2 * Portions Copyright (C) 2004-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
3 * Portions Copyright (C) 1999-2003 Internet Software Consortium.
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
10 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
12 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
15 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
19 * Permission to use, copy, modify, and/or distribute this software for any
20 * purpose with or without fee is hereby granted, provided that the above
21 * copyright notice and this permission notice appear in all copies.
23 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
24 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
25 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
26 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
27 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
28 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
29 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
33 * Principal Author: Brian Wellington
40 #include <isc/entropy.h>
42 #include <isc/mutex.h>
43 #include <isc/mutexblock.h>
44 #include <isc/string.h>
45 #include <isc/thread.h>
50 #include <dst/result.h>
52 #include "dst_internal.h"
53 #include "dst_openssl.h"
56 #include <openssl/engine.h>
59 static RAND_METHOD *rm = NULL;
61 static isc_mutex_t *locks = NULL;
65 static ENGINE *e = NULL;
69 entropy_get(unsigned char *buf, int num) {
73 result = dst__entropy_getdata(buf, (unsigned int) num, ISC_FALSE);
74 return (result == ISC_R_SUCCESS ? 1 : -1);
78 entropy_status(void) {
79 return (dst__entropy_status() > 32);
83 entropy_getpseudo(unsigned char *buf, int num) {
87 result = dst__entropy_getdata(buf, (unsigned int) num, ISC_TRUE);
88 return (result == ISC_R_SUCCESS ? 1 : -1);
91 #if OPENSSL_VERSION_NUMBER < 0x10100000L
93 entropy_add(const void *buf, int num, double entropy) {
95 * Do nothing. The only call to this provides no useful data anyway.
103 entropy_add(const void *buf, int num, double entropy) {
105 * Do nothing. The only call to this provides no useful data anyway.
115 lock_callback(int mode, int type, const char *file, int line) {
118 if ((mode & CRYPTO_LOCK) != 0)
121 UNLOCK(&locks[type]);
124 #if OPENSSL_VERSION_NUMBER < 0x10100000L
127 return ((unsigned long)isc_thread_self());
132 mem_alloc(size_t size) {
136 INSIST(dst__memory_pool != NULL);
137 ptr = isc_mem_allocate(dst__memory_pool, size);
140 INSIST(dst__memory_pool != NULL);
141 return (isc_mem_allocate(dst__memory_pool, size));
146 mem_free(void *ptr) {
147 INSIST(dst__memory_pool != NULL);
149 isc_mem_free(dst__memory_pool, ptr);
153 mem_realloc(void *ptr, size_t size) {
157 INSIST(dst__memory_pool != NULL);
158 rptr = isc_mem_reallocate(dst__memory_pool, ptr, size);
161 INSIST(dst__memory_pool != NULL);
162 return (isc_mem_reallocate(dst__memory_pool, ptr, size));
167 dst__openssl_init(const char *engine) {
176 #ifdef DNS_CRYPTO_LEAKS
177 CRYPTO_malloc_debug_init();
178 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
179 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
181 CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free);
182 nlocks = CRYPTO_num_locks();
183 locks = mem_alloc(sizeof(isc_mutex_t) * nlocks);
185 return (ISC_R_NOMEMORY);
186 result = isc_mutexblock_init(locks, nlocks);
187 if (result != ISC_R_SUCCESS)
188 goto cleanup_mutexalloc;
189 CRYPTO_set_locking_callback(lock_callback);
190 #if OPENSSL_VERSION_NUMBER < 0x10100000L
191 CRYPTO_set_id_callback(id_callback);
194 ERR_load_crypto_strings();
196 rm = mem_alloc(sizeof(RAND_METHOD));
198 result = ISC_R_NOMEMORY;
199 goto cleanup_mutexinit;
202 rm->bytes = entropy_get;
204 rm->add = entropy_add;
205 rm->pseudorand = entropy_getpseudo;
206 rm->status = entropy_status;
209 OPENSSL_config(NULL);
211 if (engine != NULL && *engine == '\0')
214 if (engine != NULL) {
215 e = ENGINE_by_id(engine);
217 result = DST_R_NOENGINE;
220 /* This will init the engine. */
221 if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
222 result = DST_R_NOENGINE;
227 re = ENGINE_get_default_RAND();
231 result = ISC_R_NOMEMORY;
234 ENGINE_set_RAND(re, rm);
235 ENGINE_set_default_RAND(re);
240 RAND_set_rand_method(rm);
241 #endif /* USE_ENGINE */
242 return (ISC_R_SUCCESS);
253 CRYPTO_set_locking_callback(NULL);
254 DESTROYMUTEXBLOCK(locks, nlocks);
262 dst__openssl_destroy(void) {
264 * Sequence taken from apps_shutdown() in <apps/apps.h>.
267 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
273 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
278 #if defined(USE_ENGINE)
282 #if defined(USE_ENGINE) && OPENSSL_VERSION_NUMBER >= 0x00907000L
286 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
287 CRYPTO_cleanup_all_ex_data();
290 #if OPENSSL_VERSION_NUMBER < 0x10100000L
295 #ifdef DNS_CRYPTO_LEAKS
296 CRYPTO_mem_leaks_fp(stderr);
300 CRYPTO_set_locking_callback(NULL);
301 DESTROYMUTEXBLOCK(locks, nlocks);
308 toresult(isc_result_t fallback) {
309 isc_result_t result = fallback;
310 unsigned long err = ERR_get_error();
311 #ifdef HAVE_OPENSSL_ECDSA
312 int lib = ERR_GET_LIB(err);
314 int reason = ERR_GET_REASON(err);
318 * ERR_* errors are globally unique; others
319 * are unique per sublibrary
321 case ERR_R_MALLOC_FAILURE:
322 result = ISC_R_NOMEMORY;
325 #ifdef HAVE_OPENSSL_ECDSA
326 if (lib == ERR_R_ECDSA_LIB &&
327 reason == ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED) {
328 result = ISC_R_NOENTROPY;
339 dst__openssl_toresult(isc_result_t fallback) {
342 result = toresult(fallback);
349 dst__openssl_toresult2(const char *funcname, isc_result_t fallback) {
350 return (dst__openssl_toresult3(DNS_LOGCATEGORY_GENERAL,
351 funcname, fallback));
355 dst__openssl_toresult3(isc_logcategory_t *category,
356 const char *funcname, isc_result_t fallback) {
359 const char *file, *data;
363 result = toresult(fallback);
365 isc_log_write(dns_lctx, category,
366 DNS_LOGMODULE_CRYPTO, ISC_LOG_WARNING,
367 "%s failed (%s)", funcname,
368 isc_result_totext(result));
370 if (result == ISC_R_NOMEMORY)
374 err = ERR_get_error_line_data(&file, &line, &data, &flags);
377 ERR_error_string_n(err, buf, sizeof(buf));
378 isc_log_write(dns_lctx, category,
379 DNS_LOGMODULE_CRYPTO, ISC_LOG_INFO,
380 "%s:%s:%d:%s", buf, file, line,
381 (flags & ERR_TXT_STRING) ? data : "");
389 #if defined(USE_ENGINE)
391 dst__openssl_getengine(const char *engine) {
397 if (strcmp(engine, ENGINE_get_id(e)) == 0)
405 #include <isc/util.h>
407 EMPTY_TRANSLATION_UNIT