From: Wouter Wijngaards Date: Fri, 7 Aug 2009 15:23:35 +0000 (+0000) Subject: OpenSSL config() and small memory leak. No more ENGINE_load_gost(). X-Git-Tag: release-1.4.0rc1~153 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=538ca28828c6285b6cc3cb9f6ff1f52a7459acd0;p=thirdparty%2Funbound.git OpenSSL config() and small memory leak. No more ENGINE_load_gost(). git-svn-id: file:///svn/unbound/trunk@1750 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/acx_nlnetlabs.m4 b/acx_nlnetlabs.m4 index 7055e0f80..ef1aa634f 100644 --- a/acx_nlnetlabs.m4 +++ b/acx_nlnetlabs.m4 @@ -2,8 +2,9 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 4 +# Version 5 # Changelog +# 2009-08-07 Added openssl/conf.h header detection. # 2009-07-14 U_CHAR detection improved for windows crosscompile. # added ACX_FUNC_MALLOC # fixup some #if to #ifdef @@ -651,6 +652,7 @@ AC_DEFUN([ACX_SSL_CHECKS], [ AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT]) ])dnl End of ACX_SSL_CHECKS dnl Check for SSL, where SSL is mandatory diff --git a/config.h.in b/config.h.in index 5a75ffa13..deb9768d1 100644 --- a/config.h.in +++ b/config.h.in @@ -37,9 +37,6 @@ /* Define to 1 if you have the header file. */ #undef HAVE_DLFCN_H -/* Define to 1 if you have the `ENGINE_load_gost' function. */ -#undef HAVE_ENGINE_LOAD_GOST - /* Define to 1 if you have the `event_base_free' function. */ #undef HAVE_EVENT_BASE_FREE @@ -149,6 +146,12 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NETINET_IN_H +/* Define to 1 if you have the `OPENSSL_config' function. */ +#undef HAVE_OPENSSL_CONFIG + +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_CONF_H + /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_ERR_H @@ -634,6 +637,10 @@ #include #endif +#ifdef HAVE_OPENSSL_CONF_H +#include +#endif + #ifdef HAVE_ATTR_FORMAT diff --git a/configure b/configure index 325a8a7d7..f6f15b24a 100755 --- a/configure +++ b/configure @@ -17412,6 +17412,68 @@ fi done +for ac_header in openssl/conf.h +do +as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 +$as_echo_n "checking for $ac_header... " >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + $as_echo_n "(cached) " >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default + +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + eval "$as_ac_Header=yes" +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + eval "$as_ac_Header=no" +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +ac_res=`eval 'as_val=${'$as_ac_Header'} + $as_echo "$as_val"'` + { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +as_val=`eval 'as_val=${'$as_ac_Header'} + $as_echo "$as_val"'` + if test "x$as_val" = x""yes; then + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + # check if libssl needs libdl @@ -17572,7 +17634,7 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ -for ac_func in EVP_sha1 EVP_sha256 EVP_sha512 ENGINE_load_gost +for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 do as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 diff --git a/configure.ac b/configure.ac index 51f24af96..7e2cd69f2 100644 --- a/configure.ac +++ b/configure.ac @@ -351,7 +351,7 @@ fi # Checks for libraries. ACX_WITH_SSL ACX_LIB_SSL -AC_CHECK_FUNCS([EVP_sha1 EVP_sha256 EVP_sha512 ENGINE_load_gost]) +AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512]) AC_ARG_ENABLE(sha2, AC_HELP_STRING([--enable-sha2], [Enable SHA256 and SHA512 RRSIG support])) case "$enable_sha2" in @@ -649,6 +649,10 @@ dnl includes #ifdef HAVE_OPENSSL_RAND_H #include #endif + +#ifdef HAVE_OPENSSL_CONF_H +#include +#endif ] AHX_CONFIG_FORMAT_ATTRIBUTE diff --git a/daemon/daemon.c b/daemon/daemon.c index b0712e76d..f07556987 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -165,7 +165,10 @@ daemon_init() checklock_start(); ERR_load_crypto_strings(); ERR_load_SSL_strings(); -#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST) +#ifdef HAVE_OPENSSL_CONFIG + OPENSSL_config("unbound"); +#endif +#ifdef USE_GOST (void)ldns_key_EVP_load_gost_id(); #endif OpenSSL_add_all_algorithms(); @@ -496,9 +499,11 @@ daemon_delete(struct daemon* daemon) free(daemon->env); free(daemon); /* libcrypto cleanup */ - /* CONF_modules_unload(1); */ +#ifdef HAVE_OPENSSL_CONFIG EVP_cleanup(); - /* ENGINE_cleanup(); */ + /*ENGINE_cleanup();*/ + CONF_modules_free(); +#endif CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */ ERR_remove_state(0); ERR_free_strings(); diff --git a/doc/Changelog b/doc/Changelog index 981f77fd7..530e9f247 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,8 @@ +7 August 2009: Wouter + - call OPENSSL_config() in unbound and unit test so that the + operator can use openssl.cnf for configuration options. + - removed small memory leak from config file reader. + 6 August 2009: Wouter - configure --enable-gost for GOST support, experimental implementation of draft-dolmatov-dnsext-dnssec-gost-01. diff --git a/testcode/testbound.c b/testcode/testbound.c index d41ef7e7b..1bb2b8690 100644 --- a/testcode/testbound.c +++ b/testcode/testbound.c @@ -237,9 +237,14 @@ main(int argc, char* argv[]) #endif break; case 'g': -#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST) - printf("GOST supported\n"); - exit(0); +#ifdef USE_GOST + if(ldns_key_EVP_load_gost_id()) { + printf("GOST supported\n"); + exit(0); + } else { + printf("GOST not supported\n"); + exit(1); + } #else printf("GOST not supported\n"); exit(1); diff --git a/testcode/unitmain.c b/testcode/unitmain.c index 6acd6bdbc..eead05431 100644 --- a/testcode/unitmain.c +++ b/testcode/unitmain.c @@ -432,7 +432,10 @@ main(int argc, char* argv[]) } printf("Start of %s unit test.\n", PACKAGE_STRING); ERR_load_crypto_strings(); -#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST) +#ifdef HAVE_OPENSSL_CONFIG + OPENSSL_config("unbound"); +#endif +#ifdef USE_GOST (void)ldns_key_EVP_load_gost_id(); #endif checklock_start(); @@ -451,9 +454,14 @@ main(int argc, char* argv[]) msgparse_test(); checklock_stop(); printf("%d checks ok.\n", testcount); +#ifdef HAVE_OPENSSL_CONFIG EVP_cleanup(); + /*ENGINE_cleanup();*/ + CONF_modules_free(); +#endif CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); ERR_free_strings(); + RAND_cleanup(); return 0; } diff --git a/testcode/unitverify.c b/testcode/unitverify.c index 175331158..7f8f02cd2 100644 --- a/testcode/unitverify.c +++ b/testcode/unitverify.c @@ -484,8 +484,9 @@ verify_test() #endif verifytest_file("testdata/test_signatures.12", "20090107100022"); verifytest_file("testdata/test_signatures.13", "20080414005004"); -#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST) - verifytest_file("testdata/test_signatures.15", "20090807060504"); +#ifdef USE_GOST + if(ldns_key_EVP_load_gost_id()) /* and gost can be loaded */ + verifytest_file("testdata/test_signatures.15", "20090807060504"); #endif dstest_file("testdata/test_ds_sig.1"); nsectest(); diff --git a/util/configparser.c b/util/configparser.c index 1231b7745..8ce125f88 100644 --- a/util/configparser.c +++ b/util/configparser.c @@ -749,11 +749,11 @@ static const yytype_uint16 yyrline[] = 503, 510, 521, 529, 542, 551, 560, 568, 581, 590, 599, 608, 617, 630, 637, 647, 657, 667, 677, 687, 697, 704, 711, 720, 727, 737, 751, 758, 776, 789, - 802, 811, 820, 829, 839, 849, 857, 864, 872, 885, - 893, 913, 920, 935, 942, 949, 956, 966, 973, 980, - 987, 992, 993, 994, 994, 994, 995, 995, 995, 996, - 998, 1008, 1017, 1024, 1031, 1038, 1045, 1052, 1057, 1058, - 1059, 1061 + 802, 811, 820, 829, 839, 849, 858, 865, 873, 886, + 894, 914, 921, 936, 943, 950, 957, 967, 974, 981, + 988, 993, 994, 995, 995, 995, 996, 996, 996, 997, + 999, 1009, 1018, 1025, 1032, 1039, 1046, 1053, 1058, 1059, + 1060, 1062 }; #endif @@ -2923,13 +2923,14 @@ yyreduce: if(atoi((yyvsp[(2) - (2)].str)) == 0 && strcmp((yyvsp[(2) - (2)].