d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-skq/contrib/bind9/lib/dns/openssl_link.c
dougb a71024a14b Vendor import of BIND 9.4.2
2007-12-02 19:10:41 +00:00

262 lines
5.6 KiB
C
Raw Blame History

/*
* Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
* FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* Principal Author: Brian Wellington
* $Id: openssl_link.c,v 1.1.6.12 2007/08/28 07:20:04 tbox Exp $
*/
#ifdef OPENSSL
#include <config.h>
#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/mutex.h>
#include <isc/mutexblock.h>
#include <isc/string.h>
#include <isc/thread.h>
#include <isc/util.h>
#include "dst_internal.h"
#include "dst_openssl.h"
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/conf.h>
#include <openssl/crypto.h>
#if defined(CRYPTO_LOCK_ENGINE) && (OPENSSL_VERSION_NUMBER != 0x00907000L)
#define USE_ENGINE 1
#endif
#ifdef USE_ENGINE
#include <openssl/engine.h>
#endif
static RAND_METHOD *rm = NULL;
static isc_mutex_t *locks = NULL;
static int nlocks;
#ifdef USE_ENGINE
static ENGINE *e;
#endif
static int
entropy_get(unsigned char *buf, int num) {
isc_result_t result;
if (num < 0)
return (-1);
result = dst__entropy_getdata(buf, (unsigned int) num, ISC_FALSE);
return (result == ISC_R_SUCCESS ? num : -1);
}
static int
entropy_getpseudo(unsigned char *buf, int num) {
isc_result_t result;
if (num < 0)
return (-1);
result = dst__entropy_getdata(buf, (unsigned int) num, ISC_TRUE);
return (result == ISC_R_SUCCESS ? num : -1);
}
static void
entropy_add(const void *buf, int num, double entropy) {
/*
* Do nothing. The only call to this provides no useful data anyway.
*/
UNUSED(buf);
UNUSED(num);
UNUSED(entropy);
}
static void
lock_callback(int mode, int type, const char *file, int line) {
UNUSED(file);
UNUSED(line);
if ((mode & CRYPTO_LOCK) != 0)
LOCK(&locks[type]);
else
UNLOCK(&locks[type]);
}
static unsigned long
id_callback(void) {
return ((unsigned long)isc_thread_self());
}
static void *
mem_alloc(size_t size) {
INSIST(dst__memory_pool != NULL);
return (isc_mem_allocate(dst__memory_pool, size));
}
static void
mem_free(void *ptr) {
INSIST(dst__memory_pool != NULL);
if (ptr != NULL)
isc_mem_free(dst__memory_pool, ptr);
}
static void *
mem_realloc(void *ptr, size_t size) {
void *p;
INSIST(dst__memory_pool != NULL);
p = NULL;
if (size > 0U) {
p = mem_alloc(size);
if (p != NULL && ptr != NULL)
memcpy(p, ptr, size);
}
if (ptr != NULL)
mem_free(ptr);
return (p);
}
isc_result_t
dst__openssl_init() {
isc_result_t result;
#ifdef DNS_CRYPTO_LEAKS
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#endif
CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free);
nlocks = CRYPTO_num_locks();
locks = mem_alloc(sizeof(isc_mutex_t) * nlocks);
if (locks == NULL)
return (ISC_R_NOMEMORY);
result = isc_mutexblock_init(locks, nlocks);
if (result != ISC_R_SUCCESS)
goto cleanup_mutexalloc;
CRYPTO_set_locking_callback(lock_callback);
CRYPTO_set_id_callback(id_callback);
rm = mem_alloc(sizeof(RAND_METHOD));
if (rm == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_mutexinit;
}
rm->seed = NULL;
rm->bytes = entropy_get;
rm->cleanup = NULL;
rm->add = entropy_add;
rm->pseudorand = entropy_getpseudo;
rm->status = NULL;
#ifdef USE_ENGINE
e = ENGINE_new();
if (e == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_rm;
}
ENGINE_set_RAND(e, rm);
RAND_set_rand_method(rm);
#else
RAND_set_rand_method(rm);
#endif
return (ISC_R_SUCCESS);
#ifdef USE_ENGINE
cleanup_rm:
mem_free(rm);
#endif
cleanup_mutexinit:
CRYPTO_set_locking_callback(NULL);
DESTROYMUTEXBLOCK(locks, nlocks);
cleanup_mutexalloc:
mem_free(locks);
return (result);
}
void
dst__openssl_destroy() {
/*
* Sequence taken from apps_shutdown() in <apps/apps.h>.
*/
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
CONF_modules_unload(1);
#endif
EVP_cleanup();
#if defined(USE_ENGINE) && OPENSSL_VERSION_NUMBER >= 0x00907000L
ENGINE_cleanup();
#endif
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
CRYPTO_cleanup_all_ex_data();
#endif
ERR_clear_error();
ERR_free_strings();
ERR_remove_state(0);
#ifdef DNS_CRYPTO_LEAKS
CRYPTO_mem_leaks_fp(stderr);
#endif
#if 0
/*
* The old error sequence that leaked. Remove for 9.4.1 if
* there are no issues by then.
*/
ERR_clear_error();
#ifdef USE_ENGINE
if (e != NULL) {
ENGINE_free(e);
e = NULL;
}
#endif
#endif
if (rm != NULL) {
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
RAND_cleanup();
#endif
mem_free(rm);
}
if (locks != NULL) {
CRYPTO_set_locking_callback(NULL);
DESTROYMUTEXBLOCK(locks, nlocks);
mem_free(locks);
}
}
isc_result_t
dst__openssl_toresult(isc_result_t fallback) {
isc_result_t result = fallback;
int err = ERR_get_error();
switch (ERR_GET_REASON(err)) {
case ERR_R_MALLOC_FAILURE:
result = ISC_R_NOMEMORY;
break;
default:
break;
}
ERR_clear_error();
return (result);
}
#else /* OPENSSL */
#include <isc/util.h>
EMPTY_TRANSLATION_UNIT
#endif /* OPENSSL */
/*! \file */
Reference in New Issue View Git Blame Copy Permalink