2 * Portions Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
3 * Portions Copyright (C) 1999-2003 Internet Software Consortium.
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
10 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
12 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
15 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
19 * Permission to use, copy, modify, and/or distribute this software for any
20 * purpose with or without fee is hereby granted, provided that the above
21 * copyright notice and this permission notice appear in all copies.
23 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
24 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
25 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
26 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
27 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
28 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
29 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
33 * Principal Author: Brian Wellington
34 * $Id: openssl_link.c,v 1.16.92.2 2009/02/11 23:46:41 tbox Exp $
40 #include <isc/entropy.h>
42 #include <isc/mutex.h>
43 #include <isc/mutexblock.h>
44 #include <isc/string.h>
45 #include <isc/thread.h>
48 #include "dst_internal.h"
49 #include "dst_openssl.h"
51 #include <openssl/err.h>
52 #include <openssl/rand.h>
53 #include <openssl/evp.h>
54 #include <openssl/conf.h>
55 #include <openssl/crypto.h>
57 #if defined(CRYPTO_LOCK_ENGINE) && (OPENSSL_VERSION_NUMBER != 0x00907000L)
62 #include <openssl/engine.h>
65 static RAND_METHOD
*rm
= NULL
;
67 static isc_mutex_t
*locks
= NULL
;
75 entropy_get(unsigned char *buf
, int num
) {
79 result
= dst__entropy_getdata(buf
, (unsigned int) num
, ISC_FALSE
);
80 return (result
== ISC_R_SUCCESS
? num
: -1);
84 entropy_status(void) {
85 return (dst__entropy_status() > 32);
89 entropy_getpseudo(unsigned char *buf
, int num
) {
93 result
= dst__entropy_getdata(buf
, (unsigned int) num
, ISC_TRUE
);
94 return (result
== ISC_R_SUCCESS
? num
: -1);
98 entropy_add(const void *buf
, int num
, double entropy
) {
100 * Do nothing. The only call to this provides no useful data anyway.
108 lock_callback(int mode
, int type
, const char *file
, int line
) {
111 if ((mode
& CRYPTO_LOCK
) != 0)
114 UNLOCK(&locks
[type
]);
119 return ((unsigned long)isc_thread_self());
123 mem_alloc(size_t size
) {
124 INSIST(dst__memory_pool
!= NULL
);
125 return (isc_mem_allocate(dst__memory_pool
, size
));
129 mem_free(void *ptr
) {
130 INSIST(dst__memory_pool
!= NULL
);
132 isc_mem_free(dst__memory_pool
, ptr
);
136 mem_realloc(void *ptr
, size_t size
) {
137 INSIST(dst__memory_pool
!= NULL
);
138 return (isc_mem_reallocate(dst__memory_pool
, ptr
, size
));
142 dst__openssl_init() {
145 #ifdef DNS_CRYPTO_LEAKS
146 CRYPTO_malloc_debug_init();
147 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL
);
148 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON
);
150 CRYPTO_set_mem_functions(mem_alloc
, mem_realloc
, mem_free
);
151 nlocks
= CRYPTO_num_locks();
152 locks
= mem_alloc(sizeof(isc_mutex_t
) * nlocks
);
154 return (ISC_R_NOMEMORY
);
155 result
= isc_mutexblock_init(locks
, nlocks
);
156 if (result
!= ISC_R_SUCCESS
)
157 goto cleanup_mutexalloc
;
158 CRYPTO_set_locking_callback(lock_callback
);
159 CRYPTO_set_id_callback(id_callback
);
161 rm
= mem_alloc(sizeof(RAND_METHOD
));
163 result
= ISC_R_NOMEMORY
;
164 goto cleanup_mutexinit
;
167 rm
->bytes
= entropy_get
;
169 rm
->add
= entropy_add
;
170 rm
->pseudorand
= entropy_getpseudo
;
171 rm
->status
= entropy_status
;
175 result
= ISC_R_NOMEMORY
;
178 ENGINE_set_RAND(e
, rm
);
179 RAND_set_rand_method(rm
);
181 RAND_set_rand_method(rm
);
182 #endif /* USE_ENGINE */
183 return (ISC_R_SUCCESS
);
190 CRYPTO_set_locking_callback(NULL
);
191 DESTROYMUTEXBLOCK(locks
, nlocks
);
198 dst__openssl_destroy() {
201 * Sequence taken from apps_shutdown() in <apps/apps.h>.
203 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
204 CONF_modules_unload(1);
207 #if defined(USE_ENGINE) && OPENSSL_VERSION_NUMBER >= 0x00907000L
210 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
211 CRYPTO_cleanup_all_ex_data();
217 #ifdef DNS_CRYPTO_LEAKS
218 CRYPTO_mem_leaks_fp(stderr
);
223 * The old error sequence that leaked. Remove for 9.4.1 if
224 * there are no issues by then.
235 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
241 CRYPTO_set_locking_callback(NULL
);
242 DESTROYMUTEXBLOCK(locks
, nlocks
);
248 dst__openssl_toresult(isc_result_t fallback
) {
249 isc_result_t result
= fallback
;
250 int err
= ERR_get_error();
252 switch (ERR_GET_REASON(err
)) {
253 case ERR_R_MALLOC_FAILURE
:
254 result
= ISC_R_NOMEMORY
;
265 #include <isc/util.h>
267 EMPTY_TRANSLATION_UNIT