nsec3.c \
nta.c \
openssl_link.c \
- openssl_shim.c \
openssl_shim.h \
opensslecdsa_link.c \
openssleddsa_link.c \
#include <isc/lang.h>
#include <isc/log.h>
#include <isc/result.h>
+#include <isc/tls.h>
ISC_LANG_BEGINDECLS
-isc_result_t
-dst__openssl_toresult(isc_result_t fallback);
-
-#define dst__openssl_toresult2(A, B) \
- dst___openssl_toresult2(A, B, __FILE__, __LINE__)
-isc_result_t
-dst___openssl_toresult2(const char *funcname, isc_result_t fallback,
- const char *file, int line);
-
-#define dst__openssl_toresult3(A, B, C) \
- dst___openssl_toresult3(A, B, C, __FILE__, __LINE__)
-isc_result_t
-dst___openssl_toresult3(isc_logcategory_t *category, const char *funcname,
- isc_result_t fallback, const char *file, int line);
+#define dst__openssl_toresult(fallback) \
+ isc__tlserr2result(NULL, NULL, NULL, fallback, __FILE__, __LINE__)
+#define dst__openssl_toresult2(funcname, fallback) \
+ isc__tlserr2result(DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_CRYPTO, \
+ funcname, fallback, __FILE__, __LINE__)
+#define dst__openssl_toresult3(category, funcname, fallback) \
+ isc__tlserr2result(category, DNS_LOGMODULE_CRYPTO, funcname, fallback, \
+ __FILE__, __LINE__)
isc_result_t
dst__openssl_fromlabel(int key_base_id, const char *label, const char *pin,
goto err; \
}
-static isc_result_t
-toresult(isc_result_t fallback) {
- isc_result_t result = fallback;
- unsigned long err = ERR_peek_error();
-#if defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED)
- int lib = ERR_GET_LIB(err);
-#endif /* if defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED) */
- int reason = ERR_GET_REASON(err);
-
- switch (reason) {
- /*
- * ERR_* errors are globally unique; others
- * are unique per sublibrary
- */
- case ERR_R_MALLOC_FAILURE:
- result = ISC_R_NOMEMORY;
- break;
- default:
-#if defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED)
- if (lib == ERR_R_ECDSA_LIB &&
- reason == ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED)
- {
- result = ISC_R_NOENTROPY;
- break;
- }
-#endif /* if defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED) */
- break;
- }
-
- return (result);
-}
-
-isc_result_t
-dst__openssl_toresult(isc_result_t fallback) {
- isc_result_t result;
-
- result = toresult(fallback);
-
- ERR_clear_error();
- return (result);
-}
-
-isc_result_t
-dst___openssl_toresult2(const char *funcname, isc_result_t fallback,
- const char *file, int line) {
- return (dst___openssl_toresult3(DNS_LOGCATEGORY_GENERAL, funcname,
- fallback, file, line));
-}
-
-isc_result_t
-dst___openssl_toresult3(isc_logcategory_t *category, const char *funcname,
- isc_result_t fallback, const char *file, int line) {
- isc_result_t result;
- unsigned long err;
- const char *func, *data;
- int flags;
- char buf[256];
-
- result = toresult(fallback);
-
- isc_log_write(dns_lctx, category, DNS_LOGMODULE_CRYPTO, ISC_LOG_WARNING,
- "%s (%s:%d) failed (%s)", funcname, file, line,
- isc_result_totext(result));
-
- if (result == ISC_R_NOMEMORY) {
- goto done;
- }
-
- for (;;) {
- err = ERR_get_error_all(&file, &line, &func, &data, &flags);
- if (err == 0U) {
- goto done;
- }
- ERR_error_string_n(err, buf, sizeof(buf));
- isc_log_write(dns_lctx, category, DNS_LOGMODULE_CRYPTO,
- ISC_LOG_INFO, "%s:%s:%d:%s", buf, file, line,
- ((flags & ERR_TXT_STRING) != 0) ? data : "");
- }
-
-done:
- ERR_clear_error();
- return (result);
-}
-
static isc_result_t
dst__openssl_fromlabel_provider(int key_base_id, const char *label,
const char *pin, EVP_PKEY **ppub,
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#include "openssl_shim.h"
-
-#include <isc/util.h>
-
-#if !HAVE_ERR_GET_ERROR_ALL
-static const char err_empty_string = '\0';
-
-unsigned long
-ERR_get_error_all(const char **file, int *line, const char **func,
- const char **data, int *flags) {
- SET_IF_NOT_NULL(func, &err_empty_string);
- return (ERR_get_error_line_data(file, line, data, flags));
-}
-#endif /* if !HAVE_ERR_GET_ERROR_ALL */
#define RSA_MAX_PUBEXP_BITS 35
