalgs);    OPENSSL_free(c->client_sigalgs);    OPENSSL_free(c->shared_sigalgs);    OPENSSL_free(c->ctypes);    X509_STORE_free(c->verify_store);    X509_STORE_free(c->chain_store);    custom_exts_free(&c->cli_ext);    custom_exts_free(&c->srv_ext);#ifndef OPENSSL_NO_PSK    OPENSSL_free(c->psk_identity_hint);#endif    OPENSSL_free(c);}

int DSO_free(DSO *dso)	{        int i; 	if(dso == NULL)		{		DSOerr(DSO_F_DSO_FREE,ERR_R_PASSED_NULL_PARAMETER);		return(0);		} 	i=CRYPTO_add(&dso->references,-1,CRYPTO_LOCK_DSO);#ifdef REF_PRINT	REF_PRINT("DSO",dso);#endif	if(i > 0) return(1);#ifdef REF_CHECK	if(i < 0)		{		fprintf(stderr,"DSO_free, bad reference count/n");		abort();		}#endif	if((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso))		{		DSOerr(DSO_F_DSO_FREE,DSO_R_UNLOAD_FAILED);		return(0);		} 	if((dso->meth->finish != NULL) && !dso->meth->finish(dso))		{		DSOerr(DSO_F_DSO_FREE,DSO_R_FINISH_FAILED);		return(0);		}		sk_void_free(dso->meth_data);	if(dso->filename != NULL)		OPENSSL_free(dso->filename);	if(dso->loaded_filename != NULL)		OPENSSL_free(dso->loaded_filename); 	OPENSSL_free(dso);	return(1);	}

intSSL_set_session(SSL *s, SSL_SESSION *session){	int ret = 0;	const SSL_METHOD *meth;	if (session != NULL) {		meth = s->ctx->method->internal->get_ssl_method(session->ssl_version);		if (meth == NULL)			meth = s->method->internal->get_ssl_method(session->ssl_version);		if (meth == NULL) {			SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD);			return (0);		}		if (meth != s->method) {			if (!SSL_set_ssl_method(s, meth))				return (0);		}		/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/		CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);		if (s->session != NULL)			SSL_SESSION_free(s->session);		s->session = session;		s->verify_result = s->session->verify_result;		/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/		ret = 1;	} else {		if (s->session != NULL) {			SSL_SESSION_free(s->session);			s->session = NULL;		}		meth = s->ctx->method;		if (meth != s->method) {			if (!SSL_set_ssl_method(s, meth))				return (0);		}		ret = 1;	}	return (ret);}

int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],	OPENSSL_ITEM parameters[])	{	STORE_OBJECT *object;	int i;	check_store(s,STORE_F_STORE_STORE_PUBLIC_KEY,		store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);	object = STORE_OBJECT_new();	if (!object)		{		STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,			ERR_R_MALLOC_FAILURE);		return 0;		}	object->data.key = EVP_PKEY_new();	if (!object->data.key)		{		STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,			ERR_R_MALLOC_FAILURE);		return 0;		}		CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);#ifdef REF_PRINT	REF_PRINT("EVP_PKEY",data);#endif	object->data.key = data;	i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,		attributes, parameters);	STORE_OBJECT_free(object);	if (!i)		{		STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,			STORE_R_FAILED_STORING_KEY);		return 0;		}	return i;	}

void RSA_free(RSA *rsa) {  unsigned u;  if (rsa == NULL) {    return;  }  if (CRYPTO_add(&rsa->references, -1, CRYPTO_LOCK_RSA) > 0) {    return;  }  if (rsa->meth->finish) {    rsa->meth->finish(rsa);  }  METHOD_unref(rsa->meth);  CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, rsa, &rsa->ex_data);  if (rsa->n != NULL)    BN_clear_free(rsa->n);  if (rsa->e != NULL)    BN_clear_free(rsa->e);  if (rsa->d != NULL)    BN_clear_free(rsa->d);  if (rsa->p != NULL)    BN_clear_free(rsa->p);  if (rsa->q != NULL)    BN_clear_free(rsa->q);  if (rsa->dmp1 != NULL)    BN_clear_free(rsa->dmp1);  if (rsa->dmq1 != NULL)    BN_clear_free(rsa->dmq1);  if (rsa->iqmp != NULL)    BN_clear_free(rsa->iqmp);  for (u = 0; u < rsa->num_blindings; u++) {    BN_BLINDING_free(rsa->blindings[u]);  }  if (rsa->blindings != NULL)    OPENSSL_free(rsa->blindings);  if (rsa->blindings_inuse != NULL)    OPENSSL_free(rsa->blindings_inuse);  OPENSSL_free(rsa);}

void RSA_free(RSA *r)	{	int i;	if (r == NULL) return;	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);#ifdef REF_PRINT	REF_PRINT("RSA",r);#endif	if (i > 0) return;#ifdef REF_CHECK	if (i < 0)		{		fprintf(stderr,"RSA_free, bad reference count/n");		abort();		}#endif	if (r->meth->finish)		r->meth->finish(r);#ifndef OPENSSL_NO_ENGINE	if (r->engine)		ENGINE_finish(r->engine);#endif	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);	if (r->n != NULL) BN_clear_free(r->n);	if (r->e != NULL) BN_clear_free(r->e);	if (r->d != NULL) BN_clear_free(r->d);	if (r->p != NULL) BN_clear_free(r->p);	if (r->q != NULL) BN_clear_free(r->q);	if (r->dmp1 != NULL) BN_clear_free(r->dmp1);	if (r->dmq1 != NULL) BN_clear_free(r->dmq1);	if (r->iqmp != NULL) BN_clear_free(r->iqmp);#ifndef OPERA_SMALL_VERSION	if (r->blinding != NULL) BN_BLINDING_free(r->blinding);	if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);	if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);#endif	OPENSSL_free(r);	}

