void gss_log(int level, const char *fmt, ...) ISC_FORMAT_PRINTF(2, 3);
-LIBDNS_EXTERNAL_DATA isc_mem_t *dst__memory_pool = NULL;
-
/*
* Static functions.
*/
return (_r); \
} while (0); \
-static void *
-default_memalloc(void *arg, size_t size) {
- UNUSED(arg);
- if (size == 0U)
- size = 1;
- return (malloc(size));
-}
-
-static void
-default_memfree(void *arg, void *ptr) {
- UNUSED(arg);
- free(ptr);
-}
-
isc_result_t
dst_lib_init(isc_mem_t *mctx, const char *engine) {
isc_result_t result;
UNUSED(engine);
- dst__memory_pool = NULL;
-
- UNUSED(mctx);
- /*
- * When using --with-openssl, there seems to be no good way of not
- * leaking memory due to the openssl error handling mechanism.
- * Avoid assertions by using a local memory context and not checking
- * for leaks on exit. Note: as there are leaks we cannot use
- * ISC_MEMFLAG_INTERNAL as it will free up memory still being used
- * by libcrypto.
- */
- result = isc_mem_createx(0, 0, default_memalloc, default_memfree,
- NULL, &dst__memory_pool, 0);
- if (result != ISC_R_SUCCESS)
- return (result);
- isc_mem_setname(dst__memory_pool, "dst", NULL);
-#ifndef OPENSSL_LEAKS
- isc_mem_setdestroycheck(dst__memory_pool, false);
-#endif
-
dst_result_register();
memset(dst_t_func, 0, sizeof(dst_t_func));
RETERR(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256]));
RETERR(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384]));
RETERR(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]));
- RETERR(dst__openssl_init(engine));
+ RETERR(dst__openssl_init(mctx, engine));
RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
#if USE_OPENSSL
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5],
#if USE_PKCS11
(void) dst__pkcs11_destroy();
#endif /* USE_PKCS11 */
- if (dst__memory_pool != NULL)
- isc_mem_detach(&dst__memory_pool);
}
bool
#define VALID_KEY(x) ISC_MAGIC_VALID(x, KEY_MAGIC)
#define VALID_CTX(x) ISC_MAGIC_VALID(x, CTX_MAGIC)
-LIBDNS_EXTERNAL_DATA extern isc_mem_t *dst__memory_pool;
-
/***
*** Types
***/
/*%
* Initializers
*/
-isc_result_t dst__openssl_init(const char *engine);
+isc_result_t dst__openssl_init(isc_mem_t *, const char *engine);
#define dst__pkcs11_init pk11_initialize
isc_result_t dst__hmacmd5_init(struct dst_func **funcp);
gss_buffer_desc gmessage, gsig;
OM_uint32 minor, gret;
gss_ctx_id_t gssctx = dctx->key->keydata.gssctx;
- unsigned char *buf;
+ unsigned char buf[sig->length];
char err[1024];
/*
isc_buffer_usedregion(ctx->buffer, &message);
REGION_TO_GBUFFER(message, gmessage);
- /*
- * XXXMLG
- * It seem that gss_verify_mic() modifies the signature buffer,
- * at least on Heimdal's implementation. Copy it here to an allocated
- * buffer.
- */
- buf = isc_mem_allocate(dst__memory_pool, sig->length);
- if (buf == NULL)
- return (ISC_R_FAILURE);
memmove(buf, sig->base, sig->length);
r.base = buf;
r.length = sig->length;
*/
gret = gss_verify_mic(&minor, gssctx, &gmessage, &gsig, NULL);
- isc_mem_free(dst__memory_pool, buf);
-
/*
* Convert return codes into something useful to us.
*/
#include "dst_internal.h"
#include "dst_openssl.h"
+static isc_mem_t *dst__memory_pool = NULL;
+
#if !defined(OPENSSL_NO_ENGINE)
#include <openssl/engine.h>
#endif
}
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-
-#define FLARG
-#define FILELINE
-#if ISC_MEM_TRACKLINES
-#define FLARG_PASS , __FILE__, __LINE__
-#else
-#define FLARG_PASS
-#endif
-
-#else
-
-#define FLARG , const char *file, int line
-#define FILELINE , __FILE__, __LINE__
-#if ISC_MEM_TRACKLINES
-#define FLARG_PASS , file, line
-#else
-#define FLARG_PASS
-#endif
-
-#endif
-
-static void *
-mem_alloc(size_t size FLARG) {
-#ifdef OPENSSL_LEAKS
- void *ptr;
-
- INSIST(dst__memory_pool != NULL);
- ptr = isc__mem_allocate(dst__memory_pool, size FLARG_PASS);
- return (ptr);
-#else
- INSIST(dst__memory_pool != NULL);
- return (isc__mem_allocate(dst__memory_pool, size FLARG_PASS));
-#endif
-}
-
-static void
-mem_free(void *ptr FLARG) {
- INSIST(dst__memory_pool != NULL);
- if (ptr != NULL)
- isc__mem_free(dst__memory_pool, ptr FLARG_PASS);
-}
-
-static void *
-mem_realloc(void *ptr, size_t size FLARG) {
-#ifdef OPENSSL_LEAKS
- void *rptr;
-
- INSIST(dst__memory_pool != NULL);
- rptr = isc__mem_reallocate(dst__memory_pool, ptr, size FLARG_PASS);
- return (rptr);
-#else
- INSIST(dst__memory_pool != NULL);
- return (isc__mem_reallocate(dst__memory_pool, ptr, size FLARG_PASS));
-#endif
-}
-
#if OPENSSL_VERSION_NUMBER < 0x10100000L
static void
_set_thread_id(CRYPTO_THREADID *id)
#endif
isc_result_t
-dst__openssl_init(const char *engine) {
+dst__openssl_init(isc_mem_t *mctx, const char *engine) {
isc_result_t result;
+ REQUIRE(dst__memory_pool == NULL);
+ dst__memory_pool = mctx;
+
#if defined(OPENSSL_NO_ENGINE)
UNUSED(engine);
#endif
enable_fips_mode();
-#ifdef DNS_CRYPTO_LEAKS
- CRYPTO_malloc_debug_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-#endif
- CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free);
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
nlocks = CRYPTO_num_locks();
- locks = mem_alloc(sizeof(isc_mutex_t) * nlocks FILELINE);
+ locks = isc_mem_allocate(dst__memory_pool, sizeof(isc_mutex_t) * nlocks);
if (locks == NULL)
return (ISC_R_NOMEMORY);
result = isc_mutexblock_init(locks, nlocks);
CRYPTO_set_locking_callback(NULL);
DESTROYMUTEXBLOCK(locks, nlocks);
cleanup_mutexalloc:
- mem_free(locks FILELINE);
+ isc_mem_free(dst__memory_pool, locks);
locks = NULL;
#endif
return (result);
if (locks != NULL) {
CRYPTO_set_locking_callback(NULL);
DESTROYMUTEXBLOCK(locks, nlocks);
- mem_free(locks FILELINE);
+ isc_mem_free(dst__memory_pool, locks);
locks = NULL;
}
#else
dns_zone_mkey_day DATA
dns_zone_mkey_hour DATA
dns_zone_mkey_month DATA
-dst__memory_pool DATA
dst_msgcat DATA
@END NOLONGER
projects / thirdparty / bind9.git / commitdiff