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->val_log_level = atoi((yyvsp[(2) - (2)].str)); + free((yyvsp[(2) - (2)].str)); } break; case 176: /* Line 1455 of yacc.c */ -#line 858 "util/configparser.y" +#line 859 "util/configparser.y" { OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->val_nsec3_key_iterations); @@ -2940,7 +2941,7 @@ yyreduce: case 177: /* Line 1455 of yacc.c */ -#line 865 "util/configparser.y" +#line 866 "util/configparser.y" { OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->key_cache_size)) @@ -2952,7 +2953,7 @@ yyreduce: case 178: /* Line 1455 of yacc.c */ -#line 873 "util/configparser.y" +#line 874 "util/configparser.y" { OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0) @@ -2969,7 +2970,7 @@ yyreduce: case 179: /* Line 1455 of yacc.c */ -#line 886 "util/configparser.y" +#line 887 "util/configparser.y" { OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_parse_memsize((yyvsp[(2) - (2)].str), &cfg_parser->cfg->neg_cache_size)) @@ -2981,7 +2982,7 @@ yyreduce: case 180: /* Line 1455 of yacc.c */ -#line 894 "util/configparser.y" +#line 895 "util/configparser.y" { OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[(2) - (3)].str), (yyvsp[(3) - (3)].str))); if(strcmp((yyvsp[(3) - (3)].str), "static")!=0 && strcmp((yyvsp[(3) - (3)].str), "deny")!=0 && @@ -3005,7 +3006,7 @@ yyreduce: case 181: /* Line 1455 of yacc.c */ -#line 914 "util/configparser.y" +#line 915 "util/configparser.y" { OUTYY(("P(server_local_data:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[(2) - (2)].str))) @@ -3016,7 +3017,7 @@ yyreduce: case 182: /* Line 1455 of yacc.c */ -#line 921 "util/configparser.y" +#line 922 "util/configparser.y" { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[(2) - (2)].str))); @@ -3035,7 +3036,7 @@ yyreduce: case 183: /* Line 1455 of yacc.c */ -#line 936 "util/configparser.y" +#line 937 "util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->stubs->name); @@ -3046,7 +3047,7 @@ yyreduce: case 184: /* Line 1455 of yacc.c */ -#line 943 "util/configparser.y" +#line 944 "util/configparser.y" { OUTYY(("P(stub-host:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[(2) - (2)].str))) @@ -3057,7 +3058,7 @@ yyreduce: case 185: /* Line 1455 of yacc.c */ -#line 950 "util/configparser.y" +#line 951 "util/configparser.y" { OUTYY(("P(stub-addr:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[(2) - (2)].str))) @@ -3068,7 +3069,7 @@ yyreduce: case 186: /* Line 1455 of yacc.c */ -#line 957 "util/configparser.y" +#line 958 "util/configparser.y" { OUTYY(("P(stub-prime:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3082,7 +3083,7 @@ yyreduce: case 187: /* Line 1455 of yacc.c */ -#line 967 "util/configparser.y" +#line 968 "util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->forwards->name); @@ -3093,7 +3094,7 @@ yyreduce: case 188: /* Line 1455 of yacc.c */ -#line 974 "util/configparser.y" +#line 975 "util/configparser.y" { OUTYY(("P(forward-host:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[(2) - (2)].str))) @@ -3104,7 +3105,7 @@ yyreduce: case 189: /* Line 1455 of yacc.c */ -#line 981 "util/configparser.y" +#line 982 "util/configparser.y" { OUTYY(("P(forward-addr:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[(2) - (2)].str))) @@ -3115,7 +3116,7 @@ yyreduce: case 190: /* Line 1455 of yacc.c */ -#line 988 "util/configparser.y" +#line 989 "util/configparser.y" { OUTYY(("\nP(remote-control:)\n")); } @@ -3124,7 +3125,7 @@ yyreduce: case 200: /* Line 1455 of yacc.c */ -#line 999 "util/configparser.y" +#line 1000 "util/configparser.y" { OUTYY(("P(control_enable:%s)\n", (yyvsp[(2) - (2)].str))); if(strcmp((yyvsp[(2) - (2)].str), "yes") != 0 && strcmp((yyvsp[(2) - (2)].str), "no") != 0) @@ -3138,7 +3139,7 @@ yyreduce: case 201: /* Line 1455 of yacc.c */ -#line 1009 "util/configparser.y" +#line 1010 "util/configparser.y" { OUTYY(("P(control_port:%s)\n", (yyvsp[(2) - (2)].str))); if(atoi((yyvsp[(2) - (2)].str)) == 0) @@ -3151,7 +3152,7 @@ yyreduce: case 202: /* Line 1455 of yacc.c */ -#line 1018 "util/configparser.y" +#line 1019 "util/configparser.y" { OUTYY(("P(control_interface:%s)\n", (yyvsp[(2) - (2)].