/* Do reference counting. The value 'op' decides what to do. if it is +1 then * the count is incremented. If op is 0 count is set to 1. If op is -1 count is * decremented and the return value is the current refrence count or 0 if no * reference count exists. */int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) {  const ASN1_AUX *aux;  int *lck, ret;  if (it->itype != ASN1_ITYPE_SEQUENCE &&      it->itype != ASN1_ITYPE_NDEF_SEQUENCE) {    return 0;  }  aux = it->funcs;  if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) {    return 0;  }  lck = offset2ptr(*pval, aux->ref_offset);  if (op == 0) {    *lck = 1;    return 1;  }  ret = CRYPTO_add(lck, op, aux->ref_lock);  return ret;}

int mosquitto_opts_set(struct mosquitto *mosq, enum mosq_opt_t option, void *value){	int ival;	if(!mosq || !value) return MOSQ_ERR_INVAL;	switch(option){		case MOSQ_OPT_PROTOCOL_VERSION:			ival = *((int *)value);			if(ival == MQTT_PROTOCOL_V31){				mosq->protocol = mosq_p_mqtt31;			}else if(ival == MQTT_PROTOCOL_V311){				mosq->protocol = mosq_p_mqtt311;			}else{				return MOSQ_ERR_INVAL;			}			break;		case MOSQ_OPT_SSL_CTX:#ifdef WITH_TLS			mosq->ssl_ctx = (SSL_CTX *)value;			if(mosq->ssl_ctx){#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)				SSL_CTX_up_ref(mosq->ssl_ctx);#else				CRYPTO_add(&(mosq->ssl_ctx)->references, 1, CRYPTO_LOCK_SSL_CTX);#endif			}			break;#else			return MOSQ_ERR_NOT_SUPPORTED;#endif		case MOSQ_OPT_SSL_CTX_WITH_DEFAULTS:#if defined(WITH_TLS) && OPENSSL_VERSION_NUMBER >= 0x10100000L			mosq->ssl_ctx_defaults = true;			break;#else			return MOSQ_ERR_NOT_SUPPORTED;#endif		default:			return MOSQ_ERR_INVAL;	}	return MOSQ_ERR_SUCCESS;}

static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)){    int to_return = 1;    switch(cmd)    {    case ENGINE_CTRL_SET_LOGSTREAM:    {        BIO *bio = (BIO *)p;        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);        if (logstream)        {            BIO_free(logstream);            logstream = NULL;        }        if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)            logstream = bio;        else            SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);    }    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);    break;    /* This will prevent the initialisation function from "installing"     * the mutex-handling callbacks, even if they are available from     * within the library (or were provided to the library from the     * calling application). This is to remove any baggage for     * applications not using multithreading. */    case ENGINE_CTRL_CHIL_NO_LOCKING:        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);        threadsafe = 0;        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);        break;    /* The command isn't understood by this engine */    default:        SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,                    ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);        to_return = 0;        break;    }    return to_return;}

static intssl_set_pkey(CERT *c, EVP_PKEY *pkey){	int i;	i = ssl_cert_type(NULL, pkey);	if (i < 0) {		SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);		return (0);	}	if (c->pkeys[i].x509 != NULL) {		EVP_PKEY *pktmp;		pktmp = X509_get_pubkey(c->pkeys[i].x509);		EVP_PKEY_copy_parameters(pktmp, pkey);		EVP_PKEY_free(pktmp);		ERR_clear_error();		/*		 * Don't check the public/private key, this is mostly		 * for smart cards.		 */		if ((pkey->type == EVP_PKEY_RSA) &&			(RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK));		else		if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {			X509_free(c->pkeys[i].x509);			c->pkeys[i].x509 = NULL;			return 0;		}	}	if (c->pkeys[i].privatekey != NULL)		EVP_PKEY_free(c->pkeys[i].privatekey);	CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);	c->pkeys[i].privatekey = pkey;	c->key = &(c->pkeys[i]);	c->valid = 0;	return (1);}

static int hwskf_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)){    int to_return = 1;    switch (cmd) {    case HWSKF_CMD_SO_PATH:        if (hwskf_dso) {            //HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_ALREADY_LOADED);            return 0;        }        if (p == NULL) {            //HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, ERR_R_PASSED_NULL_PARAMETER);            return 0;        }        return set_HWSKF_LIBNAME((const char *)p);    case ENGINE_CTRL_SET_LOGSTREAM:        {            BIO *bio = (BIO *)p;            CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);            if (logstream) {                BIO_free(logstream);                logstream = NULL;            }            if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)                logstream = bio;            //else                //HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED);        }        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);        break;        /* The command isn't understood by this engine */    default:        //HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,        //          HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);        to_return = 0;        break;    }    return to_return;}

X509_CRL *STORE_list_crl_next(STORE *s, void *handle){	STORE_OBJECT *object;	X509_CRL *crl;	check_store(s, STORE_F_STORE_LIST_CRL_NEXT,	    list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);	object = s->meth->list_object_next(s, handle);	if (!object || !object->data.crl) {		STOREerr(STORE_F_STORE_LIST_CRL_NEXT,		    STORE_R_FAILED_LISTING_KEYS);		return 0;	}	CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);	crl = object->data.crl;	STORE_OBJECT_free(object);	return crl;}