#endif /* ifndef RSA_MAX_PUBEXP_BITS */
-#if !HAVE_ERR_GET_ERROR_ALL
-unsigned long
-ERR_get_error_all(const char **file, int *line, const char **func,
- const char **data, int *flags);
-#endif /* if !HAVE_ERR_GET_ERROR_ALL */
-
#if !HAVE_EVP_PKEY_EQ
#define EVP_PKEY_eq EVP_PKEY_cmp
#endif
void
isc__tls_setdestroycheck(bool check);
+
+#define isc_tlserr2result(category, module, funcname, fallback) \
+ isc__tlserr2result(category, module, funcname, fallback, __FILE__, \
+ __LINE__)
+isc_result_t
+isc__tlserr2result(isc_logcategory_t *category, isc_logmodule_t *module,
+ const char *funcname, isc_result_t fallback,
+ const char *file, int line);
#include <string.h>
#include <openssl/crypto.h>
+#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/opensslv.h>
#include <openssl/ssl.h>
+#include <isc/util.h>
+
#include "openssl_shim.h"
#if !HAVE_BIO_READ_EX
SSL_CTX_set_cert_store(ctx, store);
}
#endif /* !HAVE_SSL_CTX_SET1_CERT_STORE */
+
+#if !HAVE_ERR_GET_ERROR_ALL
+static const char err_empty_string = '\0';
+
+unsigned long
+ERR_get_error_all(const char **file, int *line, const char **func,
+ const char **data, int *flags) {
+ SET_IF_NOT_NULL(func, &err_empty_string);
+ return (ERR_get_error_line_data(file, line, data, flags));
+}
+#endif /* if !HAVE_ERR_GET_ERROR_ALL */
void
SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store);
#endif /* !HAVE_SSL_CTX_SET1_CERT_STORE */
+
+#if !HAVE_ERR_GET_ERROR_ALL
+unsigned long
+ERR_get_error_all(const char **file, int *line, const char **func,
+ const char **data, int *flags);
+#endif /* if !HAVE_ERR_GET_ERROR_ALL */
}
if (isc_fips_set_mode(1) != ISC_R_SUCCESS) {
- dst__openssl_toresult2("FIPS_mode_set", DST_R_OPENSSLFAILURE);
+ isc_tlserr2result(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_OTHER,
+ "FIPS_mode_set", ISC_R_CRYPTOFAILURE);
exit(EXIT_FAILURE);
}
#endif
RUNTIME_CHECK(
SSL_CTX_set_session_id_context(ctx, session_id_ctx, len) == 1);
}
+
+static isc_result_t
+isc__tls_toresult(isc_result_t fallback) {
+ isc_result_t result = fallback;
+ unsigned long err = ERR_peek_error();
+#if defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED)
+ int lib = ERR_GET_LIB(err);
+#endif /* if defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED) */
+ int reason = ERR_GET_REASON(err);
+
+ switch (reason) {
+ /*
+ * ERR_* errors are globally unique; others
+ * are unique per sublibrary
+ */
+ case ERR_R_MALLOC_FAILURE:
+ result = ISC_R_NOMEMORY;
+ break;
+ default:
+#if defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED)
+ if (lib == ERR_R_ECDSA_LIB &&
+ reason == ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED)
+ {
+ result = ISC_R_NOENTROPY;
+ break;
+ }
+#endif /* if defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED) */
+ break;
+ }
+
+ return (result);
+}
+
+isc_result_t
+isc__tlserr2result(isc_logcategory_t *category, isc_logmodule_t *module,
+ const char *funcname, isc_result_t fallback,
+ const char *file, int line) {
+ isc_result_t result = isc__tls_toresult(fallback);
+
+ if (category == NULL) {
+ goto done;
+ }
+
+ isc_log_write(isc_lctx, category, module, ISC_LOG_WARNING,
+ "%s (%s:%d) failed (%s)", funcname, file, line,
+ isc_result_totext(result));
+
+ if (result == ISC_R_NOMEMORY) {
+ goto done;
+ }
+
+ for (;;) {
+ const char *func, *data;
+ int flags;
+ unsigned long err = ERR_get_error_all(&file, &line, &func,
+ &data, &flags);
+ if (err == 0U) {
+ break;
+ }
+
+ char buf[256];
+ ERR_error_string_n(err, buf, sizeof(buf));
+
+ isc_log_write(isc_lctx, category, module, ISC_LOG_INFO,
+ "%s:%s:%d:%s", buf, file, line,
+ ((flags & ERR_TXT_STRING) != 0) ? data : "");
+ }
+
+done:
+ ERR_clear_error();
+ return (result);
+}
#define UNIT_TESTING
#include <cmocka.h>
-#include <openssl_shim.h>
#include <openssl/err.h>
#include <dns/rdata.h>
+#include "../isc/openssl_shim.c"
+#include "../isc/openssl_shim.h"
+#include "openssl_shim.h"
+
#include <tests/dns.h>
static bool debug = false;
projects / thirdparty / bind9.git / commitdiff