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, (yyvsp[(2) - (2)].str))) @@ -3162,7 +3163,7 @@ yyreduce: case 203: /* Line 1455 of yacc.c */ -#line 1025 "util/configparser.y" +#line 1026 "util/configparser.y" { OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->server_key_file); @@ -3173,7 +3174,7 @@ yyreduce: case 204: /* Line 1455 of yacc.c */ -#line 1032 "util/configparser.y" +#line 1033 "util/configparser.y" { OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->server_cert_file); @@ -3184,7 +3185,7 @@ yyreduce: case 205: /* Line 1455 of yacc.c */ -#line 1039 "util/configparser.y" +#line 1040 "util/configparser.y" { OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->control_key_file); @@ -3195,7 +3196,7 @@ yyreduce: case 206: /* Line 1455 of yacc.c */ -#line 1046 "util/configparser.y" +#line 1047 "util/configparser.y" { OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->control_cert_file); @@ -3206,7 +3207,7 @@ yyreduce: case 207: /* Line 1455 of yacc.c */ -#line 1053 "util/configparser.y" +#line 1054 "util/configparser.y" { OUTYY(("\nP(python:)\n")); } @@ -3215,7 +3216,7 @@ yyreduce: case 211: /* Line 1455 of yacc.c */ -#line 1062 "util/configparser.y" +#line 1063 "util/configparser.y" { OUTYY(("P(python-script:%s)\n", (yyvsp[(2) - (2)].str))); free(cfg_parser->cfg->python_script); @@ -3226,7 +3227,7 @@ yyreduce: /* Line 1455 of yacc.c */ -#line 3230 "util/configparser.c" +#line 3231 "util/configparser.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -3438,7 +3439,7 @@ yyreturn: /* Line 1675 of yacc.c */ -#line 1067 "util/configparser.y" +#line 1068 "util/configparser.y" /* parse helper routines could be here */ diff --git a/util/configparser.y b/util/configparser.y index e420b618e..5a948a46c 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -852,6 +852,7 @@ server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG if(atoi($2) == 0 && strcmp($2, "0") != 0) yyerror("number expected"); else cfg_parser->cfg->val_log_level = atoi($2); + free($2); } ; server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c index 13f894708..394340ba5 100644 --- a/validator/val_sigcrypt.c +++ b/validator/val_sigcrypt.c @@ -256,16 +256,18 @@ ds_digest_size_algo(struct ub_packed_rrset_key* k, size_t idx) case LDNS_SHA256: return SHA256_DIGEST_LENGTH; #endif -#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST) +#ifdef USE_GOST case LDNS_HASH_GOST94: - return 32; + if(EVP_get_digestbyname("md_gost94")) + return 32; + else return 0; #endif default: break; } return 0; } -#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST) +#ifdef USE_GOST /** Perform GOST94 hash */ static int do_gost94(unsigned char* data, size_t len, unsigned char* dest) @@ -322,7 +324,7 @@ ds_create_dnskey_digest(struct module_env* env, ldns_buffer_limit(b), (unsigned char*)digest); return 1; #endif -#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST) +#ifdef USE_GOST case LDNS_HASH_GOST94: if(do_gost94((unsigned char*)ldns_buffer_begin(b), ldns_buffer_limit(b), (unsigned char*)digest)) @@ -398,10 +400,12 @@ dnskey_algo_id_is_supported(int id) #if defined(HAVE_EVP_SHA512) && defined(USE_SHA2) case LDNS_RSASHA512: #endif -#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST) + return 1; +#ifdef USE_GOST case LDNS_GOST: + /* we support GOST if it can be loaded */ + return ldns_key_EVP_load_gost_id(); #endif - return 1; default: return 0; } @@ -1321,7 +1325,7 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, *digest_type = EVP_md5(); break; -#if defined(HAVE_ENGINE_LOAD_GOST) && defined(USE_GOST) +#ifdef USE_GOST case LDNS_GOST: *evp_key = ldns_gost2pkey_raw(key, keylen); if(!*evp_key) {