2 * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
3 * Portions Copyright (C) 1999-2003 Internet Software Consortium.
4 * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
6 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
11 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
12 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
13 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
16 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 * Principal Author: Brian Wellington
21 * $Id: openssl_link.c,v 1.1.6.12 2007/08/28 07:20:04 tbox Exp $
27 #include <isc/entropy.h>
29 #include <isc/mutex.h>
30 #include <isc/mutexblock.h>
31 #include <isc/string.h>
32 #include <isc/thread.h>
35 #include "dst_internal.h"
36 #include "dst_openssl.h"
38 #include <openssl/err.h>
39 #include <openssl/rand.h>
40 #include <openssl/evp.h>
41 #include <openssl/conf.h>
42 #include <openssl/crypto.h>
44 #if defined(CRYPTO_LOCK_ENGINE) && (OPENSSL_VERSION_NUMBER != 0x00907000L)
49 #include <openssl/engine.h>
52 static RAND_METHOD *rm = NULL;
53 static isc_mutex_t *locks = NULL;
62 entropy_get(unsigned char *buf, int num) {
66 result = dst__entropy_getdata(buf, (unsigned int) num, ISC_FALSE);
67 return (result == ISC_R_SUCCESS ? num : -1);
71 entropy_getpseudo(unsigned char *buf, int num) {
75 result = dst__entropy_getdata(buf, (unsigned int) num, ISC_TRUE);
76 return (result == ISC_R_SUCCESS ? num : -1);
80 entropy_add(const void *buf, int num, double entropy) {
82 * Do nothing. The only call to this provides no useful data anyway.
90 lock_callback(int mode, int type, const char *file, int line) {
93 if ((mode & CRYPTO_LOCK) != 0)
101 return ((unsigned long)isc_thread_self());
105 mem_alloc(size_t size) {
106 INSIST(dst__memory_pool != NULL);
107 return (isc_mem_allocate(dst__memory_pool, size));
111 mem_free(void *ptr) {
112 INSIST(dst__memory_pool != NULL);
114 isc_mem_free(dst__memory_pool, ptr);
118 mem_realloc(void *ptr, size_t size) {
121 INSIST(dst__memory_pool != NULL);
125 if (p != NULL && ptr != NULL)
126 memcpy(p, ptr, size);
134 dst__openssl_init() {
137 #ifdef DNS_CRYPTO_LEAKS
138 CRYPTO_malloc_debug_init();
139 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
140 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
142 CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free);
143 nlocks = CRYPTO_num_locks();
144 locks = mem_alloc(sizeof(isc_mutex_t) * nlocks);
146 return (ISC_R_NOMEMORY);
147 result = isc_mutexblock_init(locks, nlocks);
148 if (result != ISC_R_SUCCESS)
149 goto cleanup_mutexalloc;
150 CRYPTO_set_locking_callback(lock_callback);
151 CRYPTO_set_id_callback(id_callback);
152 rm = mem_alloc(sizeof(RAND_METHOD));
154 result = ISC_R_NOMEMORY;
155 goto cleanup_mutexinit;
158 rm->bytes = entropy_get;
160 rm->add = entropy_add;
161 rm->pseudorand = entropy_getpseudo;
166 result = ISC_R_NOMEMORY;
169 ENGINE_set_RAND(e, rm);
170 RAND_set_rand_method(rm);
172 RAND_set_rand_method(rm);
174 return (ISC_R_SUCCESS);
181 CRYPTO_set_locking_callback(NULL);
182 DESTROYMUTEXBLOCK(locks, nlocks);
189 dst__openssl_destroy() {
192 * Sequence taken from apps_shutdown() in <apps/apps.h>.
194 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
195 CONF_modules_unload(1);
198 #if defined(USE_ENGINE) && OPENSSL_VERSION_NUMBER >= 0x00907000L
201 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
202 CRYPTO_cleanup_all_ex_data();
208 #ifdef DNS_CRYPTO_LEAKS
209 CRYPTO_mem_leaks_fp(stderr);
214 * The old error sequence that leaked. Remove for 9.4.1 if
215 * there are no issues by then.
226 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
232 CRYPTO_set_locking_callback(NULL);
233 DESTROYMUTEXBLOCK(locks, nlocks);
239 dst__openssl_toresult(isc_result_t fallback) {
240 isc_result_t result = fallback;
241 int err = ERR_get_error();
243 switch (ERR_GET_REASON(err)) {
244 case ERR_R_MALLOC_FAILURE:
245 result = ISC_R_NOMEMORY;
256 #include <isc/util.h>
258 EMPTY_TRANSLATION_UNIT