2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00

[rt31459d] rebased rt31459c

This commit is contained in:
Evan Hunt
2017-09-12 19:05:46 -07:00
parent 30973087a0
commit 586e65ea5c
34 changed files with 660 additions and 115 deletions

View File

@@ -32,6 +32,7 @@
#include <isc/mem.h>
#include <isc/mutex.h>
#include <isc/mutexblock.h>
#include <isc/platform.h>
#include <isc/string.h>
#include <isc/thread.h>
#include <isc/util.h>
@@ -47,8 +48,6 @@
#include <openssl/engine.h>
#endif
static RAND_METHOD *rm = NULL;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static isc_mutex_t *locks = NULL;
static int nlocks;
@@ -58,6 +57,9 @@ static int nlocks;
static ENGINE *e = NULL;
#endif
#ifndef ISC_PLATFORM_CRYPTORANDOM
static RAND_METHOD *rm = NULL;
static int
entropy_get(unsigned char *buf, int num) {
isc_result_t result;
@@ -103,6 +105,7 @@ entropy_add(const void *buf, int num, double entropy) {
return (1);
}
#endif
#endif /* !ISC_PLATFORM_CRYPTORANDOM */
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static void
@@ -191,7 +194,7 @@ _set_thread_id(CRYPTO_THREADID *id)
isc_result_t
dst__openssl_init(const char *engine) {
isc_result_t result;
#ifdef USE_ENGINE
#if defined(USE_ENGINE) && !defined(ISC_PLATFORM_CRYPTORANDOM)
ENGINE *re;
#else
@@ -222,6 +225,7 @@ dst__openssl_init(const char *engine) {
ERR_load_crypto_strings();
#endif
#ifndef ISC_PLATFORM_CRYPTORANDOM
rm = mem_alloc(sizeof(RAND_METHOD) FILELINE);
if (rm == NULL) {
result = ISC_R_NOMEMORY;
@@ -233,6 +237,7 @@ dst__openssl_init(const char *engine) {
rm->add = entropy_add;
rm->pseudorand = entropy_getpseudo;
rm->status = entropy_status;
#endif
#ifdef USE_ENGINE
#if !defined(CONF_MFLAGS_DEFAULT_SECTION)
@@ -266,6 +271,7 @@ dst__openssl_init(const char *engine) {
}
}
#ifndef ISC_PLATFORM_CRYPTORANDOM
re = ENGINE_get_default_RAND();
if (re == NULL) {
re = ENGINE_new();
@@ -278,9 +284,21 @@ dst__openssl_init(const char *engine) {
ENGINE_free(re);
} else
ENGINE_finish(re);
#endif
#else
#ifndef ISC_PLATFORM_CRYPTORANDOM
RAND_set_rand_method(rm);
#endif
#endif /* USE_ENGINE */
/* Protect ourselves against unseeded PRNG */
if (RAND_status() != 1) {
FATAL_ERROR(__FILE__, __LINE__,
"The OpenSSL pseudo random number generator "
"cannot be initialized (cf the `PRNG not "
"seeded' message in the OpenSSL FAQ)");
}
return (ISC_R_SUCCESS);
#ifdef USE_ENGINE
@@ -288,10 +306,14 @@ dst__openssl_init(const char *engine) {
if (e != NULL)
ENGINE_free(e);
e = NULL;
#ifndef ISC_PLATFORM_CRYPTORANDOM
mem_free(rm FILELINE);
rm = NULL;
#endif
#endif
#ifndef ISC_PLATFORM_CRYPTORANDOM
cleanup_mutexinit:
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
CRYPTO_set_locking_callback(NULL);
DESTROYMUTEXBLOCK(locks, nlocks);
@@ -306,14 +328,17 @@ void
dst__openssl_destroy(void) {
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
OPENSSL_cleanup();
#ifndef ISC_PLATFORM_CRYPTORANDOM
if (rm != NULL) {
mem_free(rm FILELINE);
rm = NULL;
}
#endif
#else
/*
* Sequence taken from apps_shutdown() in <apps/apps.h>.
*/
#ifndef ISC_PLATFORM_CRYPTORANDOM
if (rm != NULL) {
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
RAND_cleanup();
@@ -321,6 +346,7 @@ dst__openssl_destroy(void) {
mem_free(rm FILELINE);
rm = NULL;
}
#endif
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
CONF_modules_free();
#endif
@@ -456,11 +482,45 @@ dst__openssl_getengine(const char *engine) {
}
#endif
#else /* OPENSSL */
isc_result_t
dst_random_getdata(void *data, unsigned int length,
unsigned int *returned, unsigned int flags) {
#ifdef ISC_PLATFORM_CRYPTORANDOM
#ifndef DONT_REQUIRE_DST_LIB_INIT
INSIST(dst__memory_pool != NULL);
#endif
REQUIRE(data != NULL);
REQUIRE(length > 0);
#include <isc/util.h>
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
if ((flags & ISC_ENTROPY_GOODONLY) == 0) {
if (RAND_pseudo_bytes((unsigned char *)data, (int)length) < 0)
return (dst__openssl_toresult2("RAND_pseudo_bytes",
DST_R_OPENSSLFAILURE));
} else {
if (RAND_bytes((unsigned char *)data, (int)length) != 1)
return (dst__openssl_toresult2("RAND_bytes",
DST_R_OPENSSLFAILURE));
}
#else
UNUSED(flags);
EMPTY_TRANSLATION_UNIT
if (RAND_bytes((unsigned char *)data, (int)length) != 1)
return (dst__openssl_toresult2("RAND_bytes",
DST_R_OPENSSLFAILURE));
#endif
if (returned != NULL)
*returned = length;
return (ISC_R_SUCCESS);
#else
UNUSED(data);
UNUSED(length);
UNUSED(returned);
UNUSED(flags);
return (ISC_R_NOTIMPLEMENTED);
#endif
}
#endif /* OPENSSL */
/*! \file */